bardzo prosze o analizę loga (podejrzewam keyloggera)
MS Antispyware ku mojemu zdumieniu wykrylo mi keyloggera. Usunalem go tym programem, ale nie wiem czy nie mam jeszcze jakiegos syfu. Zalaczam wiec mojego loga z hijackthis:
Logfile of HijackThis v1.97.7
Scan saved at 05:07:39, on 2005–04–25
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Mój Software\EKSPERT 2003–2004\software\bezpieczeństwo w necie\usuwanie Spyware\HijackThis\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R1 – HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://windowsupdate.microsoft.com/
O1 – Hosts: 62.75.224.159 www.bns1.net
O1 – Hosts: 62.75.224.159 www.bns2.net
O1 – Hosts: 62.75.224.159 www.bns3.net
O1 – Hosts: 62.75.224.159 www.bns4.net
O1 – Hosts: 62.75.224.159 www.bns5.net
O1 – Hosts: 62.75.224.159 www.bns6.net
O1 – Hosts: 62.75.224.159 www.bns7.net
O1 – Hosts: 62.75.224.159 www.bns8.net
O1 – Hosts: 62.75.224.159 www.cms1.net
O1 – Hosts: 62.75.224.159 www.cms2.net
O1 – Hosts: 62.75.224.159 www.cms3.net
O1 – Hosts: 62.75.224.159 www.cms4.net
O1 – Hosts: 62.75.224.159 www.cms5.net
O1 – Hosts: 62.75.224.159 www.cms6.net
O1 – Hosts: 62.75.224.159 www.cms7.net
O1 – Hosts: 62.75.224.159 www.cms8.net
O1 – Hosts: 62.75.224.159 www.rg1.com
O1 – Hosts: 62.75.224.159 www.rg2.com
O1 – Hosts: 62.75.224.159 www.rg3.com
O1 – Hosts: 62.75.224.159 www.rg4.com
O1 – Hosts: 62.75.224.159 www.rg5.com
O1 – Hosts: 62.75.224.159 www.rg6.com
O1 – Hosts: 62.75.224.159 www.rg7.com
O1 – Hosts: 62.75.224.159 www.rg8.com
O1 – Hosts: 62.75.224.159 www.cjt1.net
O1 – Hosts: 62.75.224.159 www.rgs1.net
O1 – Hosts: 62.75.224.159 www.rgs2.net
O1 – Hosts: 62.75.224.159 www.bns1.net
O1 – Hosts: 62.75.224.159 www.bns2.net
O1 – Hosts: 62.75.224.159 www.cms1.net
O1 – Hosts: 62.75.224.159 www.cms2.net
O1 – Hosts: 62.75.224.159 bns1.net
O1 – Hosts: 62.75.224.159 bns2.net
O1 – Hosts: 62.75.224.159 bns3.net
O1 – Hosts: 62.75.224.159 bns4.net
O1 – Hosts: 62.75.224.159 bns5.net
O1 – Hosts: 62.75.224.159 bns6.net
O1 – Hosts: 62.75.224.159 bns7.net
O1 – Hosts: 62.75.224.159 bns8.net
O1 – Hosts: 62.75.224.159 cms1.net
O1 – Hosts: 62.75.224.159 cms2.net
O1 – Hosts: 62.75.224.159 cms3.net
O1 – Hosts: 62.75.224.159 cms4.net
O1 – Hosts: 62.75.224.159 cms5.net
O1 – Hosts: 62.75.224.159 cms6.net
O1 – Hosts: 62.75.224.159 cms7.net
O1 – Hosts: 62.75.224.159 cms8.net
O1 – Hosts: 62.75.224.159 rg1.com
O1 – Hosts: 62.75.224.159 rg2.com
O1 – Hosts: 62.75.224.159 rg3.com
O1 – Hosts: 62.75.224.159 rg4.com
O1 – Hosts: 62.75.224.159 rg5.com
O1 – Hosts: 62.75.224.159 rg6.com
O1 – Hosts: 62.75.224.159 rg7.com
O1 – Hosts: 62.75.224.159 rg8.com
O1 – Hosts: 62.75.224.159 cjt1.net
O1 – Hosts: 62.75.224.159 rgs1.net
O1 – Hosts: 62.75.224.159 rgs2.net
O1 – Hosts: 62.75.224.159 bns1.net
O1 – Hosts: 62.75.224.159 bns2.net
O1 – Hosts: 62.75.224.159 cms1.net
O1 – Hosts: 62.75.224.159 cms2.net
O1 – Hosts: 62.75.224.159 j800banners.cjt1.net
O1 – Hosts: 62.75.224.159 jadlogix.cjt1.net
O1 – Hosts: 62.75.224.159 jadtegrity.cjt1.net
O1 – Hosts: 62.75.224.159 jaimmedia.cjt1.net
O1 – Hosts: 62.75.224.159 javatar.cjt1.net
O1 – Hosts: 62.75.224.159 jbeet.cjt1.net
O1 – Hosts: 62.75.224.159 jbigpops.cjt1.net
O1 – Hosts: 62.75.224.159 jbouncetek.cjt1.net
O1 – Hosts: 62.75.224.159 jbravenet.cjt1.net
O1 – Hosts: 62.75.224.159 jcdcover.cjt1.net
O1 – Hosts: 62.75.224.159 jclickspring.cjt1.net
O1 – Hosts: 62.75.224.159 jcollegehumor.cjt1.net
O1 – Hosts: 62.75.224.159 jdownloadacc.cjt1.net
O1 – Hosts: 62.75.224.159 jedonkey.cjt1.net
O1 – Hosts: 62.75.224.159 jeuniverse.cjt1.net
O1 – Hosts: 62.75.224.159 jhot.cjt1.net
O1 – Hosts: 62.75.224.159 jicmedia.cjt1.net
O1 – Hosts: 62.75.224.159 jicq.cjt1.net
O1 – Hosts: 62.75.224.159 jieplugin.cjt1.net
O1 – Hosts: 62.75.224.159 jinternetoptimizer.cjt1.net
O1 – Hosts: 62.75.224.159 jmediabuy1.cjt1.net
O1 – Hosts: 62.75.224.159 jmediabuyad.cjt1.net
O1 – Hosts: 62.75.224.159 jmindset.cjt1.net
O1 – Hosts: 62.75.224.159 jmindsettest.cjt1.net
O1 – Hosts: 62.75.224.159 jnictech.cjt1.net
O1 – Hosts: 62.75.224.159 jnova.cjt1.net
O1 – Hosts: 62.75.224.159 jpiolet.cjt1.net
O1 – Hosts: 62.75.224.159 jsanboxer.cjt1.net
O1 – Hosts: 62.75.224.159 jsercee.cjt1.net
O1 – Hosts: 62.75.224.159 jthedelfin.cjt1.net
O1 – Hosts: 62.75.224.159 jwarezp2p.cjt1.net
O1 – Hosts: 62.75.224.159 jwildmedia.cjt1.net
O1 – Hosts: 62.75.224.159 mediabuy–nic.cjt1.net
O1 – Hosts: 62.75.224.159 www.m7z.net
O1 – Hosts: 62.75.224.159 m7z.net
O1 – Hosts: 62.75.224.159 jcms.cydoor.com
O1 – Hosts: 62.75.224.159 cydoor.com
O1 – Hosts: 62.75.224.159 www.cydoor.com
O1 – Hosts: 62.75.224.159 jnova.cjt1.net
O2 – BHO: (no name) – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: Idea2 SidebarBrowserMonitor Class – {45AD732C–2CE2–4666–B366–B2214AD57A49} – C:\Program Files\Desktop Sidebar\sbhelp.dll
O3 – Toolbar: Internet Anonym – {00000000–0002–0002–0000–000000000000} – c:\program files\steganos internet anonym pro 6\siaiep.dll
O4 – HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 – HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
O4 – Global Startup: Kalendarz XP.lnk = C:\Program Files\Kalendarz XP\Kalendarz.exe
O8 – Extra context menu item: Subscribe in Desktop Sidebar – res://C:\Program Files\Desktop Sidebar\sbhelp.dll/menuhandler.html
O9 – Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 – Extra button: Subscribe in Desktop Sidebar (HKLM)
O9 – Extra 'Tools' menuitem: Subscribe in Desktop Sidebar (HKLM)
O9 – Extra button: Messenger (HKLM)
O9 – Extra 'Tools' menuitem: Windows Messenger (HKLM)
Logfile of HijackThis v1.97.7
Scan saved at 05:07:39, on 2005–04–25
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Mój Software\EKSPERT 2003–2004\software\bezpieczeństwo w necie\usuwanie Spyware\HijackThis\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R1 – HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://windowsupdate.microsoft.com/
O1 – Hosts: 62.75.224.159 www.bns1.net
O1 – Hosts: 62.75.224.159 www.bns2.net
O1 – Hosts: 62.75.224.159 www.bns3.net
O1 – Hosts: 62.75.224.159 www.bns4.net
O1 – Hosts: 62.75.224.159 www.bns5.net
O1 – Hosts: 62.75.224.159 www.bns6.net
O1 – Hosts: 62.75.224.159 www.bns7.net
O1 – Hosts: 62.75.224.159 www.bns8.net
O1 – Hosts: 62.75.224.159 www.cms1.net
O1 – Hosts: 62.75.224.159 www.cms2.net
O1 – Hosts: 62.75.224.159 www.cms3.net
O1 – Hosts: 62.75.224.159 www.cms4.net
O1 – Hosts: 62.75.224.159 www.cms5.net
O1 – Hosts: 62.75.224.159 www.cms6.net
O1 – Hosts: 62.75.224.159 www.cms7.net
O1 – Hosts: 62.75.224.159 www.cms8.net
O1 – Hosts: 62.75.224.159 www.rg1.com
O1 – Hosts: 62.75.224.159 www.rg2.com
O1 – Hosts: 62.75.224.159 www.rg3.com
O1 – Hosts: 62.75.224.159 www.rg4.com
O1 – Hosts: 62.75.224.159 www.rg5.com
O1 – Hosts: 62.75.224.159 www.rg6.com
O1 – Hosts: 62.75.224.159 www.rg7.com
O1 – Hosts: 62.75.224.159 www.rg8.com
O1 – Hosts: 62.75.224.159 www.cjt1.net
O1 – Hosts: 62.75.224.159 www.rgs1.net
O1 – Hosts: 62.75.224.159 www.rgs2.net
O1 – Hosts: 62.75.224.159 www.bns1.net
O1 – Hosts: 62.75.224.159 www.bns2.net
O1 – Hosts: 62.75.224.159 www.cms1.net
O1 – Hosts: 62.75.224.159 www.cms2.net
O1 – Hosts: 62.75.224.159 bns1.net
O1 – Hosts: 62.75.224.159 bns2.net
O1 – Hosts: 62.75.224.159 bns3.net
O1 – Hosts: 62.75.224.159 bns4.net
O1 – Hosts: 62.75.224.159 bns5.net
O1 – Hosts: 62.75.224.159 bns6.net
O1 – Hosts: 62.75.224.159 bns7.net
O1 – Hosts: 62.75.224.159 bns8.net
O1 – Hosts: 62.75.224.159 cms1.net
O1 – Hosts: 62.75.224.159 cms2.net
O1 – Hosts: 62.75.224.159 cms3.net
O1 – Hosts: 62.75.224.159 cms4.net
O1 – Hosts: 62.75.224.159 cms5.net
O1 – Hosts: 62.75.224.159 cms6.net
O1 – Hosts: 62.75.224.159 cms7.net
O1 – Hosts: 62.75.224.159 cms8.net
O1 – Hosts: 62.75.224.159 rg1.com
O1 – Hosts: 62.75.224.159 rg2.com
O1 – Hosts: 62.75.224.159 rg3.com
O1 – Hosts: 62.75.224.159 rg4.com
O1 – Hosts: 62.75.224.159 rg5.com
O1 – Hosts: 62.75.224.159 rg6.com
O1 – Hosts: 62.75.224.159 rg7.com
O1 – Hosts: 62.75.224.159 rg8.com
O1 – Hosts: 62.75.224.159 cjt1.net
O1 – Hosts: 62.75.224.159 rgs1.net
O1 – Hosts: 62.75.224.159 rgs2.net
O1 – Hosts: 62.75.224.159 bns1.net
O1 – Hosts: 62.75.224.159 bns2.net
O1 – Hosts: 62.75.224.159 cms1.net
O1 – Hosts: 62.75.224.159 cms2.net
O1 – Hosts: 62.75.224.159 j800banners.cjt1.net
O1 – Hosts: 62.75.224.159 jadlogix.cjt1.net
O1 – Hosts: 62.75.224.159 jadtegrity.cjt1.net
O1 – Hosts: 62.75.224.159 jaimmedia.cjt1.net
O1 – Hosts: 62.75.224.159 javatar.cjt1.net
O1 – Hosts: 62.75.224.159 jbeet.cjt1.net
O1 – Hosts: 62.75.224.159 jbigpops.cjt1.net
O1 – Hosts: 62.75.224.159 jbouncetek.cjt1.net
O1 – Hosts: 62.75.224.159 jbravenet.cjt1.net
O1 – Hosts: 62.75.224.159 jcdcover.cjt1.net
O1 – Hosts: 62.75.224.159 jclickspring.cjt1.net
O1 – Hosts: 62.75.224.159 jcollegehumor.cjt1.net
O1 – Hosts: 62.75.224.159 jdownloadacc.cjt1.net
O1 – Hosts: 62.75.224.159 jedonkey.cjt1.net
O1 – Hosts: 62.75.224.159 jeuniverse.cjt1.net
O1 – Hosts: 62.75.224.159 jhot.cjt1.net
O1 – Hosts: 62.75.224.159 jicmedia.cjt1.net
O1 – Hosts: 62.75.224.159 jicq.cjt1.net
O1 – Hosts: 62.75.224.159 jieplugin.cjt1.net
O1 – Hosts: 62.75.224.159 jinternetoptimizer.cjt1.net
O1 – Hosts: 62.75.224.159 jmediabuy1.cjt1.net
O1 – Hosts: 62.75.224.159 jmediabuyad.cjt1.net
O1 – Hosts: 62.75.224.159 jmindset.cjt1.net
O1 – Hosts: 62.75.224.159 jmindsettest.cjt1.net
O1 – Hosts: 62.75.224.159 jnictech.cjt1.net
O1 – Hosts: 62.75.224.159 jnova.cjt1.net
O1 – Hosts: 62.75.224.159 jpiolet.cjt1.net
O1 – Hosts: 62.75.224.159 jsanboxer.cjt1.net
O1 – Hosts: 62.75.224.159 jsercee.cjt1.net
O1 – Hosts: 62.75.224.159 jthedelfin.cjt1.net
O1 – Hosts: 62.75.224.159 jwarezp2p.cjt1.net
O1 – Hosts: 62.75.224.159 jwildmedia.cjt1.net
O1 – Hosts: 62.75.224.159 mediabuy–nic.cjt1.net
O1 – Hosts: 62.75.224.159 www.m7z.net
O1 – Hosts: 62.75.224.159 m7z.net
O1 – Hosts: 62.75.224.159 jcms.cydoor.com
O1 – Hosts: 62.75.224.159 cydoor.com
O1 – Hosts: 62.75.224.159 www.cydoor.com
O1 – Hosts: 62.75.224.159 jnova.cjt1.net
O2 – BHO: (no name) – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: Idea2 SidebarBrowserMonitor Class – {45AD732C–2CE2–4666–B366–B2214AD57A49} – C:\Program Files\Desktop Sidebar\sbhelp.dll
O3 – Toolbar: Internet Anonym – {00000000–0002–0002–0000–000000000000} – c:\program files\steganos internet anonym pro 6\siaiep.dll
O4 – HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 – HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
O4 – Global Startup: Kalendarz XP.lnk = C:\Program Files\Kalendarz XP\Kalendarz.exe
O8 – Extra context menu item: Subscribe in Desktop Sidebar – res://C:\Program Files\Desktop Sidebar\sbhelp.dll/menuhandler.html
O9 – Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 – Extra button: Subscribe in Desktop Sidebar (HKLM)
O9 – Extra 'Tools' menuitem: Subscribe in Desktop Sidebar (HKLM)
O9 – Extra button: Messenger (HKLM)
O9 – Extra 'Tools' menuitem: Windows Messenger (HKLM)
Odpowiedzi: 12
Po IP i po NIPie :wink: .Bobi_robert:
EL NINO sprawdzałes firme po adresie IP ??
Zdaje sie ze nie.
Skoro usunales juz dopiski w hosts to juz nic wiecej nie potrzeba robic. Te strony wszystkie przekierowuja na stone Cydoora, ale juz ich nie ma.
Skoro usunales juz dopiski w hosts to juz nic wiecej nie potrzeba robic. Te strony wszystkie przekierowuja na stone Cydoora, ale juz ich nie ma.
Mam swoją stronę www na darmowym koncie WP (webpark). Czy to moze miec z tym cos wspolnego? :?:
Czyli mamy rozumieć ze nie prowadzisz strony umieszonej na serwerach firmy Server4you ??
EL NINO sprawdzałes firme po adresie IP ??
EL NINO sprawdzałes firme po adresie IP ??
Nie wydaje mi sie nie uzywam tego. A co to jest?
Uzywasz hostingu Server4you ? Jesli nie, to zadnego.
Ok dzieki wyedytowalem tego hosts w notatniku i wykasowalem wszystkie te linijki. Co to dokaldnie bylo? I jakie ze soba nioslo zagrozenie? :?:
Ok dzieki wyedytowalem tego hosts w notatniku i wykasowalem wszystkie te linijki. Co to dokaldnie bylo? I jakie ze soba nioslo zagrozenie? :?:
Tajniak – nie opowidajaj pierdół. Zobaczyłes w hosts'ie dodana strone cydoora i to wszystko.
fidelio – usun:
Pojedz po całosci otwierajac hosts z C:\WINDOWS\system32\drivers\etc i usuwajac linjiki
rayan – tylko kosmetyka:
fidelio – usun:
O1 – Hosts: 62.75.224.159 www.bns1.net
O1 – Hosts: 62.75.224.159 www.bns2.net
O1 – Hosts: 62.75.224.159 www.bns3.net
O1 – Hosts: 62.75.224.159 www.bns4.net
O1 – Hosts: 62.75.224.159 www.bns5.net
O1 – Hosts: 62.75.224.159 www.bns6.net
O1 – Hosts: 62.75.224.159 www.bns7.net
O1 – Hosts: 62.75.224.159 www.bns8.net
O1 – Hosts: 62.75.224.159 www.cms1.net
O1 – Hosts: 62.75.224.159 www.cms2.net
O1 – Hosts: 62.75.224.159 www.cms3.net
O1 – Hosts: 62.75.224.159 www.cms4.net
O1 – Hosts: 62.75.224.159 www.cms5.net
O1 – Hosts: 62.75.224.159 www.cms6.net
O1 – Hosts: 62.75.224.159 www.cms7.net
O1 – Hosts: 62.75.224.159 www.cms8.net
O1 – Hosts: 62.75.224.159 www.rg1.com
O1 – Hosts: 62.75.224.159 www.rg2.com
O1 – Hosts: 62.75.224.159 www.rg3.com
O1 – Hosts: 62.75.224.159 www.rg4.com
O1 – Hosts: 62.75.224.159 www.rg5.com
O1 – Hosts: 62.75.224.159 www.rg6.com
O1 – Hosts: 62.75.224.159 www.rg7.com
O1 – Hosts: 62.75.224.159 www.rg8.com
O1 – Hosts: 62.75.224.159 www.cjt1.net
O1 – Hosts: 62.75.224.159 www.rgs1.net
O1 – Hosts: 62.75.224.159 www.rgs2.net
O1 – Hosts: 62.75.224.159 www.bns1.net
O1 – Hosts: 62.75.224.159 www.bns2.net
O1 – Hosts: 62.75.224.159 www.cms1.net
O1 – Hosts: 62.75.224.159 www.cms2.net
O1 – Hosts: 62.75.224.159 bns1.net
O1 – Hosts: 62.75.224.159 bns2.net
O1 – Hosts: 62.75.224.159 bns3.net
O1 – Hosts: 62.75.224.159 bns4.net
O1 – Hosts: 62.75.224.159 bns5.net
O1 – Hosts: 62.75.224.159 bns6.net
O1 – Hosts: 62.75.224.159 bns7.net
O1 – Hosts: 62.75.224.159 bns8.net
O1 – Hosts: 62.75.224.159 cms1.net
O1 – Hosts: 62.75.224.159 cms2.net
O1 – Hosts: 62.75.224.159 cms3.net
O1 – Hosts: 62.75.224.159 cms4.net
O1 – Hosts: 62.75.224.159 cms5.net
O1 – Hosts: 62.75.224.159 cms6.net
O1 – Hosts: 62.75.224.159 cms7.net
O1 – Hosts: 62.75.224.159 cms8.net
O1 – Hosts: 62.75.224.159 rg1.com
O1 – Hosts: 62.75.224.159 rg2.com
O1 – Hosts: 62.75.224.159 rg3.com
O1 – Hosts: 62.75.224.159 rg4.com
O1 – Hosts: 62.75.224.159 rg5.com
O1 – Hosts: 62.75.224.159 rg6.com
O1 – Hosts: 62.75.224.159 rg7.com
O1 – Hosts: 62.75.224.159 rg8.com
O1 – Hosts: 62.75.224.159 cjt1.net
O1 – Hosts: 62.75.224.159 rgs1.net
O1 – Hosts: 62.75.224.159 rgs2.net
O1 – Hosts: 62.75.224.159 bns1.net
O1 – Hosts: 62.75.224.159 bns2.net
O1 – Hosts: 62.75.224.159 cms1.net
O1 – Hosts: 62.75.224.159 cms2.net
O1 – Hosts: 62.75.224.159 j800banners.cjt1.net
O1 – Hosts: 62.75.224.159 jadlogix.cjt1.net
O1 – Hosts: 62.75.224.159 jadtegrity.cjt1.net
O1 – Hosts: 62.75.224.159 jaimmedia.cjt1.net
O1 – Hosts: 62.75.224.159 javatar.cjt1.net
O1 – Hosts: 62.75.224.159 jbeet.cjt1.net
O1 – Hosts: 62.75.224.159 jbigpops.cjt1.net
O1 – Hosts: 62.75.224.159 jbouncetek.cjt1.net
O1 – Hosts: 62.75.224.159 jbravenet.cjt1.net
O1 – Hosts: 62.75.224.159 jcdcover.cjt1.net
O1 – Hosts: 62.75.224.159 jclickspring.cjt1.net
O1 – Hosts: 62.75.224.159 jcollegehumor.cjt1.net
O1 – Hosts: 62.75.224.159 jdownloadacc.cjt1.net
O1 – Hosts: 62.75.224.159 jedonkey.cjt1.net
O1 – Hosts: 62.75.224.159 jeuniverse.cjt1.net
O1 – Hosts: 62.75.224.159 jhot.cjt1.net
O1 – Hosts: 62.75.224.159 jicmedia.cjt1.net
O1 – Hosts: 62.75.224.159 jicq.cjt1.net
O1 – Hosts: 62.75.224.159 jieplugin.cjt1.net
O1 – Hosts: 62.75.224.159 jinternetoptimizer.cjt1.net
O1 – Hosts: 62.75.224.159 jmediabuy1.cjt1.net
O1 – Hosts: 62.75.224.159 jmediabuyad.cjt1.net
O1 – Hosts: 62.75.224.159 jmindset.cjt1.net
O1 – Hosts: 62.75.224.159 jmindsettest.cjt1.net
O1 – Hosts: 62.75.224.159 jnictech.cjt1.net
O1 – Hosts: 62.75.224.159 jnova.cjt1.net
O1 – Hosts: 62.75.224.159 jpiolet.cjt1.net
O1 – Hosts: 62.75.224.159 jsanboxer.cjt1.net
O1 – Hosts: 62.75.224.159 jsercee.cjt1.net
O1 – Hosts: 62.75.224.159 jthedelfin.cjt1.net
O1 – Hosts: 62.75.224.159 jwarezp2p.cjt1.net
O1 – Hosts: 62.75.224.159 jwildmedia.cjt1.net
O1 – Hosts: 62.75.224.159 mediabuy–nic.cjt1.net
O1 – Hosts: 62.75.224.159 www.m7z.net
O1 – Hosts: 62.75.224.159 m7z.net
O1 – Hosts: 62.75.224.159 jcms.cydoor.com
O1 – Hosts: 62.75.224.159 cydoor.com
O1 – Hosts: 62.75.224.159 www.cydoor.com
O1 – Hosts: 62.75.224.159 jnova.cjt1.net
Pojedz po całosci otwierajac hosts z C:\WINDOWS\system32\drivers\etc i usuwajac linjiki
rayan – tylko kosmetyka:
O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k
U mnie wszystko OK ??
Logfile of HijackThis v1.99.1
Scan saved at 21:34:07, on 2005–04–25
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\AutoConnect\AutoConnect.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Downloads\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{6556E4DC–7713–488E–90A6–A52C3E723E7C}: NameServer = 194.204.152.34 217.98.63.164
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
Logfile of HijackThis v1.99.1
Scan saved at 21:34:07, on 2005–04–25
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\AutoConnect\AutoConnect.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Downloads\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{6556E4DC–7713–488E–90A6–A52C3E723E7C}: NameServer = 194.204.152.34 217.98.63.164
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
Dlaczego od razu format? A co robi ten cydoor? Nie da sie tego syu usunac jakos pomijajac format? :?:
Ooo .. Cydoor – radze format dysku ...
Strona 1 / 1