Log do sprawdzenia.
Logfile of HijackThis v1.99.1
Scan saved at 18:11:28, on 2005–12–05
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\system32\rundll32.exe
F:\Program Files\AVPersonal\AVGUARD.EXE
F:\Program Files\AVPersonal\AVWUPSRV.EXE
F:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
F:\WINDOWS\System32\nvsvc32.exe
F:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Winamp\winampa.exe
F:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
F:\WINDOWS\system32\RUNDLL32.EXE
F:\WINDOWS\system32\RunDll32.exe
F:\Program Files\AVPersonal\AVGNT.EXE
F:\Program Files\Tlen.pl\tlen.exe
D:\steam\steam.exe
F:\WINDOWS\system32\wscntfy.exe
F:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Documents and Settings\Sebex\Pulpit\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gogle.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O1 – Hosts: 222.111.150.111 gwgt1.joymax.com
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – F:\PROGRA~1\FlashGet\fgiebar.dll
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [WinampAgent] F:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [Sygate Personal Firewall] att4ck.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [DiskeeperSystray] "F:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 – HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 – HKLM\..\Run: [AVGCtrl] "F:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 – HKLM\..\Run: [MSConfig] F:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 – HKLM\..\RunServices: [Sygate Personal Firewall] att4ck.exe
O4 – HKLM\..\RunServices: [Generic Host Process2 System Backup] scvhost2.exe
O4 – HKLM\..\RunServices: [Microsoft DLL Verifier] csrssv.exe
O4 – HKCU\..\Run: [Komunikator] F:\Program Files\Tlen.pl\tlen.exe
O4 – HKCU\..\Run: [Steam] "d:\steam\steam.exe" –silent
O4 – HKCU\..\Run: [Spyware Doctor] "F:\Program Files\Spyware Doctor\spydoctor.exe" /Q
O4 – HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O8 – Extra context menu item: Download All by FlashGet – F:\Program Files\FlashGet\jc_all.htm
O8 – Extra context menu item: Download using FlashGet – F:\Program Files\FlashGet\jc_link.htm
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – F:\PROGRA~1\FlashGet\flashget.exe
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – F:\PROGRA~1\FlashGet\flashget.exe
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – F:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – F:\Program Files\Messenger\msmsgs.exe
O16 – DPF: {3D8700FB–86A4–4CB4–B738–6F0FC016AC7D} (MainControl Class) – http://arcaonline.arcabit.com/ArcaOnline.cab
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133795849484
O16 – DPF: {6E32070A–766D–4EE6–879C–DC1FA91D2FC3} (MUWebControl Class) – http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1133796391921
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{B24847FC–14B4–47AC–8A0A–2AD295DFDE38}: NameServer = 217.30.129.149,217.30.137.200
O20 – Winlogon Notify: MCD – F:\WINDOWS\system32\m2polc731f.dll
O23 – Service: AntiVir Service (AntiVirService) – H+BEDV Datentechnik GmbH – F:\Program Files\AVPersonal\AVGUARD.EXE
O23 – Service: AntiVir Update (AVWUpSrv) – H+BEDV Datentechnik GmbH, Germany – F:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 – Service: Kerio Personal Firewall 4 (KPF4) – Kerio Technologies – F:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – F:\WINDOWS\System32\nvsvc32.exe
Dziękuje.
Scan saved at 18:11:28, on 2005–12–05
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\system32\rundll32.exe
F:\Program Files\AVPersonal\AVGUARD.EXE
F:\Program Files\AVPersonal\AVWUPSRV.EXE
F:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
F:\WINDOWS\System32\nvsvc32.exe
F:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Winamp\winampa.exe
F:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
F:\WINDOWS\system32\RUNDLL32.EXE
F:\WINDOWS\system32\RunDll32.exe
F:\Program Files\AVPersonal\AVGNT.EXE
F:\Program Files\Tlen.pl\tlen.exe
D:\steam\steam.exe
F:\WINDOWS\system32\wscntfy.exe
F:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Documents and Settings\Sebex\Pulpit\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gogle.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O1 – Hosts: 222.111.150.111 gwgt1.joymax.com
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – F:\PROGRA~1\FlashGet\fgiebar.dll
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [WinampAgent] F:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [Sygate Personal Firewall] att4ck.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [DiskeeperSystray] "F:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 – HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 – HKLM\..\Run: [AVGCtrl] "F:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 – HKLM\..\Run: [MSConfig] F:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 – HKLM\..\RunServices: [Sygate Personal Firewall] att4ck.exe
O4 – HKLM\..\RunServices: [Generic Host Process2 System Backup] scvhost2.exe
O4 – HKLM\..\RunServices: [Microsoft DLL Verifier] csrssv.exe
O4 – HKCU\..\Run: [Komunikator] F:\Program Files\Tlen.pl\tlen.exe
O4 – HKCU\..\Run: [Steam] "d:\steam\steam.exe" –silent
O4 – HKCU\..\Run: [Spyware Doctor] "F:\Program Files\Spyware Doctor\spydoctor.exe" /Q
O4 – HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O8 – Extra context menu item: Download All by FlashGet – F:\Program Files\FlashGet\jc_all.htm
O8 – Extra context menu item: Download using FlashGet – F:\Program Files\FlashGet\jc_link.htm
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – F:\PROGRA~1\FlashGet\flashget.exe
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – F:\PROGRA~1\FlashGet\flashget.exe
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – F:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – F:\Program Files\Messenger\msmsgs.exe
O16 – DPF: {3D8700FB–86A4–4CB4–B738–6F0FC016AC7D} (MainControl Class) – http://arcaonline.arcabit.com/ArcaOnline.cab
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133795849484
O16 – DPF: {6E32070A–766D–4EE6–879C–DC1FA91D2FC3} (MUWebControl Class) – http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1133796391921
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{B24847FC–14B4–47AC–8A0A–2AD295DFDE38}: NameServer = 217.30.129.149,217.30.137.200
O20 – Winlogon Notify: MCD – F:\WINDOWS\system32\m2polc731f.dll
O23 – Service: AntiVir Service (AntiVirService) – H+BEDV Datentechnik GmbH – F:\Program Files\AVPersonal\AVGUARD.EXE
O23 – Service: AntiVir Update (AVWUpSrv) – H+BEDV Datentechnik GmbH, Germany – F:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 – Service: Kerio Personal Firewall 4 (KPF4) – Kerio Technologies – F:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – F:\WINDOWS\System32\nvsvc32.exe
Dziękuje.
Odpowiedzi: 5
Ja bym się przyjrzał temu gostkowi
http://www.sophos.com/virusinfo/analyses/w32rbotbah.html spójrz na zakładkę "Advancet" :)O4 – HKLM\..\RunServices: [Generic Host Process2 System Backup] scvhost2.exe
W FAQ przyklejonym masz instrukcję do tego jak się usuwa to Look2Me – zajrzyj tam.
hm, dzięki właśnie nie byłem pewny co do tego att4ack
Tego nie mogę usunąć, a po ponownym włączeniu kompa zmiena się nazwa tego pliku *.dll
sry, źe bez opisu ... poprostu miałem skoki pingów w grach online typu counter–strike, a łącze dsl 1mb. Jak usunąłem te wpisy to się troche poprawiło, duźo źadziej mam skoki i mniej wyskakuje error cl_FlushEntitypacket.
A ten wpis w hosts znam.
020 to Look2me.
Tego nie mogę usunąć, a po ponownym włączeniu kompa zmiena się nazwa tego pliku *.dll
sry, źe bez opisu ... poprostu miałem skoki pingów w grach online typu counter–strike, a łącze dsl 1mb. Jak usunąłem te wpisy to się troche poprawiło, duźo źadziej mam skoki i mniej wyskakuje error cl_FlushEntitypacket.
A ten wpis w hosts znam.
Do usuniecia:
+ ewentualnie ten wpis w hosts jeźli nic Ci nie mówi.
BTW, powyźej był post Under'a ale poszedła na smietnik, znudziło mi się juz poprawianie.
020 to Look2me.
hivision, właściwie temat bez źadnego opisu, sam log jest do zamknięcia.
O4 – HKLM\..\RunServices: [Sygate Personal Firewall] att4ck.exe
O4 – HKLM\..\RunServices: [Generic Host Process2 System Backup] scvhost2.exe
O4 – HKLM\..\RunServices: [Microsoft DLL Verifier] csrssv.exe
O20 – Winlogon Notify: MCD – F:\WINDOWS\system32\m2polc731f.dll
+ ewentualnie ten wpis w hosts jeźli nic Ci nie mówi.
BTW, powyźej był post Under'a ale poszedła na smietnik, znudziło mi się juz poprawianie.
020 to Look2me.
hivision, właściwie temat bez źadnego opisu, sam log jest do zamknięcia.
http://forum.centrumxp.pl/viewtopic.php?t=37513
Proszę.
Proszę.
Strona 1 / 1