Log do sprawdzenia
Proszę o sprawdzenie loga:
Logfile of HijackThis v1.99.1
Scan saved at 23:06:25, on 2005–09–02
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\NetLimiter\NetLimiter.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Downloads\keylogger\logger.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Spamihilator\spamihilator.exe
C:\Program Files\Maxthon\Maxthon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Downloads\hijackthis1.99.1\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O1 – Hosts: 83.238.29.162 www.victoria.kaluszyn.org
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 – HKLM\..\Run: [watch] "C:\Downloads\keylogger\logger.exe" /ukryj /lbl:SYSTEM
O4 – HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k
O4 – HKCU\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
O8 – Extra context menu item: Pobierz stronę WEB z Free Download Manager – file://C:\Program Files\Free Download Manager\dlpage.htm
O8 – Extra context menu item: Pobierz wszystko z Free Download Manager – file://C:\Program Files\Free Download Manager\dlall.htm
O8 – Extra context menu item: Pobierz z Free Download Manager – file://C:\Program Files\Free Download Manager\dllink.htm
O8 – Extra context menu item: Pobierz zaznaczenie z Free Download Manager – file://C:\Program Files\Free Download Manager\dlselected.htm
O12 – Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 – Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 – Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 – Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{4F69584B–E9AB–4794–8161–3917A1A6A37E}: NameServer = 194.204.159.1,194.204.152.34
O23 – Service: AntiVir Service (AntiVirService) – H+BEDV Datentechnik GmbH – C:\Program Files\AVPersonal\AVGUARD.EXE
O23 – Service: AntiVir Update (AVWUpSrv) – H+BEDV Datentechnik GmbH, Germany – C:\Program Files\AVPersonal\AVWUPSRV.EXE
Logfile of HijackThis v1.99.1
Scan saved at 23:06:25, on 2005–09–02
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\NetLimiter\NetLimiter.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Downloads\keylogger\logger.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Spamihilator\spamihilator.exe
C:\Program Files\Maxthon\Maxthon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Downloads\hijackthis1.99.1\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O1 – Hosts: 83.238.29.162 www.victoria.kaluszyn.org
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 – HKLM\..\Run: [watch] "C:\Downloads\keylogger\logger.exe" /ukryj /lbl:SYSTEM
O4 – HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k
O4 – HKCU\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
O8 – Extra context menu item: Pobierz stronę WEB z Free Download Manager – file://C:\Program Files\Free Download Manager\dlpage.htm
O8 – Extra context menu item: Pobierz wszystko z Free Download Manager – file://C:\Program Files\Free Download Manager\dlall.htm
O8 – Extra context menu item: Pobierz z Free Download Manager – file://C:\Program Files\Free Download Manager\dllink.htm
O8 – Extra context menu item: Pobierz zaznaczenie z Free Download Manager – file://C:\Program Files\Free Download Manager\dlselected.htm
O12 – Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 – Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 – Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 – Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{4F69584B–E9AB–4794–8161–3917A1A6A37E}: NameServer = 194.204.159.1,194.204.152.34
O23 – Service: AntiVir Service (AntiVirService) – H+BEDV Datentechnik GmbH – C:\Program Files\AVPersonal\AVGUARD.EXE
O23 – Service: AntiVir Update (AVWUpSrv) – H+BEDV Datentechnik GmbH, Germany – C:\Program Files\AVPersonal\AVWUPSRV.EXE
Odpowiedzi: 3
Nie potrzebne, wpis powstaje po awarii sytemu, moźna uciąć.
Czemu tego loga wstawiasz ? Przeglądałeś przyklejony temat ?
Czemu tego loga wstawiasz ? Przeglądałeś przyklejony temat ?
Keylogger zainstalowany umyślnie.
Co to jest:
O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k
Czy to jest potrzebne??
Co to jest:
O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k
Czy to jest potrzebne??
keylogger instalowany umyślnie?
jeśli tak, to nic więcej, bo analizer krzyczy tylko na bycie serwerem, ale widzę, źe tą stronę masz w podpisie.
jeśli tak, to nic więcej, bo analizer krzyczy tylko na bycie serwerem, ale widzę, źe tą stronę masz w podpisie.
Strona 1 / 1