Forum Tibia.pl - Zobacz pojedynczy post

Makaveli Tha Don · 06-06-2007, 16:03

Dzisiaj sciagnalem bot o nazwie Tibia Auto. Po zainstalowaniu go zauwazylem, ze na pulpicie pojawil sie dziwny plik o nazwie "server*****". Zorientowalem sie, ze to plik owntibii, wiec sciagnalem "owntibia-deleter". Program wykryl owntibie, ale nie moglem jej usunac. Zajzalem do tego tematu i sciagnalem "Hijackthis!". Zrobilem skan i nie wiem ktory plik jest tym "owntibiowym.
Prosze o pomoc!
Udostepniam zapis mojego logu:
Logfile of HijackThis v1.99.1
Scan saved at 14:49:04, on 2007-06-06
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\Explorer*****
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp*****
C:\=WSZYSTKIE=\Winamp\Winampa*****
C:\WINDOWS\system32\ctfmon*****
C:\Program Files\Internet Explorer\iexplore*****
C:\Documents and Settings\adrian\Pulpit\HijackThis*****

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.find.fm/?aid=95&sid=99
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: (no name) - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - (no file)
F2 - REG:system.ini: Shell=
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.28.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: XBTB04482 - {D72F6457-DDC6-4bc2-9DB5-97AD696800B6} - C:\PROGRA~1\FINDFM~1\toolbar.dll (file missing)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp*****
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck*****
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WinampAgent] "C:\=WSZYSTKIE=\Winamp\Winampa*****"
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC*****" -servicehelper
O4 - HKLM\..\Run: [MediaKey] C:\PROGRA~1\INTERN~2\MEDIAKEY*****
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun*****
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray*****" /s
O4 - HKCU\..\Run: [CTFMON*****] C:\WINDOWS\system32\ctfmon*****
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype*****" /nosplash /minimized
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001*****"
O4 - HKCU\..\Run: [Steam] C:\Program Files\Steam\Steam***** -silent
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent*****" --force_start_minimized
O4 - Startup: UniSpiker-2.6.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl*****
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet*****/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet*****/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet*****/AddLink.htm
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1130355726364
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv*****
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ*****
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv*****" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv*****" /service (file missing)
O23 - Service: NetTime (NetTimeSvc) - Unknown owner - C:\Documents and Settings\Administrator\Pulpit\NetTime\NeTmSvNT**** * (file missing)
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\UltraVNC\WinVNC*****" -service (file missing)

06-06-2007, 16:03	#32
Makaveli Tha Don Użytkownik Forum Data dołączenia: 03 04 2006 Lokacja: Sfargront Posty: 79 Stan: Początkujący Imię: Gary ****ulitis Profesja: Rookstayer Gildia: Arcanium Świat: Iridia Poziom: 007 Skille: 7/9 Poziom mag.: 4	Dzisiaj sciagnalem bot o nazwie Tibia Auto. Po zainstalowaniu go zauwazylem, ze na pulpicie pojawil sie dziwny plik o nazwie "server***". Zorientowalem sie, ze to plik owntibii, wiec sciagnalem "owntibia-deleter". Program wykryl owntibie, ale nie moglem jej usunac. Zajzalem do tego tematu i sciagnalem "Hijackthis!". Zrobilem skan i nie wiem ktory plik jest tym "owntibiowym. Prosze o pomoc! Udostepniam zapis mojego logu: Logfile of HijackThis v1.99.1 Scan saved at 14:49:04, on 2007-06-06 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\Explorer* C:\PROGRA~1\ALWILS~1\Avast4\ashDisp* C:\=WSZYSTKIE=\Winamp\Winampa* C:\WINDOWS\system32\ctfmon* C:\Program Files\Internet Explorer\iexplore* C:\Documents and Settings\adrian\Pulpit\HijackThis* R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.find.fm/?aid=95&sid=99 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: (no name) - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - (no file) F2 - REG:system.ini: Shell= O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.28.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: XBTB04482 - {D72F6457-DDC6-4bc2-9DB5-97AD696800B6} - C:\PROGRA~1\FINDFM~1\toolbar.dll (file missing) O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp* O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck* O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [WinampAgent] "C:\=WSZYSTKIE=\Winamp\Winampa*" O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC*" -servicehelper O4 - HKLM\..\Run: [MediaKey] C:\PROGRA~1\INTERN~2\MEDIAKEY* O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun* O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray*" /s O4 - HKCU\..\Run: [CTFMON*] C:\WINDOWS\system32\ctfmon* O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype*" /nosplash /minimized O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001*" O4 - HKCU\..\Run: [Steam] C:\Program Files\Steam\Steam* -silent O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent*" --force_start_minimized O4 - Startup: UniSpiker-2.6.lnk = ? O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl* O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet*/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet*/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet*/AddLink.htm O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1130355726364 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv* O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ* O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv*" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv*" /service (file missing) O23 - Service: NetTime (NetTimeSvc) - Unknown owner - C:\Documents and Settings\Administrator\Pulpit\NetTime\NeTmSvNT** * (file missing) O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\UltraVNC\WinVNC*****" -service (file missing) __________________ Lock me in a cage I'll display my rage Surround the court buildin with the gauge and spray They wonder if I'll go when I'm finally sentenced On my knees to God, beggin for repentence. Only God Can Judge Me, Nobody Else.