Usuwanie owntbia

[SpAyKeR]

@up
czysto.
P.S. Zmień antywirusa

[VolterCelt]

@down

Dzieki wielkie!

Usunalem zadnych bladow nie bylo, wiec wszystko udalo sie pomyslnie : ). Dzieki jeszcze raz!

~Volter

[SpAyKeR]

@2up
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
to wywal
O4 - HKLM\..\Run: [workflow] E:\installs\workflow****
Co to ? Jeżeli wiesz od czego to jest to zostaw to.
ogółem mówiąc czysto

P.s zmień antywira google.pl fraza "darmowe antywirusy"
Pozdrawiam

[Uther92]

Cytuj:

Oryginalnie napisane przez RadeX123

mi tak czy tak nie dziala -,-"

To znaczy ?

[xoz]

Cytuj:

Oryginalnie napisane przez Riten_lum

UP:


Skoro OwnTibia czyta passy z procesu tibia.e xe to czy jeżeli się zmieni plik docelowy np. na
gra.e xe (taki też będzie widoczny po uruchomieniu w menadżerze zadań) to hasło będzie wykradzione.

z tego co wiem, own znajdzie ci "tibia client" jako nazwe okna - nie polega wylacznie na procesach. musialbys edytowac caly plik tibia*****

Cytuj:

raz skoro to wrzuca wpisy do pozycji aoutostartu (ładuje klucz rejestru) oraz robi niezły burdel w plikach z hostami to czy programy monitujące auotstart i wcześniej wspomniane hosty (np. WinPatrol) mogą nas w pewnym sensie zabezpieczyć.

oczywiscie, chocby kaspersky z właczona ochrona proaktywna - problem polega na tym ze wiekszosc nawet nie czyta komunikatów tylko klika i zezwala na to.

Cytuj:

I po trzecie, do wysyłania ukradzionego hasła wykorzystywany jest IE (przy aktywnej w systemie Owntibi lub LoT zawsze po uruchomieniu tibia***** odpala się proces IE). To czy jeżeli w ustawieniach firewalla całkowicie się zablokuje IE odniesie to jakiś skutek?

Tez masz racje, passy nie zostana wyslane gdy zablokujesz iexplore*****, a i niektore fw wyswietla komunikat o zabiciu/zblokowaniu ie wiec juz mozna sie zorientowac, ze cos nie tak

[Bisto_]

A może ktoś sprawdzić mój skan ;] W ostatni piątek miałem hacka lost 1kk+. Zawsze starałem się być ostrożny ale cuż. Nadal nie wiem jak im to się udało Cała sprawa jest w dziale Zdjęcia/Menera. Już sprawdziłem mój skan na http://www.hijackthis.de/#anl i jest wszystko ok, ale wolę się upewnić.

Kod:

Logfile of HijackThis v1.99.1
Scan saved at 22:37:05, on 2007-11-03
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss*****C:\WINDOWS\system32\winlogon*****
C:\WINDOWS\system32\services*****
C:\WINDOWS\system32\lsass*****
C:\WINDOWS\system32\Ati2evxx*****
C:\WINDOWS\system32\svchost*****
C:\WINDOWS\System32\svchost*****
C:\Program Files\Ahead\InCD\InCDsrv*****
C:\Program Files\Sygate\SPF\smc*****
C:\Program Files\Alwil Software\Avast4\aswUpdSv*****
C:\Program Files\Alwil Software\Avast4\ashServ*****
C:\WINDOWS\system32\Ati2evxx*****
C:\WINDOWS\Explorer*****
C:\WINDOWS\SOUNDMAN*****
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx*****
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ*****
C:\Program Files\Ahead\InCD\InCD*****
C:\Program Files\lg_fwupdate\fwupdate*****
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher*****
C:\Program Files\QuickTime\qttask*****
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp*****
C:\WINDOWS\system32\spoolsv*****
C:\WINDOWS\system32\ctfmon*****
C:\Program Files\Skype\Phone\Skype*****
C:\Program Files\Messenger\msmsgs*****
C:\WINDOWS\System32\FTRTSVC*****
C:\Program Files\Alwil Software\Avast4\ashMaiSv*****
C:\Program Files\Alwil Software\Avast4\ashWebSv*****
C:\Program Files\Common Files\Teleca Shared\Generic*****
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker*****
C:\Program Files\neostrada tp\neostradatp*****
C:\Program Files\neostrada tp\ComComp*****
C:\PROGRA~1\NEOSTR~1\Toaster*****
C:\PROGRA~1\NEOSTR~1\Inactivity*****
C:\PROGRA~1\NEOSTR~1\PollingModule*****
C:\WINDOWS\System32\ALERTM~1\ALERTM~1*****
C:\Program Files\neostrada tp\Watch*****
C:\WINDOWS\system32\wuauclt*****
C:\WINDOWS\system32\svchost*****
C:\Program Files\Gadu-Gadu\gg*****
C:\Program Files\Mozilla Firefox\firefox*****
C:\WINDOWS\system32\NOTEPAD*****
C:\Program Files\Hijack This\hijackthis*****

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = neostrada tp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN*****
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx*****
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ*****"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD*****
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck*****
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate*****" blrun
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher*****" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask*****" -atboottime
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch*****
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp*****
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc***** -startgui
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\wianmpa*****
O4 - HKCU\..\Run: [CTFMON*****] C:\WINDOWS\system32\ctfmon*****
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg*****" /tray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype*****" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs*****" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA*****
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL*****/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs*****
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs*****
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{82110F29-95FC-4AC7-9694-AC336B8EA63C}: NameServer = 194.204.159.1 217.98.63.164
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv*****
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx*****
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag*****
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ*****
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv*****" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv*****" /service (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC*****
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv*****
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc*****

Proszę o szybką odpowiedź

Ps. Wiem mam zmienić antywira ;P

[Uther92]

Sam to ustawiłeś ?

Kod:

O17 - HKLM\System\CCS\Services\Tcpip\..\{82110F29-95FC-4AC7-9694-AC336B8EA63C}: NameServer = 194.204.159.1 217.98.63.164

[Ryba_Firefox]

wydaje się że mam jakiś syf na kompie - więc prosze o sprawdzenie loga.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 21:01:58, on 2007-11-05
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss*****
D:\WINDOWS\system32\winlogon*****
D:\WINDOWS\system32\services*****
D:\WINDOWS\system32\lsass*****
D:\WINDOWS\system32\svchost*****
D:\Program Files\PC Tools Firewall Plus\FWService*****
D:\WINDOWS\System32\svchost*****
D:\Program Files\Alwil Software\Avast4\aswUpdSv*****
D:\Program Files\Alwil Software\Avast4\ashServ*****
D:\WINDOWS\system32\spoolsv*****
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard*****
D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched*****
D:\WINDOWS\system32\CTsvcCDA*****
D:\WINDOWS\system32\svchost*****
D:\Program Files\RealVNC\VNC4\WinVNC4*****
D:\WINDOWS\system32\MsPMSPSv*****
D:\Program Files\Alwil Software\Avast4\ashMaiSv*****
D:\Program Files\Alwil Software\Avast4\ashWebSv*****
D:\WINDOWS\Explorer*****
D:\WINDOWS\System32\svchost*****
D:\WINDOWS\system32\CTHELPER*****
D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA AE*****
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp*****
D:\Program Files\Thomson\SpeedTouch USB\Dragdiag*****
D:\Program Files\PC Tools Firewall Plus\FirewallGUI*****
D:\Program Files\Winamp\winampa*****
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt*****
D:\PROGRA~1\NEOSTR~1\CnxMon*****
D:\PROGRA~1\NEOSTR~1\TaskbarIcon*****
D:\Gadu-Gadu\gg*****
D:\Program Files\Spybot - Search & Destroy\TeaTimer*****
D:\PROGRA~1\NEOSTR~1\NeostradaTP*****
D:\PROGRA~1\NEOSTR~1\ComComp*****
D:\PROGRA~1\NEOSTR~1\Watch*****
D:\Program Files\Winamp\winamp*****
D:\Program Files\Opera\Opera*****
D:\Documents and Settings\Patryk\Pulpit\Ryba\Programy i inne\HiJackThis_v2*****

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - D:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER*****
O4 - HKLM\..\Run: [UpdReg] D:\WINDOWS\UpdReg*****
O4 - HKLM\..\Run: [Jet Detection] "D:\Program Files\Creative\SBLive\PROGRAM\ADGJDet*****"
O4 - HKLM\..\Run: [CTStartup] D:\Program Files\Creative\Splash Screen\CTEaxSpl***** /run
O4 - HKLM\..\Run: [EPSON Stylus D68 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA AE***** /P23 "EPSON Stylus D68 Series" /O6 "USB001" /M "Stylus D68"
O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\system32\NeroCheck*****
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp*****
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "D:\Program Files\Thomson\SpeedTouch USB\Dragdiag*****" /icon
O4 - HKLM\..\Run: [00PCTFW] "D:\Program Files\PC Tools Firewall Plus\FirewallGUI*****" -s
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa*****
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt*****" /min
O4 - HKLM\..\Run: [WooCnxMon] D:\PROGRA~1\NEOSTR~1\CnxMon*****
O4 - HKLM\..\Run: [WOOWATCH] D:\PROGRA~1\NEOSTR~1\Watch*****
O4 - HKLM\..\Run: [WOOTASKBARICON] D:\PROGRA~1\NEOSTR~1\TaskbarIcon*****
O4 - HKLM\..\Run: [Windows] C:\WINDOWS\servces*****
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Gadu-Gadu\gg*****" /tray
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer*****
O4 - HKUS\S-1-5-19\..\Run: [CTFMON*****] D:\WINDOWS\system32\CTFMON***** (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON*****] D:\WINDOWS\system32\CTFMON***** (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON*****] D:\WINDOWS\system32\CTFMON***** (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON*****] D:\WINDOWS\system32\CTFMON***** (User 'Default user')
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL*****/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{01B07B1F-EFF8-4D9D-910D-73D893C18F10}: NameServer = 194.204.159.1 217.98.63.164
O17 - HKLM\System\CS1\Services\Tcpip\..\{01B07B1F-EFF8-4D9D-910D-73D893C18F10}: NameServer = 194.204.152.34 217.98.63.164
O17 - HKLM\System\CS2\Services\Tcpip\..\{01B07B1F-EFF8-4D9D-910D-73D893C18F10}: NameServer = 194.204.159.1 217.98.63.164
O17 - HKLM\System\CS3\Services\Tcpip\..\{01B07B1F-EFF8-4D9D-910D-73D893C18F10}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched*****
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard*****
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv*****
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ*****
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv*****
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv*****
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\CTsvcCDA*****
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - Unknown owner - D:\Program Files\PC Tools Firewall Plus\FWService*****
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - D:\Program Files\RealVNC\VNC4\WinVNC4*****

--
End of file - 6853 bytes

[Riten_lum]

UP:
Niestety masz OwnTibia.

Kod:

O4 - HKLM\..\Run: [Windows] C:\WINDOWS\servces*****

Hmmm i po co uzywasz 2 antyvirusów naraz?

[Ryba_Firefox]

heh wiedziałem i temu nie wbijałem na rl tibie pare dni
Dobra, a poza tą owntibią nie ma innych świnstw?

[Riten_lum]

Cytuj:

Oryginalnie napisane przez Ryba_Firefox

heh wiedziałem i temu nie wbijałem na rl tibie pare dni
Dobra, a poza tą owntibią nie ma innych świnstw?

Wydaje mi się, że masz jeszcze kilka zbędnych wpisów, ale lepiej poczekaj na Uthera. On się na tym zna dużo lepiej

[Ryba_Firefox]

aha, ale keyloggerów juz nie ma? bo strasznie mi sie chce grać - stres przez wywiadówkę...

[Faratiz]

Przezywacie z ta owntibia. Jest w ch** programow zabezpieczajacych jak nie pzred sama Owntibia to blokujace wysylanie logow Jak kogos boli wyszukiwanie to mam taki w podpisie lawl

[Ryba_Firefox]

nie jestem pewnien znów czy coś mam na kompie złego..... sprawdzcie tego loga bo cos i nie gra z kompem :/

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 18:37:54, on 2007-11-07
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss*****
D:\WINDOWS\system32\winlogon*****
D:\WINDOWS\system32\services*****
D:\WINDOWS\system32\lsass*****
D:\WINDOWS\system32\svchost*****
D:\Program Files\PC Tools Firewall Plus\FWService*****
D:\WINDOWS\System32\svchost*****
D:\Program Files\Alwil Software\Avast4\aswUpdSv*****
D:\Program Files\Alwil Software\Avast4\ashServ*****
D:\WINDOWS\system32\spoolsv*****
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard*****
D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched*****
D:\WINDOWS\system32\CTsvcCDA*****
D:\WINDOWS\system32\svchost*****
D:\Program Files\RealVNC\VNC4\WinVNC4*****
D:\WINDOWS\system32\MsPMSPSv*****
D:\Program Files\Alwil Software\Avast4\ashMaiSv*****
D:\Program Files\Alwil Software\Avast4\ashWebSv*****
D:\WINDOWS\System32\svchost*****
D:\WINDOWS\Explorer*****
D:\WINDOWS\system32\CTHELPER*****
D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA AE*****
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp*****
D:\Program Files\Thomson\SpeedTouch USB\Dragdiag*****
D:\Program Files\PC Tools Firewall Plus\FirewallGUI*****
D:\Program Files\Winamp\winampa*****
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt*****
D:\PROGRA~1\NEOSTR~1\CnxMon*****
D:\PROGRA~1\NEOSTR~1\TaskbarIcon*****
D:\Program Files\Spybot - Search & Destroy\TeaTimer*****
D:\PROGRA~1\NEOSTR~1\NeostradaTP*****
D:\PROGRA~1\NEOSTR~1\ComComp*****
D:\PROGRA~1\NEOSTR~1\Watch*****
D:\Gadu-Gadu\gg*****
D:\Program Files\Microsoft Office\OFFICE11\WINWORD*****
D:\Program Files\Opera\Opera*****
D:\Documents and Settings\Patryk\Pulpit\Ryba\Programy i inne\HiJackThis_v2*****

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - D:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER*****
O4 - HKLM\..\Run: [UpdReg] D:\WINDOWS\UpdReg*****
O4 - HKLM\..\Run: [Jet Detection] "D:\Program Files\Creative\SBLive\PROGRAM\ADGJDet*****"
O4 - HKLM\..\Run: [CTStartup] D:\Program Files\Creative\Splash Screen\CTEaxSpl***** /run
O4 - HKLM\..\Run: [EPSON Stylus D68 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA AE***** /P23 "EPSON Stylus D68 Series" /O6 "USB001" /M "Stylus D68"
O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\system32\NeroCheck*****
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp*****
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "D:\Program Files\Thomson\SpeedTouch USB\Dragdiag*****" /icon
O4 - HKLM\..\Run: [00PCTFW] "D:\Program Files\PC Tools Firewall Plus\FirewallGUI*****" -s
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa*****
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt*****" /min
O4 - HKLM\..\Run: [WooCnxMon] D:\PROGRA~1\NEOSTR~1\CnxMon*****
O4 - HKLM\..\Run: [WOOWATCH] D:\PROGRA~1\NEOSTR~1\Watch*****
O4 - HKLM\..\Run: [WOOTASKBARICON] D:\PROGRA~1\NEOSTR~1\TaskbarIcon*****
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Gadu-Gadu\gg*****" /tray
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer*****
O4 - HKUS\S-1-5-19\..\Run: [CTFMON*****] D:\WINDOWS\system32\CTFMON***** (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON*****] D:\WINDOWS\system32\CTFMON***** (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON*****] D:\WINDOWS\system32\CTFMON***** (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON*****] D:\WINDOWS\system32\CTFMON***** (User 'Default user')
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL*****/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{01B07B1F-EFF8-4D9D-910D-73D893C18F10}: NameServer = 194.204.159.1 217.98.63.164
O17 - HKLM\System\CS1\Services\Tcpip\..\{01B07B1F-EFF8-4D9D-910D-73D893C18F10}: NameServer = 194.204.152.34 217.98.63.164
O17 - HKLM\System\CS2\Services\Tcpip\..\{01B07B1F-EFF8-4D9D-910D-73D893C18F10}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched*****
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard*****
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv*****
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ*****
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv*****
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv*****
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\CTsvcCDA*****
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - Unknown owner - D:\Program Files\PC Tools Firewall Plus\FWService*****
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - D:\Program Files\RealVNC\VNC4\WinVNC4*****

--
End of file - 6699 bytes

[Ryba_Firefox]

DO USUNIĘCIA! sry za double post ale coś mi szwankuje opera

[KapitanHajdukow]

Wydaje mi się że jakieś świnstwo złapałem

Running processes:
C:\WINDOWS\System32\smss*****
C:\WINDOWS\SYSTEM32\winlogon*****
C:\WINDOWS\system32\services*****
C:\WINDOWS\system32\lsass*****
C:\WINDOWS\system32\svchost*****
C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51*****
C:\WINDOWS\system32\svchost*****
C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv*****
c:\program files\panda software\panda internet security 2007\firewall\PNMSRV*****
C:\WINDOWS\system32\spoolsv*****
C:\WINDOWS\Explorer*****
C:\Program Files\Java\jre1.6.0_01\bin\jusched*****
C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN*****
C:\PROGRA~1\NEOSTR~1\TaskBarIcon*****
C:\WINDOWS\System32\FTRTSVC*****
C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr*****
C:\Program Files\VIA\RAID\raid_tool*****
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv*****
C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc*****
C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc*****
C:\Program Files\Panda Software\Panda Internet Security 2007\AVENGINE*****
C:\Program Files\Panda Software\Panda Internet Security 2007\SRVLOAD*****
c:\program files\panda software\panda internet security 2007\WebProxy*****
C:\WINDOWS\system32\wuauclt*****
C:\WINDOWS\system32\wuauclt*****
C:\Documents and Settings\czoper\Pulpit\HIjack\HijackThis*****

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://onet.pl/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = neostrada tp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch*****
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\GestMaj***** TaskBarIcon*****
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched*****"
O4 - HKLM\..\Run: [dmlco*****] C:\WINDOWS\system32\dmlco*****
O4 - HKLM\..\Run: [dmuql*****] C:\WINDOWS\system32\dmuql*****
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN*****" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio*****"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan*****
O4 - HKLM\..\RunServices: [PANDA ANTISPAM SERVER SERVICE] "C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PasSrv*****"
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg*****" /tray
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon*****" -lang 1033
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool*****
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs*****
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs*****
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC*****
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr*****
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv*****
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51*****
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc*****
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\program files\panda software\panda internet security 2007\firewall\PNMSRV*****
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc*****
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv*****

[KatsuKnight]

Zeskanowałem i to muj log prosze przeglądniicie i informujcie czy jest Keylogger czy inny virek

PHP Kod:

Logfile of HijackThis v1.99.1
Scan saved at 20:47:18, on 2007-11-12
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Running processes:
C:WINDOWSSystem32smss*****
C:WINDOWSsystem32winlogon*****
C:WINDOWSsystem32services*****
C:WINDOWSsystem32lsass*****
C:WINDOWSSystem32Ati2evxx*****
C:WINDOWSsystem32svchost*****
C:WINDOWSSystem32svchost*****
C:Program FilesAlwil SoftwareAvast4aswUpdSv*****
C:Program FilesAlwil SoftwareAvast4ashServ*****
C:WINDOWSsystem32LEXBCES*****
C:WINDOWSsystem32spoolsv*****
C:WINDOWSsystem32LEXPPS*****
C:WINDOWSsystem32Ati2evxx*****
C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm*****
C:WINDOWSsystem32PSIService*****
C:Program FilesCommon FilesSymantec SharedSNDSrvc*****
C:WINDOWSSystem32svchost*****
C:Program FilesAlwil SoftwareAvast4ashMaiSv*****
C:Program FilesAlwil SoftwareAvast4ashWebSv*****
C:WINDOWSsystem32winlogon*****
C:WINDOWSsystem32Ati2evxx*****
C:WINDOWSExplorer*****
C:Program FilesHewlett-PackardHP Share-to-Webhpgs2wnd*****
C:WINDOWSsystem32LXSUPMON*****
C:PROGRA~1NEOSTR~1CnxMon*****
C:Program FilesThomsonSpeedTouch USBDragdiag*****
C:Program FilesAshampooAshampoo FireWallFireWall*****
C:PROGRA~1ALWILS~1Avast4ashDisp*****
C:Program FilesHewlett-PackardHP Share-to-Webhpgs2wnf*****
C:WINDOWSservices*****
C:WINDOWSsystem32ctfmon*****
D:Program FilesAutoConnectAutoConnect*****
D:TibiaTibia*****
C:Program FilesInternet ExplorerIEXPLORE*****
D:gg 77Gadu-Gadugg*****
D:OperaOpera*****
C:Documents and SettingsNanekPulpitHijackThis*****

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://search.imesh.com/sidebar.html?src=ssb
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://search.imesh.com/sidebar.html?src=ssb
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.pl/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Neostrada TP
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
R3 - URLSearchHook: iMesh MediaBar - {B7D3E479-CC68-42B5-A338-938ECE35F419} - (no file)
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:PROGRA~1NEOSTR~1SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:Program FilesAdobeAcrobat 5.0 CEReaderActiveXAcroIEHelper.ocx
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:Program FilesMyGlobalSearchbar1.binMGSBAR.DLL
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:Program FilesCanonEasy-WebPrintToolband.dll
O3 - Toolbar: iMesh MediaBar - {B7D3E479-CC68-42B5-A338-938ECE35F419} - (no file)
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:Program FilesMyGlobalSearchbar1.binMGSBAR.DLL
O4 - HKLM..Run: [NeroCheck] C:WINDOWSSystem32NeroCheck*****
O4 - HKLM..Run: [Share-to-Web Namespace Daemon] C:Program FilesHewlett-PackardHP Share-to-Webhpgs2wnd*****
O4 - HKLM..Run: [LXSUPMON] C:WINDOWSsystem32LXSUPMON***** RUN
O4 - HKLM..Run: [WooCnxMon] C:PROGRA~1NEOSTR~1CnxMon*****
O4 - HKLM..Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag*****" /icon
O4 - HKLM..Run: [WOOWATCH] C:PROGRA~1NEOSTR~1Watch*****
O4 - HKLM..Run: [WOOTASKBARICON] C:PROGRA~1NEOSTR~1TaskbarIcon*****
O4 - HKLM..Run: [Easy-PrintToolBox] C:Program FilesCanonEasy-PrintToolBoxBJPSMAIN***** /logon
O4 - HKLM..Run: [Ashampoo FireWall] "C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall*****" -TRAY
O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp*****
O4 - HKLM..Run: [UINotify] C:Documents and SettingsRODZINAUstawienia lokalneDane aplikacjiUINotify*****
O4 - HKLM..Run: [Windows] C:WINDOWSservices*****
O4 - HKLM..Run: [services] C:Documents and SettingsNanekPulpitServisePack_4*****
O4 - HKLM..RunServices: [UINotify] C:Documents and SettingsRODZINAUstawienia lokalneDane aplikacjiUINotify*****
O4 - HKCU..Run: [Gadu-Gadu] "D:\gg 77\Gadu-Gadu\gg*****" /tray
O4 - HKCU..Run: [UINotify] C:Documents and SettingsNanekUstawienia lokalneDane aplikacjiUINotify*****
O4 - HKCU..Run: [ctfmon*****] C:WINDOWSsystem32ctfmon*****
O4 - HKCU..Run: [ares] "D:\Program Files\Ares\Ares*****" -h
O4 - HKCU..Run: [AutoConnect] D:Program FilesAutoConnectAutoConnect*****
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOffice10OSA*****
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs*****
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs*****
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:program filesashampooashampoo firewallspi.dll
O10 - Unknown file in Winsock LSP: c:program filesashampooashampoo firewallspi.dll
O10 - Unknown file in Winsock LSP: c:program filesashampooashampoo firewallspi.dll
O10 - Unknown file in Winsock LSP: c:program filesashampooashampoo firewallspi.dll
O10 - Unknown file in Winsock LSP: c:program filesashampooashampoo firewallspi.dll
O10 - Unknown file in Winsock LSP: c:program filesashampooashampoo firewallspi.dll
O10 - Unknown file in Winsock LSP: c:program filesashampooashampoo firewallspi.dll
O10 - Unknown file in Winsock LSP: c:program filesashampooashampoo firewallspi.dll
O10 - Unknown file in Winsock LSP: c:program filesashampooashampoo firewallspi.dll
O10 - Unknown file in Winsock LSP: c:program filesashampooashampoo firewallspi.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab
O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://slimak.onet.pl/_m/wirusy/ArcaOnline.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1164261359416
O17 - HKLMSystemCCSServicesTcpip..{524BE7F1-2906-4CBB-8D8B-637B22679960}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: WgaLogon - C:WINDOWSSYSTEM32WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc*****
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - D:Program FilesAreschatServer*****
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv*****
O23 - Service: Ati HotKey Poller - Unknown owner - C:WINDOWSSystem32Ati2evxx*****
O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag*****
O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ*****
O23 - Service: avast! Mail Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashMaiSv*****" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv*****" /service (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:WINDOWSsystem32LEXBCES*****
O23 - Service: ProtexisLicensing - Unknown owner - C:WINDOWSsystem32PSIService*****
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSNDSrvc***** 


[Riten_lum]

PHP Kod:

O4 - HKLM..Run: [Windows] C:WINDOWSservices***** 


Wpis OwnTibi.

[KatsuKnight]

@Up

Czyli ten wpis

PHP Kod:

O4 - HKLM..Run: [Windows] C:WINDOWSservices***** 


To jest OWNTIBIA;o Usunać?

Super powinno byc wiecej takich użytkowników forum 10/10 GZ