proszę o wgląd w ten log:
Logfile of HijackThis v1.99.1
Scan saved at 08:53:37, on 2007-06-23
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss*****
C:\WINNT\system32\winlogon*****
C:\WINNT\system32\services*****
C:\WINNT\system32\lsass*****
C:\WINNT\system32\svchost*****
C:\Program Files\Common Files\Symantec Shared\ccSetMgr*****
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr*****
C:\Program Files\Common Files\Symantec Shared\ccProxy*****
C:\Program Files\Common Files\Symantec Shared\SNDSrvc*****
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc*****
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc*****
C:\WINNT\system32\spoolsv*****
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService*****
C:\WINNT\System32\svchost*****
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc*****
C:\Program Files\Nero\Nero 7\InCD\InCDsrv*****
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc*****
C:\WINNT\System32\nvsvc32*****
C:\WINNT\system32\regsvc*****
C:\WINNT\system32\MSTask*****
C:\WINNT\System32\WBEM\WinMgmt*****
C:\WINNT\system32\svchost*****
C:\WINNT\System32\svchost*****
C:\WINNT\Explorer*****
C:\Program Files\Java\jre1.6.0_01\bin\jusched*****
C:\Program Files\Nero\Nero 7\InCD\NBHGui*****
C:\Program Files\Nero\Nero 7\InCD\InCD*****
C:\WINNT\services*****
C:\Program Files\Common Files\Symantec Shared\ccApp*****
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor*****
C:\Program Files\Weather Alarm Clock\WeatherAlarmClock*****
C:\Program Files\Gadu-Gadu\gg*****
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService*****
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr*****
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE*****
C:\Program Files\Mozilla Firefox\firefox*****
C:\Documents and Settings\Bartek.BARTEK\Pulpit\hijackthis\HijackThi s*****

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\Program Files\ivo\Expressivo\IH_iexplore.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\Program Files\ivo\Expressivo\IH_iexplore.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync***** /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32***** C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz***** /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32***** C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched*****"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon*****" -lang 1033 -lock
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon*****"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck*****
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui*****
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD*****
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop*****" /startup
O4 - HKLM\..\Run: [kernell31] C:\WINNT\services*****
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp*****"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt*****
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl*****"
O4 - HKCU\..\Run: [Expressivo] "C:\Program Files\ivo\Expressivo\expressivo*****" -t
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor*****"
O4 - HKCU\..\Run: [zRain] C:\Program Files\Weather Alarm Clock\zRain*****
O4 - HKCU\..\Run: [WeatherAlarmClock] C:\Program Files\Weather Alarm Clock\WeatherAlarmClock*****
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg*****" /tray
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr*****
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc*****
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy*****
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr*****
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost*****
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService*****
O23 - Service: Usługa administracyjna Menedżera dysków logicznych (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin*****
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager*****
O23 - Service: Harmonogram automatycznej usługi LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc*****
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv*****
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1*****
O23 - Service: Usługa Auto-Protect programu Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc*****
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService*****
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService*****
O23 - Service: Usługa Norton Protection Center (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE*****
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32*****
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan*****
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc*****
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc*****
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc*****

C:\WINNT\system32\services*****

czy coś jest w tym pliku?

Fajny poradnik;p. Ja tam nie ściągam nic takiego co jest podejrzane więc ja nie daje się haknąć(odpukać-puk-puk). Poradnik 10/10 XDD

Masz go w dwóch lokacjach i zapewne ten jest owntibią.

Użyj "fix it" albo usuń z rejestru ręcznie.

prosze o mój:
co to fix chcked i cos sie stanie ze systemem??

fixujemy:

Na mnie już za późno...
 

Dla mnie to już koniec z tibią, tak jak i u kumpla. Ja prawie nic nie straciłem, ale kumpel, 87 EK z Avenger'em. Ale jakoś lekko jest nam ;) Wielki pożeracz czasu poszedł w niepamięć. Ale najpierw hack dla hackera :evul:

Moge odrazu dac to
127.0.0.1 owntibia.com
127.0.0.1 vip.owntibia.com
127.0.0.1 87.98.239.19
do pliku hosts nie? Jezeli jestem 2 dni po formacie :D

@Up
Dodaj.

tak, i dopisz jescze :
127.0.0.1 wizzard.home.pl

@up
Czemu jescze to ? :PPP

Bo to nowa domena wizza.

Hmm wiec zrokowalem swojego 85palla ale mam kase na drucie i myslalem ze mam keyloga i sie nie logowalem noi skanowalem avastem i nod32 avast wykryl trojany usunelo mi all ale keyloga nie wykrylo zalogowalem sie na 10sorca i mi hakli :P i teraz znalalem ten plik xxx.bat to jest owntibia?;>czy zwykly keylog
ss wrzucilem do mojego albumu http://s94.photobucket.com/albums/l9...rent=lol-1.jpg
jeszcze znalalezlem ikone tego w system32 bylo pod nazwa sys34 ale zakonczylem dzialanie i usunelem to byl ten ip changer do ots 8.0 keylog :P

Masz keylogga lord of tibia.

Zaczęło się od ,,niby'' programu zabezpieczającego foldery hasłem. Potem NOD zaczął szaleć, usunąłem to. Myślałem, że już jest ok ale dzisiaj jak włączałem Tibię, to ciągle przy logowaniu zmieniało mi się aktywne okienko. Dzisiaj patrze HiJackThis'em mam ten proces od tego programu i services. e.x.e

http://img171.imageshack.us/my.php?image=exploitiv5.png

usunąć to up?

Logfile of HijackThis v1.99.1
Scan saved at 19:32:58, on 2007-06-27
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss*****
C:\WINDOWS\system32\winlogon*****
C:\WINDOWS\system32\services*****
C:\WINDOWS\system32\lsass*****
C:\WINDOWS\system32\svchost*****
C:\WINDOWS\System32\svchost*****
C:\Program Files\Alwil Software\Avast4\aswUpdSv*****
C:\Program Files\Alwil Software\Avast4\ashServ*****
C:\WINDOWS\Explorer*****
C:\WINDOWS\system32\spoolsv*****
C:\WINDOWS\SOUNDMAN*****
C:\PROGRA~1\NEOSTR~1\CnxMon*****
C:\PROGRA~1\NEOSTR~1\TaskbarIcon*****
C:\Program Files\HP\HP Software Update\HPWuSchd*****
C:\Program Files\Java\j2re1.4.2_06\bin\jusched*****
C:\Program Files\GameDeviceDriver\RFPIcon*****
C:\WINDOWS\system32\rundll32*****
C:\Program Files\Common Files\Real\Update_OB\realsched*****
C:\Program Files\Winamp\winampa*****
C:\Program Files\QuickTime\qttask*****
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1**** *
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1*****
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp*****
C:\Program Files\LClock\LClock*****
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher*****
C:\WINDOWS\system32\ctfmon*****
C:\Program Files\Skype\Phone\Skype*****
C:\valve\steam\steam*****
C:\Program Files\Common Files\Teleca Shared\CapabilityManager*****
C:\Program Files\Messenger\msmsgs*****
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon*****
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1**** *
C:\Program Files\HP\Digital Imaging\bin\hpqtra08*****
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare*****
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater*****
C:\Program Files\Common Files\Teleca Shared\Generic*****
C:\WINDOWS\system32\CTSvcCDA*****
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM*****
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker*****
C:\WINDOWS\System32\svchost*****
C:\WINDOWS\system32\MsPMSPSv*****
C:\Program Files\Alwil Software\Avast4\ashMaiSv*****
C:\Program Files\Alwil Software\Avast4\ashWebSv*****
C:\WINDOWS\system32\HPZipm12*****
C:\WINDOWS\system32\wuauclt*****
C:\Program Files\Internet Explorer\iexplore*****
C:\Program Files\Gadu-Gadu\gg*****
C:\Program Files\Opera\Opera*****
C:\Program Files\WinRAR\WinRAR*****
C:\DOCUME~1\MATEUS~1\USTAWI~1\Temp\Rar$EX00.031\Hi jackThis*****

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN*****
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck*****
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon*****
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch*****
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon*****
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd*****"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg*****
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched*****
O4 - HKLM\..\Run: [RTBatteryMeter] C:\Program Files\GameDeviceDriver\RFPIcon*****
O4 - HKLM\..\Run: [CleanRegPath] C:\PROGRA~1\ADSLUT~1\CleanReg*****
O4 - HKLM\..\Run: [CnxTrApp] rundll32***** "C:\Program Files\ADSL USB Router\CnxTrApp.dll",AppEntry -REG "Conexant\Conexant USB Network"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched*****" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa*****
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask*****" -atboottime
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1**** *
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1*****
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp*****
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock*****
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher*****" /startoptions
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON*****] C:\WINDOWS\system32\ctfmon*****
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype*****" /nosplash /minimized
O4 - HKCU\..\Run: [ssgrate*****] C:\WINDOWS\system32\winsystems*****
O4 - HKCU\..\Run: [Steam] "c:\valve\steam\steam*****" -silent
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon*****
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs*****" /background
O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen*****
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON*****
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader*****
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon*****
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT*****
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08*****
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare*****
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater*****
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON*****
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZCzfw012YYPL
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL*****/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs*****
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs*****
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...p1.0.0.8-2.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/pi/components/SignActivX.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/eng/billard8_2_0_0_21.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/eng/snooker_2_0_0_21.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv*****
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ*****
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv*****" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv*****" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA*****
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12*****

tu na 90% jest owntibia bo po skanie kompa ie znalazlo zadnego wira. ktos kto sie zna to porsze go o pomoc bo dla mnie to czarna magia :/ a format u mnie odpada bo mam trooooche waznych rzeczy na kompie :|:/

@davido16
Masz owntibie, użyj FindIt albo usuń ręcznie. Daj potem znowu loga.

@matej91
Twój log jak dla mnie wygląda na czysty.
Zeskanuj go jescze na http://www.hijackthis.de/en

@Matej
Masz spyware "myglobalsearch"
Wywal to:
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)

to moglo byc powodem hacka ?

Nie to tylko troszkę zamula kompa.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 15:35:10, on 2007-06-28
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss*****
C:\WINDOWS\system32\winlogon*****
C:\WINDOWS\system32\services*****
C:\WINDOWS\system32\lsass*****
C:\WINDOWS\system32\svchost*****
C:\WINDOWS\System32\svchost*****
C:\WINDOWS\system32\spoolsv*****
C:\Program Files\Eset\nod32krn*****
C:\WINDOWS\system32\nvsvc32*****
C:\WINDOWS\Explorer*****
C:\WINDOWS\system32\wscntfy*****
C:\WINDOWS\system32\RUNDLL32*****
C:\WINDOWS\SOUNDMAN*****
C:\Program Files\Java\jre1.5.0_11\bin\jusched*****
C:\Program Files\Eset\nod32kui*****
C:\WINDOWS\system32\ctfmon*****
C:\Program Files\Messenger\msmsgs*****
C:\Program Files\Gadu-Gadu\gg*****
C:\Program Files\Kalendarz XP\Kalendarz*****
C:\Program Files\AVerTV\QuickTV*****
C:\Program Files\UltraVNC\winvnc*****
C:\Program Files\Tlen.pl\tlen*****
C:\WINDOWS\system32\svchost*****
C:\totalcmd\TOTALCMD*****
C:\Program Files\Winamp\winamp*****
C:\Program Files\Mozilla Firefox\firefox*****
C:\Documents and Settings\Dawid\Pulpit\Z neta\HiJackThis_v2*****

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul0.dll
O1 - Hosts: 69.80.225.31 nprotect.ryl.com.my
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul0.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul0.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32***** C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz***** /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32***** C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN*****
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched*****"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui*****" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON*****] C:\WINDOWS\system32\ctfmon*****
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs*****" /background
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg*****" /tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON*****] C:\WINDOWS\system32\CTFMON***** (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON*****] C:\WINDOWS\system32\CTFMON***** (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON*****] C:\WINDOWS\system32\CTFMON***** (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON*****] C:\WINDOWS\system32\CTFMON***** (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader*****
O4 - Startup: Adobe.lnk = C:\Program Files\UltraVNC\winvnc*****
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader*****
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl*****
O4 - Global Startup: Kalendarz XP.lnk = C:\Program Files\Kalendarz XP\Kalendarz*****
O4 - Global Startup: QuickTV.lnk = C:\Program Files\AVerTV\QuickTV*****
O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL*****/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet*****
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet*****
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs*****
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs*****
O15 - Trusted Zone: http://mks.com.pl
O17 - HKLM\System\CCS\Services\Tcpip\..\{5278F8BC-87BD-49C4-82A0-A29C186E5C58}: NameServer = 194.204.159.1,194.204.159.34
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc*****
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn*****
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32*****

--
End of file - 5895 bytes


usunąłem hijackiem... jest czysto?

czyli co ja mam jakas mega hiper niewykrywalna owntibie ?:P ehh czuje ze format jest blisko... a moze przeskanuje kompa czyms innym procz mks jaki skaner online polecacie ?

@Davido
Co to za wpisy przy ctfmon ?
@Up
Daj logi z gmera i sillent runner.

[Y] O4 - HKCU\..\Run: [CTFMON*****] C:\WINDOWS\system32\ctfmon***** - This entry was classified from our visitors as good.
[Y] O4 - HKUS\S-1-5-19\..\Run: [CTFMON*****] C:\WINDOWS\system32\CTFMON***** (User 'USŁUGA LOKALNA') - Office related
[Y] O4 - HKUS\S-1-5-20\..\Run: [CTFMON*****] C:\WINDOWS\system32\CTFMON***** (User 'USŁUGA SIECIOWA') - Office related
[Y] O4 - HKUS\S-1-5-18\..\Run: [CTFMON*****] C:\WINDOWS\system32\CTFMON***** (User 'SYSTEM') - Office related
[Y] O4 - HKUS\.DEFAULT\..\Run: [CTFMON*****] C:\WINDOWS\system32\CTFMON***** (User 'Default user') - Office related


pisze, że chyba są dobre... (?)

@up
masz czysto

uther najpierw to musze wiedziec co to gmer i sillent runer :)

@Up
Wpisz w google a znajdziesz :P
@Davido
Ja sie tylko z czystej ciekawości pytałem :P

Logfile of HijackThis v1.99.1
Scan saved at 20:23:38, on 2007-06-28
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss*****
C:\WINDOWS\system32\winlogon*****
C:\WINDOWS\system32\services*****
C:\WINDOWS\system32\lsass*****
C:\WINDOWS\system32\svchost*****
C:\WINDOWS\System32\svchost*****
C:\Program Files\Ahead\InCD\InCDsrv*****
C:\WINDOWS\system32\spoolsv*****
C:\Program Files\Eset\nod32krn*****
C:\WINDOWS\system32\nvsvc32*****
C:\WINDOWS\Explorer*****
C:\WINDOWS\SOUNDMAN*****
C:\WINDOWS\system32\RUNDLL32*****
C:\Program Files\Eset\nod32kui*****
C:\Program Files\Gadu-Gadu\gg*****
C:\WINDOWS\System32\svchost*****
C:\Program Files\Windows Media Player\wmplayer*****
C:\Program Files\Gadu-Gadu\gg*****
C:\DOCUME~1\ZWADZIK\USTAWI~1\Temp\devilr*****
C:\Program Files\Opera\Opera*****
C:\WINDOWS\system32\wuauclt*****
D:\HijackThis*****

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN*****
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32***** C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz***** /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32***** C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui*****" /WAITSERVICE
O4 - HKLM\..\Run: [iPlusManager] C:\Program Files\iPlus\iPlusChecker*****
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck*****
O4 - HKLM\..\Run: [Windows] C:\WINDOWS\sytem32\devilr*****
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg*****" /tray
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag***** (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag***** (file missing)
O11 - Options group: [INTERNATIONAL] International*
O17 - HKLM\System\CCS\Services\Tcpip\..\{DF52C0DC-8557-4001-B3A6-38ED379AE4DB}: NameServer = 212.2.96.51 212.2.96.52
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv*****
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn*****
O23 - Service: WinFast(R) Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32*****
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd*****" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)


moj komp jest czysty czy nie bo jak odpalam konto na tibi to mi proces iexplore***** wyskakuje

Niewiem co usunąć. Pomożecie?

Logfile of HijackThis v1.99.1
Scan saved at 18:08:39, on 2007-06-29
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss*****
C:\WINDOWS\system32\winlogon*****
C:\WINDOWS\system32\services*****
C:\WINDOWS\system32\lsass*****
C:\WINDOWS\system32\Ati2evxx*****
C:\WINDOWS\system32\svchost*****
C:\WINDOWS\System32\svchost*****
D:\Programy\Avast\aswUpdSv*****
D:\Programy\Avast\ashServ*****
C:\WINDOWS\system32\spoolsv*****
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM*****
C:\Program Files\Analog Devices\SoundMAX\SMAgent*****
C:\WINDOWS\system32\svchost*****
C:\WINDOWS\system32\Ati2evxx*****
C:\WINDOWS\Explorer*****
D:\Programy\Avast\ashMaiSv*****
D:\Programy\Avast\ashWebSv*****
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP*****
C:\Program Files\Analog Devices\SoundMAX\Smax4*****
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx*****
C:\PROGRA~1\NEOSTR~1\CnxMon*****
C:\Program Files\Neostrada TP\NeostradaTP*****
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag*****
C:\PROGRA~1\NEOSTR~1\TaskbarIcon*****
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 5*****
D:\Programy\Avast\ashDisp*****
D:\Programy\Winamp\winampa*****
C:\Program Files\QuickTime\qttask*****
C:\Program Files\Common Files\Real\Update_OB\realsched*****
C:\Program Files\Neostrada TP\ComComp*****
C:\WINDOWS\system32\ctfmon*****
D:\Programy\DAEMON Tools\daemon*****
D:\Programy\Gadu-Gadu\gg*****
C:\Program Files\Neostrada TP\Watch*****
C:\WINDOWS\system32\wuauclt*****
D:\Programy\Winamp\winamp*****
C:\Program Files\Mozilla Firefox\firefox*****
C:\Program Files\Internet Explorer\iexplore*****
C:\Program Files\Internet Explorer\iexplore*****
C:\Program Files\Internet Explorer\iexplore*****
D:\Programy\Avast\ashSimpl*****
\?\C:\WINDOWS\system32\WBEM\WMIADAP*****
D:\Programy\jhj\HijackThis*****

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
R3 - URLSearchHook: Online_TV toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnli.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programy\adobe reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Online_TV toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnli.dll
O3 - Toolbar: Online_TV toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnli.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP*****
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4*****" /tray
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx*****
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon*****
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag*****" /icon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch*****
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon*****
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 5*****
O4 - HKLM\..\Run: [avast!] D:\Programy\Avast\ashDisp*****
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck*****
O4 - HKLM\..\Run: [WinampAgent] D:\Programy\Winamp\winampa*****
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask*****" -atboottime
O4 - HKLM\..\Run: [e-Kiosk] "D:\Kohan\Newsweek\e-Kiosk Reader\eGazetaST*****"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched*****" -osboot
O4 - HKCU\..\Run: [CTFMON*****] C:\WINDOWS\system32\ctfmon*****
O4 - HKCU\..\Run: [DAEMON Tools] "D:\Programy\DAEMON Tools\daemon*****" -lang 1033
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Programy\Gadu-Gadu\gg*****" /tray
O4 - HKCU\..\Run: [Steam] "d:\programy\steam\steam*****" -silent
O4 - Startup: hamachi.lnk = D:\Programy\Hamachi\hamachi*****
O4 - Startup: Registration Prince of Persia T2T.LNK = D:\Bartek\pop3\Support\Register\RegistrationRemind er*****
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Programy\adobe reader\Reader\reader_sl*****
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\Programy\MSOFFI~1\OFFICE11\EXCEL*****/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs*****
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs*****
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programy\MSOFFI~1\OFFICE11\REFIEBAR.DLL
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{73A6C9CD-3548-4264-8210-9C885489619C}: NameServer = 194.204.159.1 217.98.63.164
O17 - HKLM\System\CCS\Services\Tcpip\..\{978CBDCA-2251-4BF0-AF6F-5A07F06F09A3}: NameServer = 194.204.159.1,217.98.63.164
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Programy\Avast\aswUpdSv*****
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx*****
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag*****
O23 - Service: avast! Antivirus - ALWIL Software - D:\Programy\Avast\ashServ*****
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Programy\Avast\ashMaiSv*****" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Programy\Avast\ashWebSv*****" /service (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent*****

@Up
Jak dla mnie to masz czysto...tylko trochę niegroźnych śmieci typu toolbary ;)
Ale tym nie ma sie co przejmować.

Właśnie oto chodzi ,że mnie dzisiaj hakneli :(
I niewiem czy mi usuneło wszystkie keyloggery i czy moge grać :]

W logu nic nie ma, ale 100% pewności nie mam.

Ściągnełem program "Findit" i "Owntibia Deleter" i pisze:
Nie znaleziono OwnTibia, Nie znaleziono Lord of Tibia, Nie znaleziono Tibia Mail,
Nie znaleziono Tibia Loger. Chyba już powinien czysty. Ale nadal niewiem czy logować moją główną postać

nie podoba mi się to, zwykle nie ma wpisu do rejestru z ctfmon***** (jest samo ctfmon). Ktoś podpowie?

Dla siebie (ale wam też dam;)) napisałem w dosie programik, który zabezpiecza przed zainstalowaniem nowych keyloggerów. Tylko, że zabezpiecza a nie usuwa! Ale lepiej dmuchać na zimno;). I jeszcze jedno nie działa to na Tibia Mail, próbowałem no, ale nie wyszło. klik

delete_keyloggers.pif

OMFG next dziecko neo - wyjdz!

@xoz

To jest prawidłowy wpis :P Bez obaw :]

@edit

Przejrzałem temat i ktoś pisze, że nie wie ocb z wpisem:

To są DNS'y od Neostrady. Usuwasz -> nie masz neta.

czy to prawda ...?
 

czy to jest prawdom ze jak sie ma ip zmienne (np mamy neta Neo)to nas nie \haknom?X(

@Up
-.- n/c

Nie, tylko poprawi ci się bezpieczeństwo kompa bo trudniej będzie zrobić skanowanie portów etc ;)

C:\WINDOWS\system32\drivers\etc --

Nie mam tam pliku host. Co robić?

Miałem hacka - bezmyślnie otworzyłem scr . e x e, Dwa dni kompa skanowałem. Rano Ad-Aware, Kasperky Internet Security nic nie wykryły. Boję się jednak, że trojan nadal może byc gdzies ukryty:

Log z Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 15:12:36, on 2007-07-01
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss*****
C:\WINDOWS\system32\winlogon*****
C:\WINDOWS\system32\services*****
C:\WINDOWS\system32\lsass*****
C:\WINDOWS\system32\svchost*****
C:\WINDOWS\System32\svchost*****
C:\Program Files\Intel\Wireless\Bin\EvtEng*****
C:\Program Files\Intel\Wireless\Bin\S24EvMon*****
C:\WINDOWS\system32\spoolsv*****
C:\WINDOWS\Explorer*****
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp*****
C:\Acer\Empowering Technology\admServ*****
C:\WINDOWS\system32\rundll32*****
C:\WINDOWS\RTHDCPL*****
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins*****
C:\WINDOWS\eHome\ehRecvr*****
C:\Program Files\Synaptics\SynTP\SynTPEnh*****
C:\Acer\Empowering Technology\admtray*****
C:\WINDOWS\eHome\ehSched*****
C:\Acer\Empowering Technology\ePower\ePower_DMC*****
C:\PROGRA~1\LAUNCH~1\LManager*****
C:\Acer\Empowering Technology\eRecovery\Monitor*****
C:\Program Files\Common Files\LightScribe\LSSrvc*****
C:\WINDOWS\system32\ElkCtrl*****
C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm*****
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp*****
C:\WINDOWS\system32\ctfmon*****
C:\Program Files\Messenger\msmsgs*****
C:\WINDOWS\system32\lvcomsx*****
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr*****
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray*****
C:\Program Files\Intel\Wireless\Bin\RegSrvc*****
C:\WINDOWS\system32\svchost*****
C:\DOCUME~1\Darek\LOCALS~1\Temp\RtkBtMnt*****
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost*****
C:\WINDOWS\system32\wbem\unsecapp*****
C:\WINDOWS\system32\dllhost*****
C:\WINDOWS\System32\svchost*****
C:\Program Files\Gadu-Gadu\gg*****
C:\Program Files\OpenOffice.org 2.1\program\soffice*****
C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
C:\Program Files\Tibia\Tibia*****
C:\PROGRA~1\Mozilla Firefox\firefox*****
C:\Documents and Settings\Darek\Desktop\hijackthis~\HijackThis*****

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aceradvantage.com/stdreg
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aceradvantage.com/stdreg
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray*****
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd*****
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers*****
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32***** bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL*****
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh*****
O4 - HKLM\..\Run: [ADMTray*****] "C:\Acer\Empowering Technology\admtray*****"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG*****" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst***** /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP***** /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP***** /IMEName
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp*****"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32***** C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz***** /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32***** C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC*****
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management***** boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager*****
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor*****
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl***** /automation
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck*****
O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater*****" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc*****" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm*****
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp*****"
O4 - HKCU\..\Run: [ctfmon*****] C:\WINDOWS\system32\ctfmon*****
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs*****" /background
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg*****" /tray
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Dodaj do blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
O8 - Extra context menu item: Wyślij do urządzenia &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag***** (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag***** (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs*****
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs*****
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1171381205433
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp*****" -r (file missing)
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ*****
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins*****
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr***** (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr***** (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng*****
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc*****
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc*****" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Unknown owner - c:\program files\common files\logitech\lvmvfm\LVPrcSrv***** (file missing)
O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr*****" -sPINNACLESYS (file missing)
O23 - Service: Norton Protection Center Service (NSCService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE***** (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32*****
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost*****
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc*****
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd*****" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon*****
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer*****
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc***** (file missing)
O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent*****" -i PINNACLESYS (file missing)

Daj loga na stronie którą mam w podpisie ;)
Hmm... 105 EK... a nabrał się na sztuczki h4x0rów ;)