Forum Tibia.pl - Usuwanie keyloggera Lord of Tibia

Forum Tibia.pl (http://forum.tibia.pl//index.php)

- Poradniki (http://forum.tibia.pl//forumdisplay.php?f=31)

- - Usuwanie keyloggera Lord of Tibia (http://forum.tibia.pl//showthread.php?t=132884)

Fajnie tylko jak to zrobić na systemie Vista :( ????

Wiecie co?? może by ktoś podsumował wszystkie informacje i utworzył coś z tych wszystkich strzępów:p
Przestraszyliście mnie tym keyem 8o

up : żałosny jesteś, 1 dzień na forum i taki keylogger, ciekawe ile masz tutaj zabanowanych kont? [nie ważne xD]

nie ma programu który byłby doskonały każdy ma jakieś luki, o niektórych wiemy o innych nie ....

Cytuj:

Oryginalnie napisane przez Krycha01 (Post 1623957)

Wedug mnie to na początku trzeba pamiętać, żeby nie wchodzić na inne strony niż Tibia.com, Tibia.pl i inne strony które są w linkach tych dwóch.

Wow. Ależ nam pokazałeś mądrość życiową, hm, pomyśl, wejde na tibia.com będą tam reklamy z google i będzie jakaś stronka z keyem, co wtedy mądralo?

Emcess.

z tego co pamiętam tylko raz w reklamach google był link prowadzący do trojana, jeden na nie wiem ilu mają reklamodawców tajemnica handlowa :P

a poza tym kto by kupywal reklamke w google, troche to głupie by było bo klikniemy w googla i jakas dziwna strona pisze ze ma "lepsza tibie" ściągnelibyście coś ? myślę że nie :) więc xD

pomuszcie

jak chilem sciongnoc tego robal zeby hakowac inne konta:p
ale dostlem naucze i robal sie odwrucil niewykrolo mi nazwy:

Cytuj:

Po prawej stronie odnajdujemy nazwę wartośći 'SysCtrl'. Jeżeli jej nie ma, to znaczy, że nie masz keya Lord of Tibia na swoim komputerze. Zapisz sobie ścieżkę do pliku, która pisze na prawo od nazwy wartości. Nie usuwaj jej! Nic to nie da, keylogger w ciągu parenastu sekund ją przywróci.
Teraz uruchamiamy komputer w trybie awaryjnym (podczas włączania komputera naciskajcie F8 aż pojawi się okienko wyboru trybów). Zależnie od wersji keyloggera, będziesz miał zapisane na kartce samą nazwę pliku, lub ścieżkę do niego. W 2-gim przypadku poprostu usuń ten plik. W 1-szym natomiast przejdź do katalogu C:\Windows\system32\drivers\etc, a w przypadku systemu z rodziny NT C:\Winnt\system32\drivers\etc i usuń plik o nazwie którą odczytałeś wcześniej.
Teraz uruchom komputer normalnie, przejdź do wspomnianego wcześniej klucza w rejestrze, usuń wartość 'SysCtrl' i gotowe!

nic takiego nie znalazlem i postwowilem sobie uoprnic otwiram a tam ich
IP wygladalo to mw tak:

Cytuj:

127.0.0.1 costamhost

postwilem usnoc czy dobrze zrobilme?

Problem z owntibią?lord of tibią?tibia logger? tibia mail? Findit! i Hijack this
Cię uratują.

no chyba Ci nie działa ten link który podałes zeby ściągnąć -.- X(

Chciałem się zabespieczyć na przyszłość ,ale nie mam folderu (Windows) w C !

Witam mam key loggera skanowalem system wszystkimi skanerami i nic.
Tu jest moj log z Hijack This zobaczcie czy jest jakis syf.
Wlazilem na hijackthis.de i nic nie wykrylo ;/ moze wy cos zobaczycie prosze o odp i pomoc z gory dzieki :)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:29:33, on 2008-05-06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss*****
C:\WINDOWS\system32\winlogon*****
C:\WINDOWS\system32\services*****
C:\WINDOWS\system32\lsass*****
C:\WINDOWS\system32\svchost*****
C:\WINDOWS\System32\svchost*****
C:\WINDOWS\system32\spoolsv*****
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv*****
C:\WINDOWS\eHome\ehRecvr*****
C:\WINDOWS\eHome\ehSched*****
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn*****
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc*****
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer*****
C:\WINDOWS\system32\nvsvc32*****
C:\WINDOWS\system32\PnkBstrA*****
C:\WINDOWS\system32\svchost*****
C:\WINDOWS\system32\dllhost*****
C:\WINDOWS\System32\svchost*****
C:\WINDOWS\Explorer*****
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer*****
C:\WINDOWS\ehome\ehtray*****
C:\WINDOWS\system32\RUNDLL32*****
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc*****
C:\WINDOWS\eHome\ehmsas*****
C:\Program Files\ESET\ESET NOD32 Antivirus\egui*****
C:\Program Files\Common Files\Real\Update_OB\realsched*****
C:\Program Files\Logitech\QuickCam\Quickcam*****
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper*****
C:\Program Files\HP\HP Software Update\HPWuSchd2*****
C:\WINDOWS\system32\ctfmon*****
C:\Program Files\AutoConnect\AutoConnect*****
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier*****
C:\progra~1\valve\steam\steam*****
C:\Program Files\Spybot - Search & Destroy\TeaTimer*****
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon*****
C:\Program Files\HP\Digital Imaging\bin\hpqtra08*****
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08*****
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager*****
c:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog*****
C:\Program Files\Gadu-Gadu\gg*****
C:\Program Files\Opera\Opera*****
C:\Program Files\Messenger\msmsgs*****
C:\Program Files\Trend Micro\HijackThis\HijackThis*****
C:\WINDOWS\system32\rundll32*****

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.vobis.pl/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\s wg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray*****
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut*****
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32***** C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz***** /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32***** C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck*****
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc*****" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui*****" /hide /waitservice
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched*****" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl*****"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa*****"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam*****" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper*****"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2*****
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WinCustomize\BootSkin\BootSk in*****" /StartupJobs
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio*****" /RANDOM
O4 - HKCU\..\Run: [CTFMON*****] C:\WINDOWS\system32\ctfmon*****
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs*****" /background
O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect*****
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg*****" /tray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier*****
O4 - HKCU\..\Run: [Steam] "c:\progra~1\valve\steam\steam*****" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer*****
O4 - HKUS\S-1-5-19\..\Run: [CTFMON*****] C:\WINDOWS\system32\CTFMON***** (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON*****] C:\WINDOWS\system32\CTFMON***** (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON*****] C:\WINDOWS\system32\CTFMON***** (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON*****] C:\WINDOWS\system32\CTFMON***** (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon*****
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08*****
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs*****
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs*****
O14 - IERESET.INF: START_PAGE_URL=http://www.vobis.pl/
O17 - HKLM\System\CCS\Services\Tcpip\..\{C1337655-B240-4D13-BAED-BAA35B5591B6}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst***** (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv*****
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn*****
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService*****
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT*****
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst***** (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc*****
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer*****
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv*****
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch*****
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32*****
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12*****
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA*****

--
End of file - 9028 bytes

Witam
Mam keyloggera skanowalem system przez wszystkie antyviry i nic.
Daje wam moj Log z HijackThis moze wy cos poradzicie na to i usune wrescie ten syf
Skanowalem juz Log na www.HijackThis.de i nic mi nie wykrylo
Tu jest moj Log mam nadzieje ze cos poradzicie z gory dzienx :D

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:29:33, on 2008-05-06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss*****
C:\WINDOWS\system32\winlogon*****
C:\WINDOWS\system32\services*****
C:\WINDOWS\system32\lsass*****
C:\WINDOWS\system32\svchost*****
C:\WINDOWS\System32\svchost*****
C:\WINDOWS\system32\spoolsv*****
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv*****
C:\WINDOWS\eHome\ehRecvr*****
C:\WINDOWS\eHome\ehSched*****
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn*****
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc*****
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer*****
C:\WINDOWS\system32\nvsvc32*****
C:\WINDOWS\system32\PnkBstrA*****
C:\WINDOWS\system32\svchost*****
C:\WINDOWS\system32\dllhost*****
C:\WINDOWS\System32\svchost*****
C:\WINDOWS\Explorer*****
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer*****
C:\WINDOWS\ehome\ehtray*****
C:\WINDOWS\system32\RUNDLL32*****
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc*****
C:\WINDOWS\eHome\ehmsas*****
C:\Program Files\ESET\ESET NOD32 Antivirus\egui*****
C:\Program Files\Common Files\Real\Update_OB\realsched*****
C:\Program Files\Logitech\QuickCam\Quickcam*****
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper*****
C:\Program Files\HP\HP Software Update\HPWuSchd2*****
C:\WINDOWS\system32\ctfmon*****
C:\Program Files\AutoConnect\AutoConnect*****
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier*****
C:\progra~1\valve\steam\steam*****
C:\Program Files\Spybot - Search & Destroy\TeaTimer*****
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon*****
C:\Program Files\HP\Digital Imaging\bin\hpqtra08*****
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08*****
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager*****
c:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog*****
C:\Program Files\Gadu-Gadu\gg*****
C:\Program Files\Opera\Opera*****
C:\Program Files\Messenger\msmsgs*****
C:\Program Files\Trend Micro\HijackThis\HijackThis*****
C:\WINDOWS\system32\rundll32*****

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.vobis.pl/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\s wg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray*****
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut*****
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32***** C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz***** /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32***** C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck*****
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc*****" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui*****" /hide /waitservice
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched*****" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl*****"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa*****"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam*****" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper*****"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2*****
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WinCustomize\BootSkin\BootSk in*****" /StartupJobs
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio*****" /RANDOM
O4 - HKCU\..\Run: [CTFMON*****] C:\WINDOWS\system32\ctfmon*****
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs*****" /background
O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect*****
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg*****" /tray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier*****
O4 - HKCU\..\Run: [Steam] "c:\progra~1\valve\steam\steam*****" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer*****
O4 - HKUS\S-1-5-19\..\Run: [CTFMON*****] C:\WINDOWS\system32\CTFMON***** (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON*****] C:\WINDOWS\system32\CTFMON***** (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON*****] C:\WINDOWS\system32\CTFMON***** (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON*****] C:\WINDOWS\system32\CTFMON***** (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon*****
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08*****
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs*****
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs*****
O14 - IERESET.INF: START_PAGE_URL=http://www.vobis.pl/
O17 - HKLM\System\CCS\Services\Tcpip\..\{C1337655-B240-4D13-BAED-BAA35B5591B6}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst***** (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv*****
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn*****
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService*****
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT*****
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst***** (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc*****
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer*****
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv*****
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch*****
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32*****
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12*****
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA*****

--
End of file - 9028 bytes

Witam
Mam keyloggera i zostalem wczoraj hakniety
Skanowalem Dysk wszystkimi virami jakie mozliwe i nic nie wykrylo
Robilem rowniez skan z HijackThis i dalem na strone HijackThis.de i nic mi nie wykrylo
Moze wy cos poradzicie na tego keya i wrescie usune ten syf
Tu podaje Loga z HijackThis mam nadzieje ze cos nam sie uda z gory Dzienx :D

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:32:45, on 2008-05-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss*****
C:\WINDOWS\system32\winlogon*****
C:\WINDOWS\system32\services*****
C:\WINDOWS\system32\lsass*****
C:\WINDOWS\system32\svchost*****
C:\WINDOWS\System32\svchost*****
C:\WINDOWS\system32\spoolsv*****
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv*****
C:\WINDOWS\eHome\ehRecvr*****
C:\WINDOWS\eHome\ehSched*****
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn*****
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc*****
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer*****
C:\WINDOWS\system32\nvsvc32*****
C:\WINDOWS\system32\HPZipm12*****
C:\WINDOWS\system32\PnkBstrA*****
C:\WINDOWS\system32\svchost*****
C:\WINDOWS\system32\dllhost*****
C:\WINDOWS\System32\svchost*****
C:\WINDOWS\Explorer*****
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer*****
C:\WINDOWS\ehome\ehtray*****
C:\WINDOWS\system32\RUNDLL32*****
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc*****
C:\Program Files\ESET\ESET NOD32 Antivirus\egui*****
C:\Program Files\Common Files\Real\Update_OB\realsched*****
C:\WINDOWS\eHome\ehmsas*****
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl*****
C:\Program Files\Logitech\QuickCam\Quickcam*****
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper*****
C:\Program Files\HP\HP Software Update\HPWuSchd2*****
C:\WINDOWS\system32\ctfmon*****
C:\Program Files\Messenger\msmsgs*****
C:\Program Files\AutoConnect\AutoConnect*****
C:\Program Files\Gadu-Gadu\gg*****
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier*****
C:\WINDOWS\system32\wuauclt*****
C:\progra~1\valve\steam\steam*****
C:\Program Files\Spybot - Search & Destroy\TeaTimer*****
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon*****
C:\Program Files\HP\Digital Imaging\bin\hpqtra08*****
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager*****
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08*****
C:\Program Files\Opera\Opera*****
c:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog*****
C:\Program Files\Trend Micro\HijackThis\HijackThis*****

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.vobis.pl/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\s wg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray*****
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut*****
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32***** C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz***** /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32***** C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck*****
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc*****" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui*****" /hide /waitservice
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched*****" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl*****"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa*****"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam*****" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper*****"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2*****
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WinCustomize\BootSkin\BootSk in*****" /StartupJobs
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio*****" /RANDOM
O4 - HKCU\..\Run: [CTFMON*****] C:\WINDOWS\system32\ctfmon*****
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs*****" /background
O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect*****
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg*****" /tray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier*****
O4 - HKCU\..\Run: [Steam] "c:\progra~1\valve\steam\steam*****" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer*****
O4 - HKUS\S-1-5-19\..\Run: [CTFMON*****] C:\WINDOWS\system32\CTFMON***** (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON*****] C:\WINDOWS\system32\CTFMON***** (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON*****] C:\WINDOWS\system32\CTFMON***** (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON*****] C:\WINDOWS\system32\CTFMON***** (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon*****
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08*****
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs*****
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs*****
O14 - IERESET.INF: START_PAGE_URL=http://www.vobis.pl/
O17 - HKLM\System\CCS\Services\Tcpip\..\{C1337655-B240-4D13-BAED-BAA35B5591B6}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst***** (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv*****
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn*****
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService*****
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT*****
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst***** (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc*****
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer*****
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv*****
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch*****
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32*****
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12*****
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA*****

--
End of file - 9117 bytes

Witam
Mam keyloggera i zostalem wczoraj hakniety
Skanowalem system wszystkimi virami jakie mozliwe i nic nie wykrylo
Robilem rowniez skan z HijackThis i dalem na strone HijackThisde i nic mi nie wykrylo
Moze wy cos poradzicie na tego keya i wrescie usune ten syf
Tu podaje Loga z HijackThis mam nadzieje ze cos nam sie uda z gory Dzienx :)

http://rapidshare.com/files/11320680...kthis.log.html

zal... aby usunac keyloggera z systemu wystarczy usunac go z autostartu (uruchom -> msconfig -> uruchamianie) chyba ze ten odnawia wpis w rejestrze. zreszta nie ma juz lordoftibi teraz jest jakis tibiadestroyer.yoyo.pl

Mi nie chodzi o LoT tylko ja mam jakiegos keya tylko nie wiem jaki gdzie jest itp.

chyba bede musial napisac obszerny poradnik co i jak bo wasza wiedza na ten temat jest <= O :). powiedz mi co masz w autostarcie

Cytuj:

Oryginalnie napisane przez lamp999 (Post 2021345)

Chciałem się zabespieczyć na przyszłość ,ale nie mam folderu (Windows) w C !

Pewnie masz windowsa na innym dysku, albo inny system.:confused:

Hesoras mam ci screena zrobic autostara czy jak??

kto ma problem z czym kolwiek niech wejdzie na moj temat: http://forum.tibia.pl/showthread.php?t=173959

a nie wystarczy sciagnac program do usuwania keyloggerow typu findit
mi go usunol mozna go sciagnac z tibia.org.pl