Forum Tibia.pl
Strona 8 z 8 < 1234567 8
Pokaż 40 postów tego tematu na stronie

Forum Tibia.pl (http://forum.tibia.pl//index.php)
-   Poradniki (http://forum.tibia.pl//forumdisplay.php?f=31)
-   -   Usuwanie owntbia (http://forum.tibia.pl//showthread.php?t=131116)

Mijas 11-10-2008 17:37
dzieki za sposob dobrze ze to znalazlem bo mialem owtibie ;/

Kubaplik 13-10-2008 20:53
Help!
 
Jezu pomocy mam kl na kompie services a nie chce się usunąć pl pomocy tu daje loga
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:22:28, on 2008-10-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Podejżewam że jest to ten proces C:\WINDOWS\system32\drivers\services***** ale jak to usunąć jak chce to usunąć to mi pojawia się okno w którym mam podać hasło pls Help
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss*****
C:\WINDOWS\system32\winlogon*****
C:\WINDOWS\system32\services*****
C:\WINDOWS\system32\lsass*****
C:\WINDOWS\system32\Ati2evxx*****
C:\WINDOWS\system32\svchost*****
C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51*****
C:\Program Files\Panda Software\Panda Internet Security 2007\AVENGINE*****
C:\WINDOWS\system32\svchost*****
C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv*****
C:\WINDOWS\system32\spoolsv*****
C:\WINDOWS\system32\Ati2evxx*****
C:\WINDOWS\Explorer*****
C:\WINDOWS\ehome\ehtray*****
C:\WINDOWS\SOUNDMAN*****
C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN*****
C:\Program Files\Java\jre1.6.0_02\bin\jusched*****
C:\Program Files\Lexmark 1400 Series\lxdjamon*****
C:\WINDOWS\system32\ctfmon*****
C:\WINDOWS\eHome\ehmsas*****
C:\WINDOWS\eHome\ehRecvr*****
C:\WINDOWS\eHome\ehSched*****
C:\WINDOWS\system32\lxdjcoms*****
C:\Program Files\Panda Software\Panda Internet Security 2007\PsCtrls*****
C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr*****
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv*****
C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc*****
C:\WINDOWS\system32\PnkBstrA*****
c:\program files\panda software\panda internet security 2007\firewall\PSHOST*****
C:\Program Files\Panda Software\Panda Internet Security 2007\psimsvc*****
C:\Program Files\Panda Software\Panda Internet Security 2007\SRVLOAD*****
C:\WINDOWS\system32\dllhost*****
C:\Program Files\Panda Software\Panda Internet Security 2007\WebProxy*****
C:\WINDOWS\System32\svchost*****
C:\Program Files\Panda Software\Panda Internet Security 2007\PavBckPT*****
C:\WINDOWS\system32\svchost*****
C:\Program Files\Windows Media Player\wmplayer*****
C:\Program Files\Gadu-Gadu\gg*****
C:\Program Files\Mozilla Firefox\firefox*****
C:\WINDOWS\system32\drivers\services*****
C:\totalcmd\TOTALCMD*****
C:\Program Files\Trend Micro\HijackThis\HijackThis*****

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\s wg.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray*****
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN*****
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN*****" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio*****"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched*****"
O4 - HKLM\..\Run: [lxdjamon] "C:\Program Files\Lexmark 1400 Series\lxdjamon*****"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl*****"
O4 - HKLM\..\Run: [msm] C:\WINDOWS\system32\drivers\services*****
O4 - HKCU\..\Run: [ctfmon*****] C:\WINDOWS\system32\ctfmon*****
O4 - HKUS\S-1-5-18\..\Run: [CTFMON*****] C:\WINDOWS\system32\CTFMON***** (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON*****] C:\WINDOWS\system32\CTFMON***** (User 'Default user')
O4 - Startup: Yahoo! Desktop Search.lnk = C:\Program Files\Yahoo!\Yahoo! Desktop Search\YahooDesktopSearch*****
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL*****/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag*****
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag*****
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\ProgramFiles\Messenger\msmsgs*****
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs*****
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1168567993609
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx*****
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag*****
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService***** (file missing)
O23 - Service: lxdj_device - - C:\WINDOWS\system32\lxdjcoms*****
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\PsCtrls*****
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr*****
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv*****
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51*****
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc*****
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA*****
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda software\panda internet security 2007\firewall\PSHOST*****
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\psimsvc*****
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv*****

--
End of file - 8026 bytes


:(

Kubaplik 14-10-2008 08:04
Czy ktoś mi pomoże ????

Uther92 14-10-2008 10:26
W hijacku usuwasz wpis :
Kod:
O4 - HKLM\..\Run: [msm] C:\WINDOWS\system32\drivers\services*****
Anastepnie w trybie awaryjnym usuwasz plik:
Kod:
C:\WINDOWS\system32\drivers\services*****

--Ogorek-- 20-10-2008 15:32
Hej, ściągnąłem kiedyś bota, którego mi antyvir nie wykrył, JEDNAK po zakupie tego samego antywirusa (tylko z Ameryki) nagle mi się pojawił keylogger w bocie ; o czy to że usunąłem bota i jakiś tam text przy nim(też z keyem) to już wszystko czy musze jeszcze hijack pobrać i zeskanować?


//Edit

Btw. Ludzie, czy wy nie potraficie ruszyć mózgiem i cofnąć pare stron w tył ? po c*uj wklejacie całe logi ;o ?


=====================================
Gdzie ta owntibia może siedzieć ? Wszędzie ? Czy w określonym "dziale"?

--Ogorek-- 21-10-2008 15:08
refresz :)
/Edit
Btw. Wie ktoś co to jest ? Pojawia mi się podczas odpalania systemu ; o Jak nawet jeszcze mi sie nic nie odpaliło i jak sie system zamyka to też cos jest tam napisane ale nie zrobiłem screena
http://img363.imageshack.us/img363/3...ekasowaqf3.png
Wie ktoś jak to usunąć? ?

--Ogorek-- 22-10-2008 16:53
refresz x

Uther92 24-10-2008 15:26
To jakiś keylogger o którym nawet w googlu nie ma info, wiec dawaj loga.

Krukson 24-10-2008 15:31
Format.
;]

--Ogorek-- 24-10-2008 18:25
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:14:18, on 2008-10-24
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss*****
C:\WINDOWS\system32\winlogon*****
C:\WINDOWS\system32\services*****
C:\WINDOWS\system32\lsass*****
C:\WINDOWS\system32\svchost*****
C:\WINDOWS\System32\svchost*****
C:\Program Files\Common Files\Symantec Shared\ccSvcHst*****
C:\WINDOWS\Explorer*****
C:\WINDOWS\system32\spoolsv*****
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc*****
C:\WINDOWS\system32\nvsvc32*****
C:\Program Files\Java\jre1.6.0_03\bin\jusched*****
C:\WINDOWS\system32\svchost*****
C:\WINDOWS\system32\UAService7*****
C:\Program Files\Analog Devices\Core\smax4pnp*****
C:\Program Files\Analog Devices\SoundMAX\Smax4*****
C:\Program Files\CyberLink\PowerDVD\PDVDServ*****
C:\WINDOWS\system32\RUNDLL32*****
C:\Program Files\Common Files\InstallShield\UpdateService\issch*****
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy*****
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag*****
C:\Program Files\USB Disk Win98 Driver\Res*****
C:\Program Files\Canon\CAL\CALMAIN*****
C:\WINDOWS\system32\game01*****
C:\Program Files\Common Files\Symantec Shared\ccSvcHst*****
C:\Program Files\HP\HP Software Update\HPWuSchd2*****
C:\WINDOWS\system32\ctfmon*****
C:\Program Files\Messenger\msmsgs*****
C:\Program Files\DAEMON Tools Lite\daemon*****
C:\Program Files\HP\Digital Imaging\bin\hpqtra08*****
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08*****
C:\WINDOWS\System32\svchost*****
C:\WINDOWS\system32\wuauclt*****
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc*****
C:\Program Files\Gadu-Gadu\gg*****
C:\Program Files\Garena\Garena*****
C:\Program Files\Trend Micro\HijackThis\HijackThis*****

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/webhp?sourceid=navclient&ie=UTF-8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\s wg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched*****"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut*****
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp*****
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4*****" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32***** C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz***** /install
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ*****"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck*****
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32***** C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM***** -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch*****" -start
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy*****"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag*****" /icon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask*****" -atboottime
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res*****
O4 - HKLM\..\Run: [killer213] C:\WINDOWS\system32\game01*****
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare*****" /pause
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp*****"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck*****"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2*****
O4 - HKCU\..\Run: [CTFMON*****] C:\WINDOWS\system32\ctfmon*****
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs*****" /background
O4 - HKCU\..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd*****
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon*****" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON*****] C:\WINDOWS\system32\CTFMON***** (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON*****] C:\WINDOWS\system32\CTFMON***** (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON*****] C:\WINDOWS\system32\CTFMON***** (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON*****] C:\WINDOWS\system32\CTFMON***** (User 'Default user')
O4 - S-1-5-18 Startup: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM***** (User 'SYSTEM')
O4 - .DEFAULT Startup: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM***** (User 'Default user')
O4 - Startup: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM*****
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl*****
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08*****
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL*****/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra 'Tools' menuitem: Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag*****
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag*****
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ*****
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ*****
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs*****
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs*****
O14 - IERESET.INF: START_PAGE_URL=http://www.vobis.pl/
O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://67.15.101.3/g_bin/pl/boards_2_0_0_32.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1157540633109
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1191756889125
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_30.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/pl/snooker_2_0_0_34.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5AEC851B-D517-4E53-9555-C062EA12FCF4}: NameServer = 194.204.159.1 217.98.63.164
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc*****
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN*****
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst*****
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst*****
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst*****
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost*****
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService*****
O23 - Service: Harmonogram automatycznej usługi LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc*****
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS***** (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4*****
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst*****
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32*****
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12*****
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc*****
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7*****

Uther92 24-10-2008 18:57
Kod:
C:\WINDOWS\system32\game01*****
O4 - HKLM\..\Run: [killer213] C:\WINDOWS\system32\game01*****
Poza tym nic nie widzę, więc pewnie tu jest syf.

--Ogorek-- 24-10-2008 19:26
... http://img248.imageshack.us/img248/7801/beztytuuah0.png
/edit
ok już to wywaliłem i co teraz ?

Uther92 24-10-2008 19:43
Jak usunąłeś, to sprawdź, czy dalej wyświetla się komunikat keyloggera.

--Ogorek-- 24-10-2008 21:27
no ok tylko to może mi się wyświetlić za tydzień albo za 1 min ZAWSZE po uruchomienu komputera(tylko nie wiadomo za którym)

Little_Droid 24-10-2008 22:55
bardzo dobry poradnik... w końcu skończą się tematy:
"mam owntibię co mam zrobić" itd.

^Trial^ 25-10-2008 16:11
;)
 
Blokowanie owntibia.com chyba troche mija sie z celem..
Zablokuj www.owntibia.com
Wpisz owntibia.com strona sie wyswietli..
Zablokuj opcje up wpisz y.owntibia.com strona sie wyswietli.
Zablokuj opcje up wpisz x.owntibia.com strona sie wyswietli itd..
W link nie klikac ;d

--Ogorek-- 09-11-2008 15:27
teraz wklejam scana kolegi :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:12:59, on 2008-11-09
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss*****
C:\WINDOWS\system32\winlogon*****
C:\WINDOWS\system32\services*****
C:\WINDOWS\system32\lsass*****
C:\WINDOWS\system32\Ati2evxx*****
C:\WINDOWS\system32\svchost*****
C:\WINDOWS\System32\svchost*****
C:\WINDOWS\system32\Ati2evxx*****
C:\WINDOWS\Explorer*****
C:\WINDOWS\system32\spoolsv*****
C:\Program Files\ESET\ESET NOD32 Antivirus\egui*****
C:\Program Files\VIA\RAID\raid_tool*****
C:\WINDOWS\SOUNDMAN*****
C:\Program Files\ATI Technologies\ATI.ACE\cli*****
C:\Program Files\D-Tools\daemon*****
C:\WINDOWS\system32\ctfmon*****
C:\Program Files\Skype\Phone\Skype*****
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier*****
C:\Program Files\Picasa2\PicasaMediaDetector*****
C:\Program Files\ATI Technologies\ATI.ACE\CLI*****
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn*****
C:\WINDOWS\system32\svchost*****
C:\Program Files\Tibia\Tibia*****
C:\Program Files\Mozilla Firefox\firefox*****
C:\Program Files\Trend Micro\HijackThis\HijackThis*****
C:\Program Files\Nowe Gadu-Gadu\gg*****

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\
Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\sw g.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui*****" /hide /waitservice
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck*****
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool*****
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN*****
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx*****
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli*****" runtime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon*****" -lang 1033
O4 - HKLM\..\Run: [Spik] C:\Program Files\Spik\Spik***** -autostart
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON*****] C:\WINDOWS\system32\ctfmon*****
O4
- HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype*****" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier*****
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector*****
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg*****" /tray
O4 - HKCU\..\Run: [Nowe Gadu-Gadu] "C:\Program Files\Nowe Gadu-Gadu\gg*****"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON*****] C:\WINDOWS\system32\CTFMON***** (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON*****] C:\WINDOWS\system32\CTFMON***** (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON*****] C:\WINDOWS\system32\CTFMON***** (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON*****] C:\WINDOWS\system32\CTFMON***** (User 'Default user')
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI*****
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL*****/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag*****
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag*****
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs*****
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs*****
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-945
LEchu3 15:13:35
8-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - C:\Program Files\Spik\url_wpmsg.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx*****
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag*****
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv*****
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn*****
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService*****

--
End of file - 6158 bytes

Uther92 11-11-2008 08:40
Twój kumpel ma MyGlobalSearch, taki tam raczej niegroźny syf, ale jbc to tu info na temat usunięcia : ( http://www.spywareremove.com/removeMyGlobalSearch.html)

Truee 12-11-2008 14:19
dzieki pomogło

kulkaa 13-11-2008 20:46
SPRAWDZ BŁAGAM !!!!!!!

Logfile of HijackThis v1.99.1
Scan saved at 20:15:55, on 2008-11-13
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:
C:\WINDOWS\System32\smss*****
C:\WINDOWS\system32\winlogon*****
C:\WINDOWS\system32\services*****
C:\WINDOWS\system32\lsass*****
C:\WINDOWS\system32\svchost*****
C:\WINDOWS\System32\svchost*****
C:\Program Files\Alwil Software\Avast4\aswUpdSv*****
C:\Program Files\Alwil Software\Avast4\ashServ*****
C:\WINDOWS\explorer*****
C:\WINDOWS\system32\spoolsv*****
C:\WINDOWS\RTHDCPL*****
C:\Program Files\Winamp\winampa*****
C:\WINDOWS\system32\RUNDLL32*****
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp*****
C:\Program Files\Java\jre6\bin\jusched*****
C:\WINDOWS\system32\ctfmon*****
C:\Program Files\Messenger\msmsgs*****
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier*****
C:\Program Files\IPLA\IPLA*****
C:\Program Files\BitComet\BitComet*****
C:\Program Files\OpenOffice.org 2.3\program\soffice*****
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Java\jre6\bin\jqs*****
C:\WINDOWS\System32\nvsvc32*****
C:\WINDOWS\system32\PnkBstrA*****
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE*****
C:\Program Files\Alwil Software\Avast4\ashMaiSv*****
C:\Program Files\Alwil Software\Avast4\ashWebSv*****
C:\WINDOWS\System32\wbem\wmiapsrv*****
C:\Program Files\Internet Explorer\iexplore*****
C:\WINDOWS\system32\wuauclt*****
C:\Program Files\Opera\opera*****
C:\Program Files\WinRAR\WinRAR*****
C:\DOCUME~1\dom\USTAWI~1\Temp\Rar$EX00.094\HijackT his*****

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
F2 - REG:system.ini: Shell=explorer***** C:\RECYCLER\services*****
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: Nasdaq Toolbar - {4E7BD74F-2B8D-469E-C3FF-FB7FB59BFA7D} - C:\PROGRA~1\nasdaq\nasdaq.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\sw g.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: Nasdaq Toolbar - {4E7BD74F-2B8D-469E-C3FF-FB7FB59BFA7D} - C:\PROGRA~1\nasdaq\nasdaq.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL*****
O4 - HKLM\..\Run: [Alcmtr] ALCMTR*****
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32***** C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz***** /install
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa*****
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32***** C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [amd_dc_opt] "F:\bot\amd_dc_opt*****"
O4 - HKLM\..\Run: [win.sys] C:\Hack.bat
O4 - HKLM\..\Run: [serwer] C:\Windows\system32\system010*****
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp*****
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl*****"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched*****"
O4 - HKCU\..\Run: [CTFMON*****] C:\WINDOWS\system32\ctfmon*****
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs*****" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier*****
O4 - HKCU\..\Run: [IPLA!] C:\Program Files\IPLA\IPLA***** /autorun
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd*****" /automount
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet*****" /tray
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart*****
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet*****/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet*****/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet*****/AddAllLink.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag***** (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag***** (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs*****
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs*****
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1202764506046
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-03.sun.com/s/ESD5/JSC...ws-i586-jc.cab
O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/pi/components/SignActivX.cab
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv*****
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ*****
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv*****" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv*****" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService*****
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs*****" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32*****
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA*****
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE*****

pajluk 14-01-2009 19:12
Czy jeśli teoretycznie zakładając że mam te owntibie ale passy są zmienione na czystym kompie i zrobiłem w tym hoście zabezpiecznie przed wysyłaniem passów to czy pomimo tego owntibia wcześniej wszczepiona będzie działać?

Beeze 14-01-2009 19:26
Ja się 'keyloggerow' nie boję... Mogą mi 'naskoczyć' ^^

MosieQ 26-01-2009 18:40
Cytuj:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:21:02, on 2009-01-26
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss*****
C:\WINDOWS\system32\winlogon*****
C:\WINDOWS\system32\services*****
C:\WINDOWS\system32\lsass*****
C:\WINDOWS\system32\svchost*****
C:\WINDOWS\System32\svchost*****
C:\WINDOWS\system32\spoolsv*****
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService*****
C:\Program Files\Bonjour\mDNSResponder*****
D:\Instalki Programów\NOD32\ekrn*****
C:\WINDOWS\Explorer*****
C:\Program Files\Java\jre6\bin\jqs*****
C:\Program Files\Common Files\LightScribe\LSSrvc*****
C:\WINDOWS\system32\nvsvc32*****
C:\WINDOWS\system32\PnkBstrA*****
C:\Program Files\Cyberlink\Shared files\RichVideo*****
C:\WINDOWS\RTHDCPL*****
C:\Program Files\VDOTool\TBPanel*****
C:\WINDOWS\system32\RUNDLL32*****
C:\PROGRA~1\NEOSTR~1\CnxMon*****
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag*****
C:\PROGRA~1\NEOSTR~1\TaskbarIcon*****
D:\Instalki Programów\PowerDVD\PDVDServ*****
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1*****
C:\Program Files\Java\jre6\bin\jusched*****
D:\Instalki Programów\NOD32\egui*****
D:\Instalki Programów\Itunes\iTunesHelper*****
C:\WINDOWS\system32\ctfmon*****
D:\Instalki Programów\DAEMON Tools Lite\daemon*****
D:\Instalki Programów\AnyDVD\AnyDVDtray*****
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor*****
D:\instalki gier\steam\steam*****
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel*****
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2*****
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s*****
C:\WINDOWS\system32\wbem\wmiapsrv*****
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer*****
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService*****
C:\Program Files\iPod\bin\iPodService*****
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr*****
C:\PROGRA~1\NEOSTR~1\NeostradaTP*****
C:\PROGRA~1\NEOSTR~1\ComComp*****
C:\PROGRA~1\NEOSTR~1\Watch*****
C:\WINDOWS\system32\wuauclt*****
C:\Program Files\Internet Explorer\iexplore*****
d:\Program Files\No-IP\DUC20*****
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1**** *
D:\Instalki Programów\Gadu-Gadu\gg*****
D:\FF\firefox*****
C:\Program Files\Trend Micro\HijackThis\HijackThis*****

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.d ll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\instalki programów\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.d ll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL*****
O4 - HKLM\..\Run: [SkyTel] SkyTel*****
O4 - HKLM\..\Run: [Alcmtr] ALCMTR*****
O4 - HKLM\..\Run: [TBPanel] C:\Program Files\VDOTool\TBPanel***** /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32***** C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz***** /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32***** C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon*****
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag*****" /icon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch*****
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon*****
O4 - HKLM\..\Run: [RemoteControl] "D:\Instalki Programów\PowerDVD\PDVDServ*****"
O4 - HKLM\..\Run: [LanguageShortcut] "D:\Instalki Programów\PowerDVD\Language\Language*****"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck*****
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1***** -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched*****"
O4 - HKLM\..\Run: [egui] "D:\Instalki Programów\NOD32\egui*****" /hide /waitservice
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask*****" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Instalki Programów\Itunes\iTunesHelper*****"
O4 - HKCU\..\Run: [CTFMON*****] C:\WINDOWS\system32\ctfmon*****
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Instalki Programów\Gadu-Gadu\gg*****" /tray
O4 - HKCU\..\Run: [AnyDVD] "D:\Instalki Programów\AnyDVD\AnyDVD*****"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Instalki Programów\DAEMON Tools Lite\daemon*****" -autorun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor*****"
O4 - HKCU\..\Run: [Steam] "d:\instalki gier\steam\steam*****" -silent
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel***** -hidden
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2***** /NoDialog
O4 - HKCU\..\Run: [RGSC] D:\Instalki Gier\Social Club\Rockstar Games Social Club\RGSCLauncher***** /silent
O4 - HKCU\..\Run: [ares] "D:\Instalki Programów\Ares\Ares*****" -h
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype*****" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON*****] C:\WINDOWS\system32\CTFMON***** (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON*****] C:\WINDOWS\system32\CTFMON***** (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON*****] C:\WINDOWS\system32\CTFMON***** (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON*****] C:\WINDOWS\system32\CTFMON***** (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader*****
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs*****
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs*****
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag*****
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag*****
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs*****
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs*****
O17 - HKLM\System\CCS\Services\Tcpip\..\{7010F5AD-D725-4E08-8573-E9A1EC65C229}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService*****
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder*****
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - D:\Instalki Programów\NOD32\EHttpSrv*****
O23 - Service: Eset Service (ekrn) - ESET - D:\Instalki Programów\NOD32\ekrn*****
O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService*****
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs*****
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc*****
O23 - Service: NBService - Nero AG - D:\Instalki Programów\Nero 7\Nero BackItUp\NBService*****
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService*****
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32*****
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA*****
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo*****
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer*****

PL0X SPRAWDZCIE!

*yabool 13-02-2009 15:08
Na pewno się przyda tym co ich często hakuja:)

Pozdrawiam

--Ogorek-- 22-03-2009 21:17
Następne wpisy innej osoby:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:58:05, on 2009-03-22
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss*****
C:\WINDOWS\system32\winlogon*****
C:\WINDOWS\system32\services*****
C:\WINDOWS\system32\lsass*****
C:\WINDOWS\system32\svchost*****
C:\WINDOWS\System32\svchost*****
C:\WINDOWS\system32\svchost*****
C:\Program Files\Common Files\Symantec Shared\ccSvcHst*****
C:\WINDOWS\Explorer*****
C:\WINDOWS\system32\spoolsv*****
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc*****
C:\Program Files\Java\jre6\bin\jqs*****
C:\WINDOWS\system32\nvsvc32*****
C:\WINDOWS\system32\svchost*****
C:\WINDOWS\system32\UAService7*****
C:\Program Files\Canon\CAL\CALMAIN*****
C:\Program Files\Analog Devices\Core\smax4pnp*****
C:\Program Files\Analog Devices\SoundMAX\Smax4*****
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy*****
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag*****
C:\Program Files\USB Disk Win98 Driver\Res*****
C:\Program Files\Common Files\Symantec Shared\ccSvcHst*****
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication*****
C:\Program Files\Common Files\Real\Update_OB\realsched*****
C:\WINDOWS\system32\ctfmon*****
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier*****
C:\Program Files\PC Connectivity Solution\ServiceLayer*****
C:\Program Files\HP\Digital Imaging\bin\hpqtra08*****
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08*****
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc*****
C:\Program Files\Internet Explorer\iexplore*****
C:\Program Files\Mozilla Firefox\firefox*****
C:\Program Files\Gadu-Gadu\gg*****
C:\Program Files\ICQ6\ICQ*****
C:\Program Files\Trend Micro\HijackThis\HijackThis*****

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/webhp?sourceid=navclient&ie=UTF-8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\sw g.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut*****
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp*****
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4*****" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32***** C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32***** C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy*****"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag*****" /icon
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res*****
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp*****"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck*****"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication***** -startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched*****" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask*****" -atboottime
O4 - HKCU\..\Run: [CTFMON*****] C:\WINDOWS\system32\ctfmon*****
O4 - HKCU\..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd*****
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier*****
O4 - HKCU\..\Run: [ALLUpdate] "C:\Program Files\ALLPlayer\ALLUpdate*****" "sleep"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON*****] C:\WINDOWS\system32\CTFMON***** (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON*****] C:\WINDOWS\system32\CTFMON***** (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON*****] C:\WINDOWS\system32\CTFMON***** (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON*****] C:\WINDOWS\system32\CTFMON***** (User 'Default user')
O4 - S-1-5-18 Startup: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM***** (User 'SYSTEM')
O4 - .DEFAULT Startup: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM***** (User 'Default user')
O4 - Startup: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM*****
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl*****
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08*****
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL*****/3000
O8 - Extra context menu item: Pobierz plik wideo we Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Pobierz w Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Pobierz wszystkie pliki w Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Pobierz zaznaczone w Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag*****
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag*****
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ*****
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ*****
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs*****
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs*****
O14 - IERESET.INF: START_PAGE_URL=http://www.vobis.pl/
O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://67.15.101.3/g_bin/pl/boards_2_0_0_32.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1157540633109
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1191756889125
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshel...onGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_30.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/pl/snooker_2_0_0_34.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5AEC851B-D517-4E53-9555-C062EA12FCF4}: NameServer = 194.204.159.1 217.98.63.164
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc*****
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN*****
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst*****
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst*****
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst*****
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost*****
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService*****
O23 - Service: Harmonogram automatycznej usługi LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc*****
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs*****
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS***** (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4*****
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst*****
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32*****
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12*****
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd*****
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer*****
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc*****
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7*****

--
End of file - 13266 bytes

KrEmAs KAc 23-03-2009 16:07
Tak proste ,że aż genialne :)

--Ogorek-- 21-05-2009 18:15
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.crawler.com/?tbid=66008
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66008
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_cu...spx?TbId=66008
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66008
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_cu...spx?TbId=66008
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit*****,,C:\Doc uments and Settings\StiX\Moje dokumenty\Downloads\Compressed\FlashFXP_3.7.7_buil d1320\Keygen*****
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Program Files\No1 Video Converter\msdxm.ocx
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O3 - Toolbar: Pasek &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL*****
O4 - HKLM\..\Run: [Alcmtr] ALCMTR*****
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm***** -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch*****" -start
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain*****
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp*****"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray*****
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask*****" -atboottime
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [D-Link AirPlus G DWL-G510] C:\Program Files\D-Link\AirPlus G DWL-G510\AirGCFG*****
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2*****
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32***** C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz***** /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32***** C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched*****"
O4 - HKCU\..\Run: [CTFMON*****] C:\WINDOWS\system32\ctfmon*****
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray*****" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan***** /onboot
O4 - HKCU\..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher***** /silent
O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef*****
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon*****" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON*****] C:\WINDOWS\system32\CTFMON***** (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON*****] C:\WINDOWS\system32\CTFMON***** (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON*****] C:\WINDOWS\system32\CTFMON***** (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON*****] C:\WINDOWS\system32\CTFMON***** (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl*****
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync*****
O4 - Global Startup: Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL*****/3000
O8 - Extra context menu item: Ściągnij przez IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Ściągnij wszystkie linki przez IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Ściągnij zawartość wideo FLV przez IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag*****
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag*****
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs*****
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs*****
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS*****
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService*****
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder*****
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr*****
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr*****
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch*****
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT*****
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs*****
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1*****
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32*****
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd*****
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam*****
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc*****
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc*****
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan*****

sir rafski 27-05-2009 11:36
http://hijackthis.de/

Sami sobie sprawdzajscie dzieci wojny i okopów...

Emcess 27-05-2009 14:45
Cytuj:
Oryginalnie napisane przez Zagbun (Post 2293215)
To jest tylko automat,więc się może mylić.

Jak chcecie sprawdzić loga,to polecam fora komputerowe.
Tam specjaliści wam sprawdzą,a nie tibijczycy ^^
a nie jest tak, że ktoś tam to zmienia? tak mi sie wydaje, bo jak mam jakies stery od drukarki czy cos (kupiona ze 2 miechy temu) to nic mi nie wykrywa.

Edwardo 31-05-2009 00:53
Linki nie działają.

Akrom 15-06-2009 10:08
Ładny poradnik, dzięki wielkie, w końcu nie muszę się bać, że zostanę shakowany ^^

qwe123 01-07-2009 10:12
Nie wiem czy ktoś podawał pełną listę adresów do pliku Host ?? na wszeli wypadek podam

Kod:
127.0.0.1        owntibia.com
127.0.0.1        www.owntibia.com
127.0.0.1        vip.owntibia.com
127.0.0.1        www.vip.owntibia.com
127.0.0.1        free.owntibia.com
127.0.0.1        www.free.owntibia.com
127.0.0.1        87.98.239.19
127.0.0.1        wizzard.home.pl
127.0.0.1        www.wizzard.home.pl
127.0.0.1        lordoftibia.pl
127.0.0.1        www.lordoftibia.pl
127.0.0.1        194.24.174.34
127.0.0.1        83.149.76.155
127.0.0.1        owntibia.eu
127.0.0.1        www.owntibia.eu
127.0.0.1        owntibia.net
127.0.0.1        www.owntibia.net
127.0.0.1        owntibia.info
127.0.0.1        www.owntibia.info
127.0.0.1      wartibia.com
127.0.0.1      www.wartibia.com

Skullcracker 06-07-2009 12:21
Cytuj:
Oryginalnie napisane przez qwe123 (Post 2584346)
ciach
Lista nie jest ani pełna ani aktualna.

KoXiS 20-12-2010 21:14
Podejrzewam, że mam jakiś syf na komputerze. Zrobiłem już kilka ruchów i chciałbym pokazać wyniki, także chcę zasięgnąć opini kogoś kto zna się na tym nieco lepiej niż ja.


Zrobiłem scan z zapisem logów hijack'iem, oto on:
(Dodam, że w logach występowały cztery logi "ctfmon" oprócz tego, który znajduje się na screenie. Początek logów był taki sam coś w tym stylu "XXXX/run/ctfmon17..." kolejne trzy różniły się tylko liczbami ctfmon18, ...19, ...20. Więc je usunąłem)

http://img121.imageshack.us/img121/4413/scanlogw.jpg


Potem wykonałem analize na "http://www.hijackthis.de/"
Z początku wyskoczyły mi 3 keye, zarażone pliki nosiły nazwe coś typu "Ask.Toolbar...". Od razu zlikwidowałem je.
Obecnie save logów wygląda następująco:

Ukryty tekst:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:24:54, on 2010-12-20
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss*****
C:\WINDOWS\system32\winlogon*****
C:\WINDOWS\system32\services*****
C:\WINDOWS\system32\lsass*****
C:\WINDOWS\system32\svchost*****
C:\WINDOWS\System32\svchost*****
C:\Program Files\Alwil Software\Avast5\AvastSvc*****
C:\WINDOWS\Explorer*****
C:\PROGRA~1\ALWILS~1\Avast5\avastUI*****
C:\Program Files\Common Files\Java\Java Update\jusched*****
C:\WINDOWS\system32\ctfmon*****
C:\Documents and Settings\kp\Menu Start\Programy\Autostart\windate*****
C:\WINDOWS\system32\spoolsv*****
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService*****
C:\Program Files\Java\jre6\bin\jqs*****
C:\WINDOWS\system32\svchost*****
C:\WINDOWS\system32\wbem\wmiapsrv*****
C:\WINDOWS\system32\wuauclt*****
C:\Program Files\Tibia\Tibia*****
C:\Program Files\Tibia Auto\tibiaauto*****
C:\Program Files\Opera\opera*****
C:\WINDOWS\system32\taskmgr*****
C:\Documents and Settings\kp\Pulpit\HiJackThis*****

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI***** /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched*****"
O4 - HKCU\..\Run: [CTFMON*****] C:\WINDOWS\system32\ctfmon*****
O4 - HKCU\..\Run: [AQQ] C:\PROGRA~1\WapSter\WAPSTE~1\AQQ*****
O4 - Startup: windate*****
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs*****
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs*****
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService*****
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc*****
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc*****
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc*****
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs*****

--
End of file - 2903 bytes
[/code][/html][/php][/quote]



Na koniec chcę wam pokazać obecną listę procesów. Wydaje mi się to zbędne, ale niepokoją mnie procesy, które się powtarzają. Czy ma to jakieś znaczenie?
Screen:

http://img824.imageshack.us/img824/5...staprocesw.jpg

Arczu 09-05-2011 12:21
Może ktoś rzucić okiem na to?

Cytuj:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:19:53, on 2011-05-09
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16766)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm*****
C:\Windows\Explorer*****
C:\Windows\system32\taskhost*****
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM*****
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl*****
C:\Program Files\CyberLink\Power2Go\CLMLSvc*****
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv*****
C:\Program Files\Thomson\ST330\diagnostics\diagnostics*****
C:\Program Files\HP\HP Software Update\hpwuSchd2*****
C:\Program Files\Microsoft Security Client\msseces*****
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM*****
C:\Program Files\Common Files\Java\Java Update\jusched*****
C:\Program Files\HP\Digital Imaging\bin\hpqtra08*****
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC*****
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08*****
C:\Program Files\HP\Digital Imaging\bin\hpqbam08*****
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01*****
C:\Users\actina\AppData\Local\Google\Chrome\Applic ation\chrome*****
C:\Users\actina\AppData\Local\Google\Chrome\Applic ation\chrome*****
C:\Windows\system32\wuauclt*****
C:\Windows\system32\rundll32*****
C:\Users\actina\AppData\Local\Google\Chrome\Applic ation\chrome*****
C:\Users\actina\AppData\Local\Google\Chrome\Applic ation\chrome*****
C:\Program Files\Ventrilo\Ventrilo*****
C:\Users\actina\AppData\Local\Google\Chrome\Applic ation\chrome*****
C:\Program Files\Gadu-Gadu 10\gg*****
C:\Users\actina\AppData\Local\Google\Chrome\Applic ation\chrome*****
C:\Users\actina\AppData\Local\Google\Chrome\Applic ation\chrome*****
C:\Users\actina\AppData\Local\Google\Chrome\Applic ation\chrome*****
C:\Windows\system32\taskhost*****
C:\Windows\system32\taskeng*****
C:\Users\actina\Downloads\HiJackThis*****

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/acala3gp/{0C726F52-F607-443D-AAA3-954F715E276B}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SBCONVERT - {3017FB3E-9A77-4396-88C5-0EC9548FB42F} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
O2 - BHO: SearchPredictObj Class - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\SPEEDB~1\Toolbar\grabber.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart*****" MSRun
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl*****
O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel*****
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMen u*****" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc*****"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu* ****" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv*****"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language*****"
O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStart Menu*****" "C:\Program Files\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu*** **" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate*****" blrun
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu*****" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [diagnostics] "C:\Program Files\Thomson\ST330\diagnostics\diagnostics*****" /icon -l:pl
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon*****
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2*****
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces*****" -hide -runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl*****"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM*****"
O4 - HKLM\..\Run: [NeroCheck] C:\Windows\system32\\NeroCheck*****
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched*****"
O4 - HKCU\..\Run: [ALLUpdate] "C:\Program Files\ALLPlayer\ALLUpdate*****" "sleep"
O4 - HKCU\..\Run: [Google Update] "C:\Users\actina\AppData\Local\Google\Update\Googl eUpdate*****" /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr*****" /background
O4 - HKCU\..\Run: [Gadu-Gadu 10] "C:\Program Files\Gadu-Gadu 10\gg*****"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar***** /autoRun (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin***** (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar***** /autoRun (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin***** (User 'USŁUGA SIECIOWA')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08*****
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL*****/3000
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Pokaż lub ukryj HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{43F1CA3D-2DCA-421D-94EA-6C53E3DE6E6D}: NameServer = 194.204.159.1 194.204.152.34
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc*****
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx*****
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service*****
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT*****
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo*****
O23 - Service: SpeedTouch 330 Manager (st330service) - THOMSON Telecom Belgium - C:\Program Files/Thomson/ST330/service/st330service*****

--
End of file - 10147 bytes

KaKi_7 19-12-2011 23:24
Wreszcie przyda sie! ;DD

ozi1231 20-12-2011 00:03
wspaniale ze ktos wreszcie o tym napisał. Pozdrawiam

sruofjaslo 20-12-2011 15:12
:)
 
o ja tez moglbym tu dodac swojego loga bo mam podobny problem...

malenka123 15-05-2015 08:57
SpyShelter
 
Hjka, nie dawno jestem na tym forum .... i potrzebuje paru info:)potzrebuje dobrego programu antywirusowego do pracy czy słyszał ktos o oprogramowaniu antywirusowym firmy SpyShelter?odpiszcie jak cos wiecie
narka

Vadimq 15-05-2015 11:12
Tak, słyszałem. Ale nic więcej.
To nie jest antywirus, tylko dodatkowy program zabezpieczający. Oczywiście możesz go używać, najlepiej z jakimś AV.
No i jeszcze napisze, że żaden antywirus czy program zabezpieczający nie daje Ci 100% pewności. Najlepszą ochronę daję myślenie użytkownika komputera.
A infekcję leczymy poprzez diagnostykę, a nie antywirusem czy innym programem (tymi można się jedynie wspomóc, ale kontrola i finalizacja procesu zawsze przez diagnostykę).


Wszystkie czasy podano w strefie GMT +2. Teraz jest 19:20.
Strona 8 z 8 < 1234567 8
Pokaż 40 postów tego tematu na stronie

Powered by vBulletin 3