|
Notki |
Poradniki Poradniki napisane przez użytkowników forum. Podfora : Wasze propozycje poradników ; Poradniki archwialne; Poradniki nie związane z Tibią |
|
Opcje tematu |
12-10-2007, 23:35 | #182 |
Użytkownik forum
Data dołączenia: 12 10 2007
Posty: 13
|
Witam, ostatnio zauwazylem ze pojawia mi sie male okienko przy starcie systemu..
(mianowicie - > http://img105.imageshack.us/my.php?i...eztytuuxt9.jpg ) Mysle ze to jest jakis key~czy cos.. A teraz skan Hjack This'a : Logfile of HijackThis v1.99.1 Scan saved at 14:24:14, on 2007-10-12 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss***** C:\WINDOWS\system32\winlogon***** C:\WINDOWS\system32\services***** C:\WINDOWS\system32\lsass***** C:\WINDOWS\system32\Ati2evxx***** C:\WINDOWS\system32\svchost***** C:\WINDOWS\System32\svchost***** C:\WINDOWS\system32\Ati2evxx***** C:\WINDOWS\Explorer***** C:\WINDOWS\system32\spoolsv***** C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp***** C:\Program Files\Gadu-Gadu\gg***** C:\Program Files\Skype\Phone\Skype***** C:\Program Files\Ares\Ares***** C:\Program Files\Common Files\System\smss***** C:\Program Files\Skype\Plugin Manager\SkypePM***** C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp***** C:\WINDOWS\system32\PnkBstrA***** C:\WINDOWS\system32\svchost***** C:\Program Files\Mozilla Firefox\firefox***** C:\WINDOWS\system32\wuauclt***** C:\Documents and Settings\user\Pulpit\Programy\HijackThis***** R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.onet.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp*****" O4 - HKLM\..\Run: [Interner Exploler] C:\WINDOWS\Protocol***** O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg*****" /tray O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype*****" /nosplash /minimized O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares*****" -h O4 - Startup: autostart***** O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Ochrona WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs***** O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs***** O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_30.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer***** O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx***** O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag***** O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp*****" -r (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT***** O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService***** O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA***** Jesli mozecie to pomozcie aa i P.s. zauwazylem dopiero jeszcze jedna rzecz gdy czytalem o Lord of Tibia .. a mianowicie ( --> http://img443.imageshack.us/my.php?image=shittten6.jpg ) Wychodzi na to ze chyba mam Lord of Tibia Keylogger? p.s. 2 W trybie awaryjnym usunelem ten plik z katalogu windows potem uruchomilem ponownie komputer (okienko juz sie nie pojawilo ) usunelem ten plik z rejestry i znow uruchomilem ponownie kompa i okienka dalej nie ma Ale dla pewnosci to prosze o sprawdzenie scana Hjack Thisa poprzedniego i tego co teraz zapodam : Logfile of HijackThis v1.99.1 Scan saved at 22:52:44, on 2007-10-12 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss***** C:\WINDOWS\system32\winlogon***** C:\WINDOWS\system32\services***** C:\WINDOWS\system32\lsass***** C:\WINDOWS\system32\Ati2evxx***** C:\WINDOWS\system32\svchost***** C:\WINDOWS\System32\svchost***** C:\WINDOWS\system32\Ati2evxx***** C:\WINDOWS\Explorer***** C:\WINDOWS\system32\spoolsv***** C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp***** C:\Program Files\Gadu-Gadu\gg***** C:\Program Files\Common Files\System\smss***** C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp***** C:\WINDOWS\system32\PnkBstrA***** C:\WINDOWS\system32\svchost***** C:\Program Files\Winamp\winamp***** C:\WINDOWS\system32\wuauclt***** C:\Program Files\Mozilla Firefox\firefox***** C:\Documents and Settings\user\Pulpit\Programy\HijackThis***** R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.onet.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp*****" O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg*****" /tray O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype*****" /nosplash /minimized O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares*****" -h O4 - Startup: autostart***** O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Ochrona WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs***** O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs***** O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_30.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer***** O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx***** O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag***** O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp*****" -r (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT***** O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService***** O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA***** Ostatnio edytowany przez Kondyk91 - 13-10-2007 o 00:05. Powód: znalazlem nowy powod |
14-10-2007, 00:22 | #183 |
Użytkownik Forum
Data dołączenia: 17 09 2005
Lokacja: Piła
Wiek: 31
Posty: 178
Stan: Usunięty
Imię: Karinix Mina
Profesja: Elite Knight
Świat: Candia
Poziom: 122
|
Kod:
Logfile of HijackThis v1.99.1 Scan saved at 23:09:41, on 2007-10-13 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss***** C:\WINDOWS\system32\winlogon***** C:\WINDOWS\system32\services***** C:\WINDOWS\system32\lsass***** C:\WINDOWS\system32\Ati2evxx***** C:\WINDOWS\system32\svchost***** C:\WINDOWS\System32\svchost***** C:\WINDOWS\system32\Ati2evxx***** C:\WINDOWS\Explorer***** C:\WINDOWS\system32\spoolsv***** C:\Program Files\ATI Technologies\ATI.ACE\cli***** C:\Program Files\Analog Devices\SoundMAX\SMTray***** C:\Programy\Kaspersky\avp***** C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03***** C:\WINDOWS\system32\ctfmon***** C:\Programy\Vidalia Bundle\Vidalia\vidalia***** C:\Program Files\ATI Technologies\ATI.ACE\CLI***** C:\Programy\Vidalia Bundle\Privoxy\privoxy***** C:\Program Files\Xfire\xfire***** C:\Programy\Kaspersky\avp***** C:\Program Files\Analog Devices\SoundMAX\SMAgent***** C:\WINDOWS\system32\svchost***** C:\Programy\Vidalia Bundle\Tor\tor***** C:\Program Files\Messenger\msmsgs***** C:\Programy\Gadu-Gadu\gg***** C:\WINDOWS\system32\wuauclt***** C:\Program Files\Mozilla Firefox\firefox***** C:\Documents and Settings\Adrian\Pulpit\HijackThis***** O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli*****" runtime O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray***** O4 - HKLM\..\Run: [AVP] "C:\Programy\Kaspersky\avp*****" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03***** O4 - HKCU\..\Run: [CTFMON*****] C:\WINDOWS\system32\ctfmon***** O4 - HKCU\..\Run: [Vidalia] "C:\Programy\Vidalia Bundle\Vidalia\vidalia*****" O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire***** O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader***** O4 - Global Startup: ATI CATALYST – pasek zadań.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI***** O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA***** O4 - Global Startup: Privoxy.lnk = C:\Programy\Vidalia Bundle\Privoxy\privoxy***** O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programy\Kaspersky\scieplugin.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs***** O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs***** O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx***** O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag***** O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Programy\Kaspersky\avp***** O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService***** O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService***** O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent***** |
14-10-2007, 00:47 | #184 |
Użytkownik Forum
Data dołączenia: 27 06 2006
Wiek: 27
Posty: 91
|
@Kondyk91
Running processes: C:\Program Files\Gadu-Gadu\gg***** Jeżeli męczy Cie gg na starcie to ten powyższy proces możesz wywalić. C:\Program Files\Winamp\winamp***** jeżeli męczy Cie agent winampa możesz też go wywalić C:\WINDOWS\system32\wuauclt***** Jeżeli nie chcesz automatycznych update'ów systemu możesz to wywalić też(oczywiście te procesy wywal pod trybem normalnym, jak chcesz, możesz to zrobić z awaryjnego). R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl/ To też wywal R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net Wywal R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.onet.pl/ To też wywal R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL To też wywal O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL To wywal. O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg*****" /tray proces gg, jeżeli chcesz żeby na starcie systemu Ci sie nie włączał wywal go O4 - Startup: autostart***** To wywal z trybu awaryjnego. O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs***** Proces Messengera możesz wywalić jeżeli nie korzystasz z niego. O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs***** Proces Messengera możesz wywalić jeżeli nie korzystasz z niego. O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_30.cab To wywal Log takto czysty. ------------------------------------------------------------------------------------------------------------ @Rosus 1.C:\Program Files\Messenger\msmsgs***** 2.C:\Programy\Gadu-Gadu\gg***** 3.C:\WINDOWS\system32\wuauclt***** Te procesy możesz wywalić, ale nie musisz. Jeżeli chcesz by Ci sie włączały na starcie systemu i spowolniały jego włączanie. 1.to od messengera 2.od gg 3.od automatycznych aktualizacji (oczywiście te procesy na starcie się załączają, możesz je wywalić, ale nie musisz) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs***** To możesz wywalić, proces od messengera Oczywiście log jest czysty
__________________
RePenT HeReTiC!!! Know Your Enemy,Because If You Don't Know Your Enemies You Die!!! I Will Punish The Sinners!!! Bullet In Your Head!!! Ostatnio edytowany przez SpAyKeR - 14-10-2007 o 00:54. |
14-10-2007, 11:38 | #185 |
Użytkownik Forum
Data dołączenia: 19 05 2006
Lokacja: Za górami, za lasami....
Wpisy bloga: 1
Posty: 1,388
Stan: Na Emeryturze
Profesja: Rookstayer
|
@Kondyk
Jeżeli nadal go masz, podeślij mi na PW plik C:/windows/protocol***** @Edit Chyba masz W32/Mirsa-B Opis usuwania: http://www.symantec.com/security_res...656-99&tabid=3
__________________
*** † Jarosław Krasuski (1974-2007) *** Może wstawisz mi notkę ? *** Masz problem z keyloggerem ? Nie jesteś pewien co do swojego bezpieczeństwa ? Chętnie ci pomogę Ostatnio edytowany przez Uther92 - 14-10-2007 o 11:43. |
14-10-2007, 13:49 | #186 |
Użytkownik forum
Data dołączenia: 12 10 2007
Posty: 13
|
a gdzie pisze w jakim folderze sa te pliki ktore mam usunac ?
p.s - nie, nie mam juz tego pliku protocol.. p.s.2 - co do usuwania tego czegos co mi podales linka to ja tam nie mam tego w co oni kaza wejsc : btw - > http://img130.imageshack.us/my.php?image=grrzn4.jpg p.s. 3 - mam jedynie ten ostatni wpis -> http://img87.imageshack.us/my.php?image=ahdi3.png Niech ktos napisze co mam pokolei zrobic by juz nie miec tego "czegos" na kompie.. pozdro Ostatnio edytowany przez Kondyk91 - 14-10-2007 o 14:01. |
14-10-2007, 22:41 | #187 | |
Użytkownik Forum
Data dołączenia: 27 01 2007
Lokacja: Tarnów
Posty: 495
Stan: Na Emeryturze
Świat: Elysia/Kyra
Poziom: 85+
|
Przejzalby ktos? bardzo bym prosil xd
Cytuj:
__________________
pozdro kisiello __________________ 03:44 Icarus Grimm [7]: and see ya tomorrow 03:44 Vivienne De Marco [100]: what see? 03:44 Icarus Grimm [7]: lol 03:44 Icarus Grimm [7]: see you tomorrow 03:44 Icarus Grimm [7]: ?? 03:44 Vivienne De Marco [100]: what i see? Ostatnio edytowany przez Misiuuu - 14-10-2007 o 22:46. |
|
16-10-2007, 15:05 | #188 |
Użytkownik forum
Data dołączenia: 16 10 2007
Posty: 3
|
Logfile of HijackThis v1.99.1
Scan saved at 13:47:48, on 2007-10-16 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Running processes: C:\WINDOWS\System32\smss***** C:\WINDOWS\system32\winlogon***** C:\WINDOWS\system32\services***** C:\WINDOWS\system32\lsass***** C:\WINDOWS\system32\svchost***** C:\Program Files\Windows Defender\MsMpEng***** C:\WINDOWS\Explorer***** C:\WINDOWS\System32\svchost***** C:\WINDOWS\system32\spoolsv***** C:\Program Files\Windows Defender\MSASCui***** C:\WINDOWS\system32\RUNDLL32***** C:\Program Files\Analog Devices\SoundMAX\Smtray***** C:\Program Files\Java\jre1.6.0_02\bin\jusched***** C:\WINDOWS\system32\rundll32***** C:\Program Files\Eset\nod32kui***** C:\WINDOWS\system32\ctfmon***** C:\PROGRA~1\WapSter\AQQ\AQQ***** C:\Program Files\Cisco Systems\VPN Client\cvpnd***** C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon***** C:\Program Files\Eset\nod32krn***** E:\AutoConnect\AutoConnect***** C:\WINDOWS\system32\nvsvc32***** C:\Program Files\Common Files\System\smss***** C:\Program Files\Analog Devices\SoundMAX\SMAgent***** C:\WINDOWS\system32\svchost***** C:\WINDOWS\Explorer***** E:\hijackthis\HijackThis***** R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui*****" -hide O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck***** O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32***** C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz***** /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32***** C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray***** O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched*****" O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32***** bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui*****" /WAITSERVICE O4 - HKCU\..\Run: [CTFMON*****] C:\WINDOWS\system32\ctfmon***** O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs*****" /background O4 - HKCU\..\Run: [Messenger] MSMSGS O4 - HKCU\..\Run: [AQQ] C:\PROGRA~1\WapSter\AQQ\AQQ***** O4 - Startup: Skrót do AutoConnect*****.lnk = E:\AutoConnect\AutoConnect***** O4 - Startup: autostart***** O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader***** O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon***** O4 - Global Startup: VPN Client.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag***** (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag***** (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs***** O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs***** O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1186923321906 O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd***** O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService***** O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn***** O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32***** O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent***** ...... jak łatwo zauwazyć na pewno jest niepotrzebne C:\Program Files\Common Files\System\smss***** i teraz... tam tak samo jest plik start.bat Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] smss"="C:\\Program Files\\Common Files\\System\\smss*****" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] smss"="C:\\Program Files\\Common Files\\System\\smss*****" i teraz weź pomyśl... usuwam i to i to i co jeszcze może i skąd wywoływać tego `smss'a` za każdym razem?? -,^ ja w logu się doszukać nie mogę niczego ... |
16-10-2007, 19:45 | #189 |
Użytkownik forum
Data dołączenia: 16 10 2007
Posty: 3
|
tak jak myślałem...
sam zdążyłem się z tym już uporać ;] polecam jeszcze raz BoostSpeed zablokuje się w nim to co ma się uruchamiać przy starcie komputera za pomocą ProceXP wyłączy a potem usunie i wszystko gra bez formata. |
16-10-2007, 19:50 | #190 |
Użytkownik Forum
Data dołączenia: 13 03 2007
Lokacja: Bochnia
Posty: 27
Stan: Aktywny Gracz
Imię: David Dragon Lord
Profesja: Druid
Świat: Shivera
Poziom: 26
Poziom mag.: 28
|
help xd
Logfile of HijackThis v1.99.1
Scan saved at 18:35:14, on 2007-10-16 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss***** C:\WINDOWS\system32\winlogon***** C:\WINDOWS\system32\services***** C:\WINDOWS\system32\lsass***** C:\WINDOWS\system32\svchost***** C:\WINDOWS\System32\svchost***** C:\Program Files\Common Files\Symantec Shared\ccSvcHst***** C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32***** C:\WINDOWS\system32\spoolsv***** C:\Program Files\G DATA\InternetSecurity 2007\AVK\AVKService***** C:\Program Files\G DATA\InternetSecurity 2007\AVK\AVKWCtl***** C:\WINDOWS\System32\CTsvcCDA***** C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc***** C:\WINDOWS\Explorer***** C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT***** C:\WINDOWS\system32\nvsvc32***** C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB***** C:\WINDOWS\System32\MsPMSPSv***** C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy***** C:\Program Files\Common Files\G DATA\AVKMail\AVKPOP***** C:\Program Files\G DATA\InternetSecurity 2007\AVKTray\AVKTray***** C:\Program Files\Common Files\Symantec Shared\ccApp***** C:\WINDOWS\system32\RunDLL32***** C:\WINDOWS\system32\ctfmon***** C:\Program Files\Gadu-Gadu\gg***** C:\Program Files\G DATA\InternetSecurity 2007\Firewall\GDFwSvc***** C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon***** C:\Program Files\G DATA\InternetSecurity 2007\Firewall\GDFirewallTray***** C:\WINDOWS\system32\winlogon***** C:\WINDOWS\System32\imapi***** C:\Program Files\Opera\Opera***** C:\DOCUME~1\Dawid.CB\USTAWI~1\Temp\Rar$EX00.000\Hi jackThis***** R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\InternetSecurity 2007\Webfilter\AvkWebIE.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\Program Files\ivo\Expressivo Demo\integr\ih-iexplorer\IH_iexplorer.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\InternetSecurity 2007\Webfilter\AvkWebIE.dll O3 - Toolbar: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\Program Files\ivo\Expressivo Demo\integr\ih-iexplorer\IH_iexplorer.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [AVK Mail Checker] "C:\Program Files\Common Files\G DATA\AVKMail\AVKPOP*****" O4 - HKLM\..\Run: [AVKTray] "C:\Program Files\G DATA\InternetSecurity 2007\AVKTray\AVKTray*****" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp*****" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32***** C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32***** NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [ctfmon*****] C:\WINDOWS\system32\ctfmon***** O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg*****" /tray O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon***** O4 - Global Startup: G DATA Firewall Tray.lnk = C:\Program Files\G DATA\InternetSecurity 2007\Firewall\GDFirewallTray***** O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL*****/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - (no file) O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - (no file) O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs***** O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs***** O17 - HKLM\System\CCS\Services\Tcpip\..\{4731B621-71BF-4D5C-8264-51307D5FC49A}: NameServer = 194.204.159.1 217.98.63.164 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DL L O23 - Service: AVKProxy - G DATA Software AG - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy***** O23 - Service: AVK Service (AVKService) - G DATA Software AG - C:\Program Files\G DATA\InternetSecurity 2007\AVK\AVKService***** O23 - Service: Strażnik AVK (AVKWCtl) - Unknown owner - C:\Program Files\G DATA\InternetSecurity 2007\AVK\AVKWCtl***** O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst*****" /h ccCommon (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst*****" /h ccCommon (file missing) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst*****" /h ccCommon (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA***** O23 - Service: G DATA Personal Firewall (GDFwSvc) - Unknown owner - C:\Program Files\G DATA\InternetSecurity 2007\Firewall\GDFwSvc***** O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService***** O23 - Service: Harmonogram automatycznej usługi LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc***** O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\Bogdan\USTAWI~1\Temp\hpdj***** (file missing) O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService***** O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1***** O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst*****" /h ccCommon (file missing) O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc*****" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing) O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT***** O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32***** O23 - Service: PnkBstrA - Unknown owner - 1 (file missing) O23 - Service: Windows NT Session Manager (SMSS) - Unknown owner - C:\WINDOWS\system\smss***** (file missing) O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB***** O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc***** O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32***** Czyste?? |
19-10-2007, 14:41 | #192 |
Użytkownik forum
Data dołączenia: 12 10 2007
Posty: 13
|
Skorzystalem z tego programiku.. i usunelem te wpisy co kazano :<
i teraz log z hjack this : Logfile of HijackThis v1.99.1 Scan saved at 13:37:33, on 2007-10-19 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss***** C:\WINDOWS\system32\winlogon***** C:\WINDOWS\system32\services***** C:\WINDOWS\system32\lsass***** C:\WINDOWS\system32\Ati2evxx***** C:\WINDOWS\system32\svchost***** C:\WINDOWS\System32\svchost***** C:\WINDOWS\system32\Ati2evxx***** C:\WINDOWS\Explorer***** C:\WINDOWS\system32\spoolsv***** C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp***** C:\Program Files\Gadu-Gadu\gg***** C:\Program Files\AusLogics BoostSpeed\BoostSpeed***** C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp***** C:\WINDOWS\system32\PnkBstrA***** C:\WINDOWS\system32\svchost***** C:\Program Files\Mozilla Firefox\firefox***** C:\Program Files\iPod\bin\iPodService***** C:\Documents and Settings\user\Pulpit\Programy\HijackThis***** O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp*****" O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg*****" /tray O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype*****" /nosplash /minimized O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares*****" -h O4 - HKCU\..\Run: [BoostSpeed] "C:\Program Files\AusLogics BoostSpeed\BoostSpeed*****" /Q O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Ochrona WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs***** O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs***** O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_30.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer***** O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx***** O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag***** O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp*****" -r (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT***** O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService***** O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA***** czysty? odp. fast bo zachcialo mi sie grac ;s juz z okolo miecha sie nie logowalem ;d Ostatnio edytowany przez Kondyk91 - 19-10-2007 o 14:51. |
19-10-2007, 16:46 | #194 |
Użytkownik Forum
Data dołączenia: 19 05 2006
Lokacja: Za górami, za lasami....
Wpisy bloga: 1
Posty: 1,388
Stan: Na Emeryturze
Profesja: Rookstayer
|
@Kondyk91 i Dawidx
Czysto Ale obu radziłbym przeczyścić rejestr z niepotrzebnych wpisów i pousuwać pliki tymczasowe
__________________
*** † Jarosław Krasuski (1974-2007) *** Może wstawisz mi notkę ? *** Masz problem z keyloggerem ? Nie jesteś pewien co do swojego bezpieczeństwa ? Chętnie ci pomogę |
19-10-2007, 17:09 | #195 |
Użytkownik forum
Data dołączenia: 12 10 2007
Posty: 13
|
oo to spox
A co do tych wpisow.. Mozesz to bardziej rozwinac ? |
19-10-2007, 17:12 | #196 |
Użytkownik Forum
Data dołączenia: 27 01 2007
Lokacja: Tarnów
Posty: 495
Stan: Na Emeryturze
Świat: Elysia/Kyra
Poziom: 85+
|
przejzalbys moje, plz xd
|
19-10-2007, 17:32 | #197 |
Użytkownik Forum
Data dołączenia: 19 05 2006
Lokacja: Za górami, za lasami....
Wpisy bloga: 1
Posty: 1,388
Stan: Na Emeryturze
Profesja: Rookstayer
|
__________________
*** † Jarosław Krasuski (1974-2007) *** Może wstawisz mi notkę ? *** Masz problem z keyloggerem ? Nie jesteś pewien co do swojego bezpieczeństwa ? Chętnie ci pomogę |
24-10-2007, 17:35 | #198 |
Użytkownik forum
Data dołączenia: 13 05 2006
Posty: 8
|
mogl bys rzucic okiem na to ?
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:13:25, on 2007-10-24 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss***** C:\WINDOWS\system32\winlogon***** C:\WINDOWS\system32\services***** C:\WINDOWS\system32\lsass***** C:\WINDOWS\system32\Ati2evxx***** C:\WINDOWS\system32\svchost***** C:\WINDOWS\System32\svchost***** C:\WINDOWS\system32\Ati2evxx***** C:\WINDOWS\Explorer***** C:\WINDOWS\system32\spoolsv***** C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp***** C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM***** C:\Program Files\Webroot\Spy Sweeper\SpySweeper***** C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp***** C:\Program Files\Mozilla Firefox\firefox***** C:\Program Files\Gadu-Gadu\gg***** C:\Program Files\Trend Micro\HijackThis\HijackThis***** R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp*****" O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg*****" /tray O4 - HKUS\S-1-5-19\..\Run: [CTFMON*****] C:\WINDOWS\system32\CTFMON***** (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON*****] C:\WINDOWS\system32\CTFMON***** (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON*****] C:\WINDOWS\system32\CTFMON***** (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON*****] C:\WINDOWS\system32\CTFMON***** (User 'Default user') O8 - Extra context menu item: Dodaj do Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Ochrona WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget***** O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget***** O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs***** O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs***** O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx***** O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag***** O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp***** O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT***** O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper***** -- End of file - 4618 bytes |
25-10-2007, 00:27 | #199 |
Zbanowany
|
UP:
Nie zauważyłem wpisów owntibii. A druga sprawa zastanawia mnie kilka faktów. Skoro OwnTibia czyta passy z procesu tibia.e xe to czy jeżeli się zmieni plik docelowy np. na gra.e xe (taki też będzie widoczny po uruchomieniu w menadżerze zadań) to hasło będzie wykradzione. Oraz skoro to wrzuca wpisy do pozycji aoutostartu (ładuje klucz rejestru) oraz robi niezły burdel w plikach z hostami to czy programy monitujące auotstart i wcześniej wspomniane hosty (np. WinPatrol) mogą nas w pewnym sensie zabezpieczyć. I po trzecie, do wysyłania ukradzionego hasła wykorzystywany jest IE (przy aktywnej w systemie Owntibi lub LoT zawsze po uruchomieniu tibia***** odpala się proces IE). To czy jeżeli w ustawieniach firewalla całkowicie się zablokuje IE odniesie to jakiś skutek? |
26-10-2007, 21:55 | #200 |
Użytkownik forum
Data dołączenia: 15 09 2007
Posty: 3
|
Logfile of HijackThis v1.99.1
Scan saved at 20:41:13, on 2007-10-26 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss***** C:\WINDOWS\system32\winlogon***** C:\WINDOWS\system32\services***** C:\WINDOWS\system32\lsass***** C:\WINDOWS\system32\svchost***** C:\WINDOWS\System32\svchost***** C:\WINDOWS\Explorer***** C:\Program Files\Alwil Software\Avast4\aswUpdSv***** C:\Program Files\Alwil Software\Avast4\ashServ***** C:\WINDOWS\system32\spoolsv***** C:\PROGRA~1\ALWILS~1\Avast4\ashDisp***** C:\Program Files\Winamp\winampa***** C:\Program Files\Gadu-Gadu\gg***** C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE***** C:\Program Files\Alwil Software\Avast4\ashMaiSv***** C:\Program Files\Alwil Software\Avast4\ashWebSv***** C:\Program Files\Mozilla Firefox\firefox***** C:\Documents and Settings\Dawid\Pulpit\HijackThis***** R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp***** O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa*****" O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg*****" /tray O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon*****" -lang 1033 O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL*****/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs***** O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs***** O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspn et_state***** (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv***** O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ***** O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv*****" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv*****" /service (file missing) O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE***** CZy mój komp jest czysty proszę o szybką odpowiedź |