Usuwanie Owntibia

Wersja do druku

Pokaż 50 post(ów) z tego tematu na jednej stronie

06-07-2007, 23:13
Pluton

Poradnik mi się przydał, dostałem passy od kumpla i na wszelki wypadek warto było poszperać ; )

Dzięki, jestem za przeniesieniem.
06-07-2007, 23:32
czekajcie na mnie

Ja tez skorzystalem i jestem za przeniesieniem^^ mialem jakeis gowienko ale usunolem :D:D nawet to nie byl keylogger :o
06-07-2007, 23:44
Xetasi

Jestem za przeniesieniem
10-07-2007, 20:03
konto usunięte

Cieszę się, że poradnik przydał sie już tak wielu osobom ^^
12-07-2007, 19:37
konto usunięte

Owntibie można usunąć, jeżeli się ma owntibia vip, jest tam taka fajna opcja "remove keyloger", a jeżeli nie mamy ot vip, to jest inny sposób, który działa obojętnie co zrobi wizz, ale go nie podam :F, sam go używam i wiem, że działa.
29-07-2007, 01:34
99cesarz

Wszystko ok ale co zrobic gdy są dwa pliki HOSTS w jednym gdy otwieram notatnikiem pisze taki znaczek:
#

a w drugim:
#
# This MVPS HOSTS file is a free download from: #
# (wkleja link i nie moge umiscic posta) #
# #
# Notes: the browser does not read this "#" symbol #
# You can create your own notes, after the # symbol #
# This *must* be the first line: 127.0.0.1 localhost #
# ************************************************** ******#
# ------------------Updated: 06-06-04---------------------#
# ************************************************** ******#
# Entries marked with Parasite or Trojan comments should #
# be placed in the Internet Explorer Restricted Zone. #
# (wkleja link i nie moge umiscic posta) #
# #
# Entries with other comments are searchable via Google. #
# #
# Disclaimer: this file is free to use, however it is NOT #
# permitted to post on any other site without permission. #
127.0.0.1 localhost
# [Misc Add-ons][A - Z]

i tu ciągnie sie bardzo dluga lista stron obok ip 127.0.0.1 czasami jest jeszcze obok cos w nawiasie np. " [Browseraid]"..
A wiec w ktorym pliku zastosowac zabezpieczenie ? Bardzo prosze o pomoc !
10-08-2007, 10:54
Xavien

Ten plik services.exe wyświetlał się mi w logu ale nie w tym okienku z hijackthis'a, więc co mam zrobić??
Usunąłem tego services.exe killboxem ale on nadal się pojawił??
14-08-2007, 11:01
konto usunięte

Cytuj:

Xavien napisał

Ten plik services.exe wyświetlał się mi w logu ale nie w tym okienku z hijackthis'a, więc co mam zrobić??
Usunąłem tego services.exe killboxem ale on nadal się pojawił??

Bo może usuwasz nie ten services.exe co trzeba ?
22-08-2007, 08:47
konto usunięte

owntibia_deleter wykrywa mi owntibie, findit nic nie wykrywa :/
w logach hijackthis nic podejrzanego nie widze bo sie na tym za bardzo nie znam ale w system32/drivers/etc jest dziwny plik hosts

jego zawartosc:

Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
::1 localhost
127.0.0.1 owntibia.com
127.0.0.1 vip.owntibia.com
127.0.0.1 87.98.239.19
127.0.0.1 owntibia.com
127.0.0.1 vip.owntibia.com
127.0.0.1 87.98.239.19
127.0.0.1 owntibia.com
127.0.0.1 vip.owntibia.com
127.0.0.1 87.98.239.19
127.0.0.1 owntibia.com
127.0.0.1 vip.owntibia.com
127.0.0.1 87.98.239.19
127.0.0.1 owntibia.com
127.0.0.1 vip.owntibia.com
127.0.0.1 87.98.239.19
127.0.0.1 owntibia.com
127.0.0.1 vip.owntibia.com
127.0.0.1 87.98.239.19
127.0.0.1 owntibia.com
127.0.0.1 vip.owntibia.com
127.0.0.1 87.98.239.19
127.0.0.1 owntibia.com
127.0.0.1 vip.owntibia.com
127.0.0.1 87.98.239.19

co mam z tym zrobic? :/ chcialem dodac te adresy co napisales w poradniku i znalazlem to... z gory dzieki za pomoc
22-08-2007, 14:24
konto usunięte

To dlatego, że użyłeś opcji ochrony przed owntibia przy użyciu owntibia deleter'a. Wszystko w normie ;)
22-08-2007, 14:49
konto usunięte

he

Poradnik spoko jestem za przeniesieniem mam pytanko czy u mnie wszystko okej?

Cytuj:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:45:04, on 2007-08-22
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
c:\usr\MYSQL\bin\mysqld.exe
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsrw.exe
C:\Program Files\F-Secure Internet Security\FSPC\fspc.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\services.exe
C:\Program Files\Spik\Spik.exe
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\Program Files\F-Secure Internet Security\FSGUI\ispnews.exe
C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
C:\PROGRA~1\F-SECU~1\ANTI-S~1\fsaw.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = forum.tibia.org.pl/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL (file missing)
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Microsoft Directx] directxat.exe
O4 - HKLM\..\Run: [ReJf5vH] C:\WINDOWS\axsns.exe
O4 - HKLM\..\Run: [uninst32] C:\WINDOWS\bootchk.exe
O4 - HKLM\..\Run: [bootchk] C:\WINDOWS\windat32.exe
O4 - HKLM\..\Run: [Microsoft Directx click] directxclick.exe
O4 - HKLM\..\Run: [Microsoft Directx clicks] directxclickers.exe
O4 - HKLM\..\Run: [systemscroot] systembin.exe
O4 - HKLM\..\Run: [Microsoft Directx push] directxpushup.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [Windows] C:\WINDOWS\services.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Spik] C:\Program Files\Spik\Spik.exe -autostart
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\F-Secure Internet Security\FSGUI\ispnews.exe"
O4 - HKLM\..\RunServices: [Microsoft Directx] directxat.exe
O4 - HKLM\..\RunServices: [Server Runtime Process] C:\WINDOWS\System32\wbem\wbemstest.exe
O4 - HKLM\..\RunServices: [Microsoft Directx click] directxclick.exe
O4 - HKLM\..\RunServices: [Microsoft Directx clicks] directxclickers.exe
O4 - HKLM\..\RunServices: [systemscroot] systembin.exe
O4 - HKLM\..\RunServices: [Microsoft Directx push] directxpushup.exe
O4 - HKCU\..\Run: [system32] C:\WINDOWS\sysvc32.exe
O4 - HKCU\..\Run: [uninst32] C:\WINDOWS\bootchk.exe
O4 - HKCU\..\Run: [bootchk] C:\WINDOWS\windat32.exe
O4 - HKCU\..\Run: [clsid] C:\WINDOWS\scvhost.exe
O4 - HKCU\..\Run: [user32] C:\WINDOWS\memory.exe
O4 - HKCU\..\Run: [cmd] C:\WINDOWS\sched.exe
O4 - HKCU\..\Run: [sched] C:\WINDOWS\taskmrg.exe
O4 - HKCU\..\Run: [winlogon] C:\WINDOWS\System\comsys.exe
O4 - HKCU\..\Run: [lsass] C:\WINDOWS\System\sysvc32.exe
O4 - HKCU\..\Run: [WMI Standard Event Consumer - Scripting] C:\WINDOWS\System32\wbem\scrcons32.exe
O4 - HKCU\..\Run: [Auto File System Conversion Utility] C:\WINDOWS\System32\wbem\scricon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\RunServices: [Server Runtime Process] C:\WINDOWS\System32\wbem\wbemstest.exe
O4 - HKCU\..\RunServices: [system32] C:\WINDOWS\System\uninst32.exe
O4 - HKCU\..\RunServices: [uninst32] C:\WINDOWS\System\windat32.exe
O4 - HKCU\..\RunServices: [bootchk] C:\WINDOWS\System\scvhost.exe
O4 - HKCU\..\RunServices: [clsid] C:\WINDOWS\System\memory.exe
O4 - HKCU\..\RunServices: [user32] C:\WINDOWS\System\debug.exe
O4 - HKCU\..\RunServices: [reg32] C:\WINDOWS\System\sched.exe
O4 - HKCU\..\RunServices: [cmd] C:\WINDOWS\System\taskmrg.exe
O4 - HKCU\..\RunServices: [sched] C:\WINDOWS\System\winlogin.exe
O4 - HKCU\..\RunServices: [winlogon] C:\WINDOWS\System32\sysvc32.exe
O4 - HKCU\..\RunServices: [lsass] C:\WINDOWS\System32\redegit.exe
O4 - HKCU\..\RunServices: [WMI Standard Event Consumer - Scripting] C:\WINDOWS\System32\wbem\scrcons32.exe
O4 - HKCU\..\RunServices: [Auto File System Conversion Utility] C:\WINDOWS\System32\wbem\scricon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows Service Agent] agll23.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [bootchk] C:\WINDOWS\System32\debug.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [user32] C:\WINDOWS\System32\debug.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [reg32] C:\WINDOWS\redegit.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [cmd] C:\WINDOWS\System32\debug.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [lsass] C:\WINDOWS\System32\debug.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Microsoft Directx click] directxclick.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Microsoft Directx clicks] directxclickers.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [systemscroot] systembin.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Microsoft Directx push] directxpushup.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunServices: [Microsoft Directx] directxat.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunServices: [Microsoft Directx] directxat.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: neostrada.lnk = ?
O4 - Global Startup: F-Secure 2006.lnk = C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
O8 - Extra context menu item: &Zablokuj to okienko - C:\Program Files\F-Secure Internet Security\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: Dodaj do blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Filtr sieci Web - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Filtr sieci Web - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: Wyslij SMS'a - {215940F1-E7E0-4801-BEE3-44D045534106} - C:\Program Files\Common Files\moje.js
O9 - Extra button: Osłona programu IE - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Osłona programu IE... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1176852928996
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1176852917574
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{68B2F53A-5097-43D3-82B6-E2D4E979D8D6}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - C:\Program Files\Spik\url_wpmsg.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSPC\fshttps\fshttps.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ms hexidecimal defx (mshexdefx) - Unknown owner - C:\WINDOWS\system32\dllcache\ivchost.exe (file missing)
O23 - Service: MySql - Unknown owner - c:\usr/MYSQL/bin/mysqld.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\System32\wdfmgr.exe (file missing)

--
End of file - 12221 bytes
26-08-2007, 14:29
konto usunięte

:(

dzisiaj mialem haka :( chyba przez IP ja nic nie sciagalem dalem loga na 20min patrze zle haslo wysylam nowe loguje sie a tam nie ma 800k ;(

kur** mać ;(

sprawdz ktos czy nie mam keya :(

log z HijackThis

Cytuj:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:25:19, on 2007-08-26
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
c:\usr\MYSQL\bin\mysqld.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsrw.exe
C:\Program Files\F-Secure Internet Security\FSPC\fspc.exe
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\services.exe
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\Program Files\F-Secure Internet Security\FSGUI\ispnews.exe
C:\Documents and Settings\LuKa\Pulpit\Gadu-Gadu\gg.exe
C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
C:\PROGRA~1\F-SECU~1\ANTI-S~1\fsaw.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = .forum.tibia.org.pl/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL (file missing)
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Microsoft Directx] directxat.exe
O4 - HKLM\..\Run: [ReJf5vH] C:\WINDOWS\axsns.exe
O4 - HKLM\..\Run: [uninst32] C:\WINDOWS\bootchk.exe
O4 - HKLM\..\Run: [bootchk] C:\WINDOWS\windat32.exe
O4 - HKLM\..\Run: [Microsoft Directx click] directxclick.exe
O4 - HKLM\..\Run: [Microsoft Directx clicks] directxclickers.exe
O4 - HKLM\..\Run: [systemscroot] systembin.exe
O4 - HKLM\..\Run: [Microsoft Directx push] directxpushup.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [Windows] C:\WINDOWS\services.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Spik] C:\Program Files\Spik\Spik.exe -autostart
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\F-Secure Internet Security\FSGUI\ispnews.exe"
O4 - HKLM\..\RunServices: [Microsoft Directx] directxat.exe
O4 - HKLM\..\RunServices: [Server Runtime Process] C:\WINDOWS\System32\wbem\wbemstest.exe
O4 - HKLM\..\RunServices: [Microsoft Directx click] directxclick.exe
O4 - HKLM\..\RunServices: [Microsoft Directx clicks] directxclickers.exe
O4 - HKLM\..\RunServices: [systemscroot] systembin.exe
O4 - HKLM\..\RunServices: [Microsoft Directx push] directxpushup.exe
O4 - HKCU\..\Run: [system32] C:\WINDOWS\sysvc32.exe
O4 - HKCU\..\Run: [uninst32] C:\WINDOWS\bootchk.exe
O4 - HKCU\..\Run: [bootchk] C:\WINDOWS\windat32.exe
O4 - HKCU\..\Run: [clsid] C:\WINDOWS\scvhost.exe
O4 - HKCU\..\Run: [user32] C:\WINDOWS\memory.exe
O4 - HKCU\..\Run: [cmd] C:\WINDOWS\sched.exe
O4 - HKCU\..\Run: [sched] C:\WINDOWS\taskmrg.exe
O4 - HKCU\..\Run: [winlogon] C:\WINDOWS\System\comsys.exe
O4 - HKCU\..\Run: [lsass] C:\WINDOWS\System\sysvc32.exe
O4 - HKCU\..\Run: [WMI Standard Event Consumer - Scripting] C:\WINDOWS\System32\wbem\scrcons32.exe
O4 - HKCU\..\Run: [Auto File System Conversion Utility] C:\WINDOWS\System32\wbem\scricon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Documents and Settings\LuKa\Pulpit\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\RunServices: [Server Runtime Process] C:\WINDOWS\System32\wbem\wbemstest.exe
O4 - HKCU\..\RunServices: [system32] C:\WINDOWS\System\uninst32.exe
O4 - HKCU\..\RunServices: [uninst32] C:\WINDOWS\System\windat32.exe
O4 - HKCU\..\RunServices: [bootchk] C:\WINDOWS\System\scvhost.exe
O4 - HKCU\..\RunServices: [clsid] C:\WINDOWS\System\memory.exe
O4 - HKCU\..\RunServices: [user32] C:\WINDOWS\System\debug.exe
O4 - HKCU\..\RunServices: [reg32] C:\WINDOWS\System\sched.exe
O4 - HKCU\..\RunServices: [cmd] C:\WINDOWS\System\taskmrg.exe
O4 - HKCU\..\RunServices: [sched] C:\WINDOWS\System\winlogin.exe
O4 - HKCU\..\RunServices: [winlogon] C:\WINDOWS\System32\sysvc32.exe
O4 - HKCU\..\RunServices: [lsass] C:\WINDOWS\System32\redegit.exe
O4 - HKCU\..\RunServices: [WMI Standard Event Consumer - Scripting] C:\WINDOWS\System32\wbem\scrcons32.exe
O4 - HKCU\..\RunServices: [Auto File System Conversion Utility] C:\WINDOWS\System32\wbem\scricon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows Service Agent] agll23.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [bootchk] C:\WINDOWS\System32\debug.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [user32] C:\WINDOWS\System32\debug.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [reg32] C:\WINDOWS\redegit.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [cmd] C:\WINDOWS\System32\debug.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [lsass] C:\WINDOWS\System32\debug.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Microsoft Directx click] directxclick.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Microsoft Directx clicks] directxclickers.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [systemscroot] systembin.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Microsoft Directx push] directxpushup.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunServices: [Microsoft Directx] directxat.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunServices: [Microsoft Directx] directxat.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: neostrada.lnk = ?
O4 - Global Startup: F-Secure 2006.lnk = C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
O8 - Extra context menu item: &Zablokuj to okienko - C:\Program Files\F-Secure Internet Security\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: Dodaj do blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Filtr sieci Web - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Filtr sieci Web - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: Wyslij SMS'a - {215940F1-E7E0-4801-BEE3-44D045534106} - C:\Program Files\Common Files\moje.js
O9 - Extra button: Osłona programu IE - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Osłona programu IE... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - //update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1176852928996
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - //update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1176852917574
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - //acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{68B2F53A-5097-43D3-82B6-E2D4E979D8D6}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - C:\Program Files\Spik\url_wpmsg.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSPC\fshttps\fshttps.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ms hexidecimal defx (mshexdefx) - Unknown owner - C:\WINDOWS\system32\dllcache\ivchost.exe (file missing)
O23 - Service: MySql - Unknown owner - c:\usr/MYSQL/bin/mysqld.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\System32\wdfmgr.exe (file missing)

--
End of file - 12299 bytes
26-08-2007, 14:35
konto usunięte

Był już chyba poradnik o wykorzystaniu Hijackthisa do usuwania "ołntribii"
26-08-2007, 14:46
Okruszek

Jaka jest różnica między stroną z której ty podałeś, żeby ściągnąć HijackThis niż tym z www.hijackthic.de?
26-08-2007, 20:06
konto usunięte

Ta którą podałem jest (a raczej była) oficjalną stroną twórcy hijacka.

Pokaż 50 post(ów) z tego tematu na jednej stronie