Zrobiłem to co prosiłeś Bobi i mam coś takiego napisane Streams v.1.53 Enumerate alternate NTFS data
streams Sysinternals – www.sysinternals.com.
No files with streams found. Nie bardzo wiem o co chodzi i co dalej robić , tu mam prośbę do Ciebie Bobi a mianowicie czy mogę cię prosić o napisanie postu przez Ciebie (jesteś odpowiednią osobą do zrobienie takiego postu) jak walczyć z tymi Rootkiterami i jakie programy w walce z nimi urzywać.

Pozdrawiam Krzychumag.

Jeśli katalog z programem rozpakowałes na pulpicie to uruchom wiersz poleceń (cmd) i wpisz:

cd Pulpit
streams –d C:\WINDOWS

Dzięki serdeczne ale mam tu gorącą prośbę czy mogę Cię prosić o poradę jak zainstalować ten program oraz jak to usunąć(przepraszam ale nie znam angielskiego)za pomocatego programu co napisałeś.

Z powaźaniem i szacunkiem
Krzychumag.

R3 – Default URLSearchHook is missing

W logu tylko to usun

Natomiast do tego KAVICHS uzyj specjalnego narzędzia

Streams http://www.sysinternals.com/Utilities/Streams.html

Oto moje Logfile of HijackThis v1.99.1
Scan saved at 21:06:19, on 2006–03–03
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\Krzysztof\Pulpit\HijackThis.exe

R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – Default URLSearchHook is missing
O2 – BHO: (no name) – {1680C32C–98E8–488D–978A–4ED4D320067F} – C:\WINDOWS\system32\pnex5016.dll
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 – BHO: (no name) – {56F87748–F365–46EE–9CCC–8E3BBA3988C1} – C:\WINDOWS\system32\sbeio32.dll
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\WINDOWS\system32\msjava.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\WINDOWS\system32\msjava.dll
O16 – DPF: {17492023–C23A–453E–A040–C7C580BBF700} (Windows Genuine Advantage Validation Tool) – http://go.microsoft.com/fwlink/?linkid=39204
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128540034428
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{24EDB011–DFA0–49C7–A99D–ADBE418711DF}: NameServer = 194.204.152.34 217.98.63.164
O17 – HKLM\System\CS1\Services\Tcpip\..\{24EDB011–DFA0–49C7–A99D–ADBE418711DF}: NameServer = 194.204.152.34 217.98.63.164
O23 – Service: Ati HotKey Poller – ATI Technologies Inc. – C:\WINDOWS\system32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) – SEIKO EPSON CORPORATION – C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 – Service: GEARSecurity – GEAR Software – C:\WINDOWS\System32\GEARSec.exe
O23 – Service: Norton Ghost – Symantec Corporation – C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe

oraz taki log
C:\WINDOWS\AC3API.INI : KAVICHS (36 bytes)
C:\WINDOWS\ARJ.PIF : KAVICHS (68 bytes)
C:\WINDOWS\ATIWDM.LOG : KAVICHS (36 bytes)
C:\WINDOWS\AVerTV2K.ini : KAVICHS (68 bytes)
C:\WINDOWS\bootstat.dat : KAVICHS (132 bytes)
C:\WINDOWS\Bąbelki.bmp : KAVICHS (36 bytes)
C:\WINDOWS\ChssBase.ini : KAVICHS (228 bytes)
C:\WINDOWS\clock.avi : KAVICHS (36 bytes)
C:\WINDOWS\cmsetacl.log : KAVICHS (36 bytes)
C:\WINDOWS\COM+.log : KAVICHS (36 bytes)
C:\WINDOWS\comsetup.log : KAVICHS (36 bytes)
C:\WINDOWS\CTCCW.DLL : KAVICHS (36 bytes)
C:\WINDOWS\CTDCRES.DLL : KAVICHS (36 bytes)
C:\WINDOWS\CTDV10K1.CDF : KAVICHS (36 bytes)
C:\WINDOWS\CTDV10K2.CDF : KAVICHS (36 bytes)
C:\WINDOWS\CTDVAUDY.CDF : KAVICHS (36 bytes)
C:\WINDOWS\CTRES.DLL : KAVICHS (36 bytes)
C:\WINDOWS\DEVREG.DLL : KAVICHS (36 bytes)
C:\WINDOWS\DtcInstall.log : KAVICHS (36 bytes)
C:\WINDOWS\explorer.exe : KAVICHS (132 bytes)
C:\WINDOWS\explorer.scf : KAVICHS (36 bytes)
C:\WINDOWS\FaxSetup.log : KAVICHS (36 bytes)
C:\WINDOWS\hh.exe : KAVICHS (68 bytes)
C:\WINDOWS\iis6.log : KAVICHS (36 bytes)
C:\WINDOWS\Indiański pled.bmp : KAVICHS (36 bytes)
C:\WINDOWS\INRES.DLL : KAVICHS (36 bytes)
C:\WINDOWS\Kawa.bmp : KAVICHS (36 bytes)
C:\WINDOWS\KB873333.log : KAVICHS (36 bytes)
C:\WINDOWS\KB873339.log : KAVICHS (36 bytes)
C:\WINDOWS\KB885250.log : KAVICHS (36 bytes)
C:\WINDOWS\KB885835.log : KAVICHS (36 bytes)
C:\WINDOWS\KB885836.log : KAVICHS (36 bytes)
C:\WINDOWS\KB886185.log : KAVICHS (36 bytes)
C:\WINDOWS\KB887472.log : KAVICHS (36 bytes)
C:\WINDOWS\KB887742.log : KAVICHS (36 bytes)
C:\WINDOWS\KB888113.log : KAVICHS (36 bytes)
C:\WINDOWS\KB888302.log : KAVICHS (36 bytes)
C:\WINDOWS\KB890046.log : KAVICHS (36 bytes)
C:\WINDOWS\KB890859.log : KAVICHS (36 bytes)
C:\WINDOWS\KB891781.log : KAVICHS (36 bytes)
C:\WINDOWS\KB893066.log : KAVICHS (36 bytes)
C:\WINDOWS\KB893086.log : KAVICHS (36 bytes)
C:\WINDOWS\KB893756.log : KAVICHS (36 bytes)
C:\WINDOWS\KB893803v2.log : KAVICHS (36 bytes)
C:\WINDOWS\KB894391.log : KAVICHS (36 bytes)
C:\WINDOWS\KB896358.log : KAVICHS (36 bytes)
C:\WINDOWS\KB896422.log : KAVICHS (36 bytes)
C:\WINDOWS\KB896423.log : KAVICHS (36 bytes)
C:\WINDOWS\KB896428.log : KAVICHS (36 bytes)
C:\WINDOWS\KB896727.log : KAVICHS (36 bytes)
C:\WINDOWS\KB898461.log : KAVICHS (36 bytes)
C:\WINDOWS\KB899587.log : KAVICHS (36 bytes)
C:\WINDOWS\KB899588.log : KAVICHS (36 bytes)
C:\WINDOWS\KB899591.log : KAVICHS (36 bytes)
C:\WINDOWS\KB901214.log : KAVICHS (36 bytes)
C:\WINDOWS\LHA.PIF : KAVICHS (36 bytes)
C:\WINDOWS\LOGI_MWX.EXE : KAVICHS (68 bytes)
C:\WINDOWS\MIDIDEF.EXE : KAVICHS (36 bytes)
C:\WINDOWS\msdfmap.ini : KAVICHS (36 bytes)
C:\WINDOWS\msgsocm.log : KAVICHS (36 bytes)
C:\WINDOWS\Na rybkach.bmp : KAVICHS (36 bytes)
C:\WINDOWS\Nefryt.bmp : KAVICHS (36 bytes)
C:\WINDOWS\NeroDigital.ini : KAVICHS (36 bytes)
C:\WINDOWS\Niebieska koronka 16.bmp : KAVICHS (36 bytes)
C:\WINDOWS\NOCLOSE.PIF : KAVICHS (36 bytes)
C:\WINDOWS\NOTEPAD.EXE : KAVICHS (68 bytes)
C:\WINDOWS\ntdtcsetup.log : KAVICHS (36 bytes)
C:\WINDOWS\ocgen.log : KAVICHS (36 bytes)
C:\WINDOWS\ocmsn.log : KAVICHS (36 bytes)
C:\WINDOWS\ODBCINST.INI : KAVICHS (36 bytes)
C:\WINDOWS\OEWABLog.txt : KAVICHS (68 bytes)
C:\WINDOWS\PKUNZIP.PIF : KAVICHS (36 bytes)
C:\WINDOWS\PKZIP.PIF : KAVICHS (36 bytes)
C:\WINDOWS\Pod mikroskopem.bmp : KAVICHS (36 bytes)
C:\WINDOWS\PSCONV.EXE : KAVICHS (36 bytes)
C:\WINDOWS\Puch.bmp : KAVICHS (36 bytes)
C:\WINDOWS\RAR.PIF : KAVICHS (36 bytes)
C:\WINDOWS\regedit.exe : KAVICHS (100 bytes)
C:\WINDOWS\REGLOCS.OLD : KAVICHS (36 bytes)
C:\WINDOWS\regopt.log : KAVICHS (36 bytes)
C:\WINDOWS\Rododendron.bmp : KAVICHS (36 bytes)
C:\WINDOWS\SBWIN.INI : KAVICHS (36 bytes)
C:\WINDOWS\SchedLgU.Txt : KAVICHS (36 bytes)
C:\WINDOWS\sessmgr.setup.log : KAVICHS (36 bytes)
C:\WINDOWS\setupact.log : KAVICHS (36 bytes)
C:\WINDOWS\setupapi.log : KAVICHS (164 bytes)
C:\WINDOWS\setuplog.txt : KAVICHS (68 bytes)
C:\WINDOWS\Stiuk z Santa Fe.bmp : KAVICHS (36 bytes)
C:\WINDOWS\TASKMAN.EXE : KAVICHS (36 bytes)
C:\WINDOWS\tsoc.log : KAVICHS (36 bytes)
C:\WINDOWS\twain.dll : KAVICHS (36 bytes)
C:\WINDOWS\twain_32.dll : KAVICHS (36 bytes)
C:\WINDOWS\twunk_16.exe : KAVICHS (36 bytes)
C:\WINDOWS\twunk_32.exe : KAVICHS (36 bytes)
C:\WINDOWS\UC.PIF : KAVICHS (36 bytes)
C:\WINDOWS\Updreg.EXE : KAVICHS (68 bytes)
C:\WINDOWS\updspapi.log : KAVICHS (36 bytes)
C:\WINDOWS\vb.ini : KAVICHS (36 bytes)
C:\WINDOWS\vbaddin.ini : KAVICHS (36 bytes)
C:\WINDOWS\vmmreg32.dll : KAVICHS (36 bytes)
C:\WINDOWS\Wachlarze.bmp : KAVICHS (36 bytes)
C:\WINDOWS\wiaservc.log : KAVICHS (36 bytes)
C:\WINDOWS\winamp.ini : KAVICHS (228 bytes)
C:\WINDOWS\wincmd.ini : KAVICHS (68 bytes)
C:\WINDOWS\WindowsUpdate.log : KAVICHS (228 bytes)
C:\WINDOWS\winhelp.exe : KAVICHS (68 bytes)
C:\WINDOWS\winhlp32.exe : KAVICHS (68 bytes)
C:\WINDOWS\winnt.bmp : KAVICHS (36 bytes)
C:\WINDOWS\winnt256.bmp : KAVICHS (36 bytes)
C:\WINDOWS\wmprfPLK.prx : KAVICHS (36 bytes)
C:\WINDOWS\wmsetup.log : KAVICHS (68 bytes)
C:\WINDOWS\_default.pif : KAVICHS (68 bytes)
C:\WINDOWS\{00000001–00000000–00000008–00001102–00000002–80641102}.BAK : KAVICHS (228 bytes)
C:\WINDOWS\{00000001–00000000–00000008–00001102–00000002–80641102}.CDF : KAVICHS (228 bytes)
Dzięki serdeczne ale mam tu gorącą prośbę czy mogę Cię prosić o poradę jak zainstalować ten program oraz jak to usunąć(przepraszam ale nie znam angielskiego)
i czy to wszystko usunąć.
Krzychumag.

C:\Documents and Settings\Krzysztof\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG:KAVICHS 2006–03–03 19:40 36 bytes Hidden from Windows API.
C:\Documents and Settings\Krzysztof\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat:KAVICHS 2005–12–05 11:31 36 bytes Hidden from Windows API.
I związku z tym mam pytanie czy w systemie mam hakera a jak tak to jak się go pozbyć. Z wszelkie rady z góry bardzo dziękuję.

Wydaje mi się ze są to Streamy Kasperskiego KAVICHS

Zrób tak. Uruchom HijackThis >>> Config >>> Misc Tools >>> ADSSpy >>> QuickScan + Safe streams >>> usunąć te od KAV