Keyloger? czy jakies inny wirus?

[jacek15]

dzisiaj zauważyłem ze ktoś logował się na moje konto (inne i.p z drugiej strony polski i nie wiem co jest grane wiec prosze o sprawdzenia loga

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:03:35, on 2009-02-10
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://download.gamedesire.com/g_bin/pl/poker_2_0_0_49.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 4594 bytes

Combofix

Kod: Zaznacz wszystko

ComboFix 09-02-10.01 - Jacko 2009-02-10 19:06:34.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.1.1250.1.1045.18.511.242 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Jacko\Pulpit\ComboFix.exe
* Utworzono nowy punkt przywracania
* Resident AV is active


UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\NCTAudioInformation2.dll

.
(((((((((((((((((((((((((   Pliki utworzone od 2009-01-10 do 2009-02-10  )))))))))))))))))))))))))))))))
.

2009-02-10 18:55 . 2009-02-10 18:55   <DIR>   d--------   c:\windows\ERUNT
2009-02-10 18:55 . 2009-02-10 18:55   <DIR>   d--------   C:\ERDNT
2009-02-10 18:55 . 2009-02-10 18:55   <DIR>   d--------   C:\!FixIEDef
2009-01-30 18:45 . 2009-01-31 13:07   <DIR>   d--------   c:\program files\Ventrilo
2009-01-30 18:45 . 2009-01-30 18:45   262   --a------   c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2009-01-23 16:49 . 2009-02-10 17:21   <DIR>   d--------   c:\program files\Steam
2009-01-23 13:02 . 2009-02-05 07:10   <DIR>   d--------   c:\documents and settings\Jacko\Dane aplikacji\skypePM
2009-01-23 13:02 . 2009-01-23 13:02   56   --ah-----   c:\windows\system32\ezsidmv.dat
2009-01-23 13:00 . 2009-02-07 08:20   <DIR>   d--------   c:\documents and settings\Jacko\Dane aplikacji\Skype
2009-01-23 12:59 . 2009-01-23 13:00   <DIR>   d--------   c:\program files\Skype
2009-01-23 12:59 . 2009-01-23 12:59   <DIR>   d--------   c:\program files\Common Files\Skype
2009-01-23 12:59 . 2009-01-23 12:59   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\Skype
2009-01-18 19:24 . 2009-01-18 19:24   <DIR>   d--------   c:\program files\Microsoft Works
2009-01-17 11:42 . 2009-01-17 11:42   <DIR>   d--------   c:\program files\AVIConverter
2009-01-16 16:41 . 2009-01-16 16:41   <DIR>   d--------   c:\windows\Downloaded Installations
2009-01-15 09:49 . 2009-01-15 09:50   <DIR>   d--------   c:\program files\Xfire
2009-01-15 09:49 . 2009-02-02 08:44   <DIR>   d--------   c:\documents and settings\Jacko\Dane aplikacji\Xfire
2009-01-13 16:50 . 2004-11-28 21:09   679,936   --a------   c:\windows\system\xvidcore.dll
2009-01-13 16:47 . 2009-01-13 16:47   <DIR>   d--------   c:\program files\Any Video Converter
2009-01-13 16:47 . 2009-02-06 19:15   <DIR>   d--------   c:\documents and settings\Jacko\Dane aplikacji\Any Video Converter
2009-01-12 19:14 . 2000-01-27 06:12   68,096   -ra------   c:\windows\system\HOTPLUG.DLL
2009-01-12 18:40 . 2009-01-12 18:40   <DIR>   d--------   c:\documents and settings\Jacko\Dane aplikacji\Media Player Classic
2009-01-12 18:29 . 2009-01-12 18:29   34   --ah-----   c:\windows\system32\VideoConverter_sysquict.dat
2009-01-12 17:57 . 2009-01-12 17:59   <DIR>   d--------   C:\OutputFolder
2009-01-12 17:29 . 2009-01-12 17:55   <DIR>   d--------   c:\program files\4U Computing
2009-01-12 17:29 . 2002-12-03 03:02   491,520   --a------   c:\windows\system32\NCTAudioFile.dll
2009-01-12 17:29 . 2002-01-05 07:37   344,064   --a------   c:\windows\system32\msvcr70.dll
2009-01-12 17:29 . 2003-03-25 15:08   286,720   --a------   c:\windows\system32\NCTWMAFile2.dll
2009-01-12 17:29 . 2002-12-03 03:07   168,448   --a------   c:\windows\system32\NCTAudioPlayer.dll
2009-01-12 17:29 . 2002-12-03 03:11   143,872   --a------   c:\windows\system32\NCTWMAFile.dll
2009-01-12 17:29 . 2002-03-19 07:18   120,832   --a------   c:\windows\system32\lame_enc.dll
2009-01-12 16:47 . 2009-01-12 16:47   <DIR>   d--------   c:\program files\Consumer Update Firmware
2009-01-10 12:20 . 2009-01-10 12:20   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\nView_Profiles
2009-01-10 09:46 . 2009-01-10 09:46   287   --a------   c:\windows\game.ini
2009-01-10 09:31 . 2009-01-10 09:31   <DIR>   d--------   c:\program files\Activision

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-10 18:12   494,368   --sha-w   c:\windows\system32\drivers\fidbox2.dat
2009-02-10 18:12   12,088,864   --sha-w   c:\windows\system32\drivers\fidbox.dat
2009-02-10 16:06   ---------   d---a-w   c:\documents and settings\All Users\Dane aplikacji\TEMP
2009-02-10 16:02   ---------   d-----w   c:\documents and settings\Jacko\Dane aplikacji\GanymedeNet
2009-02-10 13:26   ---------   d-----w   c:\program files\Ganymede
2009-02-10 13:23   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab
2009-02-10 09:27   50,780   --sha-w   c:\windows\system32\drivers\fidbox2.idx
2009-02-10 09:27   164,804   --sha-w   c:\windows\system32\drivers\fidbox.idx
2009-02-09 06:52   ---------   d-----w   c:\program files\TuneUp Utilities 2008
2009-02-07 13:10   ---------   d-----w   c:\program files\TibiaBot NG
2009-02-05 11:46   89,601   ----a-w   c:\windows\system32\drivers\klick.dat
2009-02-05 11:46   101,287   ----a-w   c:\windows\system32\drivers\klin.dat
2009-02-01 14:52   ---------   d-----w   c:\documents and settings\Jacko\Dane aplikacji\Tibia
2009-01-30 17:45   ---------   d-----w   c:\documents and settings\Jacko\Dane aplikacji\Ventrilo
2009-01-30 17:44   ---------   d-----w   c:\program files\Common Files\Wise Installation Wizard
2009-01-10 08:46   ---------   d--h--w   c:\program files\InstallShield Installation Information
2009-01-07 20:23   163,644   ----a-w   c:\windows\system32\drivers\secdrv.sys
2009-01-07 19:37   ---------   d-----w   c:\program files\Common Files\InstallShield
2009-01-06 14:48   ---------   d-----w   c:\program files\Gadu-Gadu
2009-01-06 11:47   ---------   d-----w   c:\program files\Grupa IMAGE
2009-01-02 20:12   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Chat Republic Games
2009-01-01 16:01   ---------   d-----w   c:\program files\Tasker
2008-12-31 20:33   ---------   d-----w   c:\program files\AV Vcs 6.0 DIAMOND
2008-12-31 12:35   ---------   d-----w   c:\program files\MTA San Andreas
2008-12-31 09:37   ---------   d-----w   c:\program files\Common Files\Adobe
2008-12-29 10:31   66,872   ----a-w   c:\windows\system32\PnkBstrA.exe
2008-12-28 20:25   ---------   d-----w   c:\program files\Dual Vibration Gamepad-Macro A
2008-12-24 08:54   ---------   d-----w   c:\program files\BitPim
2008-12-20 22:52   112,144   ----a-w   c:\windows\system32\drivers\kl1.sys
2008-12-20 22:28   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2008-12-20 22:27   ---------   d-----w   c:\program files\Kaspersky Lab
2008-12-20 15:33   ---------   d-----w   c:\program files\Alcohol Soft
2008-12-19 18:08   717,296   ----a-w   c:\windows\system32\drivers\sptd.sys
2008-12-16 16:26   ---------   d-----w   c:\program files\Tibia
2008-12-14 22:51   ---------   d-----w   c:\program files\NCH Software
2008-12-14 22:39   ---------   d-----w   c:\program files\NCH Swift Sound
2008-12-14 22:39   ---------   d-----w   c:\documents and settings\Jacko\Dane aplikacji\NCH Swift Sound
2008-12-14 22:39   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\NCH Swift Sound
2008-12-14 21:57   ---------   d-----w   c:\documents and settings\Jacko\Dane aplikacji\Samsung
2008-12-14 21:51   ---------   d-----w   c:\program files\Samsung
2008-12-13 07:01   ---------   d-----w   c:\program files\TibiaCam TV Lite
2008-12-12 18:13   ---------   d-----w   c:\program files\VS Online
2008-12-12 07:17   410,984   ----a-w   c:\windows\system32\deploytk.dll
2008-12-12 07:17   ---------   d-----w   c:\program files\Java
2008-12-11 20:38   42,320   ----a-w   c:\windows\system32\xfcodec.dll
2008-12-11 09:53   ---------   d-----w   c:\program files\Ares
2008-12-10 20:26   ---------   d-----w   c:\program files\Sims
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]
"ares"="c:\program files\Ares\Ares.exe" [2008-11-24 881152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2004-10-29 4620288]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2004-10-29 86016]
"nwiz"="nwiz.exe" [2004-10-29 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2002-09-20 13312]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2007-04-04 24344]
S3 rockusb;Driver for rockusb Device;c:\windows\system32\drivers\rockusb.sys [2006-03-22 73984]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Zawartość folderu 'Zaplanowane zadania'

2009-02-10 c:\windows\Tasks\Konserwacja jednym kliknięciem.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-08-27 12:09]
.
.
------- Skan uzupełniający -------
.
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Jacko\Dane aplikacji\Mozilla\Firefox\Profiles\i718qqvw.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPCARDS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPDOMINO.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npganymedenet.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npigl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMARBLES.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPPIRATE.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPPOKER.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPROULETTE.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPSLOTS70.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-10 19:12:18
Windows 5.1.2600 Dodatek Service Pack. 1 NTFS

skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ... 

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(972)
c:\windows\System32\ODBC32.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
c:\windows\System32\klogon.dll
c:\windows\System32\midimap.dll

- - - - - - - > 'lsass.exe'(1036)
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
c:\windows\System32\dssenh.dll

- - - - - - - > 'explorer.exe'(2628)
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\scrchpg.dll
c:\windows\System32\msi.dll
c:\windows\System32\midimap.dll
.
Czas ukończenia: 2009-02-10 19:15:34
ComboFix-quarantined-files.txt  2009-02-10 18:15:08

Przed: 3 081 347 072 bajtów wolnych
Po: 3,085,840,384 bajtów wolnych

180

[wojtas]

logi powinne byc w tagach code.. , zla nazwa tematu czytać proszę tematy przyklejone