podejzewam szpiega na kompie

**Posty:** 369 · przez **Mati92** 24 Gru 2007, 15:45

witam juz ktorys raz z kolei i wlasnie jakies 10 min temu ktos na 100% wbil mi sie na kompa i skradl mi passy do konta premium na rs a pozatym zamulilo mi kompa strasznie.

nie wiem co mam robic...

oto log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 14:43:59, on 2007-12-24
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AutoConnect\AutoConnect.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
F:\bootcd\wintools\autorun.exe
C:\DOCUME~1\Chrypek\USTAWI~1\Temp\HIJACK.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: &Tłumaczenie - {0D704FAD-66E9-4F0A-BFED-4F665770DDB3} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll,-103 - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{4901413F-4607-49D1-B6AC-36318A8D6250}: NameServer = 194.204.159.1 217.98.63.164
O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 5600 bytes

**Posty:** 18165 · przez **wojtas** 24 Gru 2007, 16:04

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z combofixa

**Posty:** 369 · przez **Mati92** 24 Gru 2007, 16:54

SDFix: Version 1.119

Run by Administrator on 2007-12-24 at 15:16

Microsoft Windows XP [Wersja 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...

Normal Mode:
Checking Files:

No Trojan Files Found

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.

Final Check:

catchme 0.3.1333.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-24 15:43:05
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:fda06c96
"s2"=dword:10289d79
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:34,6d,98,f5,52,fc,11,2d,38,c1,f1,23,0e,13,30,73,64,a4,ea,b1,54,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:34,6d,98,f5,52,fc,11,2d,38,c1,f1,23,0e,13,30,73,64,a4,ea[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c]
"Order"=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,..

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services:
------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Gadu-Gadu\\gg.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe:*:Enabled:Gadu-Gadu"
"C:\\Program Files\\Alcohol Soft\\Alcohol 120\\alcohol.exe"="C:\\Program Files\\Alcohol Soft\\Alcohol 120\\alcohol.exe:*:Enabled:Alcohol 120%"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Mozilla Firefox"
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:uTorrent"
"C:\\Program Files\\ESET\\ESET Smart Security\\egui.exe"="C:\\Program Files\\ESET\\ESET Smart Security\\egui.exe:*:Enabled:ESET Smart Security"
"C:\\Program Files\\Spyware Doctor\\swdoctor.exe"="C:\\Program Files\\Spyware Doctor\\swdoctor.exe:*:Enabled:Spyware Doctor"
"C:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe"="C:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe:*:Disabled:Spybot - Search & Destroy"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files:
---------------

Files with Hidden Attributes:

Finished!

ORAZ COMBOFIX

ComboFix 07-12-21.4 - Chrypek 2007-12-24 15:49:25.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.553 [GMT 1:00]
Running from: C:\Documents and Settings\Chrypek\Pulpit\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-11-24 to 2007-12-24 )))))))))))))))))))))))))))))))
.

2007-12-24 15:16 . 2007-12-24 15:16 <DIR> d-------- C:\WINDOWS\ERUNT
2007-12-24 15:15 . 2007-12-21 16:50 <DIR> d--h----- C:\Documents and Settings\Administrator\Ustawienia lokalne
2007-12-24 15:15 . 2007-12-21 16:50 <DIR> d-------- C:\Documents and Settings\Administrator\Ulubione
2007-12-24 15:15 . 2007-12-21 15:56 <DIR> d--h----- C:\Documents and Settings\Administrator\Szablony
2007-12-24 15:15 . 2007-12-21 16:50 <DIR> d-------- C:\Documents and Settings\Administrator\Pulpit
2007-12-24 15:15 . 2007-12-21 16:50 <DIR> d-------- C:\Documents and Settings\Administrator\Moje dokumenty
2007-12-24 15:15 . 2007-12-21 16:50 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start
2007-12-24 15:15 . 2007-12-21 16:50 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dane aplikacji
2007-12-24 14:42 . 2007-12-24 14:42 1,081,616 --a------ C:\WINDOWS\system32\MSCOMCTL.OCX
2007-12-23 13:39 . 2007-12-24 13:40 <DIR> d-------- C:\Program Files\Odkurzacz
2007-12-23 13:28 . 2007-12-23 13:28 <DIR> d-------- C:\Program Files\Bonjour
2007-12-23 13:15 . 2007-12-23 13:15 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-12-23 02:32 . 2007-10-25 17:44 8,488,960 -----c--- C:\WINDOWS\system32\dllcache\shell32.dll
2007-12-23 02:32 . 2007-07-09 14:20 582,656 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-12-23 02:16 . 2007-12-23 12:41 <DIR> d-------- C:\WINDOWS\system32\pl-pl
2007-12-23 02:10 . 2006-10-04 15:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2007-12-23 02:10 . 2006-10-04 15:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2007-12-23 02:10 . 2006-10-04 15:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2007-12-23 02:09 . 2007-12-23 02:09 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-12-23 02:09 . 2004-08-04 00:44 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-12-23 02:07 . 2007-12-23 02:07 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-12-23 02:07 . 2007-12-23 02:08 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-12-23 00:48 . 2007-12-23 00:48 <DIR> d-------- C:\WINDOWS\system32\xircom
2007-12-23 00:48 . 2007-12-23 00:48 <DIR> d-------- C:\Program Files\microsoft frontpage
2007-12-23 00:48 . 2007-12-24 15:42 <DIR> d-a------ C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2007-12-23 00:46 . 2007-12-23 00:46 <DIR> d-------- C:\WINDOWS\Sun
2007-12-23 00:38 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-23 00:37 . 2007-12-23 00:38 <DIR> d-------- C:\Program Files\Java
2007-12-23 00:37 . 2007-12-24 15:01 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2007-12-23 00:33 . 2007-12-23 00:33 <DIR> d-------- C:\Program Files\Common Files\Java
2007-12-23 00:29 . 2007-12-24 15:02 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-12-23 00:29 . 2007-12-23 00:29 <DIR> d-------- C:\Documents and Settings\Chrypek\Dane aplikacji\PC Tools
2007-12-23 00:29 . 2007-12-23 01:41 74,240 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-12-23 00:29 . 2007-12-23 01:41 56,832 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-12-23 00:29 . 2007-12-23 00:34 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-12-23 00:29 . 2007-12-23 00:34 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-12-23 00:28 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-23 00:28 . 2005-07-06 17:13 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-12-22 13:37 . 2007-12-22 13:37 1,835 --a------ C:\WINDOWS\system32\odtwarzacz.csh
2007-12-21 20:19 . 2007-12-24 00:16 69 --a------ C:\WINDOWS\NeroDigital.ini
2007-12-21 19:08 . 2007-12-21 19:08 <DIR> d-------- C:\Program Files\Techland
2007-12-21 19:04 . 2007-12-21 19:04 <DIR> d-------- C:\Program Files\uTorrent
2007-12-21 19:04 . 2007-12-23 13:52 <DIR> d-------- C:\Documents and Settings\Chrypek\Dane aplikacji\uTorrent
2007-12-21 17:31 . 2007-12-21 17:31 <DIR> d-------- C:\Program Files\Winamp Remote
2007-12-21 17:31 . 2007-12-21 17:32 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\OrbNetworks
2007-12-21 17:27 . 2007-12-21 17:32 <DIR> d-------- C:\Program Files\Winamp
2007-12-21 17:27 . 2007-12-24 12:06 <DIR> d-------- C:\Documents and Settings\Chrypek\Dane aplikacji\Winamp
2007-12-21 17:20 . 2007-12-21 17:20 <DIR> d-------- C:\Documents and Settings\Chrypek\Dane aplikacji\ESET
2007-12-21 17:19 . 2007-12-21 17:19 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\ESET

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-24 14:45 --------- d-----w C:\Program Files\AutoConnect
2007-12-23 12:28 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-21 18:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-21 18:07 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-21 15:57 --------- d-----w C:\Program Files\MultiRes
2007-12-21 15:56 451,072 ----a-w C:\WINDOWS\Radeon Omega Drivers v3.8.360 Uninstall.exe
2007-12-21 15:56 --------- d-----w C:\Program Files\Radeon Omega Drivers
2007-12-21 15:54 --------- d-----w C:\Program Files\Gadu-Gadu
2007-12-21 15:54 --------- d-----w C:\Documents and Settings\Chrypek\Dane aplikacji\Gadu-Gadu
2007-12-21 15:47 --------- d-----w C:\Program Files\Common Files\Nero
2007-12-21 15:47 --------- d-----w C:\Program Files\Ahead
2007-12-21 15:46 --------- d-----w C:\Program Files\Common Files\Ahead
2007-12-21 15:46 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Ahead
2007-12-21 15:41 --------- d-----w C:\Program Files\Alcohol Soft
2007-12-21 15:39 639,224 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-12-21 15:36 --------- d-----w C:\Documents and Settings\Chrypek\Dane aplikacji\Media Player Classic
2007-12-21 15:35 --------- d-----w C:\Program Files\MarBit
2007-12-21 15:35 --------- d-----w C:\Program Files\K-Lite Codec Pack
2007-12-21 15:34 --------- d-----w C:\Program Files\Thomson
2007-12-21 15:32 --------- d-----w C:\Program Files\Realtek Sound Manager
2007-12-21 15:32 --------- d-----w C:\Program Files\AvRack
2007-12-21 14:58 --------- d-----w C:\Program Files\Usługi online
2007-11-23 20:52 53,768 ----a-w C:\WINDOWS\system32\drivers\epfwtdi.sys
2007-11-23 20:52 50,696 ----a-w C:\WINDOWS\system32\drivers\epfw.sys
2007-11-23 20:52 30,728 ----a-w C:\WINDOWS\system32\drivers\epfwndis.sys
2007-11-23 20:50 33,800 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
2007-11-23 20:50 27,656 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-29 22:41 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44]
"AutoConnect"="C:\Program Files\AutoConnect\AutoConnect.exe" [2004-08-28 19:27]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 11:54]
"Odkurzacz-MCD"="C:\Program Files\Odkurzacz\odk_mcd.exe" [2007-03-02 22:38]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-11-23 21:51]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-12-23 01:21]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiPTA]
atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 11:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
C:\Program Files\Winamp Remote\bin\OrbTray.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2007-10-10 06:28 36352 --a------ C:\Program Files\Winamp\winampa.exe

R1 easdrv;easdrv;C:\WINDOWS\system32\DRIVERS\easdrv.sys [2007-11-23 21:50]
R1 epfwtdi;epfwtdi;C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2007-11-23 21:52]
R2 eamon;EAMON;C:\WINDOWS\system32\DRIVERS\eamon.sys [2007-11-23 21:50]
R2 ekrn;Eset Service;"C:\Program Files\ESET\ESET Smart Security\ekrn.exe" [2007-11-23 21:51]
R2 epfw;epfw;C:\WINDOWS\system32\DRIVERS\epfw.sys [2007-11-23 21:52]
R3 Epfwndis;Eset Personal Firewall;C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2007-11-23 21:52]
S3 DrvFltIp;DrvFltIp;C:\Documents and Settings\Chrypek\Ustawienia lokalne\TEMP\DrvFltIp [2006-12-21 02:34]
S3 EhttpSrv;Eset HTTP Server;"C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe" [2007-11-23 21:53]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\bootcd\wintools\autorun.exe

*Newly Created Service* - PROCEXP90
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-24 15:51:51
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-24 15:52:42
.
2007-12-23 11:42:11 --- E O F ---

**Posty:** 18165 · przez **wojtas** 24 Gru 2007, 16:59

ten plik:

C:\WINDOWS\system32\odtwarzacz.csh

przeskanuj tu i daj raporty:

http://virusscan.jotti.org/
http://www.virustotal.com/

**Posty:** 369 · przez **Mati92** 24 Gru 2007, 17:08

http://virusscan.jotti.org/

Service load:
0% 100%
File: odtwarzacz.csh
Status:
OK(Note: file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: 627b984dceef21b03955fc3eb059f2c4
Packers detected:
-
Bit9 reports: File not found

http://www.virustotal.com

Plik odtwarzacz.csh otrzymany 2007.12.24 16:03:46 (CET)
Obecny status: zakończono
Wynik: 0/32 (0%)

**Posty:** 18165 · przez **wojtas** 24 Gru 2007, 17:15

jesli tego pliku nie znasz to go skasuj

C:\WINDOWS\system32\odtwarzacz.csh

w logach nic nie widze

**Posty:** 369 · przez **Mati92** 24 Gru 2007, 17:18

tak z ciekawości nie pasował mi jeden plik i przeskanowałem go na (www.virustotal.com) i znalazł mi cos w nim:

Plik wmiprvse.exe otrzymany 2007.10.28 12:05:37 (CET)
Obecny status: zakończono
Wynik: 1/32 (3.13%

Plik został już przeskanowany:
MD5: 855b7c984b32827aa8c379774ea11037
Data: 2007.10.28 12:05:37 (CET) [>57D]
Wyniki: 1/32
Permalink: resultado.html?a2a2e7934b55060c5cb093fc706b7eb5

Webwasher-Gateway - - BlockReason.0
Dodatkowe informacje
MD5: 855b7c984b32827aa8c379774ea11037

co z nim zrobić :?:

**Posty:** 18165 · przez **wojtas** 24 Gru 2007, 18:03

on jest czysty

podejzewam szpiega na kompie

podejzewam szpiega na kompie

Kto jest na forum