Keylogerr


(Dawido12126) #1

ostatnio dostałem haka i sie wkurzyłem przeskanowałem kompa hijackthis oto i on:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:31:24, on 08-09-01

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v5.00 (5.00.2614.3500)

Boot mode: Normal

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE

C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\ptsnoop.exe

C:\WINDOWS\SYSTEM\CMMPU.EXE

C:\WINDOWS\SYSTEM\INTERNAT.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\QTTASK.EXE

C:\PROGRAM FILES\COMPACT WIRELESS-G USB ADAPTER WIRELESS NETWORK MONITOR\WUSB54GC.EXE

C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE

C:\WINDOWS\LSASS.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\WINDOWS\SYSTEM\RPCSS.EXE

C:\PROGRAM FILES\GADU-GADU\GG.EXE

C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE

C:\WINDOWS\PULPIT\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.eu.microsoft.com/poland/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

F1 - win.ini: load=ptsnoop.exe

F1 - win.ini: run=C:\WINDOWS\SYSTEM\cmmpu.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM..\Run: [internat.exe] internat.exe

O4 - HKLM..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM..\Run: [systemTray] SysTray.Exe

O4 - HKLM..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM..\Run: [CountrySelection] pctptt.exe

O4 - HKLM..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM..\Run: [Tweak UI] RUNDLL32.EXE C:\WINDOWS\SYSTEM\TWEAKUI.CPL,TweakMeUp

O4 - HKLM..\Run: [Transparent] Trans.exe

O4 - HKLM..\Run: [Zasobnik systemowy] SysTray.Exe

O4 - HKLM..\Run: [WUSB54GC] C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe

O4 - HKLM..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE

O4 - HKLM..\Run: [bPK] C:\WINDOWS\SYSTEM\BPK.EXE

O4 - HKLM..\Run: [lsass.exe] C:\WINDOWS\lsass.exe

O4 - HKLM..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM..\RunServices: [schedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe

O4 - HKLM..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE

O4 - HKLM..\RunServices: [boot] C:\PROGRAM FILES\KNIGHT ONLINE\XTRAP\XTrap.xt

O4 - HKLM..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe

O4 - HKCU..\Run: [Gadu-Gadu] "C:\PROGRAM FILES\GADU-GADU\GG.EXE" /tray

O4 - HKCU..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe

O4 - HKUS.DEFAULT..\Run: [Gadu-Gadu] "C:\PROGRAM FILES\GADU-GADU\GG.EXE" /tray (User 'Default user')

O4 - HKUS.DEFAULT..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe (User 'Default user')

O4 - .DEFAULT Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (User 'Default user')

O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O14 - IERESET.INF: SEARCH_PAGE_URL=

O14 - IERESET.INF: START_PAGE_URL=

O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 194.204.152.34,194.204.159.1

--

End of file - 3880 bytes

czy jest tu jakiś syf? odp


(Kambor4) #2

Te w/w wpisy sfiksuj w Hijacku:

>>Hijack>>scan(Do a system scan only)>>zaznacz je >> Fix checked

Daj log z -----> ComboFix (niżej na stronie linku).

============================

K.


(Spandau) #3

Tak jest syf ale daj całego loga bo ten jest obcięty.

:slight_smile:


(Gutek) #4

Zastosuj się do tego Tematu i zmień tytuł tematu na konkretny inaczej KOSZ

Pozdrawiam Gutek2222

Zmiana zasad wklejania logów na forum - viewtopic.php?f=16&t=253052