Windows 7 Forum: konfiguracja, optymalizacja, porady, gadżety •
Czy mam keyloggera ? - pomoc w znalezieniu - Wersja do druku

+- Windows 7 Forum: konfiguracja, optymalizacja, porady, gadżety • (https://windows7forum.pl)
+-- Dział: Inne (/inne-11-f)
+--- Dział: Pozostałe systemy Windows (/pozostale-systemy-windows-31-f)
+--- Wątek: Czy mam keyloggera ? - pomoc w znalezieniu (/czy-mam-keyloggera-pomoc-w-znalezieniu-8267-t)



Czy mam keyloggera ? - pomoc w znalezieniu - libra - 06.08.2010 19:25

Witam!

Jestem użytkownikiem, raczej zielonym w temacie keyloggerów. Czy ktoś mógłby mi pomóc, czy coś tutaj jest nie tak:
Kod:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19: 57: 31, on 2010-08-06
Platform:  Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE:  Internet Explorer v8.00 (8.00.6001.18702)
Boot mode:  Normal

Running processes:
C: \windows\System32\smss.exe
C: \windows\system32\winlogon.exe
C: \windows\system32\services.exe
C: \windows\system32\lsass.exe
C: \windows\system32\svchost.exe
C: \windows\System32\svchost.exe
C: \windows\system32\spoolsv.exe
C: \windows\System32\svchost.exe
C: \Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C: \windows\System32\svchost.exe
C: \Program Files\Java\jre6\bin\jqs.exe
C: \Program Files\Common Files\LightScribe\LSSrvc.exe
C: \Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C: \Program Files\NovaStor\NovaBACKUP\NMSAccess.exe
C: \Program Files\Eset\nod32krn.exe
C: \Program Files\NovaStor\NovaBACKUP\NSENGINE.exe
C: \Program Files\Spyware Terminator\sp_rsser.exe
C: \windows\system32\svchost.exe
C: \Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C: \WINDOWS\system32\wbem\wmiapsrv.exe
C: \windows\system32\wscntfy.exe
C: \Program Files\HPQ\IAM\bin\asghost.exe
C: \windows\Explorer.EXE
C: \Program Files\Analog Devices\Core\smax4pnp.exe
C: \Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
C: \Program Files\Hp\HP Software Update\HPWuSchd2.exe
C: \WINDOWS\System32\DLA\DLACTRLW.EXE
C: \Program Files\Synaptics\SynTP\SynTPEnh.exe
C: \WINDOWS\system32\igfxtray.exe
C: \WINDOWS\system32\igfxsrvc.exe
C: \WINDOWS\system32\hkcmd.exe
C: \WINDOWS\system32\igfxpers.exe
C: \Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C: \Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C: \WINDOWS\SMINST\Scheduler.exe
C: \Program Files\Eset\nod32kui.exe
C: \Program Files\NovaStor\NovaBACKUP\NbkCtrl.exe
C: \PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C: \Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C: \WINDOWS\V0230Mon.exe
C: \Program Files\Common Files\InstallShield\UpdateService\issch.exe
C: \Program Files\Common Files\Java\Java Update\jusched.exe
C: \windows\system32\ctfmon.exe
C: \Program Files\DAEMON Tools\daemon.exe
C: \Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C: \Program Files\Windows Media Player\WMPNSCFG.exe
C: \Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C: \Program Files\MagicDisc\MagicDisc.exe
C: \PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C: \Program Files\Common Files\Java\Java Update\jucheck.exe
C: \Program Files\Mozilla Firefox\firefox.exe
C: \Program Files\Skype\Phone\Skype.exe
C: \Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
C: \Program Files\Skype\Plugin Manager\skypePM.exe
C: \Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe
C: \Documents and Settings\ewcia\Ustawienia lokalne\Dane aplikacji\Google\Google Talk Plugin\googletalkplugin.exe
C: \Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http: //www.gazeta.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http: //go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http: //go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http: //go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http: //go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http: //www.hp.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook:  Reganam Toolbar - {db9d7a78-a76c-4bf2-97c6-258925ee1542} - C: \Program Files\Reganam\tbReg1.dll (file missing)
F2 - REG: system.ini:  UserInit=c: \windows\system32\userinit.exe,"c: \program files\global graphics\jaws pdf creator\pdfclient.exe",c: \windows\system32\twext.exe,C: \windows\system32\MPK\MPK.exe
O2 - BHO:  AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C: \Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO:  DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C: \WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO:  QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C: \PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO:  Reganam Toolbar - {db9d7a78-a76c-4bf2-97c6-258925ee1542} - C: \Program Files\Reganam\tbReg1.dll (file missing)
O2 - BHO:  Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C: \Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO:  HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C: \Program Files\HPQ\IAM\Bin\ItIeAddIN.dll
O2 - BHO:  JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C: \Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar:  Reganam Toolbar - {db9d7a78-a76c-4bf2-97c6-258925ee1542} - C: \Program Files\Reganam\tbReg1.dll (file missing)
O4 - HKLM\..\Run:  [SoundMAXPnP] C: \Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run:  [SoundMAX] C: \Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run:  [PTHOSTTR] C: \Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run:  [HP Software Update] C: \Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run:  [DLA] C: \WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run:  [SynTPEnh] C: \Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run:  [igfxtray] C: \WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run:  [igfxhkcmd] C: \WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run:  [igfxpers] C: \WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run:  [hpWirelessAssistant] C: \Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run:  [CognizanceTS] rundll32.exe C: \PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run:  [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run:  [Cpqset] C: \Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run:  [Recguard] C: \WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run:  [Reminder] C: \WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run:  [Scheduler] C: \WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run:  [nod32kui] "C: \Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run:  [NovaBackup 7 Tray Control] "C: \Program Files\NovaStor\NovaBACKUP\NbkCtrl.exe"
O4 - HKLM\..\Run:  [WatchDog] C: \Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run:  [AVFX Engine] C: \Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run:  [V0230Mon.exe] C: \WINDOWS\V0230Mon.exe
O4 - HKLM\..\Run:  [ISUSPM Startup] C: \PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run:  [ISUSScheduler] "C: \Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run:  [ZoneAlarm Client] "C: \Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run:  [Adobe Reader Speed Launcher] "C: \Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run:  [CorelDRAW Graphics Suite 11b] C: \Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=081610 serial=DR12CND-4767710-URM lang=EN
O4 - HKLM\..\Run:  [SunJavaUpdateSched] "C: \Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run:  [CTFMON.EXE] C: \windows\system32\ctfmon.exe
O4 - HKCU\..\Run:  [DAEMON Tools] "C: \Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run:  [Creative Live! Cam Manager] "C: \Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run:  [Google Update] "C: \Documents and Settings\ewcia\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run:  [Uninstall_CToolbar] "C: \DOCUME~1\ewcia\USTAWI~1\Temp\CUninst.exe" "/remove"
O4 - HKCU\..\Run:  [Gadu-Gadu 10] "C: \Program Files\Gadu-Gadu 10\gg.exe"
O4 - HKCU\..\Run:  [WMPNSCFG] C: \Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run:  [CTFMON.EXE] C: \WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run:  [CTFMON.EXE] C: \WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run:  [CTFMON.EXE] C: \WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run:  [CTFMON.EXE] C: \WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup:  MagicDisc.lnk = C: \Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup:  BTTray.lnk = ?
O4 - Global Startup:  DVD Check.lnk = C: \Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item:  Add to Google Photos Screensa&ver - res: //C: \windows\system32\GPhotos.scr/200
O8 - Extra context menu item:  E&ksport do programu Microsoft Excel - res: //C: \PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item:  Wyślij do interfejsu &Bluetooth - C: \Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button:  Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C: \Program Files\VisualRoute Lite Edition\vrie.dll (file missing)
O9 - Extra 'Tools' menuitem:  VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C: \Program Files\VisualRoute Lite Edition\vrie.dll (file missing)
O9 - Extra button:  Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C: \PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button:  (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C: \windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem:  @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C: \windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button:  Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C: \Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem:  Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C: \Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF:  START_PAGE_URL=http: //www.hp.com
O16 - DPF:  {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http: //www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188157057218
O16 - DPF:  {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http: //platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol:  skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C: \PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify:  OneCard - C: \Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
O23 - Service:  Adobe LM Service - Adobe Systems - C: \Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service:  Bluetooth Service (btwdins) - Broadcom Corporation. - C: \Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service:  Creative Service for CDROM Access - Unknown owner - C: \WINDOWS\system32\CTsvcCDA.exe (file missing)
O23 - Service:  Usługa Google Update (gupdate) (gupdate) - Google Inc. - C: \Program Files\Google\Update\GoogleUpdate.exe
O23 - Service:  Google Updater Service (gusvc) - Google - C: \Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service:  hpqwmiex - Hewlett-Packard Development Company, L.P. - C: \Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service:  InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service:  Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C: \Program Files\Java\jre6\bin\jqs.exe
O23 - Service:  LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C: \Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service:  NMSAccess - Unknown owner - C: \Program Files\NovaStor\NovaBACKUP\NMSAccess.exe
O23 - Service:  NOD32 Kernel Service (NOD32krn) - Eset  - C: \Program Files\Eset\nod32krn.exe
O23 - Service:  NsEngine - Unknown owner - C: \Program Files\NovaStor\NovaBACKUP\NSENGINE.exe
O23 - Service:  PC Angel (PCA) - SoftThinks - C: \WINDOWS\SMINST\PCAngel.exe
O23 - Service:  Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C: \Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service:  TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C: \WINDOWS\system32\ZoneLabs\vsmon.exe
Dzięki serdeczne!


RE: Czy mam keyloggera ? - pomoc w znalezieniu - dyzio2 - 06.08.2010 20:00

Log wygląda na czysty,niemniej jednak niech się ktoś jeszcze wypowie.
A dlaczego uważasz że masz keylogera?


RE: Czy mam keyloggera ? - pomoc w znalezieniu - bodziulla - 06.08.2010 20:12

Hej.
Wg logu, który dałeś system masz czysty. Dlaczego sądzisz, że masz keyloggera?. Czy dzieje się Tobie coś dziwnego czy tylko chcesz dla pewności ocenę?. Moja ocena na czysty. Z tym, że sugestie co do programu Corel skąd go masz i czy czasem nie jest skrakowany?. Wiem, że crack do tej aplikacji jest niebezpieczny. Druga sugestia co do używania programu do wirtualizacji płyt. Odradzam Deamona a zalecam Virtual Clone Drive.
Link:
http://www.slysoft.com/en/virtual-clonedrive.html
Jest free, mniejszy, nie obciąża tak systemu i nie powoduje żadnych komplikacji. Czyli podsumowując Twój log system masz czystyCwaniak
Pzdr