Kan noen sjekke disse loggene for meg?

Doga · 16. april 2009

Min WoW konto har blitt hacket en gang, og forsøkt hacket enda en bare på 10 dager. Tenkte jeg måtte få sjekket dette da, og her inne er det jo mange hjelpsomme mennesker

På forhånd takk for hjelpen

Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:02:38, on 16.04.2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Creative\Shared Files\CTAudSvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe

C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE

C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE

C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE

C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe

C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE

C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe

C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe

C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe

C:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exe

C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\CTXFIHLP.EXE

C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE

C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

C:\Program Files\D-Tools\daemon.exe

C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\iTunes\iTunes.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Java\jre6\bin\jqs.exe

D:\Programmer\Anti-svinware\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe

O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe

O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE

O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\ORSP Client\fsorsp.exe

O23 - Service: Googles oppdateringstjeneste (gupdate1c9b790423f93aa) (gupdate1c9b790423f93aa) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--

End of file - 7520 bytes

Gmer log:

GMER 1.0.15.14966 - http://www.gmer.net

Rootkit scan 2009-04-16 16:05:49

Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.15 ----

SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateKey [0xB9F832A8]

SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateValueKey [0xB9F8E910]

Code fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation) IoCreateDevice

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8ADD9450

Device \FileSystem\Fastfat \Fat 8A829EA8

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \Driver\Tcpip \Device\Ip fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

Device \Driver\Tcpip \Device\Tcp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

Device \Driver\Tcpip \Device\Udp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

Device \Driver\Tcpip \Device\RawIp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

---- EOF - GMER 1.0.15 ----

Bruker-158599 · 16. april 2009

Kan du kjøre combofix logg? bare følg veiledningen i signaturen min

Doga · 16. april 2009

Lastet det ned, men ingenting skjer og det virker som om boksen henger seg, greide ikke avslutte noen programmer eller prossesser0 via task manager. Jeg trodde et øyeblikk at jeg hadde XP 64 bit men kompisen som bygde pcen for meg mener det er 32.

Noen tips?

halfhero · 16. april 2009

Lastet det ned, men ingenting skjer og det virker som om boksen henger seg, greide ikke avslutte noen programmer eller prossesser0 via task manager. Jeg trodde et øyeblikk at jeg hadde XP 64 bit men kompisen som bygde pcen for meg mener det er 32.

Noen tips?

Jeg hadde tilsvarende problem med Combofix på min maskin med Vista 32-bit. I mitt tilfelle tok det bare laaang tid. Fikk opp Combofix prosess-bar umiddelbart, denne fyltes i løpet av ca. 10 sekunder, og deretter tilsynelatende stans. Etter 10-15 minutter fikk jeg imidlertid en dialogbox med spørsmål om nedlastning av siste Combofix. Deretter kom progress-baren på nytt og så kjørte programmet i et kommandovindu.

H

Endret 16. april 2009 av haakon1970

Bruker-158599 · 16. april 2009

Lastet det ned, men ingenting skjer og det virker som om boksen henger seg, greide ikke avslutte noen programmer eller prossesser0 via task manager. Jeg trodde et øyeblikk at jeg hadde XP 64 bit men kompisen som bygde pcen for meg mener det er 32.

Noen tips?

Bytt navn på exe fila som eks: gonbonfix.exe

Doga · 16. april 2009

Forandret navnet og det gjorde nok susen, programmet kjørte som faen

Etter det var ferdigkjørt og loggen laget så åpnet jeg Opera for å poste her, men ingen tabs åpnet seg og det gikk ikke an å skru det av via task manager eller noe, så det ble et trykk på resetknappen gitt. Slo forresten av F-Secure.

Uansett, her er Combofixloggen:

ComboFix 09-04-17.01 - Shoggen 16.04.2009 22:25.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.47.1033.18.3070.2538 [GMT 2:00]

Kjører fra: c:\documents and settings\Shoggen\Desktop\gonbonFix.exe

AV: F-Secure Internet Security 2009 9.00 *On-access scanning disabled* (Updated)

FW: F-Secure Internet Security 2009 9.00 *enabled*

* Opprettet nytt gjenopprettingspunkt

ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !!

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2009-03-17 til 2009-04-17 )))))))))))))))))))))))))))))))))

.

2009-04-16 19:41 . 2009-04-16 20:25 -------- d-----w C:\ComboFix

2009-04-16 14:04 . 2009-04-16 14:04 -------- d-----w c:\documents and settings\Shoggen\Application Data\Malwarebytes

2009-04-16 14:04 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-04-16 14:04 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-04-16 14:04 . 2009-04-16 14:04 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes

2009-04-15 16:42 . 2009-03-27 06:58 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb

2009-04-15 16:42 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll

2009-04-15 16:42 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe

2009-04-15 16:42 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll

2009-04-15 16:42 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll

2009-04-15 16:42 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll

2009-04-15 16:42 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe

2009-04-15 16:42 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll

2009-04-15 16:42 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll

2009-04-15 16:42 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll

2009-04-15 16:42 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll

2009-04-15 16:42 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe

2009-04-15 03:55 . 2009-04-15 03:55 -------- d-----w c:\windows\Sun

2009-04-13 00:34 . 2009-04-13 00:34 -------- d-----w c:\windows\system32\scripting

2009-04-13 00:34 . 2009-04-13 00:34 -------- d-----w c:\windows\l2schemas

2009-04-13 00:34 . 2009-04-13 00:34 -------- d-----w c:\windows\system32\en

2009-04-13 00:34 . 2009-04-13 00:34 -------- d-----w c:\windows\system32\bits

2009-04-13 00:32 . 2009-04-13 00:35 -------- d-----w c:\windows\ServicePackFiles

2009-04-10 16:38 . 2009-04-10 16:38 -------- d-----w c:\documents and settings\Shoggen\Application Data\Acreon

2009-04-10 16:38 . 2009-04-10 16:39 -------- d-----w c:\documents and settings\Shoggen\Local Settings\Application Data\._Revolution_

2009-04-09 23:58 . 2009-04-09 23:58 4585 ----a-w C:\install_Shoggen_00000000.ERR

2009-04-09 13:29 . 1996-11-06 19:11 69632 ----a-w c:\windows\RAUNINST.EXE

2009-04-09 13:29 . 2009-04-09 13:29 -------- d-----w c:\documents and settings\Shoggen\WINDOWS

2009-04-09 11:03 . 2009-04-09 20:14 98304 ----a-w c:\windows\system32\CmdLineExt.dll

2009-04-09 11:03 . 2009-04-09 11:03 -------- d--h--r c:\documents and settings\Shoggen\Application Data\SecuROM

2009-04-08 21:58 . 2008-04-14 00:12 221184 ----a-w c:\windows\system32\wmpns.dll

2009-04-08 20:21 . 2009-04-08 20:21 -------- d-----w c:\windows\system32\drivers\umdf

2009-04-08 20:21 . 2009-04-08 20:25 -------- d-----w c:\documents and settings\Shoggen\Application Data\dBpoweramp

2009-04-08 20:20 . 2009-04-08 20:20 3389 ----a-w c:\windows\system32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat

2009-04-08 20:20 . 2009-04-08 20:20 33846 ----a-w c:\windows\system32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.bmp

2009-04-08 20:11 . 2009-04-08 20:45 -------- d-----w c:\documents and settings\Shoggen\Application Data\AccurateRip

2009-04-08 20:11 . 2009-04-08 20:20 10890928 ----a-w c:\windows\system32\SpoonUninstall.exe

2009-04-08 20:11 . 2009-04-08 20:11 13774 ----a-w c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat

2009-04-08 20:11 . 2009-04-08 20:10 33846 ----a-w c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.bmp

2009-04-08 19:48 . 2009-04-08 19:48 -------- d-----w c:\documents and settings\Shoggen\Local Settings\Application Data\Funcom

2009-04-08 19:46 . 2009-04-08 19:46 -------- d-----w c:\documents and settings\All Users\Application Data\media center programs

2009-04-08 19:10 . 2009-04-08 19:10 -------- d-----w c:\windows\system32\LogFiles

2009-04-08 18:57 . 2009-04-08 18:57 -------- d-sh--w c:\documents and settings\Shoggen\IECompatCache

2009-04-08 16:56 . 2009-04-08 16:56 -------- d-----w c:\documents and settings\Shoggen\Local Settings\Application Data\Adobe

2009-04-08 16:47 . 2004-08-04 12:00 403 -c----w c:\windows\system32\dllcache\npdrmv2.zip

2009-04-08 16:46 . 2004-08-03 20:29 73216 ------w c:\windows\system32\drivers\atintuxx.sys

2009-04-08 16:37 . 2008-06-13 11:05 272128 -c----w c:\windows\system32\dllcache\bthport.sys

2009-04-08 16:37 . 2008-06-13 11:05 272128 ------w c:\windows\system32\drivers\bthport.sys

2009-04-08 16:36 . 2009-02-06 11:08 2189056 -c----w c:\windows\system32\dllcache\ntoskrnl.exe

2009-04-08 16:36 . 2009-02-06 11:06 2145280 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe

2009-04-08 16:36 . 2009-02-06 10:32 2023936 -c----w c:\windows\system32\dllcache\ntkrpamp.exe

2009-04-08 16:36 . 2009-02-07 17:02 2066048 -c----w c:\windows\system32\dllcache\ntkrnlpa.exe

2009-04-08 16:35 . 2008-05-08 14:02 203136 -c----w c:\windows\system32\dllcache\rmcast.sys

2009-04-08 16:35 . 2008-10-24 11:21 455296 -c----w c:\windows\system32\dllcache\mrxsmb.sys

2009-04-08 16:35 . 2008-12-11 10:57 333952 -c----w c:\windows\system32\dllcache\srv.sys

2009-04-08 16:35 . 2008-04-11 19:04 691712 -c----w c:\windows\system32\dllcache\inetcomm.dll

2009-04-08 16:34 . 2008-10-15 16:34 337408 -c----w c:\windows\system32\dllcache\netapi32.dll

2009-04-08 15:26 . 2009-04-08 15:26 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\Apple

2009-04-08 14:31 . 2009-04-08 14:31 -------- d-----w c:\documents and settings\All Users\Application Data\Blizzard

2009-04-08 10:56 . 2008-07-10 02:07 7143 ----a-w c:\windows\system32\nvide.nvu

2009-04-08 10:55 . 2008-07-29 11:33 446464 ----a-w c:\windows\system32\nvunrm.exe

2009-04-08 10:55 . 2008-07-29 11:30 6045 ----a-w c:\windows\system32\nvnrm.nvu

2009-04-08 10:55 . 2009-04-08 10:55 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\Google

2009-04-08 09:51 . 2009-04-08 09:51 229 ----a-w c:\windows\RomeTW.ini

2009-04-08 09:13 . 2009-04-08 09:13 43520 ----a-w c:\windows\system32\CmdLineExt03.dll

2009-04-08 08:08 . 1998-10-02 17:00 327168 ----a-w c:\windows\IsUninst.exe

2009-04-07 17:33 . 2009-04-07 17:33 -------- d-----w c:\documents and settings\All Users\Application Data\Funcom

2009-04-07 17:15 . 2009-04-07 17:15 21840 ----a-w c:\windows\system32\SIntfNT.dll

2009-04-07 17:15 . 2009-04-07 17:15 17212 ----a-w c:\windows\system32\SIntf32.dll

2009-04-07 17:15 . 2009-04-07 17:15 12067 ----a-w c:\windows\system32\SIntf16.dll

2009-04-07 17:06 . 2009-04-07 17:16 30616 ----a-w c:\windows\DIIUnin.dat

2009-04-07 17:06 . 2009-04-07 17:06 94208 ----a-w c:\windows\DIIUnin.exe

2009-04-07 17:06 . 2009-04-07 17:06 2829 ----a-w c:\windows\DIIUnin.pif

2009-04-07 16:54 . 1997-07-06 20:22 756736 ------w c:\windows\system32\ir41_32.dll

2009-04-07 16:28 . 2009-04-07 16:43 67897 ----a-w c:\windows\War3Unin.dat

2009-04-07 16:28 . 2009-04-07 16:37 2829 ----a-w c:\windows\War3Unin.pif

2009-04-07 16:28 . 2009-04-07 16:37 139264 ----a-w c:\windows\War3Unin.exe

2009-04-07 16:16 . 2009-04-08 17:40 -------- d-----w c:\documents and settings\Shoggen\Local Settings\Application Data\Ahead

2009-04-07 16:06 . 2008-04-14 00:11 21504 ----a-w c:\windows\system32\hidserv.dll

2009-04-07 16:05 . 2001-08-17 13:59 3072 ----a-w c:\windows\system32\drivers\audstub.sys

2009-04-07 16:05 . 2009-04-16 18:59 17384 ----a-w c:\documents and settings\Shoggen\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-04-07 16:05 . 2008-04-13 18:40 57600 ----a-w c:\windows\system32\drivers\redbook.sys

2009-04-07 16:04 . 2001-08-17 13:46 6400 ----a-w c:\windows\system32\drivers\enum1394.sys

2009-04-07 16:04 . 2009-04-07 16:04 -------- d-----w c:\documents and settings\Shoggen\Application Data\vlc

2009-04-07 16:04 . 2008-04-14 00:12 74240 ----a-w c:\windows\system32\usbui.dll

2009-04-07 16:02 . 2004-08-04 12:00 1042903 ----a-r c:\windows\SET3.tmp

2009-04-07 16:02 . 2009-04-16 20:25 -------- d-----w c:\windows\system32\CatRoot2

2009-04-07 16:02 . 2009-04-13 00:39 -------- d-----w c:\windows\system32\CatRoot

2009-04-07 16:02 . 2009-04-07 14:18 -------- d-----w C:\Documents and Settings

2009-04-07 16:02 . 2009-04-07 14:15 -------- d--h--w c:\documents and settings\Default User

2009-04-07 16:02 . 2009-04-07 14:15 -------- d-----w c:\documents and settings\All Users

2009-04-07 16:01 . 2009-04-08 17:40 -------- d-----w c:\documents and settings\Shoggen\Application Data\Ahead

2009-04-07 16:01 . 2009-04-07 14:17 261 ----a-w c:\windows\system32\$winnt$.inf

2009-04-07 16:00 . 2009-04-07 16:00 -------- d-----w c:\documents and settings\All Users\Application Data\Nero

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-16 18:46 . 2009-04-07 14:58 -------- d-----w c:\documents and settings\Shoggen\Application Data\uTorrent

2009-04-16 14:04 . 2009-04-16 14:04 -------- d-----w c:\program files\Malwarebytes' Anti-Malware

2009-04-16 14:02 . 2009-04-07 14:52 410984 ----a-w c:\windows\system32\deploytk.dll

2009-04-16 13:30 . 2009-04-07 14:41 -------- d-----w c:\program files\F-Secure Internet Security

2009-04-16 04:31 . 2009-04-07 14:49 -------- d-----w c:\documents and settings\All Users\Application Data\Google Updater

2009-04-13 00:36 . 2009-04-07 14:15 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat

2009-04-13 00:30 . 2004-08-04 12:00 250048 --sha-r C:\ntldr

2009-04-09 23:35 . 2009-04-07 14:24 -------- d--h--w c:\program files\InstallShield Installation Information

2009-04-08 22:06 . 2009-04-08 22:06 -------- d-----w c:\program files\Common Files\Blizzard Entertainment

2009-04-08 20:11 . 2009-04-08 20:10 -------- d-----w c:\program files\dBpoweramp

2009-04-08 18:58 . 2009-04-08 18:58 -------- d-----w c:\program files\MSXML 4.0

2009-04-08 18:56 . 2009-04-08 18:56 -------- d-----w c:\program files\CCleaner

2009-04-08 08:51 . 2009-04-07 14:24 -------- d-----w c:\program files\Common Files\InstallShield

2009-04-08 08:09 . 2009-04-08 08:09 -------- d-----w c:\program files\Common Files\3DO Shared

2009-04-08 08:09 . 2009-04-08 08:09 -------- d-----w c:\program files\3DO

2009-04-07 16:05 . 2009-04-07 14:58 -------- d-----w c:\documents and settings\Shoggen\Application Data\Apple Computer

2009-04-07 16:03 . 2009-04-07 15:59 31470 ----a-w c:\windows\scunin.dat

2009-04-07 16:03 . 2009-04-07 15:59 94208 ----a-w c:\windows\ScUnin.exe

2009-04-07 16:02 . 2009-04-07 16:00 -------- d-----w c:\program files\Common Files\Ahead

2009-04-07 16:00 . 2009-04-07 15:57 -------- d-----w c:\program files\Nero

2009-04-07 15:33 . 2009-04-07 14:58 -------- d-----w c:\program files\iTunes

2009-04-07 15:19 . 2009-04-07 15:19 -------- d-----w c:\documents and settings\All Users\Application Data\Age of Empires 3

2009-04-07 15:00 . 2009-04-07 15:00 -------- d-----w c:\program files\MagicISO

2009-04-07 14:58 . 2009-04-07 14:58 -------- d-----w c:\program files\uTorrent

2009-04-07 14:58 . 2009-04-07 14:58 -------- d-----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

2009-04-07 14:58 . 2009-04-07 14:58 -------- d-----w c:\program files\iPod

2009-04-07 14:58 . 2009-04-07 14:57 -------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer

2009-04-07 14:58 . 2009-04-07 14:57 -------- d-----w c:\program files\Common Files\Apple

2009-04-07 14:58 . 2009-04-07 14:58 -------- d-----w c:\program files\Bonjour

2009-04-07 14:58 . 2009-04-07 14:57 -------- d-----w c:\program files\QuickTime

2009-04-07 14:57 . 2009-04-07 14:57 -------- d-----w c:\program files\Apple Software Update

2009-04-07 14:57 . 2009-04-07 14:57 -------- d-----w c:\documents and settings\All Users\Application Data\Apple

2009-04-07 14:52 . 2009-04-07 14:43 -------- d-----w c:\program files\Java

2009-04-07 14:51 . 2009-04-07 14:51 -------- d-----w c:\program files\VideoLAN

2009-04-07 14:51 . 2009-04-07 14:51 33408 ----a-w c:\windows\system32\drivers\fsbts.sys

2009-04-07 14:51 . 2009-04-07 14:49 -------- d-----w c:\program files\Google

2009-04-07 14:46 . 2009-04-07 14:46 -------- d-----w c:\documents and settings\Shoggen\Application Data\F-Secure

2009-04-07 14:43 . 2009-04-07 14:43 -------- d-----w c:\program files\Common Files\Java

2009-04-07 14:42 . 2009-04-07 14:42 -------- d-----w c:\program files\D-Tools

2009-04-07 14:41 . 2009-04-07 14:40 -------- d-----w c:\documents and settings\All Users\Application Data\f-secure

2009-04-07 14:41 . 2009-04-07 14:41 -------- d-----w c:\documents and settings\All Users\Application Data\fssg

2009-04-07 14:33 . 2009-04-07 14:33 -------- d-----w c:\program files\Common Files\Adobe

2009-04-07 14:30 . 2009-04-07 14:30 -------- d-----w c:\program files\Opera

2009-04-07 14:25 . 2009-04-07 14:25 -------- d-----w c:\documents and settings\All Users\Application Data\Creative

2009-04-07 14:25 . 2009-04-07 14:25 444952 ----a-w c:\windows\system32\wrap_oal.dll

2009-04-07 14:25 . 2009-04-07 14:25 109080 ----a-w c:\windows\system32\OpenAL32.dll

2009-04-07 14:25 . 2009-04-07 14:25 -------- d-----w c:\program files\OpenAL

2009-04-07 14:25 . 2009-04-07 14:25 -------- d-----w c:\program files\Common Files\Creative Labs Shared

2009-04-07 14:25 . 2009-04-07 14:25 -------- d-----w c:\program files\Creative

2009-04-07 14:20 . 2009-04-07 14:20 -------- d-----w c:\documents and settings\Shoggen\Application Data\InstallShield

2009-04-07 14:16 . 2009-04-07 14:16 -------- d-----w c:\program files\microsoft frontpage

2009-04-07 14:13 . 2009-04-07 14:13 21640 ----a-w c:\windows\system32\emptyregdb.dat

2009-03-27 06:14 . 2009-04-07 14:20 453152 ----a-w c:\windows\system32\NVUNINST.EXE

2009-03-19 14:32 . 2009-04-07 14:58 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys

2009-03-08 02:34 . 2004-08-04 12:00 914944 ----a-w c:\windows\system32\wininet.dll

2009-03-08 02:34 . 2004-08-04 12:00 43008 ----a-w c:\windows\system32\licmgr10.dll

2009-03-08 02:33 . 2004-08-04 12:00 18944 ----a-w c:\windows\system32\corpol.dll

2009-03-08 02:33 . 2004-08-04 12:00 420352 ----a-w c:\windows\system32\vbscript.dll

2009-03-08 02:32 . 2004-08-04 12:00 72704 ----a-w c:\windows\system32\admparse.dll

2009-03-08 02:32 . 2004-08-04 12:00 71680 ----a-w c:\windows\system32\iesetup.dll

2009-03-08 02:31 . 2004-08-04 12:00 34816 ----a-w c:\windows\system32\imgutil.dll

2009-03-08 02:31 . 2004-08-04 12:00 48128 ----a-w c:\windows\system32\mshtmler.dll

2009-03-08 02:31 . 2004-08-04 12:00 45568 ----a-w c:\windows\system32\mshta.exe

2009-03-08 02:22 . 2004-08-04 12:00 156160 ----a-w c:\windows\system32\msls31.dll

2009-03-06 14:22 . 2004-08-04 12:00 284160 ----a-w c:\windows\system32\pdh.dll

2009-02-09 12:10 . 2004-08-04 12:00 729088 ----a-w c:\windows\system32\lsasrv.dll

2009-02-09 12:10 . 2004-08-04 12:00 714752 ----a-w c:\windows\system32\ntdll.dll

2009-02-09 12:10 . 2004-08-04 12:00 617472 ----a-w c:\windows\system32\advapi32.dll

2009-02-09 12:10 . 2004-08-04 12:00 401408 ----a-w c:\windows\system32\rpcss.dll

2009-02-09 11:13 . 2004-08-04 12:00 1846784 ----a-w c:\windows\system32\win32k.sys

2009-02-06 11:11 . 2004-08-04 12:00 110592 ----a-w c:\windows\system32\services.exe

2009-02-06 11:06 . 2004-08-04 12:00 2145280 ----a-w c:\windows\system32\ntoskrnl.exe

2009-02-06 10:39 . 2004-08-04 12:00 35328 ----a-w c:\windows\system32\sc.exe

2009-02-06 10:32 . 2004-08-03 22:59 2023936 ----a-w c:\windows\system32\ntkrnlpa.exe

2009-02-03 19:59 . 2004-08-04 12:00 56832 ----a-w c:\windows\system32\secur32.dll

.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-07 39408]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"F-Secure Manager"="c:\program files\F-Secure Internet Security\Common\FSM32.EXE" [2008-10-14 182936]

"F-Secure TNB"="c:\program files\F-Secure Internet Security\FSGUI\TNBUtil.exe" [2008-10-14 957024]

"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-16 148888]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-03-27 1657376]

"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\Ctxfihlp.exe [2008-10-07 23552]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"d:\\Spill\\Age of Empires III\\age3x.exe"=

"d:\\Spill\\Age of Empires III\\age3y.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R2 gupdate1c9b790423f93aa;Googles oppdateringstjeneste (gupdate1c9b790423f93aa);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-07 133104]

R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-04-07 79360]

R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2008-10-07 171032]

R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2008-10-07 1324056]

R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2008-10-07 72728]

R3 gkmixern;gkmixern; [x]

R4 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys [2008-10-14 39776]

R4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys [2008-10-14 25184]

S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2009-04-07 33408]

S0 FSFW;F-Secure Firewall Driver;c:\windows\System32\drivers\fsdfw.sys [2008-10-14 79904]

S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\F-Secure Internet Security\HIPS\drivers\fshs.sys [2008-10-14 66720]

S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2008-10-07 171032]

S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2008-10-07 1324056]

S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2008-10-07 72728]

S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys [2009-04-07 84608]

S3 FSORSPClient;F-Secure ORSP Client;c:\program files\F-Secure Internet Security\ORSP Client\fsorsp.exe [2008-10-14 55904]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

2009-04-08 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-04-16 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-07 14:49]

2009-04-16 c:\windows\Tasks\GoogleUpdateTaskMachine.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-07 14:50]

.

------- Tilleggsskanning -------

.

uInternet Settings,ProxyOverride = *.local

LSP: c:\program files\F-Secure Internet Security\FSPS\program\FSLSP.DLL

.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-16 22:26

Windows 5.1.2600 Service Pack 3 NTFS

skanner skjulte prosesser ...

skanner skjulte autostart-oppføringer ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

CTxfiHlp = CTXFIHLP.EXE?

skanner skjulte filer ...

skanning vellykket

skjulte filer: 0

**************************************************************************

.

--------------------- LÅSTE REGISTERNØKLER ---------------------

[HKEY_USERS\S-1-5-21-1614895754-179605362-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:21,6b,a7,2e,6f,8e,cd,c1,b1,64,e7,6f,18,6b,2b,32,5c,c8,e9,d1,a0,73,61,

c5,72,f4,31,7e,50,94,27,b3,f8,b3,60,b1,d2,de,e2,16,d9,5a,83,cf,a9,ca,4e,e7,\

"??"=hex:1b,be,97,31,9e,9a,0c,f0,49,21,21,f7,a2,0e,b0,8a

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

- - - - - - - > 'winlogon.exe'(896)

c:\program files\F-Secure Internet Security\FWES\Program\fsdc32.dll

- - - - - - - > 'lsass.exe'(956)

c:\program files\F-Secure Internet Security\FSPS\program\FSLSP.DLL

c:\program files\F-Secure Internet Security\FWES\Program\fsdc32.dll

- - - - - - - > 'explorer.exe'(876)

c:\program files\F-Secure Internet Security\Spam Control\fsscoepl.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\windows\system32\OneX.DLL

c:\windows\system32\eappprxy.dll

- - - - - - - > 'csrss.exe'(872)

c:\program files\F-Secure Internet Security\FWES\Program\fsdc32.dll

.

Tidspunkt ferdig: 2009-04-16 22:27

ComboFix-quarantined-files.txt 2009-04-16 20:27

Pre-Run: 30 806 265 856 bytes free

Post-Run: 32 343 740 416 bytes free

289 --- E O F --- 2009-04-15 16:55

Bruker-158599 · 16. april 2009

Det kommer sikkert noen andre å ser på loggen din. Det er ikke mitt sterkeste område.

madmats · 16. april 2009

jeg hjalp lillebroren min med å finne trojaneren som hacka wow kontoen hans, da var det malwarebytes (mbam) som fant det.

ser du har installert det, fant det no når du søkte da? fikk du oppdatert det før du søkte?

hvis det fant no burde du poste loggen ifra mbam også

har du problemer med å kjøre/oppdatere mbam kan du endre navnet på exe fila som ligger i installasjonsfolderen til mbam i programfiler

evt prøve i sikker modus

Endret 16. april 2009 av madmats

Doga · 17. april 2009

Malwarebytes fant ingenting etter en full scan eller hva det var, tok rett over en time i alle fall Oppdatert og alt ja. Her er Full scan loggen:

Malwarebytes' Anti-Malware 1.36

Database version: 1989

Windows 5.1.2600 Service Pack 3

16.04.2009 17:17:16

mbam-log-2009-04-16 (17-17-16).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|)

Objects scanned: 191570

Time elapsed: 1 hour(s), 10 minute(s), 42 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Og her er en Quick scan jeg nettopp tok, rekker ikke mer før jobb

Malwarebytes' Anti-Malware 1.36

Database version: 1992

Windows 5.1.2600 Service Pack 3

17.04.2009 06:14:25

mbam-log-2009-04-17 (06-14-25).txt

Scan type: Quick Scan

Objects scanned: 62947

Time elapsed: 1 minute(s), 34 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Siden denne ikke har funnet noe er jeg spent på hva loggene over betyr...

norbat · 17. april 2009

Combofix-loggen viser ingen tegn på noen infeksjoner (heller ikke hjt og gmer).Bruk et sterkt passord må kanskje bli rådet.

Bruker-158599 · 17. april 2009

avinstaler combofix ved å skrive combofix /u i kjør feltet. start-->kjør (vista søker etter "kjør")

Endret 31. juli 2010 av riskake90

Doga · 17. april 2009

Tusen takk for all hjelp, setter stor pris på det!

Fadeless · 17. april 2009

Bytt passord til noe du aldri har brukt før. Du bør også bytte passord på epost-addresen som er registrert til din account.

Logg inn

Kan noen sjekke disse loggene for meg?

Anbefalte innlegg

Doga

Lenke til kommentar

Videoannonse

Bruker-158599

Lenke til kommentar

Doga

Lenke til kommentar

halfhero

Lenke til kommentar

Bruker-158599

Lenke til kommentar

Doga

Lenke til kommentar

Bruker-158599

Lenke til kommentar

madmats

Lenke til kommentar

Doga

Lenke til kommentar

norbat

Lenke til kommentar

Bruker-158599

Lenke til kommentar

Doga

Lenke til kommentar

Fadeless

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Opprett konto

Logg inn

Hvem er aktive 0 medlemmer