Helox Skrevet 20. mai 2009 Del Skrevet 20. mai 2009 Det merkelige er at ingen av mine andre e-mailer har blitt hacket. Jeg har kjørt ESET NOD32, Avast og AVG anti-virus. Ingen av disse programmene finner noen virus etc. Så jeg lurer bare på om noen av dere har erfart eller vet om en/flere løsninger på dette problemet. Takker for all hjelp Lenke til kommentar
Captn Jack Yarr'ow ! Skrevet 20. mai 2009 Del Skrevet 20. mai 2009 Du kan finne masse flere virus dritt ved og logge inn i sikkermodus. Eller skru av gjennoprettning. Lenke til kommentar
Furiae Skrevet 20. mai 2009 Del Skrevet 20. mai 2009 Det merkelige er at ingen av mine andre e-mailer har blitt hacket. Jeg har kjørt ESET NOD32, Avast og AVG anti-virus. Ingen av disse programmene finner noen virus etc. Så jeg lurer bare på om noen av dere har erfart eller vet om en/flere løsninger på dette problemet. Takker for all hjelp Er du sikker på at ingen vet passordet ditT? Lenke til kommentar
Helox Skrevet 21. mai 2009 Forfatter Del Skrevet 21. mai 2009 Jeg er ganske sikker på at ingen vet passordet mitt, for jeg fikk tilbakestilt det for 2 dager siden. Da tok jeg ett passord med masse tegn, siffer og boksaver, men nå skal jeg prøve å kjøre i sikkerhetsmodus å se hvordan det går Lenke til kommentar
nomore Skrevet 21. mai 2009 Del Skrevet 21. mai 2009 Evnt keylogger(fysisk eller software) og videoovervåking? Vet du hvem som har hacket deg? Hvordan vet du at du er blitt hacket? Lenke til kommentar
Bludd Skrevet 21. mai 2009 Del Skrevet 21. mai 2009 Kanskje du har fått et rootkit? Eneste måten å være sikker på at rootkitet er borte er å nullstille systemet. Alt må slettes, en maskin med et slemt rootkit går ikke å stole på. Lenke til kommentar
drbuggs Skrevet 21. mai 2009 Del Skrevet 21. mai 2009 Før jeg formaterte ville jeg ha prøvd antivirus som er mer retta mot spyware etc, f.eks spybot og/eller malwarebytes. AVG har et antirootkit som kan lastes ned gratis også. Lenke til kommentar
PerB Skrevet 21. mai 2009 Del Skrevet 21. mai 2009 Her er det også interessant å få rede på hvorfor du tror den ene email-kontoen din er blitt hacket og ingen av de andre. Lenke til kommentar
Helox Skrevet 21. mai 2009 Forfatter Del Skrevet 21. mai 2009 Her er det også interessant å få rede på hvorfor du tror den ene email-kontoen din er blitt hacket og ingen av de andre. Ja, det er det som er litt merkelig. Hvorfor bare den ene e-mailen min? Planlegger å formatere PC'en min ja. Blir ikke så mye stress. Lenke til kommentar
snippsat Skrevet 21. mai 2009 Del Skrevet 21. mai 2009 (endret) Vi kan sjekke om du har noe grums. Last Combofix ned ,legg på skrivebordet. Ikke klikk på vindu mens programmet kjører. post logg C:\combofix.txt Det vanligeste når en konto blir hacket er at passord er kommet på aveie Dette løses med og skifte passord på kontoen. Endret 21. mai 2009 av SNIPPSAT Lenke til kommentar
Helox Skrevet 21. mai 2009 Forfatter Del Skrevet 21. mai 2009 Vi kan sjekke om du har noe grums. Last Combofix ned ,legg på skrivebordet. Ikke klikk på vindu mens programmet kjører. post logg C:\combofix.txt Det vanligeste når en konto blir hacket er at passord er kommet på aveie Dette løses med og skifte passord på kontoen. Tusen takk. Skal prøve det Lenke til kommentar
Helox Skrevet 21. mai 2009 Forfatter Del Skrevet 21. mai 2009 Står at jeg må deaktivere AVG før jeg kjører viss ikke kan det skade PC'en... men tingen er at jeg ikke får deaktivert AVG... heller ikke avinstallert det. Prøvd å gå inn på prosesser i Oppgavebehandling, men det popper bare opp igjen. Begynner å gå meg på nervene... Lenke til kommentar
Helox Skrevet 21. mai 2009 Forfatter Del Skrevet 21. mai 2009 AVG ble jeg kvitt nå, men har fortsatt ESET NOD32 som kan skape problemer for Combofix. Eller gjør det kanskje ikke noe at de programmene kjører? Lenke til kommentar
snippsat Skrevet 21. mai 2009 Del Skrevet 21. mai 2009 (endret) Du skal ikke ha 2 antivirus på systemet. Det skal selvfølgelig gå og deativere avg. Det bare og prøve og kjøre combofix svar ja på alt. Du kan kjøre denne. Last ned RSIT (Random's System Information Tool) til skrivebordet Start programmet ved å dobbeltklikke på RSIT.exe Klikk Continue Etter få strakser vil det lages en logg (log.txt). Den poster du. Endret 21. mai 2009 av SNIPPSAT Lenke til kommentar
Helox Skrevet 21. mai 2009 Forfatter Del Skrevet 21. mai 2009 her er loggen. Si ifra viss du trenger mer fra loggen. ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-04-21 til 2009-05-21 ))))))))))))))))))))))))))))))))) . 2009-05-21 21:54 . 2009-05-21 21:54 -------- d-----w c:\users\privat\AppData\Local\temp 2009-05-21 20:41 . 2009-05-21 20:46 -------- d-----w c:\program files\Perfect Uninstaller 2009-05-21 14:05 . 2009-05-21 14:05 -------- d-----w C:\Boot 2009-05-11 05:49 . 2009-05-20 11:03 -------- d--h--w C:\$AVG8.VAULT$ 2009-05-11 05:09 . 2009-05-11 06:59 11952 ----a-w c:\windows\system32\avgrsstx.dll 2009-05-11 05:09 . 2009-05-11 06:58 12552 ----a-w c:\windows\system32\drivers\avgrkx86.sys 2009-05-11 05:09 . 2009-05-11 06:58 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys 2009-05-11 05:09 . 2009-05-11 06:59 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys 2009-05-11 05:09 . 2009-05-21 15:58 -------- d-----w c:\windows\system32\drivers\Avg 2009-05-11 05:09 . 2009-05-21 20:04 -------- d-----w c:\programdata\avg8 2009-05-11 05:09 . 2009-05-21 20:04 -------- d-----w c:\users\All Users\avg8 2009-04-27 04:36 . 2005-08-25 22:50 77312 ----a-w c:\windows\system32\ztvunace26.dll 2009-04-27 04:36 . 2006-05-25 12:52 162304 ----a-w c:\windows\system32\ztvunrar36.dll 2009-04-27 04:36 . 2006-06-19 10:01 69632 ----a-w c:\windows\system32\ztvcabinet.dll 2009-04-27 04:36 . 2002-03-05 22:00 75264 ----a-w c:\windows\system32\unacev2.dll 2009-04-27 04:36 . 2003-02-02 17:06 153088 ----a-w c:\windows\system32\UNRAR3.dll 2009-04-27 04:36 . 2009-04-27 04:36 -------- d-----w c:\programdata\Simply Super Software 2009-04-27 04:36 . 2009-04-27 04:36 -------- d-----w c:\users\All Users\Simply Super Software 2009-04-27 04:36 . 2009-04-27 04:36 -------- d-----w c:\users\privat\AppData\Roaming\Simply Super Software . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-21 21:53 . 2006-11-21 05:13 77116 ----a-w c:\windows\system32\perfc014.dat 2009-05-21 21:53 . 2006-11-21 05:13 455000 ----a-w c:\windows\system32\perfh014.dat 2009-05-21 21:45 . 2008-12-01 15:15 1356 ----a-w c:\users\privat\AppData\Local\d3d9caps.dat 2009-05-21 21:00 . 2009-03-20 20:49 -------- d-----w c:\program files\ESET 2009-05-21 20:56 . 2009-03-29 10:10 -------- d-----w c:\program files\Steam 2009-05-19 16:16 . 2008-12-01 16:02 -------- d-----w c:\program files\Common Files\Steam 2009-05-14 01:00 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail 2009-04-28 15:44 . 2009-03-20 20:39 -------- d-----w c:\program files\Trojan Remover 2009-04-18 16:38 . 2008-05-20 16:44 176307197 ----a-w c:\windows\DUMP41c0.tmp 2009-04-10 09:28 . 2009-04-10 09:28 -------- d-----w c:\program files\MagicDisc 2009-04-10 09:28 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstrng.dat 2009-04-10 09:28 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat 2009-04-10 09:28 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat 2009-04-09 14:47 . 2009-04-09 14:47 98304 ----a-w c:\windows\system32CmdLineExt.dll 2009-04-09 10:03 . 2009-04-08 20:40 -------- d-----w c:\program files\Electronic Arts 2009-04-07 14:20 . 2009-04-07 14:20 -------- d-----w c:\program files\mIRC 2009-04-07 10:12 . 2009-04-07 10:11 -------- d-----w c:\program files\Deer Hunter Tournament 2009-04-06 17:57 . 2008-12-02 21:56 -------- d-----w c:\program files\LimeWire 2009-04-05 09:47 . 2009-04-05 09:46 -------- d-----w c:\program files\iTunes 2009-04-05 09:46 . 2009-04-05 09:46 -------- d-----w c:\program files\iPod 2009-04-05 09:46 . 2008-12-05 05:54 -------- d-----w c:\program files\Common Files\Apple 2009-04-05 09:44 . 2009-04-05 09:44 -------- d-----w c:\program files\QuickTime 2009-04-05 09:38 . 2009-04-05 09:38 -------- d-----w c:\program files\Bonjour 2009-03-28 13:29 . 2009-03-26 16:13 717296 ----a-w c:\windows\system32\drivers\sptd.sys 2009-03-26 15:57 . 2009-03-26 15:57 -------- d-----w c:\program files\MagicISO 2009-03-24 17:13 . 2008-12-01 18:43 -------- d-----w c:\program files\Windows Live 2009-03-24 17:12 . 2009-03-24 17:12 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition 2009-03-24 17:10 . 2009-03-24 17:10 -------- d-----w c:\program files\Microsoft 2009-03-24 17:09 . 2009-03-24 17:09 -------- d-----w c:\program files\Windows Live SkyDrive 2009-03-24 17:06 . 2009-03-24 17:06 -------- d-----w c:\program files\Common Files\Windows Live 2009-03-24 15:22 . 2009-03-24 15:22 -------- d-----w c:\program files\Alwil Software 2009-03-17 03:38 . 2009-04-16 04:36 13824 ----a-w c:\windows\system32\apilogen.dll 2009-03-17 03:38 . 2009-04-16 04:36 24064 ----a-w c:\windows\system32\amxread.dll 2009-03-05 21:59 . 2009-03-05 21:59 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys 2009-03-05 21:59 . 2009-03-05 21:59 1900544 ----a-w c:\windows\system32\usbaaplrc.dll 2009-03-03 04:46 . 2009-04-16 04:36 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe 2009-03-03 04:46 . 2009-04-16 04:36 3547632 ----a-w c:\windows\system32\ntoskrnl.exe 2009-03-03 04:40 . 2009-04-16 04:36 827392 ----a-w c:\windows\system32\wininet.dll 2009-03-03 04:39 . 2009-04-16 04:36 183296 ----a-w c:\windows\system32\sdohlp.dll 2009-03-03 04:39 . 2009-04-16 04:36 551424 ----a-w c:\windows\system32\rpcss.dll 2009-03-03 04:39 . 2009-04-16 04:36 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll 2009-03-03 04:37 . 2009-04-16 04:36 78336 ----a-w c:\windows\system32\ieencode.dll 2009-03-03 04:37 . 2009-04-16 04:36 98304 ----a-w c:\windows\system32\iasrecst.dll 2009-03-03 04:37 . 2009-04-16 04:36 44032 ----a-w c:\windows\system32\iasdatastore.dll 2009-03-03 04:37 . 2009-04-16 04:36 54784 ----a-w c:\windows\system32\iasads.dll 2009-03-03 03:04 . 2009-04-16 04:36 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe 2009-03-03 02:38 . 2009-04-16 04:36 17408 ----a-w c:\windows\system32\iashost.exe 2009-03-03 02:28 . 2009-04-16 04:36 26624 ----a-w c:\windows\system32\ieUnatt.exe 2009-03-01 14:37 . 2008-11-30 10:45 102208 ----a-w c:\users\privat\AppData\Local\GDIPFONTCACHEV1.DAT 2009-02-24 16:42 . 2009-04-10 09:28 116736 ----a-w c:\windows\system32\drivers\mcdbus.sys 2008-12-05 02:22 . 2006-11-02 12:48 174 --sha-w c:\program files\desktop.ini . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\avgrsstx.dll [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GammaTray.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\GammaTray.lnk backup=c:\windows\pss\GammaTray.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WG111v3 Smart Wizard.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk backup=c:\windows\pss\NETGEAR WG111v3 Smart Wizard.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SetPointII.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SetPointII.lnk backup=c:\windows\pss\SetPointII.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^Users^privat^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Gangsters2Setup.lnk] path=c:\users\privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Gangsters2Setup.lnk backup=c:\windows\pss\Gangsters2Setup.lnk.Startup backupExtension=.Startup [HKLM\~\startupfolder\C:^Users^privat^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^hamachi.lnk] path=c:\users\privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hamachi.lnk backup=c:\windows\pss\hamachi.lnk.Startup backupExtension=.Startup [HKLM\~\startupfolder\C:^Users^privat^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk] path=c:\users\privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk backup=c:\windows\pss\MagicDisc.lnk.Startup backupExtension=.Startup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "TCP Query User{2185A545-8E8A-4AF3-B136-E6DFF6E2B804}c:\\program files\\bitspirit\\bitspirit.exe"= UDP:c:\program files\bitspirit\bitspirit.exe:The powerful and easy-to-use BitTorrent Client "UDP Query User{9D5410A7-DDEB-477C-85F4-BA1395A85038}c:\\program files\\bitspirit\\bitspirit.exe"= TCP:c:\program files\bitspirit\bitspirit.exe:The powerful and easy-to-use BitTorrent Client "{7081F15A-ADAE-4CCC-A020-9A2258BA1563}"= c:\program files\Skype\Phone\Skype.exe:Skype "TCP Query User{4794D607-99D8-44E0-BB12-C029E28F9699}c:\\program files\\steam\\steamapps\\goranh\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\goranh\counter-strike source\hl2.exe:hl2 "UDP Query User{E84B2083-4536-4415-9B69-4BB94C659019}c:\\program files\\steam\\steamapps\\goranh\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\goranh\counter-strike source\hl2.exe:hl2 "TCP Query User{159AE89B-AA5F-44A8-B323-25B62E86ED6B}c:\\program files\\steam\\steamapps\\common\\left 4 dead\\left4dead.exe"= UDP:c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe:left4dead "UDP Query User{EEE7D837-C6D2-4A19-919C-474B7F4E7B66}c:\\program files\\steam\\steamapps\\common\\left 4 dead\\left4dead.exe"= TCP:c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe:left4dead "TCP Query User{FB161E21-8550-4A10-8136-A3BDC23517FE}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{6AA1E13B-FFA4-4CB9-B8D4-E89E1F5FF6B8}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "{B67E45FD-CD35-4A41-B7B0-C06499876385}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{95C87FFB-2E24-4ED6-B2AC-A31A4A6DD136}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{5060143C-A1E3-4FDB-8F45-EE665613A25F}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{F8664121-84C0-4F5F-A7B2-05759120E160}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "TCP Query User{5AABEB6D-FB06-4A36-84CE-B037B8FAB36E}c:\\program files\\steam\\steamapps\\goranh\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\goranh\counter-strike source\hl2.exe:hl2 "UDP Query User{394D5FF2-DB90-485A-8F2E-CAD13C5ABFC2}c:\\program files\\steam\\steamapps\\goranh\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\goranh\counter-strike source\hl2.exe:hl2 "TCP Query User{978440AF-EE09-47BF-A90E-76B367C25EE6}c:\\program files\\bitspirit\\bitspirit.exe"= UDP:c:\program files\bitspirit\bitspirit.exe:The powerful and easy-to-use BitTorrent Client "UDP Query User{A07478A6-5B44-4690-B930-86826514C41B}c:\\program files\\bitspirit\\bitspirit.exe"= TCP:c:\program files\bitspirit\bitspirit.exe:The powerful and easy-to-use BitTorrent Client "TCP Query User{F2D2E100-1188-4DAD-8247-C2E80D28DCF1}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{F444E32B-D679-43A3-B2EC-90B49AE4C987}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "{F4399D8F-2D82-490D-9788-4BF42B523D46}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{844C1888-2E6C-4605-9A71-E19588663CAB}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{83E6739E-297A-4240-A74E-45C1D18C39FB}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{B2DAB839-C714-4A98-B348-2A6F7DEB6A03}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{5FEBD4BB-EDA8-4E55-A633-1D3245D80FAE}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{C02BF776-C9F1-40A1-B5EB-ED6452DA68EF}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{BAC4CB27-8A19-446A-8415-3AC07FD2E3A4}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{C7A04F03-0753-4067-8457-186D77C858E4}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe "{3CC1A3D2-D3BF-4B5E-84A1-27791FCFE592}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe "TCP Query User{A8A31403-3EFC-4082-84AC-D62485DBC02B}c:\\users\\privat\\appdata\\local\\temp\\blizzard launcher temporary - a1aaab20\\launcher.exe"= UDP:c:\users\privat\appdata\local\temp\blizzard launcher temporary - a1aaab20\launcher.exe:launcher.exe "UDP Query User{440FC7F3-306F-4ED2-B931-6D2D6137B05E}c:\\users\\privat\\appdata\\local\\temp\\blizzard launcher temporary - a1aaab20\\launcher.exe"= TCP:c:\users\privat\appdata\local\temp\blizzard launcher temporary - a1aaab20\launcher.exe:launcher.exe "TCP Query User{E97F0969-1385-4980-939C-842F96F52D5A}c:\\program files\\magictune premium\\magictune.exe"= UDP:c:\program files\magictune premium\magictune.exe:MagicTune "UDP Query User{E73DEFFE-4095-4F88-8ACA-B53945989829}c:\\program files\\magictune premium\\magictune.exe"= TCP:c:\program files\magictune premium\magictune.exe:MagicTune "TCP Query User{49EFBADE-6EAF-4CD0-BCB1-2D30923093A3}c:\\users\\public\\games\\world of warcraft\\launcher.exe"= UDP:c:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher "UDP Query User{127867B3-7B1D-4D29-A930-772EDB2FBBDA}c:\\users\\public\\games\\world of warcraft\\launcher.exe"= TCP:c:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher "TCP Query User{9B3B8BEA-DD7F-438E-89CB-463B90B55F39}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java Platform SE binary "UDP Query User{8C1F18A5-178D-4633-97A5-177B0C957505}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java Platform SE binary "TCP Query User{1797F088-4C64-4931-BF90-C198F2AA6056}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire "UDP Query User{C0A06563-A18C-4405-8D5E-E8E02DFF2641}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire "TCP Query User{1C7ABAA7-1608-434F-94A4-C378F0A774FB}c:\\program files\\ccp\\eve\\bin\\exefile.exe"= UDP:c:\program files\ccp\eve\bin\exefile.exe:CCP ExeFile "UDP Query User{8BAAD9D9-8223-445E-A961-2DABB3FE846C}c:\\program files\\ccp\\eve\\bin\\exefile.exe"= TCP:c:\program files\ccp\eve\bin\exefile.exe:CCP ExeFile "{E9D41D97-09F5-4ECF-B7BA-F4226D325AAA}"= UDP:c:\program files\Steam\SteamApps\common\empire total war\Empire.exe:Empire: Total War "{84408DA2-67EF-4E18-B64C-D9791F608C07}"= TCP:c:\program files\Steam\SteamApps\common\empire total war\Empire.exe:Empire: Total War "{CD106A56-E4B1-4395-A9CB-BDA38D3F3133}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync "{02F55EE1-4B15-48A6-814B-F402BA7F6EDD}"= UDP:c:\program files\Steam\SteamApps\common\saints row 2\SR2_pc.exe:Saints Row 2 "{96565058-0ECE-4A51-A789-10C5DCBD7110}"= TCP:c:\program files\Steam\SteamApps\common\saints row 2\SR2_pc.exe:Saints Row 2 "{52459534-075D-4DA1-B717-C058E26F856A}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{0093249C-5836-4968-85F9-704EE17E332B}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{CBF6FA76-818A-44A7-9F15-F468325A016A}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{B09F8599-2AEC-4336-AEC6-E44AF5C9D2DD}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "{C8724527-8464-4AFE-BEDC-4666A42E931D}"= UDP:c:\users\Public\Games\World of Warcraft\BackgroundDownloader.exe:Blizzard Downloader "{CD241FA9-33CD-4B38-910D-A59896A4350D}"= TCP:c:\users\Public\Games\World of Warcraft\BackgroundDownloader.exe:Blizzard Downloader "{E1D0DFAB-A50C-42F5-8F8D-5E2106B29D7B}"= UDP:3724:Blizzard Downloader: 3724 "TCP Query User{B67BD0FB-195D-482C-99AD-B8DA7C211797}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC "UDP Query User{DE2E2DB4-6598-4CD6-944E-60FAC56AA820}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC "TCP Query User{C87089DC-572D-4762-99EC-1DAC349377D2}c:\\program files\\steam\\steamapps\\common\\saints row 2\\sr2_pc.exe"= UDP:c:\program files\steam\steamapps\common\saints row 2\sr2_pc.exe:SR2_pc "UDP Query User{58771369-58BD-4332-928B-D9709ABFE8BB}c:\\program files\\steam\\steamapps\\common\\saints row 2\\sr2_pc.exe"= TCP:c:\program files\steam\steamapps\common\saints row 2\sr2_pc.exe:SR2_pc "TCP Query User{A608EC8F-3CFE-45D7-9107-F5B5654C1FCF}c:\\warcraft iii craka (1.18)\\war3.exe"= UDP:c:\warcraft iii craka (1.18)\war3.exe:Warcraft III "UDP Query User{C6F891FF-56AB-4C0B-9247-A141E207A83C}c:\\warcraft iii craka (1.18)\\war3.exe"= TCP:c:\warcraft iii craka (1.18)\war3.exe:Warcraft III "TCP Query User{23FD1881-4D2D-4447-BE26-1FE6F622F831}c:\\starcraft\\starcraft.exe"= UDP:c:\starcraft\starcraft.exe:StarCraft "UDP Query User{D74396E5-B6F7-4CAA-9DA1-21D82031D24A}c:\\starcraft\\starcraft.exe"= TCP:c:\starcraft\starcraft.exe:StarCraft "{D05BC619-146A-4242-8E74-5C6EFABC3B0D}"= UDP:c:\program files\Electronic Arts\The Battle for Middle-earth II\game.dat:The Battle for Middle-earth II "{1AA24C81-D528-43AB-8CE3-E21484F0DA98}"= TCP:c:\program files\Electronic Arts\The Battle for Middle-earth II\game.dat:The Battle for Middle-earth II "TCP Query User{A9E69C70-57C8-422A-AAFE-5F036353B1E2}c:\\program files\\electronic arts\\the battle for middle-earth ii\\patchget.dat"= UDP:c:\program files\electronic arts\the battle for middle-earth ii\patchget.dat:patchgrabber "UDP Query User{5A750372-B4EE-4664-B844-A4EAA54A743F}c:\\program files\\electronic arts\\the battle for middle-earth ii\\patchget.dat"= TCP:c:\program files\electronic arts\the battle for middle-earth ii\patchget.dat:patchgrabber "TCP Query User{398FF3B6-C262-4A78-B77E-79F85DEDBD2F}c:\\program files\\steam\\steamapps\\common\\tom clancy's h.a.w.x - demo\\hawx.exe"= UDP:c:\program files\steam\steamapps\common\tom clancy's h.a.w.x - demo\hawx.exe:HAWX "UDP Query User{440D1C32-DC95-4F70-A821-F0BAD74F7B2D}c:\\program files\\steam\\steamapps\\common\\tom clancy's h.a.w.x - demo\\hawx.exe"= TCP:c:\program files\steam\steamapps\common\tom clancy's h.a.w.x - demo\hawx.exe:HAWX "{2CE2D1D4-BBBF-4702-A26A-3D95E325563F}"= UDP:c:\users\Public\Games\World of Warcraft\BackgroundDownloader.exe:Blizzard Downloader "{F5E91ADA-A592-4DC5-AD2C-4DF13638B345}"= TCP:c:\users\Public\Games\World of Warcraft\BackgroundDownloader.exe:Blizzard Downloader "{3D0213B2-C936-43AF-9BFF-F7368BCA0030}"= UDP:3724:Blizzard Downloader: 3724 "{76487187-855A-4957-B5BF-E5522AF9CFF8}"= UDP:c:\program files\Steam\SteamApps\common\tom clany's hawx\HAWX.exe:Tom Clancy's H.A.W.X "{330C1C79-E8D5-4191-9D97-D24575C6C8C5}"= TCP:c:\program files\Steam\SteamApps\common\tom clany's hawx\HAWX.exe:Tom Clancy's H.A.W.X "{AFB5247E-B318-4760-8B67-A935B57B5EDB}"= UDP:c:\program files\Steam\SteamApps\common\tom clany's hawx\HAWX_dx10.exe:Tom Clancy's H.A.W.X "{54E64FF7-BB80-44A4-9E73-D066CCD08932}"= TCP:c:\program files\Steam\SteamApps\common\tom clany's hawx\HAWX_dx10.exe:Tom Clancy's H.A.W.X "{9472C1B8-937D-4A4A-9922-5DB1CC800691}"= c:\program files\AVG\AVG8\avgam.exe:avgam.exe "{CFDA5E80-8514-4AE4-8212-C9AA7A6D4EF6}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe "{CDE0DB24-A7A7-4044-A54C-CF1301CDB4B4}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe "{90419B96-BB62-4550-BB30-3DB1774C1486}"= UDP:c:\program files\Steam\SteamApps\common\left 4 dead\left4dead.exe:Left 4 Dead "{DE04C6B8-C6DB-4B09-ADDC-CFBE8BFA707E}"= TCP:c:\program files\Steam\SteamApps\common\left 4 dead\left4dead.exe:Left 4 Dead R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [06.02.2009 14:23 106208] R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\System32\drivers\sp_rsdrv2.sys [30.11.2008 13:10 141312] R2 epfwwfpr;epfwwfpr;c:\windows\System32\drivers\epfwwfpr.sys [06.02.2009 14:24 92800] R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\System32\drivers\vrtaucbl.sys [02.02.2009 19:10 42496] S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\System32\drivers\wg111v3.sys [05.12.2008 17:34 227328] S4 ekrn;ESET Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" --> c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [?] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc Lenke til kommentar
snippsat Skrevet 21. mai 2009 Del Skrevet 21. mai 2009 (endret) Loggen ser grei ut. Edit skulle gjerne hatt komplett logg. Se du har "hamachi" installert. Dette er et av scritkiddyens favoritt verktøy for og få adgang til andres pcer. Skal du ha installert husk og ha den oppdatert,skift passord på "hamachi". Med dette kan dem finne info som passord på email kontoer. Endret 21. mai 2009 av SNIPPSAT Lenke til kommentar
Helox Skrevet 21. mai 2009 Forfatter Del Skrevet 21. mai 2009 Alright, men for sikkerhetsskyld poster jeg hele loggen ComboFix 09-05-20.A1 - privat 21.05.2009 23:51.1 - NTFSx86 Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.47.1044.18.3070.2264 [GMT 2:00] Kjører fra: c:\users\privat\Desktop\ComboFix.exe AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} SP: AVG Anti-Virus *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-04-21 til 2009-05-21 ))))))))))))))))))))))))))))))))) . 2009-05-21 21:54 . 2009-05-21 21:54 -------- d-----w c:\users\privat\AppData\Local\temp 2009-05-21 20:41 . 2009-05-21 20:46 -------- d-----w c:\program files\Perfect Uninstaller 2009-05-21 14:05 . 2009-05-21 14:05 -------- d-----w C:\Boot 2009-05-11 05:49 . 2009-05-20 11:03 -------- d--h--w C:\$AVG8.VAULT$ 2009-05-11 05:09 . 2009-05-11 06:59 11952 ----a-w c:\windows\system32\avgrsstx.dll 2009-05-11 05:09 . 2009-05-11 06:58 12552 ----a-w c:\windows\system32\drivers\avgrkx86.sys 2009-05-11 05:09 . 2009-05-11 06:58 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys 2009-05-11 05:09 . 2009-05-11 06:59 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys 2009-05-11 05:09 . 2009-05-21 15:58 -------- d-----w c:\windows\system32\drivers\Avg 2009-05-11 05:09 . 2009-05-21 20:04 -------- d-----w c:\programdata\avg8 2009-05-11 05:09 . 2009-05-21 20:04 -------- d-----w c:\users\All Users\avg8 2009-04-27 04:36 . 2005-08-25 22:50 77312 ----a-w c:\windows\system32\ztvunace26.dll 2009-04-27 04:36 . 2006-05-25 12:52 162304 ----a-w c:\windows\system32\ztvunrar36.dll 2009-04-27 04:36 . 2006-06-19 10:01 69632 ----a-w c:\windows\system32\ztvcabinet.dll 2009-04-27 04:36 . 2002-03-05 22:00 75264 ----a-w c:\windows\system32\unacev2.dll 2009-04-27 04:36 . 2003-02-02 17:06 153088 ----a-w c:\windows\system32\UNRAR3.dll 2009-04-27 04:36 . 2009-04-27 04:36 -------- d-----w c:\programdata\Simply Super Software 2009-04-27 04:36 . 2009-04-27 04:36 -------- d-----w c:\users\All Users\Simply Super Software 2009-04-27 04:36 . 2009-04-27 04:36 -------- d-----w c:\users\privat\AppData\Roaming\Simply Super Software . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-21 21:53 . 2006-11-21 05:13 77116 ----a-w c:\windows\system32\perfc014.dat 2009-05-21 21:53 . 2006-11-21 05:13 455000 ----a-w c:\windows\system32\perfh014.dat 2009-05-21 21:45 . 2008-12-01 15:15 1356 ----a-w c:\users\privat\AppData\Local\d3d9caps.dat 2009-05-21 21:00 . 2009-03-20 20:49 -------- d-----w c:\program files\ESET 2009-05-21 20:56 . 2009-03-29 10:10 -------- d-----w c:\program files\Steam 2009-05-19 16:16 . 2008-12-01 16:02 -------- d-----w c:\program files\Common Files\Steam 2009-05-14 01:00 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail 2009-04-28 15:44 . 2009-03-20 20:39 -------- d-----w c:\program files\Trojan Remover 2009-04-18 16:38 . 2008-05-20 16:44 176307197 ----a-w c:\windows\DUMP41c0.tmp 2009-04-10 09:28 . 2009-04-10 09:28 -------- d-----w c:\program files\MagicDisc 2009-04-10 09:28 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstrng.dat 2009-04-10 09:28 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat 2009-04-10 09:28 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat 2009-04-09 14:47 . 2009-04-09 14:47 98304 ----a-w c:\windows\system32CmdLineExt.dll 2009-04-09 10:03 . 2009-04-08 20:40 -------- d-----w c:\program files\Electronic Arts 2009-04-07 14:20 . 2009-04-07 14:20 -------- d-----w c:\program files\mIRC 2009-04-07 10:12 . 2009-04-07 10:11 -------- d-----w c:\program files\Deer Hunter Tournament 2009-04-06 17:57 . 2008-12-02 21:56 -------- d-----w c:\program files\LimeWire 2009-04-05 09:47 . 2009-04-05 09:46 -------- d-----w c:\program files\iTunes 2009-04-05 09:46 . 2009-04-05 09:46 -------- d-----w c:\program files\iPod 2009-04-05 09:46 . 2008-12-05 05:54 -------- d-----w c:\program files\Common Files\Apple 2009-04-05 09:44 . 2009-04-05 09:44 -------- d-----w c:\program files\QuickTime 2009-04-05 09:38 . 2009-04-05 09:38 -------- d-----w c:\program files\Bonjour 2009-03-28 13:29 . 2009-03-26 16:13 717296 ----a-w c:\windows\system32\drivers\sptd.sys 2009-03-26 15:57 . 2009-03-26 15:57 -------- d-----w c:\program files\MagicISO 2009-03-24 17:13 . 2008-12-01 18:43 -------- d-----w c:\program files\Windows Live 2009-03-24 17:12 . 2009-03-24 17:12 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition 2009-03-24 17:10 . 2009-03-24 17:10 -------- d-----w c:\program files\Microsoft 2009-03-24 17:09 . 2009-03-24 17:09 -------- d-----w c:\program files\Windows Live SkyDrive 2009-03-24 17:06 . 2009-03-24 17:06 -------- d-----w c:\program files\Common Files\Windows Live 2009-03-24 15:22 . 2009-03-24 15:22 -------- d-----w c:\program files\Alwil Software 2009-03-17 03:38 . 2009-04-16 04:36 13824 ----a-w c:\windows\system32\apilogen.dll 2009-03-17 03:38 . 2009-04-16 04:36 24064 ----a-w c:\windows\system32\amxread.dll 2009-03-05 21:59 . 2009-03-05 21:59 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys 2009-03-05 21:59 . 2009-03-05 21:59 1900544 ----a-w c:\windows\system32\usbaaplrc.dll 2009-03-03 04:46 . 2009-04-16 04:36 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe 2009-03-03 04:46 . 2009-04-16 04:36 3547632 ----a-w c:\windows\system32\ntoskrnl.exe 2009-03-03 04:40 . 2009-04-16 04:36 827392 ----a-w c:\windows\system32\wininet.dll 2009-03-03 04:39 . 2009-04-16 04:36 183296 ----a-w c:\windows\system32\sdohlp.dll 2009-03-03 04:39 . 2009-04-16 04:36 551424 ----a-w c:\windows\system32\rpcss.dll 2009-03-03 04:39 . 2009-04-16 04:36 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll 2009-03-03 04:37 . 2009-04-16 04:36 78336 ----a-w c:\windows\system32\ieencode.dll 2009-03-03 04:37 . 2009-04-16 04:36 98304 ----a-w c:\windows\system32\iasrecst.dll 2009-03-03 04:37 . 2009-04-16 04:36 44032 ----a-w c:\windows\system32\iasdatastore.dll 2009-03-03 04:37 . 2009-04-16 04:36 54784 ----a-w c:\windows\system32\iasads.dll 2009-03-03 03:04 . 2009-04-16 04:36 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe 2009-03-03 02:38 . 2009-04-16 04:36 17408 ----a-w c:\windows\system32\iashost.exe 2009-03-03 02:28 . 2009-04-16 04:36 26624 ----a-w c:\windows\system32\ieUnatt.exe 2009-03-01 14:37 . 2008-11-30 10:45 102208 ----a-w c:\users\privat\AppData\Local\GDIPFONTCACHEV1.DAT 2009-02-24 16:42 . 2009-04-10 09:28 116736 ----a-w c:\windows\system32\drivers\mcdbus.sys 2008-12-05 02:22 . 2006-11-02 12:48 174 --sha-w c:\program files\desktop.ini . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\avgrsstx.dll [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GammaTray.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\GammaTray.lnk backup=c:\windows\pss\GammaTray.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WG111v3 Smart Wizard.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk backup=c:\windows\pss\NETGEAR WG111v3 Smart Wizard.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SetPointII.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SetPointII.lnk backup=c:\windows\pss\SetPointII.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^Users^privat^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Gangsters2Setup.lnk] path=c:\users\privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Gangsters2Setup.lnk backup=c:\windows\pss\Gangsters2Setup.lnk.Startup backupExtension=.Startup [HKLM\~\startupfolder\C:^Users^privat^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^hamachi.lnk] path=c:\users\privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hamachi.lnk backup=c:\windows\pss\hamachi.lnk.Startup backupExtension=.Startup [HKLM\~\startupfolder\C:^Users^privat^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk] path=c:\users\privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk backup=c:\windows\pss\MagicDisc.lnk.Startup backupExtension=.Startup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "TCP Query User{2185A545-8E8A-4AF3-B136-E6DFF6E2B804}c:\\program files\\bitspirit\\bitspirit.exe"= UDP:c:\program files\bitspirit\bitspirit.exe:The powerful and easy-to-use BitTorrent Client "UDP Query User{9D5410A7-DDEB-477C-85F4-BA1395A85038}c:\\program files\\bitspirit\\bitspirit.exe"= TCP:c:\program files\bitspirit\bitspirit.exe:The powerful and easy-to-use BitTorrent Client "{7081F15A-ADAE-4CCC-A020-9A2258BA1563}"= c:\program files\Skype\Phone\Skype.exe:Skype "TCP Query User{4794D607-99D8-44E0-BB12-C029E28F9699}c:\\program files\\steam\\steamapps\\goranh\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\goranh\counter-strike source\hl2.exe:hl2 "UDP Query User{E84B2083-4536-4415-9B69-4BB94C659019}c:\\program files\\steam\\steamapps\\goranh\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\goranh\counter-strike source\hl2.exe:hl2 "TCP Query User{159AE89B-AA5F-44A8-B323-25B62E86ED6B}c:\\program files\\steam\\steamapps\\common\\left 4 dead\\left4dead.exe"= UDP:c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe:left4dead "UDP Query User{EEE7D837-C6D2-4A19-919C-474B7F4E7B66}c:\\program files\\steam\\steamapps\\common\\left 4 dead\\left4dead.exe"= TCP:c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe:left4dead "TCP Query User{FB161E21-8550-4A10-8136-A3BDC23517FE}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{6AA1E13B-FFA4-4CB9-B8D4-E89E1F5FF6B8}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "{B67E45FD-CD35-4A41-B7B0-C06499876385}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{95C87FFB-2E24-4ED6-B2AC-A31A4A6DD136}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{5060143C-A1E3-4FDB-8F45-EE665613A25F}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{F8664121-84C0-4F5F-A7B2-05759120E160}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "TCP Query User{5AABEB6D-FB06-4A36-84CE-B037B8FAB36E}c:\\program files\\steam\\steamapps\\goranh\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\goranh\counter-strike source\hl2.exe:hl2 "UDP Query User{394D5FF2-DB90-485A-8F2E-CAD13C5ABFC2}c:\\program files\\steam\\steamapps\\goranh\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\goranh\counter-strike source\hl2.exe:hl2 "TCP Query User{978440AF-EE09-47BF-A90E-76B367C25EE6}c:\\program files\\bitspirit\\bitspirit.exe"= UDP:c:\program files\bitspirit\bitspirit.exe:The powerful and easy-to-use BitTorrent Client "UDP Query User{A07478A6-5B44-4690-B930-86826514C41B}c:\\program files\\bitspirit\\bitspirit.exe"= TCP:c:\program files\bitspirit\bitspirit.exe:The powerful and easy-to-use BitTorrent Client "TCP Query User{F2D2E100-1188-4DAD-8247-C2E80D28DCF1}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{F444E32B-D679-43A3-B2EC-90B49AE4C987}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "{F4399D8F-2D82-490D-9788-4BF42B523D46}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{844C1888-2E6C-4605-9A71-E19588663CAB}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{83E6739E-297A-4240-A74E-45C1D18C39FB}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{B2DAB839-C714-4A98-B348-2A6F7DEB6A03}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{5FEBD4BB-EDA8-4E55-A633-1D3245D80FAE}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{C02BF776-C9F1-40A1-B5EB-ED6452DA68EF}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{BAC4CB27-8A19-446A-8415-3AC07FD2E3A4}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{C7A04F03-0753-4067-8457-186D77C858E4}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe "{3CC1A3D2-D3BF-4B5E-84A1-27791FCFE592}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe "TCP Query User{A8A31403-3EFC-4082-84AC-D62485DBC02B}c:\\users\\privat\\appdata\\local\\temp\\blizzard launcher temporary - a1aaab20\\launcher.exe"= UDP:c:\users\privat\appdata\local\temp\blizzard launcher temporary - a1aaab20\launcher.exe:launcher.exe "UDP Query User{440FC7F3-306F-4ED2-B931-6D2D6137B05E}c:\\users\\privat\\appdata\\local\\temp\\blizzard launcher temporary - a1aaab20\\launcher.exe"= TCP:c:\users\privat\appdata\local\temp\blizzard launcher temporary - a1aaab20\launcher.exe:launcher.exe "TCP Query User{E97F0969-1385-4980-939C-842F96F52D5A}c:\\program files\\magictune premium\\magictune.exe"= UDP:c:\program files\magictune premium\magictune.exe:MagicTune "UDP Query User{E73DEFFE-4095-4F88-8ACA-B53945989829}c:\\program files\\magictune premium\\magictune.exe"= TCP:c:\program files\magictune premium\magictune.exe:MagicTune "TCP Query User{49EFBADE-6EAF-4CD0-BCB1-2D30923093A3}c:\\users\\public\\games\\world of warcraft\\launcher.exe"= UDP:c:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher "UDP Query User{127867B3-7B1D-4D29-A930-772EDB2FBBDA}c:\\users\\public\\games\\world of warcraft\\launcher.exe"= TCP:c:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher "TCP Query User{9B3B8BEA-DD7F-438E-89CB-463B90B55F39}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java Platform SE binary "UDP Query User{8C1F18A5-178D-4633-97A5-177B0C957505}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java Platform SE binary "TCP Query User{1797F088-4C64-4931-BF90-C198F2AA6056}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire "UDP Query User{C0A06563-A18C-4405-8D5E-E8E02DFF2641}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire "TCP Query User{1C7ABAA7-1608-434F-94A4-C378F0A774FB}c:\\program files\\ccp\\eve\\bin\\exefile.exe"= UDP:c:\program files\ccp\eve\bin\exefile.exe:CCP ExeFile "UDP Query User{8BAAD9D9-8223-445E-A961-2DABB3FE846C}c:\\program files\\ccp\\eve\\bin\\exefile.exe"= TCP:c:\program files\ccp\eve\bin\exefile.exe:CCP ExeFile "{E9D41D97-09F5-4ECF-B7BA-F4226D325AAA}"= UDP:c:\program files\Steam\SteamApps\common\empire total war\Empire.exe:Empire: Total War "{84408DA2-67EF-4E18-B64C-D9791F608C07}"= TCP:c:\program files\Steam\SteamApps\common\empire total war\Empire.exe:Empire: Total War "{CD106A56-E4B1-4395-A9CB-BDA38D3F3133}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync "{02F55EE1-4B15-48A6-814B-F402BA7F6EDD}"= UDP:c:\program files\Steam\SteamApps\common\saints row 2\SR2_pc.exe:Saints Row 2 "{96565058-0ECE-4A51-A789-10C5DCBD7110}"= TCP:c:\program files\Steam\SteamApps\common\saints row 2\SR2_pc.exe:Saints Row 2 "{52459534-075D-4DA1-B717-C058E26F856A}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{0093249C-5836-4968-85F9-704EE17E332B}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{CBF6FA76-818A-44A7-9F15-F468325A016A}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{B09F8599-2AEC-4336-AEC6-E44AF5C9D2DD}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "{C8724527-8464-4AFE-BEDC-4666A42E931D}"= UDP:c:\users\Public\Games\World of Warcraft\BackgroundDownloader.exe:Blizzard Downloader "{CD241FA9-33CD-4B38-910D-A59896A4350D}"= TCP:c:\users\Public\Games\World of Warcraft\BackgroundDownloader.exe:Blizzard Downloader "{E1D0DFAB-A50C-42F5-8F8D-5E2106B29D7B}"= UDP:3724:Blizzard Downloader: 3724 "TCP Query User{B67BD0FB-195D-482C-99AD-B8DA7C211797}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC "UDP Query User{DE2E2DB4-6598-4CD6-944E-60FAC56AA820}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC "TCP Query User{C87089DC-572D-4762-99EC-1DAC349377D2}c:\\program files\\steam\\steamapps\\common\\saints row 2\\sr2_pc.exe"= UDP:c:\program files\steam\steamapps\common\saints row 2\sr2_pc.exe:SR2_pc "UDP Query User{58771369-58BD-4332-928B-D9709ABFE8BB}c:\\program files\\steam\\steamapps\\common\\saints row 2\\sr2_pc.exe"= TCP:c:\program files\steam\steamapps\common\saints row 2\sr2_pc.exe:SR2_pc "TCP Query User{A608EC8F-3CFE-45D7-9107-F5B5654C1FCF}c:\\warcraft iii craka (1.18)\\war3.exe"= UDP:c:\warcraft iii craka (1.18)\war3.exe:Warcraft III "UDP Query User{C6F891FF-56AB-4C0B-9247-A141E207A83C}c:\\warcraft iii craka (1.18)\\war3.exe"= TCP:c:\warcraft iii craka (1.18)\war3.exe:Warcraft III "TCP Query User{23FD1881-4D2D-4447-BE26-1FE6F622F831}c:\\starcraft\\starcraft.exe"= UDP:c:\starcraft\starcraft.exe:StarCraft "UDP Query User{D74396E5-B6F7-4CAA-9DA1-21D82031D24A}c:\\starcraft\\starcraft.exe"= TCP:c:\starcraft\starcraft.exe:StarCraft "{D05BC619-146A-4242-8E74-5C6EFABC3B0D}"= UDP:c:\program files\Electronic Arts\The Battle for Middle-earth II\game.dat:The Battle for Middle-earth II "{1AA24C81-D528-43AB-8CE3-E21484F0DA98}"= TCP:c:\program files\Electronic Arts\The Battle for Middle-earth II\game.dat:The Battle for Middle-earth II "TCP Query User{A9E69C70-57C8-422A-AAFE-5F036353B1E2}c:\\program files\\electronic arts\\the battle for middle-earth ii\\patchget.dat"= UDP:c:\program files\electronic arts\the battle for middle-earth ii\patchget.dat:patchgrabber "UDP Query User{5A750372-B4EE-4664-B844-A4EAA54A743F}c:\\program files\\electronic arts\\the battle for middle-earth ii\\patchget.dat"= TCP:c:\program files\electronic arts\the battle for middle-earth ii\patchget.dat:patchgrabber "TCP Query User{398FF3B6-C262-4A78-B77E-79F85DEDBD2F}c:\\program files\\steam\\steamapps\\common\\tom clancy's h.a.w.x - demo\\hawx.exe"= UDP:c:\program files\steam\steamapps\common\tom clancy's h.a.w.x - demo\hawx.exe:HAWX "UDP Query User{440D1C32-DC95-4F70-A821-F0BAD74F7B2D}c:\\program files\\steam\\steamapps\\common\\tom clancy's h.a.w.x - demo\\hawx.exe"= TCP:c:\program files\steam\steamapps\common\tom clancy's h.a.w.x - demo\hawx.exe:HAWX "{2CE2D1D4-BBBF-4702-A26A-3D95E325563F}"= UDP:c:\users\Public\Games\World of Warcraft\BackgroundDownloader.exe:Blizzard Downloader "{F5E91ADA-A592-4DC5-AD2C-4DF13638B345}"= TCP:c:\users\Public\Games\World of Warcraft\BackgroundDownloader.exe:Blizzard Downloader "{3D0213B2-C936-43AF-9BFF-F7368BCA0030}"= UDP:3724:Blizzard Downloader: 3724 "{76487187-855A-4957-B5BF-E5522AF9CFF8}"= UDP:c:\program files\Steam\SteamApps\common\tom clany's hawx\HAWX.exe:Tom Clancy's H.A.W.X "{330C1C79-E8D5-4191-9D97-D24575C6C8C5}"= TCP:c:\program files\Steam\SteamApps\common\tom clany's hawx\HAWX.exe:Tom Clancy's H.A.W.X "{AFB5247E-B318-4760-8B67-A935B57B5EDB}"= UDP:c:\program files\Steam\SteamApps\common\tom clany's hawx\HAWX_dx10.exe:Tom Clancy's H.A.W.X "{54E64FF7-BB80-44A4-9E73-D066CCD08932}"= TCP:c:\program files\Steam\SteamApps\common\tom clany's hawx\HAWX_dx10.exe:Tom Clancy's H.A.W.X "{9472C1B8-937D-4A4A-9922-5DB1CC800691}"= c:\program files\AVG\AVG8\avgam.exe:avgam.exe "{CFDA5E80-8514-4AE4-8212-C9AA7A6D4EF6}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe "{CDE0DB24-A7A7-4044-A54C-CF1301CDB4B4}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe "{90419B96-BB62-4550-BB30-3DB1774C1486}"= UDP:c:\program files\Steam\SteamApps\common\left 4 dead\left4dead.exe:Left 4 Dead "{DE04C6B8-C6DB-4B09-ADDC-CFBE8BFA707E}"= TCP:c:\program files\Steam\SteamApps\common\left 4 dead\left4dead.exe:Left 4 Dead R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [06.02.2009 14:23 106208] R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\System32\drivers\sp_rsdrv2.sys [30.11.2008 13:10 141312] R2 epfwwfpr;epfwwfpr;c:\windows\System32\drivers\epfwwfpr.sys [06.02.2009 14:24 92800] R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\System32\drivers\vrtaucbl.sys [02.02.2009 19:10 42496] S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\System32\drivers\wg111v3.sys [05.12.2008 17:34 227328] S4 ekrn;ESET Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" --> c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [?] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc . . ------- Tilleggsskanning ------- . uInternet Settings,ProxyOverride = *.local IE: Download Using &BitSpirit - c:\program files\BitSpirit\bsurl.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: ÓñÈÌؾ«ÁéÏÂÔØ(&B) . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-21 23:54 Windows 6.0.6001 Service Pack 1 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_USERS\S-1-5-21-2068255581-24606702-83123137-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:f5,2e,53,0e,63,56,00,9b,44,8c,ae,ad,d5,3b,1a,ca,c7,d4,6e,45,3b,31,1f, c3,81,d5,a2,60,64,7c,52,3c,91,88,f4,03,b1,c8,17,d1,be,0b,ff,d3,cd,0c,37,af,\ "??"=hex:72,79,4f,c2,76,61,ff,b9,bb,50,31,5f,57,19,40,31 . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'Explorer.exe'(3028) c:\program files\Common Files\Ahead\Lib\MediaLibraryNSE.dll c:\program files\Common Files\Ahead\Lib\MFC71U.DLL . Tidspunkt ferdig: 2009-05-21 23:56 ComboFix-quarantined-files.txt 2009-05-21 21:56 Pre-Run: 249 272 311 808 byte ledig Post-Run: 249 865 396 224 byte ledig 239 --- E O F --- 2009-05-21 01:00 Lenke til kommentar
snippsat Skrevet 21. mai 2009 Del Skrevet 21. mai 2009 Ser bra ut. Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc. Last ned kjør CCleaner 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t. Kjør register-renser "svar ja til og reparere" --> backup svar ja når du blir spørt. Kjør register-renser et par ganger til alle feil er borte. Sjekk om software er oppdatert Secunia Lenke til kommentar
Helox Skrevet 22. mai 2009 Forfatter Del Skrevet 22. mai 2009 Okey, takk for all hjelp Snippsat! Setter virkelig pris på det. Lenke til kommentar
PerB Skrevet 22. mai 2009 Del Skrevet 22. mai 2009 Her er det også interessant å få rede på hvorfor du tror den ene email-kontoen din er blitt hacket og ingen av de andre. Ja, det er det som er litt merkelig. Hvorfor bare den ene e-mailen min? Planlegger å formatere PC'en min ja. Blir ikke så mye stress. Du har fortsatt ikke forklart hvorfor du tror en dene emailkontoen er hacket. Disse opplysningene er viktig ettersom det ikke er funnet trojanere/virus på maskinen din. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå