Gå til innhold

Webcam hacket. Hjelp!

Senzation

Av Senzation
i IKT-drift og sikkerhet

Anbefalte innlegg

Senzation

Senzation

Skrevet
Skrevet

Ok, for 5 minutter siden kom det opp en rute, ca 400x400 px, to menn satt og såg, ruten forsvant igjen etter 1 sekund. PC'en har innebygd webkamera. > Ekleste jeg har vært borti noen gang.

 

Noen som vet hvordan jeg kan finne ut hvilken tjeneste som tillater dette på maskinen? Kan jeg scanne etter program som overtar cammen på pc'en eller noe?

 

Hjelp, fort! :ohmy:

Lenke til kommentar

Videoannonse

Videoannonse
Annonse
Senzation

Senzation

Skrevet
  • Forfatter
Skrevet

Scannet maskinen med Malware Anti-Malware og fikk denne loggen:

 

Malwarebytes' Anti-Malware 1.41
Databaseversjon: 2775
Windows 6.0.6001 Service Pack 1

09.10.2009 15:36:06
mbam-log-2009-10-09 (15-35-58).txt

Skanntype: Rask Skann
Objekter skannet: 84521
Tid tilbakelagt: 5 minute(s), 1 second(s)

Minneprosesser infisert: 0
Minnemoduler infisert: 0
Registernøkler infisert: 1
Registerverdier infisert: 0
Registerfiler infisert: 0
Mapper infisert: 0
Filer infisert: 0

Minneprosesser infisert:
(Ingen mistenkelige filer funnet)

Minnemoduler infisert:
(Ingen mistenkelige filer funnet)

Registernøkler infisert:
HKEY_CLASSES_ROOT\kt_bho.KettleBho (Trojan.BHO) -> No action taken.

Registerverdier infisert:
(Ingen mistenkelige filer funnet)

Registerfiler infisert:
(Ingen mistenkelige filer funnet)

Mapper infisert:
(Ingen mistenkelige filer funnet)

Filer infisert:
(Ingen mistenkelige filer funnet)

Lenke til kommentar
Senzation

Senzation

Skrevet
  • Forfatter
Skrevet

ColdIce:

 

ComboFix Quarantine Files

 

2009-10-09 13:57:29 . 2009-10-09 13:57:29 1,526 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Spotify.reg.dat

2009-10-09 13:53:54 . 2009-10-09 13:53:54 5,741 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg

2009-10-09 13:47:13 . 2009-10-09 13:48:29 62 ----a-w- C:\Qoobox\Quarantine\catchme.log

2009-10-04 18:10:14 . 2009-10-04 18:10:14 918,016 ----a-w- C:\Qoobox\Quarantine\C\Windows\Installer\100d29.msi.vir

2009-10-04 18:02:35 . 2009-02-20 14:20:18 8,082 ----a-w- C:\Qoobox\Quarantine\C\Windows\Suyin.reg.vir

2009-03-04 00:11:19 . 2009-03-04 00:11:19 918,016 ----a-w- C:\Qoobox\Quarantine\C\Windows\Installer\18e38.msi.vir

 

Er dette til noen hjelp?

 

 

DarkZhade: Ganske åpenbart at de satt og så på meg/oss. Det virket som om de krysset ruten ut med en gang, fordi de sikkert åpnet den med en feil..

Lenke til kommentar
Senzation

Senzation

Skrevet
  • Forfatter
Skrevet
ComboFix 09-10-08.04 - Toro 09.10.2009 15:48.1.2 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.47.1044.18.3066.1668 [GMT 2:00]

Kjører fra: c:\users\Toro\Downloads\ComboFix.exe

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

* Anti-virus er aktiv

 

.

 

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\Installer\100d29.msi

c:\windows\Installer\18e38.msi

c:\windows\Suyin.reg

c:\windows\Temp\log.txt

 

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2009-09-09 til 2009-10-09 )))))))))))))))))))))))))))))))))

.

 

2009-10-09 13:55 . 2009-10-09 13:55 -------- d-----w- c:\users\Default\AppData\Local\temp

2009-10-09 13:19 . 2009-10-09 13:19 -------- d-----w- c:\users\Toro\AppData\Roaming\Malwarebytes

2009-10-09 13:19 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-10-09 13:19 . 2009-10-09 13:19 -------- d-----w- c:\programdata\Malwarebytes

2009-10-09 13:19 . 2009-10-09 13:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-10-09 13:19 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-10-07 21:07 . 2009-10-07 21:26 -------- d-----w- c:\users\Toro\AppData\Local\Apple Computer

2009-10-07 21:07 . 2009-10-07 21:22 -------- d-----w- c:\users\Toro\AppData\Roaming\Apple Computer

2009-10-07 21:07 . 2009-10-07 21:07 -------- dc----w- c:\windows\system32\DRVSTORE

2009-10-07 21:07 . 2009-05-18 12:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2009-10-07 21:07 . 2008-04-17 11:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll

2009-10-07 21:06 . 2009-10-07 21:06 -------- d-----w- c:\program files\iPod

2009-10-07 21:06 . 2009-10-07 21:07 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}

2009-10-07 21:06 . 2009-10-07 21:07 -------- d-----w- c:\program files\iTunes

2009-10-07 21:04 . 2009-10-07 21:04 -------- d-----w- c:\program files\Bonjour

2009-10-07 21:03 . 2009-10-07 21:04 -------- d-----w- c:\program files\QuickTime

2009-10-07 21:03 . 2009-10-07 21:06 -------- d-----w- c:\programdata\Apple Computer

2009-10-07 21:03 . 2009-10-07 21:03 -------- d-----w- c:\users\Toro\AppData\Local\Apple

2009-10-07 21:03 . 2009-10-07 21:03 -------- d-----w- c:\program files\Apple Software Update

2009-10-07 21:00 . 2009-10-07 21:06 -------- d-----w- c:\program files\Common Files\Apple

2009-10-07 21:00 . 2009-10-07 21:00 -------- d-----w- c:\programdata\Apple

2009-10-07 20:39 . 2009-10-07 20:40 -------- d-----w- c:\users\Toro\AppData\Local\Adobe

2009-10-05 20:35 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll

2009-10-05 20:21 . 2009-10-05 20:21 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help

2009-10-05 20:11 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll

2009-10-05 20:11 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2009-10-05 20:11 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll

2009-10-05 20:11 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll

2009-10-05 20:11 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe

2009-10-05 20:11 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll

2009-10-05 20:11 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe

2009-10-05 20:05 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll

2009-10-05 20:05 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll

2009-10-05 20:05 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll

2009-10-05 20:05 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll

2009-10-05 20:05 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll

2009-10-05 17:12 . 2009-10-01 08:29 195440 ------w- c:\windows\system32\MpSigStub.exe

2009-10-05 14:46 . 2009-10-09 07:23 -------- d-----w- c:\users\Toro\AppData\Roaming\Spotify

2009-10-05 14:46 . 2009-10-07 08:04 -------- d-----w- c:\users\Toro\AppData\Local\Spotify

2009-10-05 13:59 . 2009-10-05 13:59 -------- d-----w- c:\users\Toro\Bluetooth Software

2009-10-05 13:08 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll

2009-10-05 13:08 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll

2009-10-05 12:52 . 2009-10-05 12:52 -------- d-----w- c:\programdata\McAfee Security Scan

2009-10-05 12:52 . 2009-10-05 12:52 -------- d-----w- c:\program files\McAfee Security Scan

2009-10-05 10:41 . 2009-08-14 17:07 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys

2009-10-05 10:41 . 2009-08-14 16:29 104960 ----a-w- c:\windows\system32\netiohlp.dll

2009-10-05 10:41 . 2009-08-14 14:16 27136 ----a-w- c:\windows\system32\NETSTAT.EXE

2009-10-05 10:41 . 2009-08-14 14:16 19968 ----a-w- c:\windows\system32\ARP.EXE

2009-10-05 10:41 . 2009-08-14 14:16 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE

2009-10-05 10:41 . 2009-08-14 14:16 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE

2009-10-05 10:41 . 2009-08-14 14:16 10240 ----a-w- c:\windows\system32\finger.exe

2009-10-05 10:41 . 2009-08-14 14:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE

2009-10-05 10:41 . 2009-08-14 14:16 11264 ----a-w- c:\windows\system32\MRINFO.EXE

2009-10-05 10:41 . 2009-08-14 16:29 17920 ----a-w- c:\windows\system32\netevent.dll

2009-10-05 10:39 . 2009-07-11 19:32 293376 ----a-w- c:\windows\system32\wlanmsm.dll

2009-10-05 10:39 . 2009-07-11 19:29 127488 ----a-w- c:\windows\system32\L2SecHC.dll

2009-10-05 10:39 . 2009-07-11 19:32 513024 ----a-w- c:\windows\system32\wlansvc.dll

2009-10-05 10:39 . 2009-07-11 19:32 302592 ----a-w- c:\windows\system32\wlansec.dll

2009-10-05 10:39 . 2009-04-21 11:55 2033152 ----a-w- c:\windows\system32\win32k.sys

2009-10-05 10:38 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll

2009-10-05 10:38 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll

2009-10-05 10:38 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll

2009-10-05 10:38 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll

2009-10-05 10:38 . 2009-06-10 12:11 2868224 ----a-w- c:\windows\system32\mf.dll

2009-10-05 10:37 . 2008-12-06 04:42 376832 ----a-w- c:\windows\system32\winhttp.dll

2009-10-05 10:37 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll

2009-10-05 10:27 . 2008-06-06 03:27 38912 ----a-w- c:\windows\system32\xolehlp.dll

2009-10-05 10:27 . 2008-06-06 03:27 562176 ----a-w- c:\windows\system32\msdtcprx.dll

2009-10-05 10:27 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll

2009-10-05 10:17 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll

2009-10-05 10:12 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll

2009-10-05 10:11 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll

2009-10-05 10:11 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll

2009-10-05 10:11 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schannel.dll

2009-10-05 10:11 . 2009-06-15 15:22 213504 ----a-w- c:\windows\system32\msv1_0.dll

2009-10-05 10:11 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll

2009-10-05 10:11 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2009-10-05 10:11 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll

2009-10-05 10:11 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll

2009-10-05 10:11 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe

2009-10-05 10:08 . 2009-03-17 03:38 13824 ----a-w- c:\windows\system32\apilogen.dll

2009-10-05 10:08 . 2009-03-17 03:38 24064 ----a-w- c:\windows\system32\amxread.dll

2009-10-05 10:06 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll

2009-10-05 10:06 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll

2009-10-05 10:06 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll

2009-10-05 10:06 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL

2009-10-05 10:06 . 2009-08-28 12:39 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

2009-10-05 10:06 . 2009-08-28 10:15 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2009-10-05 10:04 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll

2009-10-04 18:54 . 2009-10-08 16:43 -------- d-----w- c:\users\Toro\Tracing

2009-10-04 18:51 . 2009-10-09 13:32 -------- d-----w- c:\program files\Microsoft Silverlight

2009-10-04 18:48 . 2009-10-04 18:51 -------- d-----w- c:\program files\Microsoft

2009-10-04 18:45 . 2009-10-04 18:45 -------- d-----w- c:\users\Toro\AppData\Local\Mozilla

2009-10-04 18:19 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll

2009-10-04 18:19 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe

2009-10-04 18:19 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll

2009-10-04 18:19 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll

2009-10-04 18:19 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll

2009-10-04 18:19 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll

2009-10-04 18:19 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll

2009-10-04 18:19 . 2009-08-06 17:23 171608 ----a-w- c:\windows\system32\wuwebv.dll

2009-10-04 18:19 . 2009-08-06 16:44 33792 ----a-w- c:\windows\system32\wuapp.exe

2009-10-04 18:16 . 2009-10-04 18:16 -------- d-----w- C:\MyWinLockerData

2009-10-04 18:14 . 2009-10-09 12:42 6836 ----a-w- c:\users\Toro\AppData\Local\d3d9caps.dat

2009-10-04 18:14 . 2009-10-04 18:14 -------- d-----w- c:\users\Toro\AppData\Local\EgisTec

2009-10-04 18:14 . 2009-10-04 18:14 -------- d-----w- c:\programdata\EgisTec

2009-10-04 18:11 . 2009-10-04 18:11 -------- d-----w- c:\program files\Acer Inc

2009-10-04 18:09 . 2009-10-04 18:09 -------- d-----w- c:\programdata\eSobi

2009-10-04 18:09 . 2009-10-04 18:09 -------- d-----w- c:\program files\eSobi

2009-10-04 18:07 . 2009-10-04 18:07 -------- d-----w- c:\program files\Common Files\EgisTec

2009-10-04 18:07 . 2009-10-04 18:07 -------- d-----w- c:\program files\EgisTec Egis Software Update

2009-10-04 18:07 . 2009-10-04 18:07 -------- d-----w- c:\program files\EgisTec

2009-10-04 18:07 . 2009-10-04 18:07 -------- d-----w- c:\users\Toro\AppData\Local\Acer ePower Management V4

2009-10-04 18:07 . 2009-10-04 18:14 -------- d-----w- c:\program files\Acer

2009-10-04 18:05 . 2009-10-04 18:05 637 ----a-w- c:\windows\regfile_I.cmd

2009-10-04 18:05 . 2009-10-04 18:05 126 ----a-w- c:\windows\regfile_E.cmd

2009-10-04 18:05 . 2008-09-20 04:00 11776 ----a-w- c:\windows\system32\spwinsat.dll

2009-10-04 18:04 . 2009-10-04 18:04 -------- d-----w- c:\windows\Screensavers

2009-10-04 18:03 . 2009-10-04 18:03 -------- d-----w- c:\program files\Launch Manager

2009-10-04 18:03 . 2009-10-04 18:03 -------- d-----w- c:\program files\Synaptics

2009-10-04 18:02 . 2009-03-19 07:57 1380352 ----a-w- c:\windows\Acer Crystal Eye webcam.EXE

2009-10-04 18:02 . 2008-12-30 11:42 626688 ----a-w- c:\windows\Image.dll

2009-10-04 18:02 . 2008-07-29 17:29 200704 ----a-w- c:\windows\PLFSetI.exe

2009-10-04 18:02 . 2008-06-25 12:22 20480 ----a-w- c:\windows\USB_VIDEO_REG.exe

2009-10-04 18:02 . 2009-10-04 18:02 -------- d-----w- c:\users\Toro\AppData\Roaming\InstallShield

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-10-08 16:47 . 2009-03-04 07:34 76478 ----a-w- c:\windows\system32\perfc014.dat

2009-10-08 16:47 . 2009-03-04 07:34 452326 ----a-w- c:\windows\system32\perfh014.dat

2009-10-05 21:50 . 2009-03-03 23:35 -------- d-----w- c:\program files\McAfee

2009-10-05 21:48 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2009-10-05 20:31 . 2009-03-04 00:00 -------- d-----w- c:\program files\Microsoft Works

2009-10-05 20:29 . 2009-03-03 23:59 -------- d-----w- c:\programdata\Microsoft Help

2009-10-05 13:57 . 2009-10-05 13:57 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf

2009-10-04 22:14 . 2009-03-03 23:34 -------- d-----w- c:\programdata\McAfee

2009-10-04 18:50 . 2009-03-04 00:20 -------- d-----w- c:\program files\Windows Live

2009-10-04 18:14 . 2009-02-11 20:16 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-10-04 18:10 . 2009-03-04 00:11 -------- d-----w- c:\program files\Acer Arcade Deluxe

2009-10-04 18:10 . 2009-03-04 00:11 -------- d-----w- c:\programdata\CyberLink

2009-10-04 18:06 . 2009-03-03 23:55 -------- d-----w- c:\program files\NewTech Infosystems

2009-10-04 18:03 . 2009-10-04 18:03 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01007.Wdf

2009-10-04 17:59 . 2009-10-04 17:57 -------- d--h--w- c:\program files\Temp

2009-10-04 17:58 . 2009-10-04 17:57 319456 ----a-w- c:\windows\DIFxAPI.dll

2009-10-04 17:57 . 2009-10-04 17:57 -------- d-----w- c:\program files\AmIcoSingLun

2009-10-04 17:57 . 2009-10-04 17:57 -------- d-----w- c:\program files\Realtek

2009-10-04 17:57 . 2009-10-04 17:57 -------- d-----w- c:\users\Toro\AppData\Roaming\ATI

2009-10-04 17:57 . 2009-10-04 17:57 -------- d-----w- c:\programdata\ATI

2009-10-04 17:57 . 2009-03-04 00:13 -------- d-----w- c:\program files\Common Files\InstallShield

2009-10-04 17:50 . 2009-10-04 17:50 -------- d-sh--we c:\programdata\Start-meny

2009-10-04 17:50 . 2009-10-04 17:50 -------- d-sh--we c:\programdata\Skrivebord

2009-10-04 17:50 . 2009-10-04 17:50 -------- d-sh--we c:\programdata\Programdata

2009-10-04 17:50 . 2009-10-04 17:50 -------- d-sh--we c:\programdata\Maler

2009-10-04 17:50 . 2009-10-04 17:50 -------- d-sh--we c:\programdata\Favoritter

2009-10-04 17:50 . 2009-10-04 17:50 -------- d-sh--we c:\programdata\Dokumenter

2009-10-04 17:50 . 2009-10-04 17:50 -------- d-sh--we c:\program files\Fellesfiler

2009-10-04 09:25 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar

2009-07-26 14:44 . 2009-07-26 14:44 48448 ----a-w- c:\windows\system32\sirenacm.dll

2009-07-18 16:06 . 2009-10-05 10:07 827904 ----a-w- c:\windows\system32\wininet.dll

2009-07-18 16:01 . 2009-10-05 10:07 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-07-18 09:46 . 2009-10-05 10:07 26624 ----a-w- c:\windows\system32\ieUnatt.exe

2009-07-16 10:32 . 2009-03-03 23:38 130424 ----a-w- c:\windows\system32\drivers\Mpfp.sys

.

 

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]

2009-10-04 17:55 157168 ----a-w- c:\programdata\Partner\partner.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2008-10-27 10:05 40496 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-11-17 135168]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-04 68856]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-01-20 156968]

"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-01-20 202024]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-01-27 61440]

"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-07-09 645328]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-10-04 30192]

"AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2008-10-24 237568]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-11 6957600]

"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-11 1833504]

"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-05 1410344]

"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-02-24 870920]

"BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-03-20 249600]

"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-04-15 440864]

"EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2008-10-27 199464]

"mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2008-10-27 346672]

"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-12-26 173288]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]

 

c:\users\Toro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper og Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-8-24 101784]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-2-12 723496]

McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-28 199184]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

SetupExecute REG_MULTI_SZ

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{04CEC1A1-EC83-485E-BDAB-A89C9B952490}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent

"{ED738515-B783-4554-99C5-4A9D0B72561F}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe

"{61B2D945-D168-43AD-95EA-2559AE5B3DBA}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe

"{24D65C2E-2581-4F52-BC48-9E09C6D15FE4}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe

"{A5B8D40D-E1F9-4FDF-A50F-947BFF64CD43}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe

"{F847DFB2-8255-47FE-ADD9-61C42A16FDCF}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{6CEB0D4D-9726-4CCC-B17C-DE76A38661B1}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{DCB5BB87-D7EA-42D0-A3F2-D9083B89DA1F}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe

"{66F67CA9-0059-434C-BE1E-0644E2B0C3E3}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:Acer HomeMedia

"{CE6C6CE5-34DD-42C4-AC5C-A8CA28DDCD0E}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PlayMovie.exe:Acer Play Movie

"{F4E4B349-15BC-4D3A-A880-EAF805172FEB}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe:Acer Play Movie Resident Program

"{A76525E5-22CB-47B5-BFE2-31A6D59AC651}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync

"{2B111EBE-EBF1-4613-8628-8CD0D04323C6}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{5DC17585-A61C-4BD4-8F52-10D9A7577160}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{08DD47EF-370F-4BE9-B9ED-CEBFEF3DFE4F}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes

"{B619E2EB-814E-4A48-BF20-01D8F86051B6}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

 

R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};Power Control [2009/10/04 20:11];c:\program files\Acer Arcade Deluxe\PlayMovie00.fcl [04.10.2009 20:10 87536]

R2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [04.03.2009 02:13 75048]

R2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [04.10.2009 20:07 703008]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [04.03.2009 01:43 210216]

R2 mwlPSDFilter;mwlPSDFilter;c:\windows\System32\drivers\mwlPSDFilter.sys [09.10.2008 16:47 19504]

R2 mwlPSDNServ;mwlPSDNServ;c:\windows\System32\drivers\mwlPSDNserv.sys [09.10.2008 16:47 16432]

R2 mwlPSDVDisk;mwlPSDVDisk;c:\windows\System32\drivers\mwlPSDVDisk.sys [09.10.2008 16:47 59952]

R2 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\MWLService.exe [27.10.2008 12:05 306736]

R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [20.03.2009 10:14 44800]

R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [23.09.2008 15:11 144632]

R3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\k57nd60x.sys [04.09.2008 06:12 223232]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [21.01.2008 04:23 179712]

S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [04.10.2009 19:55 30192]

S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [23.09.2008 15:11 50424]

S3 Partner Service;Partner Service;c:\programdata\Partner\partner.exe [04.10.2009 19:55 110576]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

 

2009-03-04 c:\windows\Tasks\McDefragTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-04 19:26]

 

2009-03-04 c:\windows\Tasks\McQcTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-04 19:26]

.

.

------- Tilleggsskanning -------

.

uStart Page = hxxp://www.startsiden.no/

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0814&s=2&o=vp32&d=1009&m=aspire_7735

IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Send bilde til &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send side til &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

FF - ProfilePath - c:\users\Toro\AppData\Roaming\Mozilla\Firefox\Profiles\6e3r5rgo.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.startsiden.no/

FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll

FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");

.

- - - - TOMME PEKERE FJERNET - - - -

 

AddRemove-Spotify - c:\users\Toro\Desktop\uninstall.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-10-09 15:56

Windows 6.0.6001 Service Pack 1 NTFS

 

skanner skjulte prosesser ...

 

skanner skjulte autostart-oppføringer ...

 

skanner skjulte filer ...

 

skanning vellykket

skjulte filer: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]

"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie00.fcl"

.

--------------------- LÅSTE REGISTERNØKLER ---------------------

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Tidspunkt ferdig: 2009-10-09 15:57

ComboFix-quarantined-files.txt 2009-10-09 13:57

 

Pre-Run: 425 242 574 848 byte ledig

Post-Run: 425 350 688 768 byte ledig

 

326 --- E O F --- 2009-10-09 07:19

Lenke til kommentar
Tosha0007

Tosha0007

Skrevet
Skrevet

@marbek: Det ligg diverre ikkje noko online guide for korleis ein skal lese ein Combofix guide på nettet. Du må få opplæring gjennom diverse lukka nettsider der somme gir ei "kort innføring i korleis det verkar. Du kan kontakte ein av dei som hjelp til med malwarefjerning på forumet, så skal du nok få hjelp!

 

Dersom du er interessert i å lære malwarefjerning vil eg oppmoda deg om å starte med HijackThis loggar. Det tar laaaaang tid å lære seg dette, og du må vera interessert i å lesa mykje på eigenhand før du kan svare på diverse forum.

 

Dersom du er interessert kan du lesa litt meir i denne tråden, som eg trur er den einaste der du får svar på noko som helst om HijackThis ;)

Lenke til kommentar
  • 2 uker senere...

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
Gå til emneliste

  • Hvem er aktive   0 medlemmer

    • Ingen innloggede medlemmer aktive
×
×
  • Opprett ny...