Gå til innhold

» Data » IKT-drift og sikkerhet

Keylogger or something

becker2k

Av becker2k
29. mars 2010 i IKT-drift og sikkerhet

Anbefalte innlegg

becker2k

becker2k

Skrevet 29. mars 2010

- Del

Skrevet 29. mars 2010

Jess, da var det min tur til å få keylogger på pc'n. Oh the joy.... :thumbdown:

Her er noen logger;

(Første er fra MBAM og den andre kom opp da jeg kjørte DDS logging)

Malwarebytes' Anti-Malware 1.45

www.malwarebytes.org

Databaseversjon: 3930

Windows 6.0.6001 Service Pack 1

Internet Explorer 8.0.6001.18882

29.03.2010 23:05:12

mbam-log-2010-03-29 (23-05-12).txt

Skanntype: Hurtigsøk

Objekter skannet: 106417

Tid tilbakelagt: 3 minutt(er), 8 sekund(er)

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 0

Registerfiler infisert: 2

Mapper infisert: 0

Filer infisert 0

Minneprosesser infisert:

(Ingen skadelige objekter funnet)

Minnemoduler infisert:

(Ingen skadelige objekter funnet)

Registernøkler infisert:

(Ingen skadelige objekter funnet)

Registerverdier infisert:

(Ingen skadelige objekter funnet)

Registerfiler infisert:

HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Mapper infisert:

(Ingen skadelige objekter funnet)

Filer infisert

(Ingen skadelige objekter funnet)

DDS (Ver_10-03-17.01) - NTFSX64

Run by Becker at 22:56:01,34 on 29.03.2010

Internet Explorer: 8.0.6001.18882 BrowserJavaVersion: 1.6.0_17

Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.47.1033.18.4093.1140 [GMT 2:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Live Mesh\Remote Desktop\wlcrasvc.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\System32\alg.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\RocketDock\RocketDock.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files (x86)\TBNotify\TBNotify.exe

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Windows\ehome\ehmsas.exe

C:\Users\Becker\AppData\Local\Microsoft\Live Mesh\Bin\Servicing\0.9.4014.7\MoeMonitor.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files (x86)\Winamp\winampa.exe

C:\Program Files (x86)\D-Link\AirPlus Xtreme G\AirPlusCFG.exe

C:\Program Files (x86)\Alpha Networks\ANIWZCS Service\WZCSLDR.exe

C:\Program Files (x86)\Java\jre6\bin\jusched.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Users\Becker\AppData\Local\Microsoft\Live Mesh\GacBase\Moe.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Windows\system32\conime.exe

C:\Program Files (x86)\Winamp\winamp.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\splwow64.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE

C:\Windows\sysWOW64\wbem\wmiprvse.exe

C:\Program Files (x86)\uTorrent\uTorrent.exe

C:\Program Files (x86)\Opera\opera.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Becker\Desktop\dds.scr

============== Pseudo HJT Report ===============

mLocal Page = c:\windows\syswow64\blank.htm

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll

BHO: FlashFXP Helper for Internet Explorer: {e5a1691b-d188-4419-ad02-90002030b8ee} - c:\progra~2\flashfxp\IEFlash.dll

TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files (x86)\daemon tools toolbar\DTToolbar.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [MsnMsgr] "c:\program files (x86)\windows live\messenger\MsnMsgr.Exe" /background

uRun: [steam] "c:\program files (x86)\steam\steam.exe" -silent

uRun: [RocketDock] "c:\program files (x86)\rocketdock\RocketDock.exe"

uRun: [uTorrent] "c:\program files (x86)\utorrent\uTorrent.exe"

uRun: [WhatPulse] c:\program files (x86)\whatpulse\WhatPulse.exe

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [PlayNC Launcher]

uRun: [TBNotify] "c:\program files (x86)\tbnotify\TBNotify.exe" /startup

uRun: [DAEMON Tools Lite] "c:\program files (x86)\daemon tools lite\DTLite.exe" -autorun

uRun: [MoeMonitor.exe] "c:\users\becker\appdata\local\microsoft\live mesh\bin\servicing\0.9.4014.7\MoeMonitor.exe"

uRun: [skype] "c:\program files (x86)\skype\\phone\Skype.exe" /nosplash /minimized

mRun: [WinampAgent] "c:\program files (x86)\winamp\winampa.exe"

mRun: [D-Link AirPlus Xtreme G] "c:\program files (x86)\d-link\airplus xtreme g\AirPlusCFG.exe"

mRun: [ANIWZCSService] "c:\program files (x86)\alpha networks\aniwzcs service\WZCSLDR.exe"

mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime

mRun: [sunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe"

mRun: [GrooveMonitor] "c:\program files (x86)\microsoft office\office12\GrooveMonitor.exe"

mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide

mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"

mRun: [startCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRunOnce: [Malwarebytes' Anti-Malware] "c:\program files (x86)\malwarebytes' anti-malware\mbamgui.exe" /install /silent

StartupFolder: c:\users\becker\appdata\roaming\microsoft\windows\start menu\programs\startup\CurseClientStartup.ccip

StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe

StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\ralink~1.lnk - c:\program files (x86)\ralink\common\RaUI.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~2\micros~4\office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~4\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~4\office12\REFIEBAR.DLL

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab3.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} - hxxp://www.euchannels.net/UKooPlayer.ocx

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files (x86)\microsoft office\office12\GrooveSystemServices.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll

TB-X64: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - c:\program files (x86)\daemon tools toolbar\DTToolbar64.dll

mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun-x64: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun-x64: [RtHDVCpl] c:\program files\realtek\audio\hda\RAVCpl64.exe -s

================= FIREFOX ===================

FF - ProfilePath - c:\users\becker\appdata\roaming\mozilla\firefox\profiles\dlltgcjh.default\

FF - prefs.js: browser.search.selectedEngine - DAEMON Search

FF - prefs.js: network.proxy.type - 2

FF - component: c:\program files (x86)\avg\avg8\firefox\components\avgssff.dll

FF - component: c:\users\becker\appdata\roaming\mozilla\firefox\profiles\dlltgcjh.default\extensions\[email protected]\components\dwmxpcom.dll

FF - plugin: c:\program files (x86)\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files (x86)\opera\program\plugins\npdivx32.dll

FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\users\becker\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll

FF - plugin: c:\users\becker\appdata\roaming\mozilla\firefox\profiles\dlltgcjh.default\extensions\[email protected]\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R2 LVPrcS64;Process Monitor;c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe [2009-10-7 191000]

R2 wlcrasvc;Live Mesh Remote Desktop;c:\program files\live mesh\remote desktop\wlcrasvc.exe [2010-1-11 51024]

R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atipmdag.sys [2010-2-3 6366720]

R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-2-3 186880]

R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\drivers\LVPr2M64.sys [2009-10-7 30232]

R3 RDPDISPM;RDPDISPM;c:\windows\system32\drivers\rdpdispm.sys [2010-1-11 10576]

RUnknown aswFsBlk;aswFsBlk; [x]

RUnknown aswMonFlt;aswMonFlt; [x]

RUnknown aswSP;aswSP; [x]

RUnknown avast! Antivirus;avast! Antivirus; [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-2-3 202752]

S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-4-24 93184]

S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [2008-10-13 50072]

S3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr7364.sys [2009-5-24 626176]

S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-21 19968]

============== File Associations ===============

JSEFile=c:\windows\syswow64\WScript.exe "%1" %*

regfile="regedit.exe" "%1"

=============== Created Last 30 ================

2010-03-28 12:33:51 0 ----a-w- c:\windows\syswow64\config.nt

2010-03-28 12:33:18 0 d-----w- c:\programdata\Alwil Software

2010-03-28 12:33:18 0 d-----w- c:\program files\Alwil Software

2010-03-25 17:01:15 0 d-----w- c:\programdata\ATI

2010-03-18 11:56:53 0 d-----w- c:\program files\Realtek

2010-03-18 11:56:52 0 d-----w- c:\windows\syswow64\RTCOM

2010-03-14 02:44:26 0 d-----w- c:\windows\syswow64\xlive

2010-03-14 02:40:09 0 d-----w- c:\program files (x86)\Empire Interactive

2010-03-12 18:45:16 580096 ----a-w- c:\windows\system32\ac3filter64.acm

2010-03-12 18:45:16 497664 ----a-w- c:\windows\syswow64\ac3filter.acm

2010-03-12 18:45:15 0 d-----w- c:\program files (x86)\AC3Filter

2010-03-10 02:02:38 32768 ----a-w- c:\windows\system32\nshhttp.dll

2010-03-10 02:02:38 24064 ----a-w- c:\windows\syswow64\nshhttp.dll

2010-03-10 02:02:37 610304 ----a-w- c:\windows\system32\drivers\http.sys

2010-03-10 02:02:37 33792 ----a-w- c:\windows\system32\httpapi.dll

2010-03-10 02:02:37 31232 ----a-w- c:\windows\syswow64\httpapi.dll

2010-03-09 23:57:15 0 d-----w- c:\program files\Sony

2010-03-03 20:40:26 0 d-----w- c:\program files (x86)\VentSrv

2010-03-03 20:39:27 0 d-----w- c:\program files (x86)\Ventrilo

2010-03-03 20:39:24 268 ----a-w- c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

2010-03-03 20:38:20 0 d-----w- c:\program files (x86)\common files\Wise Installation Wizard

2010-03-03 14:57:49 700310 ----a-w- c:\windows\syswow64\PerfStringBackup.INI

2010-03-02 15:04:05 0 d-----w- c:\users\becker\appdata\roaming\fretsonfire

==================== Find3M ====================

2010-03-25 16:57:02 51200 ----a-w- c:\windows\inf\infpub.dat

2010-03-25 16:57:02 143360 ----a-w- c:\windows\inf\infstrng.dat

2010-03-25 16:56:57 86016 ----a-w- c:\windows\inf\infstor.dat

2010-03-18 11:55:29 525792 ----a-w- c:\windows\DIFxAPI.dll

2010-03-13 04:55:34 1660448 ----a-w- c:\windows\system32\RtkAPO64.dll

2010-03-13 04:55:34 149536 ----a-w- c:\windows\system32\RtkCfg64.dll

2010-03-13 04:55:28 69664 ----a-w- c:\windows\system32\RCoInst64.dll

2010-03-13 04:55:28 477216 ----a-w- c:\windows\system32\RtkApi64.dll

2010-03-13 04:55:28 1210912 ----a-w- c:\windows\system32\RTCOM64.dll

2010-03-13 04:55:26 332320 ----a-w- c:\windows\system32\RtlCPAPI64.dll

2010-03-13 04:55:26 1929760 ----a-w- c:\windows\system32\RtPgEx64.dll

2010-03-13 04:47:08 2291616 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys

2010-03-02 19:08:22 324000 ----a-w- c:\windows\system32\FMAPO64.dll

2010-02-26 10:20:12 1247776 ----a-w- c:\windows\RtlExUpd.dll

2010-02-24 09:16:06 212864 ------w- c:\windows\system32\MpSigStub.exe

2010-02-03 04:55:18 6366720 ----a-w- c:\windows\system32\drivers\atipmdag.sys

2010-02-03 04:55:18 6366720 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2010-02-03 04:23:36 426496 ----a-w- c:\windows\syswow64\aticfx32.dll

2010-02-03 04:22:40 471552 ----a-w- c:\windows\system32\aticfx64.dll

2010-02-03 04:20:42 18594816 ----a-w- c:\windows\system32\atio6axx.dll

2010-02-03 04:19:14 143360 ----a-w- c:\windows\system32\atiapfxx.exe

2010-02-03 04:17:56 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll

2010-02-03 04:17:46 450048 ----a-w- c:\windows\system32\atieclxx.exe

2010-02-03 04:17:10 202752 ----a-w- c:\windows\system32\atiesrxx.exe

2010-02-03 04:15:46 120320 ----a-w- c:\windows\system32\atitmm64.dll

2010-02-03 04:15:28 420864 ----a-w- c:\windows\system32\atipdl64.dll

2010-02-03 04:15:20 356352 ----a-w- c:\windows\syswow64\atipdlxx.dll

2010-02-03 04:15:06 274432 ----a-w- c:\windows\syswow64\Oemdspif.dll

2010-02-03 04:15:00 12288 ----a-w- c:\windows\system32\atimuixx.dll

2010-02-03 04:14:56 59392 ----a-w- c:\windows\system32\atiedu64.dll

2010-02-03 04:14:52 43520 ----a-w- c:\windows\syswow64\ati2edxx.dll

2010-02-03 04:12:04 3073024 ----a-w- c:\windows\syswow64\atidxx32.dll

2010-02-03 04:04:16 3688960 ----a-w- c:\windows\system32\atidxx64.dll

2010-02-03 04:01:18 14147072 ----a-w- c:\windows\syswow64\atioglxx.dll

2010-02-03 03:55:34 3653632 ----a-w- c:\windows\syswow64\atiumdag.dll

2010-02-03 03:52:48 43008 ----a-w- c:\windows\system32\aticalrt64.dll

2010-02-03 03:52:44 53248 ----a-w- c:\windows\syswow64\aticalrt.dll

2010-02-03 03:52:32 39936 ----a-w- c:\windows\system32\aticalcl64.dll

2010-02-03 03:52:30 53248 ----a-w- c:\windows\syswow64\aticalcl.dll

2010-02-03 03:52:18 4771840 ----a-w- c:\windows\system32\aticaldd64.dll

2010-02-03 03:51:18 3649536 ----a-w- c:\windows\syswow64\aticaldd.dll

2010-02-03 03:49:46 4736000 ----a-w- c:\windows\system32\atiumd64.dll

2010-02-03 03:43:14 2649088 ----a-w- c:\windows\system32\atiumd6a.dll

2010-02-03 03:40:18 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2010-02-03 03:37:10 2934272 ----a-w- c:\windows\syswow64\atiumdva.dll

2010-02-03 03:25:06 53248 ----a-w- c:\windows\system32\atimpc64.dll

2010-02-03 03:25:06 53248 ----a-w- c:\windows\system32\amdpcom64.dll

2010-02-03 03:25:00 52224 ----a-w- c:\windows\syswow64\atimpc32.dll

2010-02-03 03:25:00 52224 ----a-w- c:\windows\syswow64\amdpcom32.dll

2010-02-03 03:24:34 321536 ----a-w- c:\windows\system32\atiadlxx.dll

2010-02-03 03:24:28 229376 ----a-w- c:\windows\syswow64\atiadlxy.dll

2010-02-03 03:24:16 14848 ----a-w- c:\windows\system32\atig6pxx.dll

2010-02-03 03:24:12 12800 ----a-w- c:\windows\syswow64\atiglpxx.dll

2010-02-03 03:24:12 12800 ----a-w- c:\windows\system32\atiglpxx.dll

2010-02-03 03:24:08 16384 ----a-w- c:\windows\system32\atig6txx.dll

2010-02-03 03:24:04 14848 ----a-w- c:\windows\syswow64\atigktxx.dll

2010-02-03 03:23:58 186880 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2010-02-03 03:23:32 55296 ----a-w- c:\windows\system32\coinst.dll

2010-02-03 03:23:20 35840 ----a-w- c:\windows\system32\atiuxp64.dll

2010-02-03 03:23:14 27136 ----a-w- c:\windows\syswow64\atiuxpag.dll

2010-02-03 03:23:06 28160 ----a-w- c:\windows\system32\atiu9p64.dll

2010-02-03 03:22:58 20480 ----a-w- c:\windows\syswow64\atiu9pag.dll

2010-02-03 03:22:40 26112 ----a-w- c:\windows\system32\atitmp64.dll

2010-01-28 11:23:38 325904 ----a-w- c:\windows\system32\MaxxAudioAPO20.dll

2010-01-26 10:38:36 168288 ----a-w- c:\windows\system32\AERTAC64.dll

2010-01-11 13:34:03 140096 ----a-w- c:\windows\system32\rdpdispd.dll

2010-01-02 07:08:29 1147904 ----a-w- c:\windows\system32\wininet.dll

2010-01-02 07:03:21 77312 ----a-w- c:\windows\system32\iesetup.dll

2010-01-02 07:03:21 132096 ----a-w- c:\windows\system32\iesysprep.dll

2010-01-02 06:38:20 916480 ----a-w- c:\windows\syswow64\wininet.dll

2010-01-02 06:38:04 1208832 ----a-w- c:\windows\syswow64\urlmon.dll

2010-01-02 06:36:10 206848 ----a-w- c:\windows\syswow64\occache.dll

2010-01-02 06:33:34 5942784 ----a-w- c:\windows\syswow64\mshtml.dll

2010-01-02 06:33:32 594432 ----a-w- c:\windows\syswow64\msfeeds.dll

2010-01-02 06:33:32 55296 ----a-w- c:\windows\syswow64\msfeedsbs.dll

2010-01-02 06:32:51 25600 ----a-w- c:\windows\syswow64\jsproxy.dll

2010-01-02 06:32:33 71680 ----a-w- c:\windows\syswow64\iesetup.dll

2010-01-02 06:32:33 1985536 ----a-w- c:\windows\syswow64\iertutil.dll

2010-01-02 06:32:33 164352 ----a-w- c:\windows\syswow64\ieui.dll

2010-01-02 06:32:33 109056 ----a-w- c:\windows\syswow64\iesysprep.dll

2010-01-02 06:32:32 55808 ----a-w- c:\windows\syswow64\iernonce.dll

2010-01-02 06:32:32 184320 ----a-w- c:\windows\syswow64\iepeers.dll

2010-01-02 06:32:32 11070464 ----a-w- c:\windows\syswow64\ieframe.dll

2010-01-02 06:32:26 387584 ----a-w- c:\windows\syswow64\iedkcs32.dll

2010-01-02 05:25:39 162816 ----a-w- c:\windows\system32\ieUnatt.exe

2010-01-02 04:57:00 133632 ----a-w- c:\windows\syswow64\ieUnatt.exe

2010-01-02 04:56:50 173056 ----a-w- c:\windows\syswow64\ie4uinit.exe

2010-01-02 04:56:14 13312 ----a-w- c:\windows\syswow64\msfeedssync.exe

2008-09-29 20:49:25 665600 ----a-w- c:\windows\inf\drvindex.dat

2008-01-21 03:21:14 174 --sha-w- c:\program files\desktop.ini

2008-01-21 03:21:14 174 --sha-w- c:\program files (x86)\desktop.ini

2006-11-02 15:14:32 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat

2006-11-02 15:14:32 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat

2006-11-02 15:14:32 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat

2006-11-02 15:14:32 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat

2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2009-10-11 12:37:15 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

2009-12-27 03:28:36 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat

2009-12-27 03:28:36 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat

2009-12-27 03:28:36 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat

2009-12-27 03:28:36 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

2009-10-22 01:21:53 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat

2008-04-10 00:57:02 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 22:57:14,34 ===============

I can haz helpz? :<

Lenke til kommentar

Videoannonse

Annonse

snippsat

snippsat

Skrevet 30. mars 2010

- Del

Skrevet 30. mars 2010 (endret)

Du har ingen keylogger som kjører eller maleware.

Du har "whatpulse" kjørende.

http://whatpulse.org/whatis/

Den har ingen logging muligheter,men den teller antall tastetrykk.

Er dette noe du har installert selv?

Endret 30. mars 2010 av SNIPPSAT

Lenke til kommentar

becker2k

becker2k

Skrevet 30. mars 2010

Forfatter

- Del

Skrevet 30. mars 2010

Du har ingen keylogger som kjører eller maleware.

Du har "whatpulse" kjørende.

http://whatpulse.org/whatis/

Den har ingen logging muligheter,men den teller antall tastetrykk.

Er dette noe du har installert selv?

Whatpulse er noe jeg har innstalert selv ja, for omtrent 1 år siden.

Brukt det for å "konkurrere" med noen venner om hvem som trykker mest knapper på så og så lenge. Men det tar ikke opp hva man skriver, men hvor mange buttons / museklikk man masher.

Grunnen til at jeg trodde jeg hadde en keylogger e.l på pc'n, var fordi World of Warcraft accounten min blei hacka for noen dager siden, og har aldri blitt hacka før nå. (Spilt drøyt i 4 år) Ingen som vet passordet mitt, har ikke gitt det til noen. Derfor var jeg litt skeptisk, og regna med at det var en keylogger.

Har heller ikke vært på noen "phising" sider. (hvor du skriver inn login info'n din på en side som da f.eks skal ligne Blizzard sin hovedside)

Men takk for svar ihvertfall, får håpe det ikke var noe keyloggere og at jeg ikke har det på pc'n for øyeblikket!

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå

Gå til emneliste

Hvem er aktive 0 medlemmer
- Ingen innloggede medlemmer aktive

×

×

Opprett ny...