asthma Skrevet 27. mai 2007 Del Skrevet 27. mai 2007 En person har klart å få tak i en del brukernavn og passord til diverse steder, og klart å få ut en del penger også. Jeg mistenker at personen har brukt en keylogger til dette, og har i den forbindelse noen spørsmål. Sorry hvis dette er dumme spørsmål, men har ikke særlig peiling på slikt. Jeg har oppdaterte Norton antivirus og Spyware doctor installert, burde ikke disse ha stoppet keyloggeren? Hvis ikke, finnes det spesialprogrammer som oppdager slikt? Fant ut at min windows firewall var deaktivert, kan dette ha noe med problemet å gjøre? Finnes det eventuelt bedre firewalls enn windows'? Må jeg reformatere PC for å få bukt med problemet? I så fall, holder det å reformatere C:, eller må jeg ta alle stasjoner? Kan personen komme inn på andre PC'er på samme IP? Og litt på siden, noen som aner om det finnes forsikringer som dekker slikt? Forventer ikke svar på alle spørsmål i alle svar, vet du noe kom med det - alle kommentarer er velkomne! Takk Lenke til kommentar
norbat Skrevet 27. mai 2007 Del Skrevet 27. mai 2007 Du bør, fra en annen pc, forandre passordene til disse sidene. Følg deretter langversjonen i følgende post: https://www.diskusjon.no/index.php?showtopic=691246. Kjør også scanningen med rootchk, som står nederst i veiledninge. Loggene poster du i tråden din, så ser vi om problemet ligger på pc'n. Lenke til kommentar
asthma Skrevet 27. mai 2007 Forfatter Del Skrevet 27. mai 2007 Takk for kjapt svar! Her kommer diverse logger, legger de i hver sin reply for oversiktens skyld: Først noen ting som Trendmicro's housecall fant: pe_magistr.b.dam adware_bhot_iehelper adware_microgamingsystems adware_casinoonnet Lenke til kommentar
asthma Skrevet 27. mai 2007 Forfatter Del Skrevet 27. mai 2007 SUPERantispyware: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 05/27/2007 at 09:00 PM Application Version : 3.8.1002 Core Rules Database Version : 3245 Trace Rules Database Version: 1256 Scan type : Complete Scan Total Scan Time : 00:35:59 Memory items scanned : 572 Memory threats detected : 0 Registry items scanned : 5926 Registry threats detected : 0 File items scanned : 31826 File threats detected : 2 Adware.Tracking Cookie C:\Documents and Settings\Anders\Cookies\[email protected][1].txt Trojan.Downloader-Gen C:\WINDOWS\SYSTEM32\STU.DLL Lenke til kommentar
asthma Skrevet 27. mai 2007 Forfatter Del Skrevet 27. mai 2007 Hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 10:43:47 PM, on 5/27/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\nvsvc32.exe G:\Spyware Doctor\sdhelp.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\DeltTray.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe G:\DAEMON Tools\daemon.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe G:\quicktime\qttask.exe G:\itunes\iTunesHelper.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe G:\Spyware Doctor\swdoctor.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe G:\antispyware\SUPERAntiSpyware.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe G:\Common\Bin\WinCinemaMgr.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Anders\Desktop\kgyfhasdf.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/asthmabeats O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - G:\SPYWAR~1\tools\iesdsg.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - G:\SPYWAR~1\tools\iesdpb.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [DeltTray] DeltTray.exe O4 - HKLM\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "G:\norton\osCheck.exe" O4 - HKLM\..\Run: [DAEMON Tools] "G:\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [QuickTime Task] "G:\quicktime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "G:\itunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spyware Doctor] "G:\Spyware Doctor\swdoctor.exe" /Q O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [sUPERAntiSpyware] G:\antispyware\SUPERAntiSpyware.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = G:\Common\Bin\WinCinemaMgr.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Nine Poker - {04AC392D-B4C9-48a3-9DB9-F8E0AC10F377} - C:\Program Files\NinePokerMPP\MPPoker.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - G:\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - G:\UltimateBet\UltimateBet.exe O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - G:\UltimateBet\UltimateBet.exe O9 - Extra button: PacificPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - G:\PROGRA~1\PACIFI~1\pacificpoker.exe O9 - Extra button: MANSION - {CD03D14B-0EF6-4f5a-BB81-1ECAFFC676AF} - G:\mansion\MANSION.exe O9 - Extra 'Tools' menuitem: MANSION - {CD03D14B-0EF6-4f5a-BB81-1ECAFFC676AF} - G:\mansion\MANSION.exe O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - G:\Bodog Poker\BPGame.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{B165B350-CF82-49F3-9461-80791E58CB5F}: NameServer = 195.134.40.18,195.134.40.14 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: !SASWinLogon - G:\antispyware\SASWINLO.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - G:\norton\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - G:\Spyware Doctor\sdhelp.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe Lenke til kommentar
asthma Skrevet 27. mai 2007 Forfatter Del Skrevet 27. mai 2007 Og siste - rootchk: ********************************* ROOTCHK-(21-05-07)-LOG, by ejvindh Sun 05/27/2007 22:45:05.98 The rootkits that are detected by this tool were not found. ********************************* ROOTCHK-LOG-end catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-27 22:45:06 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Lenke til kommentar
norbat Skrevet 27. mai 2007 Del Skrevet 27. mai 2007 Du har noen pokerprogrammer liggende. Hvis dette er noe du kjenner til, og bruker, så kan de bare få være, ellers avinstaller. Loggen viser ingen tegn til noen infeksjoner eller annet. Du kan start HJT, velg 'Open the Misc Tools section', velg 'Open Uninstall Manager', klikk 'Save List'. Kopier innholdet og lim det inn i posten din. Hvis du bruker Norton Internet Security, er det dens brannmur du bruker og ikke Windows (den blir avslått). Kunne denne personen (kjent/ukjent) ha skaffet bruker/passord på annen måte? Lenke til kommentar
asthma Skrevet 28. mai 2007 Forfatter Del Skrevet 28. mai 2007 Pokerprogrammene kjenner jeg til. Det er ett av disse denne personen har kommet seg inn på, samt mailen min og et par andre steder med forskjellige brukernavn og passord - det er derfor jeg antar at det er keylogging. Dette burde jeg vel også ha nevnt: For et par uker siden fant norton en trojaner, men jeg får ikke noe spesifikt navn på den selv om jeg går inn på "advanced details", denne er nå fjernet. Resultat av HJT uninstall manager: µTorrent Adobe Audition 2.0 Adobe Bridge 1.0 Adobe Common File Installer Adobe Flash Player 9 ActiveX Adobe Help Center 2.0 Adobe Photoshop CS2 Adobe Reader 7.0 Adobe Stock Photos 1.0 Antares AVOX Vocal Kit Bundle VST v1.02 AppCore Apple Software Update AV Bodog Poker Version 2.8.2.8 ccCommon CCleaner (remove only) Celeb Poker Creative DVD Audio Plugin for Audigy Series CuteFTP 8 Professional DiskExplorer for NTFS Edirol HQ Orchestral VSTi v1.03 Edirol SuperQuartet v1.5 Fortune Poker Free Mp3 Wma Converter V 1.5.6 Garritan Jazz Big Band Granner-X VST v1.08 HijackThis 1.99.1 Impulse v. 3.10 InterActual Player Internet Worm Protection InterVideo WinDVD 6 iTunes J2SE Runtime Environment 5.0 Update 10 J2SE Runtime Environment 5.0 Update 11 Java SE Runtime Environment 6 Update 1 Korg Legacy Collection VSTi v1.0.02 Last.fm 1.1.3.0 LimeWire 4.12.11 LiveUpdate 3.1 (Symantec Corporation) LiveUpdate Notice (Symantec Corporation) MadTracker 2 MANSION Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB886903) Microsoft .NET Framework 2.0 Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Visual C++ 2005 Redistributable MSN MSXML 4.0 SP2 (KB925672) MSXML 4.0 SP2 (KB927978) MSXML 6.0 Parser (KB927977) Nine Poker Nomad Factory Rock Amp Legends VST v1.0 Norton AntiVirus Norton AntiVirus (Symantec Corporation) Norton AntiVirus Help Norton AntiVirus Parent MSI Norton AntiVirus SYMLT MSI Norton Protection Center NVIDIA Drivers Ohmforce Predatohm VST PRO v1.24 OrangeVocoder PKR PowerQuest PartitionMagic 8.0 Prosoniq OrangeVocoder v1.4 PSP VintageWarmer v1.5d QuickTime ReFX JunoX2 VSTi v1.51 Security Update for CAPICOM (KB931906) Security Update for CAPICOM (KB931906) Security Update for Excel 2007 (KB934670) Security Update for Microsoft .NET Framework 2.0 (KB917283) Security Update for Microsoft .NET Framework 2.0 (KB922770) Security Update for Office 2007 (KB934062) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB917422) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918118) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB921398) Security Update for Windows XP (KB922616) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923694) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924191) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924496) Security Update for Windows XP (KB924667) Security Update for Windows XP (KB925454) Security Update for Windows XP (KB925486) Security Update for Windows XP (KB925902) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB926436) Security Update for Windows XP (KB927779) Security Update for Windows XP (KB927802) Security Update for Windows XP (KB928090) Security Update for Windows XP (KB928255) Security Update for Windows XP (KB928843) Security Update for Windows XP (KB929969) Security Update for Windows XP (KB930178) Security Update for Windows XP (KB931261) Security Update for Windows XP (KB931768) Security Update for Windows XP (KB931784) Security Update for Windows XP (KB932168) Sony Sound Forge 8.0b SoulSeek Client 156c SoulSeek Client 157 test 8 Sound Designers VST Plugin Pack v2.0 SPBBC 32bit Spyware Doctor 4.0 Steinberg GRM Tools Vol.2 Steinberg GRM-Tools Volume One v1.2 Steinberg Voice Designer v1.03 SUPERAntiSpyware Free Edition Symantec SymNet Synapse Junglist VSTi v3.2 TGF POKER Timeworks Millenium Pack TK-PsychoFilter v1.0 UltimateBet Ultrafunk Sonitus:fx R3 plug-in uninstaller Update for Office 2007 (KB932080) Update for Office 2007 (KB933688) Update for Office 2007 (KB934393) Update for Outlook 2007 Junk Email Filter (KB934655) Update for Windows XP (KB908531) Update for Windows XP (KB911280) Update for Windows XP (KB916595) Update for Windows XP (KB920872) Update for Windows XP (KB922582) Update for Windows XP (KB927891) Update for Windows XP (KB929338) Update for Windows XP (KB930916) Update for Windows XP (KB931836) Update for Word 2007 (KB934173) USB Keyboard Device 1.0.1.0 Vanguard Demo 1.03 VideoLAN VLC media player 0.8.6 Viewpoint Media Player VoxCiter VST 1.07 Voxengo Elephant VST 1.4a Voxengo PHA-979 VST 1.0 Voxengo Pristine Space VST 1.1 Waldorf D-Pole v1.5 Waldorf.Attack.v1.2-OxYGeN Warp VST V1.0 Wav2MP3 Wizard v3.2 (Build 354) Windows Live Messenger WinRAR archiver Lenke til kommentar
norbat Skrevet 28. mai 2007 Del Skrevet 28. mai 2007 Kan ikke se noe spesielt. SAS fant tidligere en Trojan, men ingenting tyder på at dette har åpnet opp for noe. Houscall har du også kjørt og fått fjernet noe malware. Kan godt kjøre noen ekstra runder. Det skader ikke med en dobbeltsjekk Gå til Kaspersky og kjør onlinescanneren: http://www.kaspersky.com/service?chapter=161739400 Når programmet er klart, velger du Scan Settings Sjekk at følgende er valgt: -Scan using the following Anti-Virus database: extended -Scan Options: Scan Archives and Scan Mail Bases Velg hva du skal scanne og kjør scanningen. Vil sikkert ta sin tid. Kopier 'loggen' - Save as Text, og post den. Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix. (vanligvis c:\combofix.txt) -------- Kunne denne personen ha skaffet bruker/passord på en annen måte? (er det en totalt ukjent person eller en du kanskje kjenner og som har hatt tilgang til pc'n. Har du brukt andres pc'n når du har spilt poker og latt pc'n huske bruker/passord? Er det slik fortsatt at personen logger seg inn med ditt brukernavn på aktuelle pokserside eller.......) Lenke til kommentar
asthma Skrevet 28. mai 2007 Forfatter Del Skrevet 28. mai 2007 Loggene følger lenger ned. Føler at jeg har tatt sikkerhet nokså på alvor og har ikke spilt på andre PC'er, heller ingen andre enn kjæresten som bruker denne PC. Alle pokersider osv denne person kan ha kommet inn på har jeg nå stengt, og disse vil kun kunne åpnes over telefon fra mitt telefonnr. ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Monday, May 28, 2007 3:28:32 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 28/05/2007 Kaspersky Anti-Virus database records: 332848 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ F:\ G:\ H:\ Scan Statistics: Total number of scanned objects: 91841 Number of viruses found: 1 Number of infected objects: 1 / 0 Number of suspicious objects: 0 Duration of the scan process: 01:37:03 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-05-28_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\index.qbs Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\1285B70F.TMP Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\769390B8.TMP Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SubEng\submissions.idx Object is locked skipped C:\Documents and Settings\Anders\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Anders\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped C:\Documents and Settings\Anders\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\pending.dat Object is locked skipped C:\Documents and Settings\Anders\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_C8F8_CEC5_F8CE_B0CC\dfsr.db Object is locked skipped C:\Documents and Settings\Anders\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_C8F8_CEC5_F8CE_B0CC\fsr.log Object is locked skipped C:\Documents and Settings\Anders\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_C8F8_CEC5_F8CE_B0CC\fsrtmp.log Object is locked skipped C:\Documents and Settings\Anders\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_C8F8_CEC5_F8CE_B0CC\tmp.edb Object is locked skipped C:\Documents and Settings\Anders\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Anders\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Anders\Local Settings\Application Data\Microsoft\Windows Live Contacts\[email protected]\real\members.stg Object is locked skipped C:\Documents and Settings\Anders\Local Settings\Application Data\Microsoft\Windows Live Contacts\[email protected]\shadow\members.stg Object is locked skipped C:\Documents and Settings\Anders\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Anders\Local Settings\History\History.IE5\MSHist012007052120070528\index.dat Object is locked skipped C:\Documents and Settings\Anders\Local Settings\History\History.IE5\MSHist012007052820070529\index.dat Object is locked skipped C:\Documents and Settings\Anders\Local Settings\Temp\~DF3768.tmp Object is locked skipped C:\Documents and Settings\Anders\Local Settings\Temp\~DF3781.tmp Object is locked skipped C:\Documents and Settings\Anders\Local Settings\Temp\~DF4E23.tmp Object is locked skipped C:\Documents and Settings\Anders\Local Settings\Temp\~DF4E4D.tmp Object is locked skipped C:\Documents and Settings\Anders\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Anders\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Anders\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{285AEB64-B3BD-4748-9D6D-7F02897B1469}\RP189\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped C:\WINDOWS\system32\config\OSession.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped F:\System Volume Information\_restore{285AEB64-B3BD-4748-9D6D-7F02897B1469}\RP187\A0031545.exe Infected: Backdoor.Win32.Rbot.bbm skipped F:\System Volume Information\_restore{285AEB64-B3BD-4748-9D6D-7F02897B1469}\RP189\change.log Object is locked skipped G:\norton\AVApp.log Object is locked skipped G:\norton\AVError.log Object is locked skipped G:\norton\AVVirus.log Object is locked skipped G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped G:\System Volume Information\_restore{285AEB64-B3BD-4748-9D6D-7F02897B1469}\RP189\change.log Object is locked skipped Scan process completed. Lenke til kommentar
asthma Skrevet 28. mai 2007 Forfatter Del Skrevet 28. mai 2007 COMBOFIX: "Anders" - 2007-05-28 15:33:09 Service Pack 2 ComboFix 07-05.27.V - Running from: "C:\Documents and Settings\Anders\Desktop\sikkerhet\" ((((((((((((((((((((((((((((((( Files Created from 2007-04-28 to 2007-05-28 )))))))))))))))))))))))))))))))))) 2007-05-28 13:36 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-05-28 13:36 <DIR> d-------- C:\WINDOWS\LastGood 2007-05-27 20:16 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-05-27 20:16 <DIR> d-------- C:\DOCUME~1\Anders\APPLIC~1\SUPERAntiSpyware.com 2007-05-27 20:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com 2007-05-27 18:14 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys 2007-05-27 18:13 <DIR> d-------- C:\Documents and Settings\Anders\.housecall6.6 2007-05-27 18:13 <DIR> d-------- C:\DOCUME~1\Anders\.housecall6.6 2007-05-27 17:56 22,112 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.sys 2007-05-10 03:02 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2007-05-08 16:59 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys 2007-05-08 16:59 31,744 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2007-05-04 22:33 <DIR> d-------- C:\Documents and Settings\Anders\Incomplete 2007-05-04 22:33 <DIR> d-------- C:\DOCUME~1\Anders\Incomplete 2007-05-04 22:30 <DIR> d-------- C:\DOCUME~1\Anders\APPLIC~1\LimeWire 2007-04-29 12:31 516,173 --a------ C:\WINDOWS\system32\MSVCP60D.DLL 2007-04-29 12:31 385,100 --a------ C:\WINDOWS\system32\MSVCRTD.DLL 2007-04-29 12:30 59,904 --a------ C:\WINDOWS\system32\Mscc2fr.dll 2007-04-29 12:30 32,768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL 2007-04-29 12:30 21,504 --a------ C:\WINDOWS\system32\TABCTFR.DLL 2007-04-29 12:30 15,360 --a------ C:\WINDOWS\system32\inetfr.DLL 2007-04-29 12:30 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL 2007-04-29 12:30 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL 2007-04-29 12:30 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-27 15:56:17 -------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-05-27 10:46:14 -------- d-----w C:\DOCUME~1\Anders\APPLIC~1\uTorrent 2007-04-29 13:33:36 -------- d-----w C:\DOCUME~1\Anders\APPLIC~1\Microgaming 2007-04-27 22:21:52 -------- d-----w C:\Program Files\NinePokerMPP 2007-04-18 16:14:43 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-04-15 10:13:27 -------- d-----w C:\DOCUME~1\Anders\APPLIC~1\Opera 2007-03-17 13:45:03 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll 2007-03-08 15:48:36 578,048 ----a-w C:\WINDOWS\system32\user32.dll 2007-03-08 15:48:36 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll 2007-03-08 15:48:36 282,112 ----a-w C:\WINDOWS\system32\gdi32.dll 2007-03-08 13:49:49 1,843,968 ----a-w C:\WINDOWS\system32\win32k.sys 2007-03-01 07:30:28 335 ----a-w C:\WINDOWS\nsreg.dat (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 02:56] {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}=G:\SPYWAR~1\tools\iesdsg.dll [2007-05-09 18:47] {72853161-30C5-4D22-B7F9-0BBC1D38A37E}=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 01:48] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43] {B56A7D7D-6927-48C8-A975-17DF180C71AC}=G:\SPYWAR~1\tools\iesdpb.dll [2007-01-08 19:06] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nwiz"="nwiz.exe" [2004-12-24 07:30 C:\WINDOWS\system32\nwiz.exe] "DeltTray"="DeltTray.exe" [2002-12-06 18:19 C:\WINDOWS\system32\delttray.exe] "ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59] "osCheck"="G:\norton\osCheck.exe" [2006-09-06 03:22] "DAEMON Tools"="G:\DAEMON Tools\daemon.exe" [2006-09-14 22:09] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47] "QuickTime Task"="G:\quicktime\qttask.exe" [2006-10-25 19:58] "iTunesHelper"="G:\itunes\iTunesHelper.exe" [2006-10-30 10:36] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56] "Spyware Doctor"="G:\Spyware Doctor\swdoctor.exe" [2007-01-08 19:07] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54] "SUPERAntiSpyware"="G:\antispyware\SUPERAntiSpyware.exe" [2007-05-23 10:12] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Spyware Doctor"="G:\Spyware Doctor\swdoctor.exe" /Q [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [2006-10-27 01:48] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="G:\antispyware\SASSEH.DLL" [2006-12-20 13:55] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] G:\antispyware\SASWINLO.dll *Newly Created Service* -PROCEXP90 Contents of the 'Scheduled Tasks' folder 2007-05-24 19:51:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job 2007-05-25 18:00:00 C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Anders.job ******************************************************************** catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-28 15:34:39 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ******************************************************************** Completion time: 2007-05-28 15:35:22 --- E O F --- Lenke til kommentar
norbat Skrevet 28. mai 2007 Del Skrevet 28. mai 2007 (endret) Du får ta med kjæresten ut på en bedre middag. Det er mye som kan bli avslørt over god mat Vel, loggene ser fine ut og jeg ser ingen tegn på at det skulle ligge noe på pc'n som skulle være av en slik art at det registrerer hva du taster. Det som har vært der er fjerne av div. 'antiprogrammer' og fra min side så kan du være rimelig trygg på at det ikke ligger noe mer der. Du bør nullstille gjenopprettingsmappa slik at du ikke blir infisert ved en evt. systemgjenoppretting. Kontrollpanel->system->systemgjenoppretting . Sett merke framfor "Slå av .....", restart pc, fjern merket igjen for å aktivere funksjonen. Ut over dette er det å holde programmene oppdatert og være litt forsiktig med hva man driver med (les: poker. Jeg er svært skeptisk til mange av disse pokersidene, men må man så må man, og så får man leve med en viss risiko for infeksjoner) Hvis du fortsatt er i tvil om pc'n inneholder noe som ikke burde være der, er min anbefaling å formatere pc. Det er bedre at du føler trygghet for at du kan bruke pc'n enn at du hele tiden skal lure på om det ligger noe på pc'n som ikke burde være der. Men dette får bli din avgjørelse. Surf trygt Endret 28. mai 2007 av norbat Lenke til kommentar
asthma Skrevet 28. mai 2007 Forfatter Del Skrevet 28. mai 2007 Tusen, tusen takk for veldig nyttige tips og svar! Har både fått ryddet opp og lært en hel masse av dette. Ett siste (forhåpentligvis) spørsmål: Generelt sett, kan keyloggere ikke bare gå på den enkelte PC, men også på den enkelte IP? MAO kan det være at andre PC'er i leiligheten også kan ha blitt utsatt? Lenke til kommentar
norbat Skrevet 28. mai 2007 Del Skrevet 28. mai 2007 Kan egentlig ikke svare særlig nøyaktig. Det finnes mange ulike risikoprogram og hva de enkelte gjør, vet jeg ikke. Jeg antar keyloggere må ligge på aktuelle pc for at det skal være mulig å 'loggføre' det som skjer på pc'n. Det betyr at de andre pc'n på samme nettverk ikke nødvendigvis er utsatt, hvis ikke programmet er av den typen som har mulighet for å spre seg i det lokale nettverket. Lenke til kommentar
backup Skrevet 28. mai 2007 Del Skrevet 28. mai 2007 Bruker du hub eller trådløs ruter som er dårlig sikret eller er helt usikret? Tenkte på muligheten for packet sniffing for å få tak i brukernavn, passord etc., men også å tilgang til eventuell usikret fildeling etc. Lenke til kommentar
asthma Skrevet 30. mai 2007 Forfatter Del Skrevet 30. mai 2007 Bruker trådløs router ja, og oppdaget i går da jeg brukte en annen PC her at tilgangen var usikret. Beklager at jeg ikke har sagt fra om dette før, men ble nokså overrasket da jeg er sikker på at jeg har kryptert denne tidligere. Nå har jeg hvertfall skrudd på WEP encryption: "WPA pre-shared key" ved å følge bruksanvisninga til routeren (min viten på dette område er tilnærmet null). Packet sniffing vet jeg ikke hva er for noe, men jeg har lastet ned en del på denne PC'en via diverse torrents etc, men har altså hatt brannmur og virusbeskyttelse. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå