Gå til innhold

Tror jeg har fått perfect keylogger. Fjern den!

Thor.

Av Thor.
i IKT-drift og sikkerhet

Anbefalte innlegg

Thor.

Thor.

Skrevet
Skrevet

Jeg ver dum et øyeblikk og stolte blindt på en fil. Den var pakket sammen med flere andre filer og ble ikke kjent som noen virus både før og etter extract. Jeg åpnet den og nå når jeg scannet filene på virusscan.jotti.org så fikk jeg vite at perfect keylogger skulle vistnok ha infisert meg i dette øyeblikk.

 

Jeg kjører av free til beskyttelse mot virus.

 

 

hjt logg etter en runde med ccleaner

Klikk for å se/fjerne innholdet nedenfor
Logfile of HijackThis v1.99.1

Scan saved at 19:17:15, on 10.08.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\dllhost.exe

C:\Programfiler\Microsoft IntelliPoint\ipoint.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Programfiler\HTV\HTV.exe

C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe

C:\Programfiler\MSN Messenger\MsnMsgr.Exe

C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe

C:\Programfiler\Steam\Steam.exe

C:\Programfiler\Messenger\msmsgs.exe

C:\Programfiler\DAEMON Tools\daemon.exe

C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexStoreSvr.exe

C:\Programfiler\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE

C:\Programfiler\uTorrent\utorrent.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\NCSoft\Launcher\NCLauncher.exe

C:\Programfiler\MSN Messenger\usnsvc.exe

C:\Programfiler\Opera\Opera.exe

C:\WINDOWS\system32\mdm.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programfiler\Winamp\winamp.exe

C:\Programfiler\WinRAR\WinRAR.exe

C:\DOCUME~1\Thor\LOKALE~1\Temp\Rar$EX00.375\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [intelliPoint] "C:\Programfiler\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [HTV Agent] C:\Programfiler\HTV\HTV.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [steam] "C:\Programfiler\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [PlayNC Launcher] C:\Programfiler\NCSoft\Launcher\NCLauncher.exe /Minimized

O4 - Startup: Snarvei til utorrent.lnk = C:\Programfiler\uTorrent\utorrent.exe

O4 - Global Startup: D-Link AirPlus G+ Wireless Adapter Utility.lnk = C:\Programfiler\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

Lenke til kommentar

Videoannonse

Videoannonse
Annonse
norbat

norbat

Skrevet
Skrevet

Loggen din ser fin ut.

 

Du kan prøve en onlinescan med f.eks. http://www.pandasecurity.com/homeusers/solutions/activescan/ og se om den gir noen utslag.

 

En Combofix-logg kan også forelle om det ligger noe på lur:

Hent Combofix, og legg det på skrivebordet

 

Kjør combofix.exe, og følg veiledningen.

Du må ikke klikke på vinduet mens programmet kjører.

 

Post loggfilen fra combofix vanligvis c:\combofix.txt).

Lenke til kommentar
Thor.

Thor.

Skrevet
  • Forfatter
Skrevet

Takk for svar :)

 

 

[COMBOFIX]

Klikk for å se/fjerne innholdet nedenfor
ComboFix 07-08-09.3 - "Thor" 2007-08-10 23:28:22.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.47.1044.18.574 [GMT 2:00]

* Created a new restore point

 

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

D:\Autorun.inf

 

 

((((((((((((((((((((((((( Files Created from 2007-07-10 to 2007-08-10 )))))))))))))))))))))))))))))))

 

 

2007-08-10 23:27 51,200 --a--c--- C:\WINDOWS\nircmd.exe

2007-08-10 23:27 <DIR> d----c--- C:\WINDOWS\system32\ActiveScan

2007-08-10 23:27 <DIR> d----c--- C:\WINDOWS\LastGood

2007-08-10 22:40 <DIR> d--h-c--- C:\WINDOWS\PIF

2007-08-10 22:37 <DIR> d----c--- C:\Programfiler\Ace Utilities

2007-08-10 19:25 49,424 --a--c--- C:\WINDOWS\system32\clspack.exe

2007-08-10 19:25 172,304 --a--c--- C:\WINDOWS\system32\jview.exe

2007-08-10 19:25 171,792 --a--c--- C:\WINDOWS\system32\wjview.exe

2007-08-10 19:25 139,536 --a--c--- C:\WINDOWS\system32\javaee.dll

2007-08-10 19:16 <DIR> dr-h-c--- C:\DOCUME~1\Thor\Siste

2007-08-10 19:04 3,495,784 --a--c--- C:\WINDOWS\system32\d3dx9_33.dll

2007-08-10 19:04 <DIR> d----c--- C:\Programfiler\NCSoft

2007-08-10 19:01 <DIR> d----c--- C:\DOCUME~1\Thor\PROGRA~1\InstallShield

2007-08-10 18:54 <DIR> d----c--- C:\WINDOWS\system32\Panda Software

2007-08-10 13:10 68,888 --a--c--- C:\WINDOWS\system32\xinput1_3.dll

2007-08-10 13:10 62,744 --a--c--- C:\WINDOWS\system32\xinput1_2.dll

2007-08-10 13:10 3,426,072 --a--c--- C:\WINDOWS\system32\d3dx9_32.dll

2007-08-10 13:10 255,848 --a--c--- C:\WINDOWS\system32\xactengine2_6.dll

2007-08-10 13:10 251,672 --a--c--- C:\WINDOWS\system32\xactengine2_5.dll

2007-08-10 13:10 237,848 --a--c--- C:\WINDOWS\system32\xactengine2_4.dll

2007-08-10 13:10 236,824 --a--c--- C:\WINDOWS\system32\xactengine2_3.dll

2007-08-10 13:10 2,414,360 --a--c--- C:\WINDOWS\system32\d3dx9_31.dll

2007-08-10 13:10 15,128 --a--c--- C:\WINDOWS\system32\x3daudio1_1.dll

2007-08-10 13:09 2,297,552 --a--c--- C:\WINDOWS\system32\d3dx9_26.dll

2007-08-10 02:22 <DIR> d----c--- C:\Programfiler\Activision

2007-08-10 02:21 <DIR> d--hsc--- C:\WINDOWS\ftpcache

2007-08-10 02:06 <DIR> d----c--- C:\Programfiler\Web Publish

2007-08-10 02:01 947,472 --a--c--- C:\WINDOWS\system32\msjava.dll

2007-08-10 02:01 63,248 --a--c--- C:\WINDOWS\system32\javaprxy.dll

2007-08-10 02:01 6,550 --a--c--- C:\WINDOWS\jautoexp.dat

2007-08-10 02:01 46,352 --a--c--- C:\WINDOWS\setdebug.exe

2007-08-10 02:01 44,544 --a--c--- C:\WINDOWS\clspack.exe

2007-08-10 02:01 404,752 --a--c--- C:\WINDOWS\system32\javart.dll

2007-08-10 02:01 313,856 --a--c--- C:\WINDOWS\system32\dx3j.dll

2007-08-10 02:01 286,992 --a--c--- C:\WINDOWS\system32\vmhelper.dll

2007-08-10 02:01 21,264 --a--c--- C:\WINDOWS\system32\msjdbc10.dll

2007-08-10 02:01 187,152 --a--c--- C:\WINDOWS\system32\javacypt.dll

2007-08-10 02:01 171,280 --a--c--- C:\WINDOWS\system32\jit.dll

2007-08-10 02:01 154,384 --a--c--- C:\WINDOWS\system32\msawt.dll

2007-08-10 02:01 15,120 --a--c--- C:\WINDOWS\system32\jdbgmgr.exe

2007-08-10 02:01 113 --a--c--- C:\WINDOWS\system32\zonedon.reg

2007-08-10 02:01 113 --a--c--- C:\WINDOWS\system32\zonedoff.reg

2007-08-10 02:01 103,424 --a--c--- C:\WINDOWS\extrac32.exe

2007-08-10 01:56 <DIR> d----c--- C:\Programfiler\arniWORX

2007-08-10 01:54 <DIR> d----c--- C:\Programfiler\DaemonScript

2007-08-10 01:54 <DIR> d----c--- C:\Programfiler\DAEMON Tools

2007-08-10 01:47 682,232 --a--c--- C:\WINDOWS\system32\drivers\sptd.sys

2007-08-09 19:23 91,648 --a--c--- C:\DOCUME~1\Thor\gzip.exe

2007-08-09 03:39 20,480 --a--c--- C:\WINDOWS\system32\re324224.exe

2007-08-09 03:39 102,912 --a--c--- C:\WINDOWS\system32\VB6STKIT.DLL

2007-08-09 03:39 <DIR> d----c--- C:\Programfiler\Perfect Macro Recorder

2007-08-08 16:33 162,432 --a--c--- C:\WINDOWS\system32\drivers\ithsgt.sys

2007-08-08 16:33 12,032 --a--c--- C:\WINDOWS\system32\drivers\lilsgt.sys

2007-08-08 16:33 <DIR> d----c--- C:\Programfiler\GameShadow

2007-08-08 16:21 <DIR> d----c--- C:\Programfiler\Atari

2007-08-08 13:38 252,416 --a--c--- C:\WINDOWS\Notepad2.exe

2007-08-08 13:36 45 --a--c--- C:\WINDOWS\a.bat

2007-08-08 03:21 8 --a--c--- C:\WINDOWS\system32\nvModes.dat

2007-08-08 02:14 <DIR> d----c--- C:\DOCUME~1\Thor\PROGRA~1\vlc

2007-08-08 02:09 <DIR> d----c--- C:\Programfiler\VideoLAN

2007-08-07 18:04 <DIR> d----c--- C:\Programfiler\SnadBoy's Revelation v2

2007-08-07 16:51 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys

2007-08-07 01:38 <DIR> d-a--c--- C:\WINDOWS\system32\LogFiles

2007-08-07 01:34 <DIR> d-a--c--- C:\Programfiler\Orb Networks

2007-08-07 01:34 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\PROGRA~1\OrbNetworks

2007-08-06 21:48 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\PROGRA~1\Windows Genuine Advantage

2007-08-06 21:46 <DIR> d---sc--- C:\DOCUME~1\Thor\UserData

2007-08-06 19:55 <DIR> d-a--c--- C:\Programfiler\Fantastic Flame Screensaver

2007-08-06 19:49 <DIR> d----c--- C:\DOCUME~1\Thor\PROGRA~1\Nexon

2007-08-06 19:34 4,682 --a--c--- C:\WINDOWS\system32\npptNT2.sys

2007-08-06 19:33 <DIR> d----c--- C:\Nexon

2007-08-06 18:44 <DIR> d----c--- C:\Programfiler\HTV

2007-08-06 18:13 98,304 --a--c--- C:\WINDOWS\system32\msir3jp.dll

2007-08-06 18:13 98,304 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.dll

2007-08-06 18:13 97,792 --a--c--- C:\WINDOWS\system32\dllcache\chtmbx.dll

2007-08-06 18:13 86,073 --a--c--- C:\WINDOWS\system32\dllcache\voicesub.dll

2007-08-06 18:13 86,016 --a--c--- C:\WINDOWS\system32\dllcache\imekrmbx.dll

2007-08-06 18:13 838,144 --a--c--- C:\WINDOWS\system32\dllcache\chtbrkr.dll

2007-08-06 18:13 838,144 --a--c--- C:\WINDOWS\system32\chtbrkr.dll

2007-08-06 18:13 811,064 --a--c--- C:\WINDOWS\system32\imjp81k.dll

2007-08-06 18:13 811,064 --a--c--- C:\WINDOWS\system32\dllcache\imjp81k.dll

2007-08-06 18:13 81,976 --a--c--- C:\WINDOWS\system32\dllcache\imjpdct.dll

2007-08-06 18:13 76,288 --a--c--- C:\WINDOWS\system32\uniime.dll

2007-08-06 18:13 76,288 --a--c--- C:\WINDOWS\system32\dllcache\uniime.dll

2007-08-06 18:13 716,856 --a--c--- C:\WINDOWS\system32\dllcache\imjpcus.dll

2007-08-06 18:13 70,656 --a--c--- C:\WINDOWS\system32\korwbrkr.dll

2007-08-06 18:13 70,656 --a--c--- C:\WINDOWS\system32\dllcache\korwbrkr.dll

2007-08-06 18:13 70,144 --a--c--- C:\WINDOWS\system32\dllcache\pintlphr.exe

2007-08-06 18:13 67,584 --a--c--- C:\WINDOWS\system32\dllcache\pmigrate.dll

2007-08-06 18:13 59,392 --a--c--- C:\WINDOWS\system32\dllcache\imscinst.exe

2007-08-06 18:13 57,399 --a--c--- C:\WINDOWS\system32\dllcache\cplexe.exe

2007-08-06 18:13 56,320 --a--c--- C:\WINDOWS\system32\dllcache\chtskdic.dll

2007-08-06 18:13 53,760 --a--c--- C:\WINDOWS\system32\dllcache\pintlcsd.dll

2007-08-06 18:13 480,256 --a--c--- C:\WINDOWS\system32\dllcache\cintsetp.exe

2007-08-06 18:13 455,168 --a--c--- C:\WINDOWS\system32\dllcache\tintsetp.exe

2007-08-06 18:13 44,032 --a--c--- C:\WINDOWS\system32\dllcache\tintlphr.exe

2007-08-06 18:13 426,041 --a--c--- C:\WINDOWS\system32\dllcache\voicepad.dll

2007-08-06 18:13 368,696 --a--c--- C:\WINDOWS\system32\dllcache\imjpcic.dll

2007-08-06 18:13 307,257 --a--c--- C:\WINDOWS\system32\dllcache\imjpdct.exe

2007-08-06 18:13 274,489 --a--c--- C:\WINDOWS\system32\dllcache\imjputyc.dll

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-08-08 00:17 66876 --a--c--- C:\WINDOWS\system32\perfc014.dat

2007-08-08 00:17 396894 --a--c--- C:\WINDOWS\system32\perfh014.dat

2007-06-29 00:43 8466432 --a------ C:\WINDOWS\system32\nvcpl.dll

2007-06-29 00:43 81920 --a--c--- C:\WINDOWS\system32\nvwddi.dll

2007-06-29 00:43 81920 --a------ C:\WINDOWS\system32\nvmctray.dll

2007-06-29 00:43 753664 --a--c--- C:\WINDOWS\system32\nvcplui.exe

2007-06-29 00:43 6807328 --a--c--- C:\WINDOWS\system32\drivers\nv4_mini.sys

2007-06-29 00:43 6807328 --a--c--- C:\WINDOWS\system32\dllcache\nv4_mini.sys

2007-06-29 00:43 6729728 --a--c--- C:\WINDOWS\system32\nvoglnt.dll

2007-06-29 00:43 6234112 --a--c--- C:\WINDOWS\system32\nvdisps.dll

2007-06-29 00:43 5690624 --a--c--- C:\WINDOWS\system32\dllcache\nv4_disp.dll

2007-06-29 00:43 5690624 --a------ C:\WINDOWS\system32\nv4_disp.dll

2007-06-29 00:43 5455872 --a--c--- C:\WINDOWS\system32\nvdispsr.dll

2007-06-29 00:43 466944 --a------ C:\WINDOWS\system32\nvshell.dll

2007-06-29 00:43 458752 --a--c--- C:\WINDOWS\system32\nvmccssr.dll

2007-06-29 00:43 45056 --a--c--- C:\WINDOWS\system32\nvmccsrs.dll

2007-06-29 00:43 442368 --a--c--- C:\WINDOWS\system32\nvappbar.exe

2007-06-29 00:43 425984 --a--c--- C:\WINDOWS\system32\keystone.exe

2007-06-29 00:43 37376 --a--c--- C:\WINDOWS\system32\nvcodins.dll

2007-06-29 00:43 37376 --a--c--- C:\WINDOWS\system32\nvcod.dll

2007-06-29 00:43 360448 --a------ C:\WINDOWS\system32\nvapi.dll

2007-06-29 00:43 3600384 --a--c--- C:\WINDOWS\system32\nvvitvsr.dll

2007-06-29 00:43 3518464 --a--c--- C:\WINDOWS\system32\nvvitvs.dll

2007-06-29 00:43 3321856 --a--c--- C:\WINDOWS\system32\nvgames.dll

2007-06-29 00:43 3072000 --a--c--- C:\WINDOWS\system32\nvgamesr.dll

2007-06-29 00:43 307200 --a--c--- C:\WINDOWS\system32\nvexpbar.dll

2007-06-29 00:43 286720 --a--c--- C:\WINDOWS\system32\nvnt4cpl.dll

2007-06-29 00:43 2854912 --a--c--- C:\WINDOWS\system32\nvmoblsr.dll

2007-06-29 00:43 2416640 --a--c--- C:\WINDOWS\system32\nvwssr.dll

2007-06-29 00:43 2330624 --a--c--- C:\WINDOWS\system32\nvwss.dll

2007-06-29 00:43 229376 --a--c--- C:\WINDOWS\system32\nvmccs.dll

2007-06-29 00:43 188416 --a--c--- C:\WINDOWS\system32\nvmccss.dll

2007-06-29 00:43 1703936 --a--c--- C:\WINDOWS\system32\nvwdmcpl.dll

2007-06-29 00:43 1626112 --a--c--- C:\WINDOWS\system32\nwiz.exe

2007-06-29 00:43 155716 --a------ C:\WINDOWS\system32\nvsvc32.exe

2007-06-29 00:43 1474560 --a--c--- C:\WINDOWS\system32\nview.dll

2007-06-29 00:43 147456 --a--c--- C:\WINDOWS\system32\nvcolor.exe

2007-06-29 00:43 1339392 --a--c--- C:\WINDOWS\system32\nvdspsch.exe

2007-06-29 00:43 1142784 --a--c--- C:\WINDOWS\system32\nvmobls.dll

2007-06-29 00:43 1073152 --a--c--- C:\WINDOWS\system32\nvcpluir.dll

2007-06-29 00:43 1019904 --a--c--- C:\WINDOWS\system32\nvwimg.dll

2007-06-29 00:43 1018772 --a--c--- C:\WINDOWS\system32\nvucode.bin

2004-08-20 19:09 62865 --a--c--- C:\WINDOWS\inf\IM\odysseyIM3.sys

2004-08-20 19:09 45056 --a--c--- C:\WINDOWS\inf\IM\imdinst.exe

2004-08-20 19:09 12739 --a--c--- C:\WINDOWS\inf\IM\odNetInstall.dll

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 22:32]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 22:32]

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 22:32]

"IntelliPoint"="C:\Programfiler\Microsoft IntelliPoint\ipoint.exe" [2005-12-04 16:39]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43]

"nwiz"="nwiz.exe" [2007-06-29 00:43 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 00:43]

"SoundMan"="SOUNDMAN.EXE" [2005-08-17 18:39 C:\WINDOWS\SOUNDMAN.EXE]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-08-06 17:04]

"NeroFilterCheck"="C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40]

"HTV Agent"="C:\Programfiler\HTV\HTV.exe" [2007-08-06 18:20]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 11:28]

"Steam"="C:\Programfiler\Steam\Steam.exe" [2007-08-06 18:02]

"MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" [2004-10-13 18:24]

"DAEMON Tools"="C:\Programfiler\DAEMON Tools\daemon.exe" [2007-04-04 00:29]

"PlayNC Launcher"="C:\Programfiler\NCSoft\Launcher\NCLauncher.exe" [2007-04-17 12:47]

 

C:\Documents and Settings\Thor\Start-meny\Programmer\Oppstart\

Snarvei til utorrent.lnk - C:\Programfiler\uTorrent\utorrent.exe [2007-02-15 22:17:12]

 

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

D-Link AirPlus G+ Wireless Adapter Utility.lnk - C:\Programfiler\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE [2007-08-06 16:32:14]

 

R0 sbp2port;SBP-2 Transport/Protocol-bussdriver;C:\WINDOWS\system32\DRIVERS\sbp2port.sys

R0 Si3114r5;SiI-3114 SoftRaid 5 Controller;C:\WINDOWS\system32\DRIVERS\Si3114r5.sys

R0 SiRemFil;SATALink External Device Filter;C:\WINDOWS\system32\DRIVERS\SiRemFil.sys

R1 AmdK8;AMD-prosessordriver;C:\WINDOWS\system32\DRIVERS\AmdK8.sys

R1 lusbaudio;Logitech USB-mikrofon;C:\WINDOWS\system32\drivers\OVSound2.sys

R2 ithsgt;ithsgt;C:\WINDOWS\system32\DRIVERS\ithsgt.sys

R2 lilsgt;lilsgt;C:\WINDOWS\system32\DRIVERS\lilsgt.sys

R3 MTsensor;ATK0110 ACPI UTILITY;C:\WINDOWS\system32\DRIVERS\ASACPI.sys

R3 odysseyIM3;Odyssey Network Services Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys

R3 Point32;Microsoft IntelliPoint Filter Driver;C:\WINDOWS\system32\DRIVERS\point32.sys

R3 QCEmerald;Logitech QuickCam Web;C:\WINDOWS\system32\DRIVERS\OVCE.sys

R3 TNET1130;D-Link AirPlus G+ Wireless Adapter;C:\WINDOWS\system32\DRIVERS\GPlus.sys

R3 WD_FireWire_HID;WD FireWire Pseudo-HID driver;C:\WINDOWS\system32\DRIVERS\wdfwhid.sys

S3 AIDA32Driver;AIDA32Driver;\??\C:\Documents and Settings\Thor\Programdata\Opera\Opera\profile\cache4\temporary_download\aida32pe_393\aida32.sys

S3 DISK_DRIVE32;DISK_DRIVE32;\??\C:\Documents and Settings\Thor\Skrivebord\uce - extract me to your desktop\disk_1024.sys

 

 

**************************************************************************

 

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-08-10 23:29:16

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Completion time: 2007-08-10 23:29:50

C:\ComboFix-quarantined-files.txt ... 2007-08-10 23:29

 

--- E O F ---

 

Panda jobber...

Lenke til kommentar
norbat

norbat

Skrevet
Skrevet

Hvis du vet tidspunktet for når du mener denne keyloggeren kom inn i systemet, kan du se om du finner noen filer rundt dette tidpunktet i combofix-loggen og sjekk de nærmere. Se under feltet "Files Created from 2007-07-10 to 2007-08-10"

 

Ut fra det jeg ser er det ingen filer der som ser mistenkelige ut.

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
Gå til emneliste
×
×
  • Opprett ny...