Druingz Skrevet 4. april 2008 Rapporter Del Skrevet 4. april 2008 Ey Eg tror eg har fåt en keylogger installert på pcen(som stjeler, for det eg veit, wow passordet og brukernavnet ditt). SpyBot fant ingenting. Holder på å scanne med avast. Vist den heller ikke finner noe, er det noen grunn til bekymring. Lenke til kommentar
norbat Skrevet 4. april 2008 Rapporter Del Skrevet 4. april 2008 Hva gjør at du mener du har en keylogger? Post gjerne en combofix-logg. Den kan fortelle hvilke prosesser som kjører på PC-en. Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix (c:\combofix.txt) Lenke til kommentar
Druingz Skrevet 4. april 2008 Forfatter Rapporter Del Skrevet 4. april 2008 (endret) Eg gikk inn på en link som eg ikke burde gå inn på på wow forumet. Såg deretter at folk advarte mot at det var en keylogger. Kan gi en link om du vil det. Avast fant heller ingenting. Her er loggen fra combofix: ComboFix 08-04-03.5 - André 2008-04-04 22:39:55.3 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1044.18.1008 [GMT 2:00] Running from: C:\Users\André\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2008-03-04 to 2008-04-04 ))))))))))))))))))))))))))))))) . 2008-04-04 21:49 . 2008-03-29 19:31 75,856 --a------ C:\Windows\System32\drivers\aswSP.sys 2008-04-04 21:49 . 2008-03-29 19:35 20,560 --a------ C:\Windows\System32\drivers\aswFsBlk.sys 2008-03-19 12:31 . 2008-03-19 12:31 288,582,209 --a------ C:\Windows\MEMORY.DMP 2008-03-15 21:56 . 2008-03-15 22:08 146,927,720 --a------ C:\Users\André\WoW-2.3.3.7799-to-0.4.0.7897-enGB-patch.exe 2008-03-15 21:56 . 2008-03-15 22:08 146,927,720 --a------ C:\Users\André\WoW-2.3.3.7799-to-0.4.0.7897-enGB-patch.exe 2008-03-12 05:49 . 2007-12-17 00:50 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys 2008-03-12 05:49 . 2007-12-16 11:56 41,984 --a------ C:\Windows\System32\drivers\monitor.sys 2008-03-11 19:58 . 2008-03-11 19:58 <DIR> d-------- C:\Users\André\AppData\Roaming\Creative 2008-03-10 15:48 . 2008-03-10 15:48 <DIR> d-------- C:\Windows\xrayScreensaver2 dir 2008-03-10 15:48 . 2008-03-10 15:48 606,848 --a------ C:\Windows\flashax.exe 2008-03-10 15:48 . 2008-03-10 15:48 194,560 --a------ C:\Windows\xrayScreensaver2.scr 2008-03-10 15:48 . 2008-03-10 15:48 12,288 --a------ C:\Windows\impborl.dll 2008-03-09 20:44 . 2008-03-09 20:44 <DIR> d-------- C:\Program Files\Ventrilo . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-04 20:40 3,407,872 --sha-w C:\Users\André\ntuser.dat 2008-04-04 20:40 3,407,872 --sha-w C:\Users\André\ntuser.dat 2008-04-04 20:04 --------- d-----w C:\Users\André\AppData\Roaming\OpenOffice.org2 2008-04-04 19:55 159,147 ----a-w C:\Users\André\AppData\Roaming\nvModes.dat 2008-04-04 12:44 --------- d-----w C:\Users\André\AppData\Roaming\LimeWire 2008-04-04 12:31 --------- d-----w C:\Users\André\AppData\Roaming\Azureus 2008-04-02 09:40 --------- d-----w C:\Program Files\World of Warcraft 2008-03-29 17:45 1,146,232 ----a-w C:\Windows\System32\aswBoot.exe 2008-03-29 17:32 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys 2008-03-29 17:29 23,152 ----a-w C:\Windows\system32\drivers\aswRdr.sys 2008-03-29 17:27 42,912 ----a-w C:\Windows\system32\drivers\aswTdi.sys 2008-03-29 17:23 95,608 ----a-w C:\Windows\System32\AvastSS.scr 2008-03-23 16:45 --------- d-----w C:\Users\André\AppData\Roaming\Real 2008-03-15 20:08 146,927,720 ----a-w C:\Users\André\WoW-2.3.3.7799-to-0.4.0.7897-enGB-patch.exe 2008-03-15 20:08 146,927,720 ----a-w C:\Users\André\WoW-2.3.3.7799-to-0.4.0.7897-enGB-patch.exe 2008-03-13 02:11 --------- d-----w C:\Program Files\Windows Mail 2008-03-13 02:05 --------- d-----w C:\ProgramData\Microsoft Help 2008-03-11 17:58 --------- d-----w C:\Users\André\AppData\Roaming\Creative 2008-03-10 20:57 --------- d-----w C:\Program Files\Azureus 2008-03-09 18:43 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-03-08 17:56 --------- d-----w C:\Program Files\Notebook Hardware Control 2008-03-08 17:49 103,736 ----a-w C:\Windows\System32\PnkBstrB.exe 2008-03-06 16:13 --------- d---a-w C:\ProgramData\TEMP 2008-03-01 23:46 --------- d-----w C:\Users\André\AppData\Roaming\Winamp 2008-03-01 23:19 --------- d-----w C:\Program Files\Winamp 2008-03-01 20:44 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys 2008-02-23 11:46 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-23 11:46 --------- d-----w C:\Program Files\Creative 2008-02-13 10:39 194,560 ----a-w C:\Windows\System32\WebClnt.dll 2008-02-13 10:39 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys 2008-02-13 10:36 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys 2008-02-13 10:36 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe 2008-02-13 10:36 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe 2008-02-13 10:36 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys 2008-02-13 10:36 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys 2008-02-13 10:36 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys 2008-02-13 10:36 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys 2008-02-13 10:35 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys 2008-02-13 10:35 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-02-13 10:35 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-02-13 10:35 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll 2008-02-13 10:35 24,064 ----a-w C:\Windows\System32\netcfg.exe 2008-02-13 10:35 22,016 ----a-w C:\Windows\System32\netiougc.exe 2008-02-13 10:35 216,632 ----a-w C:\Windows\system32\drivers\netio.sys 2008-02-13 10:35 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-02-13 10:35 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-02-13 10:35 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll 2008-02-13 10:35 1,686,528 ----a-w C:\Windows\System32\gameux.dll 2008-02-13 10:33 824,832 ----a-w C:\Windows\System32\wininet.dll 2008-02-13 10:33 56,320 ----a-w C:\Windows\System32\iesetup.dll 2008-02-13 10:33 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-02-13 10:33 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2008-02-07 18:24 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe 2008-02-07 16:21 22,328 ----a-w C:\Users\André\AppData\Roaming\PnkBstrK.sys 2008-02-07 16:03 --------- d-----w C:\Program Files\Activision 2008-02-05 20:46 --------- d--h--w C:\Program Files\Creative Installation Information 2008-02-05 20:45 --------- d-----w C:\Program Files\Common Files\Creative 2008-02-04 16:17 --------- d-----w C:\ProgramData\Azureus 2008-01-10 05:50 1,244,672 ----a-w C:\Windows\System32\mcmde.dll 2008-01-10 02:01 11,776 ----a-w C:\Windows\System32\sbunattend.exe 2008-01-04 21:59 524,288 ----a-w C:\Windows\System32\DivXsm.exe 2008-01-04 21:58 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll 2008-01-04 21:58 200,704 ----a-w C:\Windows\System32\ssldivx.dll 2008-01-04 21:58 1,044,480 ----a-w C:\Windows\System32\libdivx.dll 2008-01-04 21:57 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll 2008-01-04 21:57 823,296 ----a-w C:\Windows\System32\divx_xx07.dll 2008-01-04 21:57 81,920 ----a-w C:\Windows\System32\dpl100.dll 2008-01-04 21:57 802,816 ----a-w C:\Windows\System32\divx_xx11.dll 2008-01-04 21:57 682,496 ----a-w C:\Windows\System32\DivX.dll 2008-01-04 21:57 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll 2008-01-04 21:57 57,344 ----a-w C:\Windows\System32\dpv11.dll 2008-01-04 21:57 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll 2008-01-04 21:57 344,064 ----a-w C:\Windows\System32\dpus11.dll 2008-01-04 21:57 294,912 ----a-w C:\Windows\System32\dpu11.dll 2008-01-04 21:57 294,912 ----a-w C:\Windows\System32\dpu10.dll 2008-01-04 21:57 196,608 ----a-w C:\Windows\System32\dtu100.dll 2008-01-04 21:56 156,992 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe 2008-01-04 21:56 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll 2007-12-24 21:07 174 --sha-w C:\Program Files\desktop.ini . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 04:01 1232896] "Acer Tour Reminder"="" [] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440] "Generic Host Process for Win32 Services"="svchosts.exe" [] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 17:46 1460560] "CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-03-07 18:47 843776] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "Generic Host Process for Win32 Services"="svchosts.exe" [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-16 06:05 1006264] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-09 07:09 865840] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 04:38 40048] "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 16:33 457216] "eAudio"="C:\Acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 14:54 1286144] "Acer Tour"="" [] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-06-26 09:33 86016] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-06-26 09:32 8433664] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-06-26 09:33 81920] "RtHDVCpl"="RtHDVCpl.exe" [2007-09-04 12:39 4702208 C:\Windows\RtHDVCpl.exe] "Skytel"="Skytel.exe" [2007-09-04 12:39 1826816 C:\Windows\SkyTel.exe] "PLFSet"="C:\Windows\PLFSet.dll" [2007-04-25 14:47 45056] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 15:37 174872] "SetPanel"="C:\Acer\APanel\APanel.cmd" [ ] "LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2007-07-31 03:36 707080] "PlayMovie"="C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-24 14:38 206952] "WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 22:48 57344] "eRecoveryService"="" [] "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-08-01 18:30 151552] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496] "Updater"="C:\Windows\system32\updater\explorer.exe" [2007-11-15 16:59 1476987] "Generic Host Process for Win32 Services"="svchosts.exe" [] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-11 16:53 185896] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 16:27 385024] "CreativeMS2020"="C:\Program Files\Creative\Fatal1ty Professional Laser Mouse\ctusbms.exe" [2006-05-09 14:58 143360] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-16 00:54 37376] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "Generic Host Process for Win32 Services"="svchosts.exe" [] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-08-01 18:30 151552] C:\Users\Andr‚\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-09-11 06:43:54 393216] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Acer VCM.lnk - C:\Program Files\Acer\Acer VCM\AcerVCM.exe [2007-12-24 22:42:26 1208320] BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-03-29 14:11:50 719664] Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-08-16 06:52:34 535336] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\DVWIZA~1\Kernel\Burner\MKDMP3Enc.ACM "MSVideo8"= VfWWDM32.dll "VIDC.FPS1"= frapsvid.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{AE2BF644-D639-445C-84C4-ED01488B8E04}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe "{C838F199-B1ED-4E88-AEBF-E9A4D29805AC}"= C:\Program Files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician "{AEFAA8AC-EDC0-4749-A353-C462F267EB99}"= C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia "{4660D352-2FAC-4636-AB0B-D8372BE3D089}"= C:\Program Files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard "{069A8F76-CA27-471B-B85B-BB1463800054}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{DA2ADCFE-F75E-4C7B-BC68-8D688E3BC345}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{A68FF2E9-962D-46CD-BEA9-C4DA6E0BB2E8}"= C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine "{883A8489-3088-4340-8A44-E0260072428F}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie "{599700F8-F2A9-42F0-9468-49F9C934A1F1}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program "{754AA326-74FF-46A6-BD52-856BFF1AD4D4}"= C:\Program Files\Acer\Acer VCM\VC.exe:Acer VCM "{890DD9B5-4EE6-406A-90BC-0DC1DB0A9F5A}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{6B4E9696-F9CD-472D-81B7-B352C72677CC}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire "{F50DEECA-EF7C-463E-91B3-5B2DB98AD30A}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire "TCP Query User{CBFDCC41-6521-4C78-A1F7-C2A98A4C4960}C:\\program files\\world of warcraft\\wow-1.12.x-to-2.0.1-engb-patch-downloader.exe"= UDP:C:\program files\world of warcraft\wow-1.12.x-to-2.0.1-engb-patch-downloader.exe:Blizzard Downloader "UDP Query User{D7AFD52E-3A10-4F78-9E92-A586561EF71A}C:\\program files\\world of warcraft\\wow-1.12.x-to-2.0.1-engb-patch-downloader.exe"= TCP:C:\program files\world of warcraft\wow-1.12.x-to-2.0.1-engb-patch-downloader.exe:Blizzard Downloader "TCP Query User{B05F4EC9-62F0-42B2-A818-0237161F24A8}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire "UDP Query User{CBDE62CE-0358-4B94-903C-5F2588F2C456}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire "TCP Query User{FE3D4FDC-A1B8-400E-BA05-3B97880B2D68}C:\\program files\\world of warcraft\\wow-2.3.0-engb-downloader.exe"= UDP:C:\program files\world of warcraft\wow-2.3.0-engb-downloader.exe:Blizzard Downloader "UDP Query User{1811586E-A84A-4C98-A009-E58163A00AD9}C:\\program files\\world of warcraft\\wow-2.3.0-engb-downloader.exe"= TCP:C:\program files\world of warcraft\wow-2.3.0-engb-downloader.exe:Blizzard Downloader "TCP Query User{53800CFD-8C2E-4E6A-B12D-7A3281410BAA}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{C5ED8FC8-2B92-4187-A6C4-27C44DF1D2CC}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{28AA94D8-5117-4662-B72A-7AEABC98A9E9}C:\\program files\\world of warcraft\\wow-2.3.0.7561-to-2.3.2.7741-engb-downloader.exe"= UDP:C:\program files\world of warcraft\wow-2.3.0.7561-to-2.3.2.7741-engb-downloader.exe:Blizzard Downloader "UDP Query User{78ACABDA-D08E-4922-871C-71571552C79A}C:\\program files\\world of warcraft\\wow-2.3.0.7561-to-2.3.2.7741-engb-downloader.exe"= TCP:C:\program files\world of warcraft\wow-2.3.0.7561-to-2.3.2.7741-engb-downloader.exe:Blizzard Downloader "{2B428DB7-1C0E-47D5-A20E-A9B0C505E92D}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{F32E7A2F-33C4-4DD8-9DEF-E015D0F5B1F5}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "TCP Query User{FE1EC01D-5A00-4BC1-A116-924F615A8D9E}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus "UDP Query User{9DD7538D-C560-42CC-82AF-B4EA79294300}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus "TCP Query User{F9336076-CB0D-47A1-9D64-329D566C63B8}C:\\program files\\real\\realplayer\\realplay.exe"= UDP:C:\program files\real\realplayer\realplay.exe:RealPlayer "UDP Query User{E6AA25B3-4AC6-4BB5-BE36-3504AA226987}C:\\program files\\real\\realplayer\\realplay.exe"= TCP:C:\program files\real\realplayer\realplay.exe:RealPlayer "TCP Query User{E13D7A32-9CFF-449D-ACF6-E1A6CE5BB24F}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus "UDP Query User{F0F867E9-C62B-47C9-88AC-92168E295EB3}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus "{0407BA78-E312-4859-89AD-13F9F55F6E11}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{FAD6EC0C-D871-4D66-971A-DF3F3DBA1A1C}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{C0B234F7-6DA2-404A-906E-3833E64492B7}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "{8CD1F7FC-24D4-46A3-B5C1-D22203AFD3F5}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "TCP Query User{C9E3CA40-0951-49C9-97B7-6C5047FF397D}C:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mp.exe"= UDP:C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe:iw3mp "UDP Query User{4A0B0D4B-F8FA-4093-81F4-9C0F43F43DB4}C:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mp.exe"= TCP:C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe:iw3mp "{BFAD86F1-327A-4619-86AC-CF286E58E635}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare "{DAB8E03E-0FAB-48D0-8FA3-5D916F73221B}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare "{F2B60A0F-0444-43AD-9A7A-9561E3260C38}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb "{A548A92D-C153-4A44-ACBA-297CE5C85001}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb "{54C74A2B-9F38-444A-9801-6A0923112ACA}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray "{A055D4EE-082E-42A7-84BC-9051E5B7A278}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray "{E5436ED5-7810-4F52-88DD-1AC9769AB5AD}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR "{3AB868CB-5551-4967-9B20-06A14F38A6E6}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR "{86CBC6B0-3199-4069-8439-089D138FC14A}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client "{15055087-142F-4215-AA4B-3911AA4755EB}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client "TCP Query User{BFF67AC6-95DF-4C33-A559-166C9C2D2E73}C:\\windows\\winsxs\\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16609_none_2d84c3fd1ccfd3e7\\iexplore.exe"= UDP:C:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16609_none_2d84c3fd1ccfd3e7\iexplore.exe:Internet Explorer "UDP Query User{1BD9F6EE-1D6C-4D07-AAFA-AB9D02768DED}C:\\windows\\winsxs\\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16609_none_2d84c3fd1ccfd3e7\\iexplore.exe"= TCP:C:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16609_none_2d84c3fd1ccfd3e7\iexplore.exe:Internet Explorer "TCP Query User{D5B88F53-8FB1-4FA6-83AB-031E7185A7EC}C:\\users\\andré\\downloads\\wow-2.3.3.7799-to-0.4.0.7897-engb-downloader.exe"= UDP:C:\users\andré\downloads\wow-2.3.3.7799-to-0.4.0.7897-engb-downloader.exe:wow-2.3.3.7799-to-0.4.0.7897-engb-downloader.exe "UDP Query User{AFEE4956-1EE9-4C23-9DD7-07702937255A}C:\\users\\andré\\downloads\\wow-2.3.3.7799-to-0.4.0.7897-engb-downloader.exe"= TCP:C:\users\andré\downloads\wow-2.3.3.7799-to-0.4.0.7897-engb-downloader.exe:wow-2.3.3.7799-to-0.4.0.7897-engb-downloader.exe "TCP Query User{833A07FF-C727-4A4A-AB26-AFDD50C8E385}C:\\users\\andré\\desktop\\wow-2.3.3.7799-to-0.4.0.7897-engb-downloader.exe"= UDP:C:\users\andré\desktop\wow-2.3.3.7799-to-0.4.0.7897-engb-downloader.exe:wow-2.3.3.7799-to-0.4.0.7897-engb-downloader.exe "UDP Query User{22E5B5AB-40E5-4410-91D0-8897EEA9E37E}C:\\users\\andré\\desktop\\wow-2.3.3.7799-to-0.4.0.7897-engb-downloader.exe"= TCP:C:\users\andré\desktop\wow-2.3.3.7799-to-0.4.0.7897-engb-downloader.exe:wow-2.3.3.7799-to-0.4.0.7897-engb-downloader.exe "TCP Query User{DFDC80E1-7961-481F-96CE-0C56A5B052CA}C:\\program files\\world of warcraft\\backgrounddownloader.exe"= UDP:C:\program files\world of warcraft\backgrounddownloader.exe:Blizzard Downloader "UDP Query User{46A0EF13-99B0-4CE1-86B2-0474CEC563BD}C:\\program files\\world of warcraft\\backgrounddownloader.exe"= TCP:C:\program files\world of warcraft\backgrounddownloader.exe:Blizzard Downloader [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "DoNotAllowExceptions"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu "C:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption "C:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-04-25 16:34] R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-04-25 16:34] R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-04-25 16:34] R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 19:31] R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [2006-11-02 17:51] R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35] R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 19:32] R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-04-25 16:34] R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-06-13 16:54] R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-06-28 18:50] R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 12:57] R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2007-08-31 17:46] R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-06-13 12:23] R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-06-26 09:33] R3 winbondcir;Winbond IR Transceiver;C:\Windows\system32\DRIVERS\winbondcir.sys [2007-04-19 09:09] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-02-08 09:03] S3 btwaudio;Bluetooth-lydenhet;C:\Windows\system32\drivers\btwaudio.sys [2007-03-29 21:46] S3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-02-27 08:20] S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-02-27 08:20] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{04262e44-b28d-11dc-8157-806e6f6e6963}] \shell\AutoRun\command - F:\Setup.exe *Newly Created Service* - ASWFSBLK *Newly Created Service* - ASWSP . Contents of the 'Scheduled Tasks' folder "2008-01-02 13:54:39 C:\Windows\Tasks\Uniblue SpyEraser.job" - C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-04 22:42:13 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-04-04 22:42:58 ComboFix-quarantined-files.txt 2008-04-04 20:42:53 ComboFix2.txt 2008-01-24 08:45:07 Pre-Run: 11,690,688,512 byte ledig Post-Run: 11,674,136,576 byte ledig . 2008-04-04 16:28:09 --- E O F --- Endret 4. april 2008 av Druingz Lenke til kommentar
norbat Skrevet 4. april 2008 Rapporter Del Skrevet 4. april 2008 Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Generic Host Process for Win32 Services"=- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "Generic Host Process for Win32 Services"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Generic Host Process for Win32 Services"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "Generic Host Process for Win32 Services"=- Gå til nettstedet http://www.virustotal.com/ og last opp følgende fil for sjekk: C:\WINDOWS\flashax.exe Gi tilbakemelding på om det ble funnet noe på fila Lenke til kommentar
Druingz Skrevet 4. april 2008 Forfatter Rapporter Del Skrevet 4. april 2008 Her er fra Virus total File flashax.exe received on 04.04.2008 23:22:29 (CET) Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED Result: 1/32 (3.13%) Loading server information... Your file is queued in position: 15. Estimated start time is between 83 and 119 seconds. Do not close the window until scan is complete. The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result. If you are waiting for more than five minutes you have to resend your file. Your file is being scanned by VirusTotal in this moment, results will be shown as they're generated. Compact Print results Your file has expired or does not exists. Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time. You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email: Antivirus Version Last Update Result AhnLab-V3 2008.4.4.1 2008.04.04 - AntiVir 7.6.0.81 2008.04.04 - Authentium 4.93.8 2008.04.04 - Avast 4.7.1098.0 2008.04.04 - AVG 7.5.0.516 2008.04.04 - BitDefender 7.2 2008.04.04 - CAT-QuickHeal 9.50 2008.04.04 - ClamAV 0.92.1 2008.04.04 - DrWeb 4.44.0.09170 2008.04.04 - eSafe 7.0.15.0 2008.04.01 - eTrust-Vet 31.3.5670 2008.04.04 - Ewido 4.0 2008.04.04 - F-Prot 4.4.2.54 2008.04.04 - F-Secure 6.70.13260.0 2008.04.04 - FileAdvisor 1 2008.04.04 No threat detected, but known vulnerabilities exist Fortinet 3.14.0.0 2008.04.04 - Ikarus T3.1.1.20 2008.04.04 - Kaspersky 7.0.0.125 2008.04.04 - McAfee 5267 2008.04.04 - Microsoft 1.3408 2008.04.03 - NOD32v2 3003 2008.04.04 - Norman 5.80.02 2008.04.04 - Panda 9.0.0.4 2008.04.04 - Prevx1 V2 2008.04.04 - Rising 20.38.60.00 2008.04.03 - Sophos 4.28.0 2008.04.04 - Sunbelt 3.0.978.0 2008.03.18 - Symantec 10 2008.04.04 - TheHacker 6.2.92.265 2008.04.04 - VBA32 3.12.6.3 2008.03.25 - VirusBuster 4.3.26:9 2008.04.04 - Webwasher-Gateway 6.6.2 2008.04.04 - Additional information File size: 606848 bytes MD5...: a16126510106990df3e4445191adead8 SHA1..: 444b40b55c52b57472a6011ea7bdc5e2566e0242 SHA256: d3eb813e23cbbdc7c2b289e849064b1505f1d906b9c1d244d73a6f0702579598 SHA512: 7c5de3d51c9c3845237daf832cbff39b0d588826c1315ee944b528402c156a4e 945eb9f936fe0c9dcf455506a6c7b65bfe5aef39f02e91dbb4bbc3ffe9163df8 PEiD..: - PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x10065c0 timedatestamp.....: 0x32d64001 (Fri Jan 10 13:11:29 1997) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0xf78c 0xf800 6.50 76d3a10694feea19b07d36ef95096717 .data 0x11000 0x941c 0x3400 1.90 14ad842169a441882dfc3613c64c88d0 .rsrc 0x1b000 0x7e000 0x7dc00 7.95 29661ae0cb7392a9d3a623bd184011b6 .reloc 0x99000 0x1848 0x1a00 5.58 531fb64130d5b5539ef767bd8109c292 ( 6 imports ) > ADVAPI32.dll: RegDeleteValueA, EqualSid, AllocateAndInitializeSid, GetTokenInformation, OpenProcessToken, AdjustTokenPrivileges, LookupPrivilegeValueA, RegCloseKey, FreeSid, RegOpenKeyExA, RegSetValueExA, RegQueryValueExA, RegCreateKeyExA, RegOpenKeyA, RegQueryInfoKeyA > KERNEL32.dll: lstrcatA, GetFileAttributesA, lstrlenA, lstrcmpiA, GetPrivateProfileStringA, GetCurrentProcess, GetPrivateProfileIntA, lstrcpyA, GetModuleFileNameA, RemoveDirectoryA, FindClose, FindNextFileA, DeleteFileA, SetFileAttributesA, lstrcmpA, FindFirstFileA, _lclose, _llseek, _lopen, GetWindowsDirectoryA, CreateDirectoryA, GetSystemDirectoryA, GlobalUnlock, GlobalFree, GlobalLock, GlobalAlloc, LoadResource, CreateMutexA, GetLastError, SetEvent, CreateEventA, SetCurrentDirectoryA, TerminateThread, ResetEvent, CreateThread, GetVersionExA, FormatMessageA, FreeLibrary, GetProcAddress, GetExitCodeProcess, WaitForSingleObject, CreateProcessA, GetTempPathA, LoadLibraryA, FreeResource, LockResource, SizeofResource, CreateFileA, ReadFile, WriteFile, LocalAlloc, SetFileTime, LocalFileTimeToFileTime, DosDateTimeToFileTime, GetTempFileNameA, GetSystemInfo, GetDiskFreeSpaceA, FindResourceA, GetDriveTypeA, GetVolumeInformationA, GetCurrentDirectoryA, LoadLibraryExA, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, GetVersion, ExitProcess, TerminateProcess, LocalFree, UnhandledExceptionFilter, FreeEnvironmentStringsA, MultiByteToWideChar, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, WideCharToMultiByte, GetCPInfo, GetACP, GetOEMCP, SetHandleCount, GetFileType, GetStdHandle, DeleteCriticalSection, GetCurrentThreadId, TlsSetValue, TlsAlloc, SetLastError, TlsGetValue, HeapDestroy, HeapCreate, VirtualFree, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, HeapFree, HeapAlloc, VirtualAlloc, GetLocaleInfoA, GetLocaleInfoW, FlushFileBuffers, SetStdHandle, CloseHandle, lstrcpynA, SetFilePointer, RtlUnwind > GDI32.dll: GetDeviceCaps > USER32.dll: PeekMessageA, LoadStringA, GetDesktopWindow, wsprintfA, ExitWindowsEx, CharPrevA, CharNextA, SetWindowLongA, GetWindowLongA, CallWindowProcA, GetDlgItem, SetForegroundWindow, SetWindowTextA, SendDlgItemMessageA, GetDlgItemTextA, EnableWindow, SendMessageA, SetDlgItemTextA, DispatchMessageA, MsgWaitForMultipleObjects, MessageBoxA, SetWindowPos, ReleaseDC, GetDC, GetWindowRect, ShowWindow, DialogBoxIndirectParamA, MessageBeep, EndDialog > COMCTL32.dll: - > VERSION.dll: GetFileVersionInfoA, GetFileVersionInfoSizeA, VerQueryValueA ( 0 exports ) Bit9 info: http://fileadvisor.bit9.com/services/extin...3e4445191adead8 Lenke til kommentar
norbat Skrevet 4. april 2008 Rapporter Del Skrevet 4. april 2008 Kan ikke se noe 'keyloggende' filer i loggen din, så jeg vil tro du ikke trenger å bekymre deg. Lenke til kommentar
Druingz Skrevet 4. april 2008 Forfatter Rapporter Del Skrevet 4. april 2008 Okei. Takker så mye for hjelpen. Satser på at eg ikke blir hacka i løpet av natten da =) Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå