Raytee Skrevet 26. juli 2008 Del Skrevet 26. juli 2008 Nå er jeg så smart at jeg klikket på en link så jeg tror kan være Keylogger og tør egentlig ikke og gjøre så mye før jeg har funnet ut av det, men jeg vet ikke hvordan jeg finner keyloggere. Så noen som har noen tips til hvordan jeg kan skjekke? Evt fjerne? Lenke til kommentar https://www.diskusjon.no/topic/986362-trykket-p%C3%A5-link-som-jeg-tror-kan-v%C3%A6re-keylogger/
norbat Skrevet 26. juli 2008 Del Skrevet 26. juli 2008 De fleste antivirus- og antispywareprogrammer finner keyloggere. Du kan gjøre følgende: Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix (c:\combofix.txt) Lenke til kommentar https://www.diskusjon.no/topic/986362-trykket-p%C3%A5-link-som-jeg-tror-kan-v%C3%A6re-keylogger/#findComment-11665077
Raytee Skrevet 26. juli 2008 Forfatter Del Skrevet 26. juli 2008 (endret) Klikk for å se/fjerne innholdet nedenfor ComboFix 08-07-26.1 - Raymond 2008-07-26 21:45:34.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.471 [GMT 2:00] Running from: C:\Documents and Settings\Raymond\My Documents\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\pskt.ini C:\WINDOWS\system32\hifpersk.ini C:\WINDOWS\system32\kmUxxyay.ini C:\WINDOWS\system32\kmUxxyay.ini2 C:\WINDOWS\system32\mcrh.tmp . ((((((((((((((((((((((((( Files Created from 2008-06-26 to 2008-07-26 ))))))))))))))))))))))))))))))) . 2008-07-14 06:07 . 2008-07-14 06:07 <DIR> d-------- C:\Program Files\Winamp Toolbar 2008-07-14 06:07 . 2008-07-14 06:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Winamp Toolbar 2008-07-14 06:06 . 2008-07-14 06:06 <DIR> d-------- C:\Program Files\Winamp Remote 2008-07-14 06:06 . 2008-07-14 06:07 <DIR> d-------- C:\Program Files\Winamp 2008-07-14 06:06 . 2008-07-14 06:07 <DIR> d-------- C:\Documents and Settings\Raymond\Application Data\Winamp 2008-07-14 06:06 . 2008-07-14 06:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\OrbNetworks 2008-07-12 21:29 . 2008-07-14 23:53 <DIR> d--h----- C:\$AVG8.VAULT$ 2008-07-12 21:26 . 2008-07-26 20:09 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg 2008-07-12 21:26 . 2008-07-12 21:26 <DIR> d-------- C:\Program Files\AVG 2008-07-12 21:26 . 2008-07-12 21:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8 2008-07-12 21:26 . 2008-07-12 21:26 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys 2008-07-12 21:26 . 2008-07-12 21:26 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys 2008-07-12 21:26 . 2008-07-12 21:26 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll 2008-07-12 20:55 . 2008-07-12 20:55 110,419 --a------ C:\WINDOWS\BM6bf2f547.xml 2008-07-11 21:06 . 2008-06-13 15:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-07-11 21:06 . 2008-06-13 15:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys 2008-07-11 20:57 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-07-11 20:57 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-07-11 20:57 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-07-11 20:39 . 2008-07-11 20:39 <DIR> d-------- C:\Program Files\Hamachi 2008-07-11 20:39 . 2008-07-11 23:19 <DIR> d-------- C:\Documents and Settings\Raymond\Application Data\Hamachi 2008-07-11 20:39 . 2008-07-11 20:39 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys 2008-07-11 19:31 . 2008-07-11 19:31 <DIR> d-------- C:\Program Files\VentSrv 2008-07-11 19:31 . 2008-07-11 19:31 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-07-09 02:55 . 2008-07-09 02:55 <DIR> d-------- C:\Program Files\DivX 2008-07-09 02:05 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys 2008-07-09 02:05 . 2001-08-17 13:53 3,328 --a------ C:\WINDOWS\system32\drivers\qv2kux.sys 2008-07-09 02:05 . 2001-08-17 13:53 3,328 --a--c--- C:\WINDOWS\system32\dllcache\qv2kux.sys 2008-07-09 00:11 . 2008-07-09 00:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet 2008-07-09 00:08 . 2008-07-09 00:08 <DIR> d-------- C:\Program Files\Bonjour 2008-07-09 00:04 . 2008-07-09 00:04 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared 2008-07-09 00:03 . 2008-07-09 00:08 <DIR> d-------- C:\Program Files\Common Files\Adobe 2008-07-08 23:50 . 2008-07-08 23:52 139,264 --a------ C:\WINDOWS\War3Unin.exe 2008-07-08 23:50 . 2008-07-09 00:00 76,268 --a------ C:\WINDOWS\War3Unin.dat 2008-07-08 23:50 . 2008-07-08 23:52 2,829 --a------ C:\WINDOWS\War3Unin.pif 2008-07-08 23:49 . 2008-07-11 22:42 <DIR> d-------- C:\Program Files\Warcraft III 2008-07-08 22:36 . 2008-07-08 22:38 <DIR> d-------- C:\Program Files\PowerISO 2008-07-08 22:28 . 2008-07-26 21:49 <DIR> d-------- C:\Program Files\Steam 2008-07-08 22:28 . 2008-07-08 22:29 <DIR> d-------- C:\Program Files\BitLord 2008-07-08 22:21 . 2008-07-08 22:21 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2008-07-08 22:21 . 2008-07-08 22:21 <DIR> d-------- C:\Documents and Settings\Raymond\Contacts 2008-07-08 22:19 . 2008-07-08 22:19 <DIR> d-------- C:\Program Files\Opera 2008-07-08 22:17 . 2008-07-12 01:47 <DIR> d--h----- C:\WINDOWS\$hf_mig$ 2008-07-08 22:17 . 2008-07-08 22:21 <DIR> d-------- C:\Program Files\Windows Live 2008-07-08 22:17 . 2008-07-08 22:19 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-07-08 22:17 . 2008-07-08 22:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-07-08 22:15 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll 2008-07-08 22:15 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui 2008-07-08 22:15 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui 2008-07-08 22:15 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui 2008-07-08 22:15 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui 2008-07-08 22:11 . 2008-07-08 22:11 <DIR> d-------- C:\Documents and Settings\Raymond\Application Data\ATI 2008-07-08 22:11 . 2008-07-08 22:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ATI 2008-07-08 22:11 . 2008-07-08 22:11 0 --a------ C:\WINDOWS\ativpsrm.bin 2008-07-08 22:10 . 2008-07-08 22:10 <DIR> d-------- C:\Documents and Settings\Raymond\Application Data\vlc 2008-07-08 22:09 . 2008-07-08 22:09 <DIR> d-------- C:\Program Files\Windows Media Connect 2 2008-07-08 22:08 . 2008-07-08 22:08 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2008-07-08 22:08 . 2008-07-08 22:09 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF 2008-07-08 22:07 . 2008-07-08 22:07 <DIR> d-------- C:\Program Files\VideoLAN 2008-07-08 22:04 . 2008-07-08 22:04 <DIR> d-------- C:\Program Files\ATI Technologies 2008-07-08 22:03 . 2008-07-08 22:03 <DIR> d---s---- C:\Documents and Settings\Raymond\UserData 2008-07-08 22:03 . 2008-07-08 22:03 <DIR> d-------- C:\ATI 2008-07-08 22:03 . 2008-06-02 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe 2008-07-08 22:01 . 2008-07-08 22:01 <DIR> d-------- C:\WINDOWS\system32\Lang 2008-07-08 22:01 . 2008-07-08 22:01 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav 2008-07-08 22:01 . 2008-07-08 22:01 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav 2008-07-08 22:00 . 1998-11-13 13:09 306,688 --a------ C:\WINDOWS\IsUn0414.exe 2008-07-08 22:00 . 2003-10-03 16:28 45,056 --a------ C:\WINDOWS\system32\vusetup.dll 2008-07-08 22:00 . 2005-06-07 03:51 11,264 --a------ C:\WINDOWS\system32\drivers\vulfntr.sys 2008-07-08 22:00 . 2005-01-06 04:02 6,912 --a------ C:\WINDOWS\system32\drivers\vulfnth.sys 2008-07-08 21:58 . 2008-07-08 21:58 <DIR> d-------- C:\Program Files\Realtek 2008-07-08 21:57 . 2008-07-08 21:57 <DIR> d-------- C:\Program Files\VIA 2008-07-08 21:56 . 2008-07-08 21:56 <DIR> d-------- C:\WINDOWS\vnDrvBas 2008-07-08 21:56 . 2005-06-17 13:41 61,440 --a------ C:\WINDOWS\system32\vuins32.dll 2008-07-08 21:56 . 2005-06-22 12:35 43,008 --a------ C:\WINDOWS\system32\drivers\fetnd5bv.sys 2008-07-08 21:55 . 2008-07-08 22:04 <DIR> d--h----- C:\Program Files\InstallShield Installation Information 2008-07-08 21:55 . 2008-07-08 22:03 <DIR> d-------- C:\Program Files\Common Files\InstallShield 2008-07-08 21:55 . 2008-07-08 21:55 <DIR> d-------- C:\Program Files\AMD 2008-07-08 21:55 . 2005-03-09 15:53 38,400 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys 2008-07-08 21:55 . 2008-07-08 21:55 16,174 --a------ C:\WINDOWS\Ascd_tmp.ini 2008-07-08 21:55 . 2004-04-26 18:00 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS 2008-07-08 21:55 . 2004-08-13 04:56 5,810 -ra------ C:\WINDOWS\system32\drivers\ASACPI.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-18 17:52 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2008-06-11 00:07 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys 2008-06-11 00:07 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys 2008-06-11 00:07 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2008-06-11 00:07 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys 2008-06-11 00:07 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2008-06-11 00:07 129,784 ------w C:\WINDOWS\system32\pxafs.dll 2008-06-11 00:07 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe 2008-06-11 00:07 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe 2008-06-11 00:04 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2008-06-11 00:04 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2008-06-03 06:20 3,100,160 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys 2008-06-03 03:46 10,276,864 ----a-w C:\WINDOWS\system32\atioglx2.dll 2008-06-03 03:22 413,696 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll 2008-06-03 03:21 306,688 ----a-w C:\WINDOWS\system32\ati2dvag.dll 2008-06-03 03:11 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll 2008-06-03 03:11 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe 2008-06-03 03:11 180,224 ----a-w C:\WINDOWS\system32\atipdlxx.dll 2008-06-03 03:11 139,264 ----a-w C:\WINDOWS\system32\Oemdspif.dll 2008-06-03 03:11 139,264 ----a-w C:\WINDOWS\system32\ati2evxx.dll 2008-06-03 03:09 552,960 ----a-w C:\WINDOWS\system32\ati2evxx.exe 2008-06-03 03:08 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL 2008-06-03 03:04 245,760 ----a-w C:\WINDOWS\system32\atiok3x2.dll 2008-06-03 03:02 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll 2008-06-03 02:59 3,500,352 ----a-w C:\WINDOWS\system32\ati3duag.dll 2008-06-03 02:48 2,120,832 ----a-w C:\WINDOWS\system32\ativvaxx.dll 2008-06-03 02:33 48,128 ----a-w C:\WINDOWS\system32\amdpcom32.dll 2008-06-03 02:29 348,160 ----a-w C:\WINDOWS\system32\atikvmag.dll 2008-06-03 02:28 23,040 ----a-w C:\WINDOWS\system32\atiadlxx.dll 2008-06-03 02:28 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll 2008-06-03 02:27 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll 2008-06-03 02:22 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll 2008-06-03 02:21 557,056 ----a-w C:\WINDOWS\system32\ati2cqag.dll 2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-07-02 21:39 1267040] [HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184] "Steam"="C:\Program Files\Steam\Steam.exe" [2008-07-08 22:28 1271032] "Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 03:54 507904] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440] "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-08-07 02:05 200704] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-12 21:26 1232152] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-07-09 23:33 36352] "SkyTel"="SkyTel.EXE" [2006-05-15 21:04 2879488 C:\WINDOWS\SkyTel.exe] "RTHDCPL"="RTHDCPL.EXE" [2006-09-11 19:58 16264192 C:\WINDOWS\RTHDCPL.EXE] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\BitLord\\BitLord.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"= "C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"= "C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-12 21:26] R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-12 21:26] R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-12 21:26] R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-12 21:26] . - - - - ORPHANS REMOVED - - - - BHO-{40C0E837-C49A-4BFB-AD78-8827ED61FD5B} - C:\WINDOWS\system32\yayxxUmk.dll HKLM-Run-68c1c6db - C:\WINDOWS\system32\ksrepfih.dll HKLM-Run-BM6bf2f547 - C:\WINDOWS\system32\qkkmiouj.dll Notify-nnnkHaYP - nnnkHaYP.dll . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://www.sol.no/ R1 -: HKCU-Internet Settings,ProxyOverride = *.local O8 -: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-26 21:48:40 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\AVG\AVG8\avgrsx.exe C:\Program Files\AVG\AVG8\avgrsx.exe . ************************************************************************** . Completion time: 2008-07-26 21:51:17 - machine was rebooted [Raymond] ComboFix-quarantined-files.txt 2008-07-26 19:50:59 Pre-Run: 474,840,870,912 bytes free Post-Run: 476,084,379,648 bytes free 219 --- E O F --- 2008-07-11 23:47:20 Et spørsmål til, etter jeg hadde en trojan jeg slettet med AVG free, så kommer disse 2 opp hver gang jeg starter PCen; C:\WINDOWS\system32\rundll32.exe |X| | ----------------------------------------------- Error loading C:\WINDOWS\System32\qkkmiouj.dll The specified module could not be found. |OK| -------------------------------------------------------------- C:\WINDOWS\system32\rundll32.exe |X| | ------------------------------------------------ Error loading C:\WINDOWS\System32\ksrepfih.dll The specified module could not be found. |OK| Endret 26. juli 2008 av Raytee Lenke til kommentar https://www.diskusjon.no/topic/986362-trykket-p%C3%A5-link-som-jeg-tror-kan-v%C3%A6re-keylogger/#findComment-11665149
norbat Skrevet 26. juli 2008 Del Skrevet 26. juli 2008 Meldingene du fikk skyldtes at filene var fjernet, mens registeroppføringen fortsatt lå på pc'n. Det ser ut som om Combofix fjerner registeroppføringene, så jeg antar at du ikke lengre får disse meldingene? Combofix-loggen ser forøvrig grei ut. Lenke til kommentar https://www.diskusjon.no/topic/986362-trykket-p%C3%A5-link-som-jeg-tror-kan-v%C3%A6re-keylogger/#findComment-11666106
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå