1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Keylogger?

Discussion in 'Virus & Other Malware Removal' started by Akenkaset, Apr 2, 2010.

Thread Status:
Not open for further replies.
  1. Akenkaset

    Akenkaset Thread Starter

    Joined:
    Apr 2, 2010
    Messages:
    1
    Hi there.

    Got the advice to post my logs here. I have taken all the possible actions I can think of after getting keylogged. (Used CCleaner, Ad-Aware, Search and Destroy, Malwarebytes.)

    Do I got something I need to worry about?

    Thanks in advance!

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 02:42:29, on 2010-04-03
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\nvsvc32.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program\Lavasoft\Ad-Aware\AAWService.exe
    D:\Program\AVG\AVG9\avgchsvx.exe
    D:\Program\AVG\AVG9\avgrsx.exe
    D:\Program\AVG\AVG9\avgcsrvx.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\WINDOWS\Explorer.EXE
    D:\WINDOWS\system32\RUNDLL32.EXE
    D:\Program\Microsoft IntelliPoint\ipoint.exe
    D:\WINDOWS\RTHDCPL.EXE
    D:\Program\Microsoft Office\Office12\GrooveMonitor.exe
    D:\Program\Delade filer\Java\Java Update\jusched.exe
    D:\Program\Voddler\service\VNetManager.exe
    D:\Program\AVG\AVG9\avgtray.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program\Windows Live\Messenger\msnmsgr.exe
    D:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe
    D:\Program\DAEMON Tools\daemon.exe
    D:\Program\Windows Desktop Search\WindowsSearch.exe
    D:\Program\AVG\AVG9\avgwdsvc.exe
    D:\Program\Java\jre6\bin\jqs.exe
    D:\Program\AVG\AVG9\avgnsx.exe
    D:\WINDOWS\system32\SearchIndexer.exe
    D:\Program\Delade filer\Ahead\Lib\NMIndexingService.exe
    D:\Program\Delade filer\Ahead\Lib\NMIndexStoreSvr.exe
    D:\Program\Windows Live\Contacts\wlcomm.exe
    D:\Program\Mozilla Firefox\firefox.exe
    D:\Program\Lavasoft\Ad-Aware\AAWTray.exe
    D:\WINDOWS\system32\wuauclt.exe
    D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    D:\WINDOWS\system32\SearchProtocolHost.exe
    D:\Program\Adobe\Reader 9.0\Reader\AcroRd32Info.exe
    D:\Program\Trend Micro\HijackThis\HijackThis.exe
    D:\WINDOWS\system32\SearchProtocolHost.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program\AVG\AVG9\avgssie.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program\MICROS~4\Office12\GRA8E1~1.DLL
    O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [nwiz] D:\Program\NVIDIA Corporation\nView\nwiz.exe /install
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [IntelliPoint] "D:\Program\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program\Delade filer\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [UnlockerAssistant] "D:\Program\Unlocker\UnlockerAssistant.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [GrooveMonitor] "D:\Program\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program\Delade filer\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [VoddlerNet Manager] D:\Program\Voddler\service\VNetManager.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "D:\Program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [AVG9_TRAY] D:\Program\AVG\AVG9\avgtray.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "D:\Program\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Vidalia] "D:\Program\Vidalia Bundle\Vidalia\vidalia.exe"
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Privoxy.lnk = D:\Program\Vidalia Bundle\Privoxy\privoxy.exe
    O4 - Startup: Windows Search.lnk = D:\Program\Windows Desktop Search\WindowsSearch.exe
    O8 - Extra context menu item: E&xportera till Microsoft Excel - res://D:\Program\MICROS~4\Office12\EXCEL.EXE/3000
    O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program\MICROS~4\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1270244338296
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1270244311890
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program\MICROS~4\Office12\GR99D3~1.DLL
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program\AVG\AVG9\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Program\DELADE~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: avgrsstarter - D:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - D:\Program\AVG\AVG9\avgwdsvc.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program\Java\jre6\bin\jqs.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - D:\Program\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: NBService - Nero AG - D:\Program\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - D:\Program\Delade filer\Ahead\Lib\NMIndexingService.exe
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - D:\WINDOWS\system32\GameMon.des.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: VoddlerNet - Voddler - D:\Program\Voddler\service\voddler.exe

    --
    End of file - 8172 bytes





    Malwarebytes' Anti-Malware 1.45
    www.malwarebytes.org

    Databasversion: 3947

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    2010-04-03 01:41:55
    mbam-log-2010-04-03 (01-41-55).txt

    Skanningstyp: Fullständig skanning (C:\|D:\|)
    Antal skannade objekt: 159029
    Förfluten tid: 24 minut(er), 38 sekund(er)

    Infekterade minnesprocesser: 0
    Infekterade minnesmoduler: 0
    Infekterade registernycklar: 0
    Infekterade registervärden: 0
    Infekterade registerdataposter: 3
    Infekterade mappar: 0
    Infekterade filer: 2

    Infekterade minnesprocesser:
    (Inga illasinnade poster hittades)

    Infekterade minnesmoduler:
    (Inga illasinnade poster hittades)

    Infekterade registernycklar:
    (Inga illasinnade poster hittades)

    Infekterade registervärden:
    (Inga illasinnade poster hittades)

    Infekterade registerdataposter:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Infekterade mappar:
    (Inga illasinnade poster hittades)

    Infekterade filer:
    C:\System Volume Information\_restore{5ABB1D19-62F3-4FEF-99B3-9048FF7F5796}\RP464\A0060720.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Keylogger
  1. FreeLander98
    Replies:
    44
    Views:
    2,890
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/914382

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice