PDA

View Full Version : I have been hacked



imran911
2011-10-21, 18:53
Greetings! It is now 11:30 pm here in the Philippines... By the time you are reading this i might be asleep... but i will try my best to stay awake. The problem is this... I Have Been PLAYING AN ONLINE GAME CALLED "RAN ONLINE" which is popular here in the Philippines and i have recently UNINSTALLED it due to an VIRUS,MALWARE,SPYWARE Or an unidentified Intruder... Anyway "RAN PHILIPPINES" has an OFFICIAL FACEBOOK ACCOUNT PAGE wherein they inform players about Events,Updates, And patches... Then when i was browsing there forums a user with an account name "RAN ONLINE"- a hacker imitating the official company name posted something called " NEW 177 AND 187 SKILLS" link which i followed and downloaded and installed... Since then i saw the command prompt SUDDENLY POPS UP AND THEN ALL HELL BRAKES LOSE! it installed something into my system... my suspect is a key logger or something... I SCANNED IT WITH SPYBOT BUT NOTHING WAS REPORTED CONVINCING ME... I DID NOT PRESS THE FIX PROBLEM TAB... i uninstalled the game and i am afraid that he will hack my other accounts like facebook,yahoo,google,youtube and etc. My avira anti virus was unable to detect it also! It's like it was designed only for RAN ONLINE BUT I AM NOT SURE! PLEASE HELP! IF FORMATTING MY PC IS THE ONLY WAY PLEASE INFORM ME! I HAVE THE LINK OF THE INFECTED VIRUS AND I CAN SHOW YOU IF YOU ALLOW ME! AND PLEASE ANALAYZE IT! :sad:

mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [<NO NAME>]
mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\tmonitor\TMonitor.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: c:\program files\avira\antivir desktop\avsda.dll
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: DhcpNameServer = 121.1.3.81 121.1.3.16 121.1.3.66
TCP: Interfaces\{4FAF73A3-8ADF-40EC-A9FA-5AAF26834BAA} : DhcpNameServer = 121.1.3.81 121.1.3.16 121.1.3.66
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\vg88tbub.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=mkg030&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?ilc=8
FF - prefs.js: keyword.URL - hxxp://ph.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\user\local settings\application data\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.50401.0\npctrlui.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.brc - BRI/1
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-10-19 36000]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2011-6-27 13696]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-10-19 86224]
R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2011-10-19 110032]
R2 AntiVirWebService;Avira Web Protection;c:\program files\avira\antivir desktop\avwebgrd.exe [2011-10-19 463824]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2011-9-27 745880]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-10-19 74640]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-10-21 13:40:47 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-10-21 13:40:47 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-10-20 14:18:30 -------- d-----w- c:\windows\system32\NtmsData
2011-10-20 14:03:17 -------- d-----w- c:\program files\TMonitor
2011-10-19 04:24:21 -------- d-----w- c:\documents and settings\user\application data\Avira
2011-10-19 04:23:13 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-10-19 04:23:13 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-10-19 04:23:08 -------- d-----w- c:\program files\Avira
2011-10-19 04:23:08 -------- d-----w- c:\documents and settings\all users\application data\Avira
2011-10-14 15:35:02 -------- d-----w- c:\program files\AnvSoft
2011-10-14 15:23:47 -------- d-----w- c:\documents and settings\user\local settings\application data\MediaGet2
2011-10-14 15:23:47 -------- d-----w- c:\documents and settings\user\local settings\application data\Media Get LLC
2011-10-14 15:10:15 -------- d-----w- c:\documents and settings\user\application data\AnvSoft
2011-10-10 06:40:35 -------- d-----w- c:\documents and settings\all users\application data\YouTube Downloader
2011-10-10 06:39:53 -------- d-----w- c:\program files\YouTube Downloader
2011-10-10 05:36:07 -------- d-----w- c:\documents and settings\user\application data\Search Settings
2011-10-10 05:35:58 -------- d-----w- c:\program files\Application Updater
2011-10-10 05:35:57 -------- d-----w- c:\program files\YouTube Downloader Toolbar
.
==================== Find3M ====================
.
2011-10-14 03:14:58 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 23:47:32.12 ===============

.
Unless specifically instructed, do not post this log.
If requested, zip it up & attach it
.

imran911
2011-10-22, 09:51
I would like to inform everyone that I'm currently formatting my hard drives... thank you for your support tashi.

tashi
2011-10-22, 16:59
Thank you for letting us know imran911. :)