Zeph Skrevet 13. juni 2010 Rapporter Del Skrevet 13. juni 2010 PC-en byrja sende ut spam til kontaktene i adresselista i går. Brukar Hotmail og Windows Live Mail som klient. Den har og sendt til adresser som eg har fått e-post frå, men som ikkje ligg i adresselista. Den sendte både i går og i dag, eg har slutta å bruke Windows Live inntil vidare i håp om at det skal hjelpe. Set stor pris på hjelp. Antivirusprogram: Avira Free Version Combofix-logg: ComboFix 10-06-11.01 - Heine 12-Jun-10 22:49:40.1.2 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2046.1431 [GMT 2:00] Running from: c:\users\Heine\AppData\Local\Opera\Opera\temporary_downloads\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2010-05-12 to 2010-06-12 ))))))))))))))))))))))))))))))) . 2010-06-12 20:53 . 2010-06-12 20:54 -------- d-----w- c:\users\Heine\AppData\Local\temp 2010-06-12 20:53 . 2010-06-12 20:53 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-06-12 20:37 . 2010-06-12 20:37 -------- d-----w- c:\users\Heine\AppData\Roaming\Malwarebytes 2010-06-12 20:36 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-06-12 20:36 . 2010-06-12 20:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-12 20:36 . 2010-06-12 20:36 -------- d-----w- c:\programdata\Malwarebytes 2010-06-12 20:36 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-06-12 20:10 . 2010-06-12 20:10 -------- d-----w- c:\programdata\Alwil Software 2010-06-12 20:10 . 2010-06-12 20:10 -------- d-----w- c:\program files\Alwil Software 2010-06-11 13:01 . 2010-06-11 13:01 73728 ----a-r- c:\users\Heine\AppData\Roaming\Microsoft\Installer\{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}\liteico.exe.827545C6_7013_4DE1_8E6C_DAEE4C57F54A.exe 2010-06-11 13:01 . 2010-06-11 13:01 73728 ----a-r- c:\users\Heine\AppData\Roaming\Microsoft\Installer\{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}\ARPICON.exe 2010-06-11 13:01 . 2010-06-11 13:01 -------- d-----w- c:\users\Heine\AppData\Local\Citrix 2010-06-09 09:50 . 2010-05-01 14:49 2326528 ----a-w- c:\windows\system32\win32k.sys 2010-06-09 09:50 . 2010-03-05 07:42 67584 ----a-w- c:\windows\system32\asycfilt.dll 2010-06-09 09:50 . 2010-05-21 05:18 977920 ----a-w- c:\windows\system32\wininet.dll 2010-06-09 09:50 . 2010-05-27 07:24 34304 ----a-w- c:\windows\system32\atmlib.dll 2010-06-09 09:50 . 2010-05-27 03:49 293888 ----a-w- c:\windows\system32\atmfd.dll 2010-06-08 18:00 . 2010-06-08 18:00 -------- d-----w- c:\program files\Orbitdownloader 2010-06-08 18:00 . 2010-06-11 13:04 -------- d-----w- c:\users\Heine\AppData\Roaming\Orbit 2010-06-03 08:54 . 2010-06-03 08:54 -------- d-----w- c:\windows\system32\Wat 2010-05-27 11:52 . 2010-05-27 11:52 -------- d-----w- c:\program files\Common Files\Common Share 2010-05-27 11:52 . 2008-12-18 11:38 719872 ----a-w- c:\windows\system32\devil.dll 2010-05-27 11:52 . 2008-12-18 11:38 351744 ----a-w- c:\windows\system32\avisynth.dll 2010-05-26 06:53 . 2010-03-04 07:33 740864 ----a-w- c:\windows\system32\inetcomm.dll 2010-05-26 06:53 . 2010-04-23 07:13 2048 ----a-w- c:\windows\system32\tzres.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-12 11:31 . 2010-04-09 07:11 -------- d-----w- c:\users\Heine\AppData\Roaming\uTorrent 2010-06-11 14:05 . 2010-04-21 06:08 -------- d-----w- c:\program files\Ask.com 2010-06-11 12:01 . 2010-04-18 09:00 -------- d-----w- c:\users\Heine\AppData\Roaming\vlc 2010-06-09 10:10 . 2010-04-09 20:35 -------- d-----w- c:\program files\Microsoft Silverlight 2010-05-27 11:48 . 2010-04-09 07:12 -------- d-----w- c:\program files\uTorrent 2010-05-27 11:47 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail 2010-05-12 09:21 . 2010-04-08 21:14 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-05-10 12:30 . 2010-05-10 12:20 -------- d-----w- c:\users\Heine\AppData\Roaming\Dropbox 2010-05-10 12:20 . 2010-05-10 12:20 89831 ----a-w- c:\users\Heine\AppData\Roaming\Dropbox\bin\Uninstall.exe 2010-05-06 19:47 . 2010-05-06 19:47 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf 2010-05-05 08:57 . 2010-05-05 08:57 -------- d-----w- c:\program files\Real Alternative 2010-05-04 08:57 . 2010-04-13 15:52 -------- d-----w- c:\users\Heine\AppData\Roaming\FileZilla 2010-05-02 16:48 . 2010-05-02 16:48 -------- d-----w- c:\programdata\NVIDIA 2010-05-02 16:46 . 2010-04-23 11:22 -------- d-----w- c:\program files\NVIDIA Corporation 2010-05-02 16:46 . 2010-04-29 22:03 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-05-01 21:53 . 2010-05-01 21:53 -------- d-----w- c:\program files\DriverCleanerDotNET 2010-05-01 21:50 . 2010-05-01 21:50 -------- d-----w- c:\program files\Phyxion.net 2010-05-01 20:58 . 2010-04-08 21:10 57952 ----a-w- c:\users\Heine\AppData\Local\GDIPFONTCACHEV1.DAT 2010-05-01 20:55 . 2010-04-11 17:02 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-05-01 20:55 . 2010-05-01 20:55 -------- d-----w- c:\program files\V1 Home 2.0 2010-04-30 18:59 . 2010-04-08 21:09 -------- d-----w- c:\program files\Opera 2010-04-29 17:47 . 2010-04-29 17:47 666112 ----a-w- c:\users\Heine\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\pmv306hw-1003220-0-main.dll 2010-04-29 17:47 . 2010-04-29 17:47 319488 ----a-w- c:\users\Heine\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe 2010-04-29 17:23 . 2010-04-27 07:46 -------- d-----w- c:\program files\Elecard 2010-04-27 07:04 . 2010-04-27 07:04 81 ----a-w- c:\users\Heine\CTX.DAT 2010-04-21 07:00 . 2010-04-21 07:00 -------- d-----w- c:\program files\MediaMonkey 2010-04-21 06:43 . 2010-04-21 06:10 -------- d-----w- c:\users\Heine\AppData\Roaming\AccurateRip 2010-04-21 06:10 . 2010-04-21 06:08 -------- d-----w- c:\program files\Exact Audio Copy 2010-04-18 13:07 . 2010-04-14 06:26 -------- d-----w- c:\program files\Java 2010-04-18 08:56 . 2010-04-18 08:56 -------- d-----w- c:\program files\VideoLAN 2010-04-15 08:39 . 2010-04-09 21:22 -------- d-----w- c:\users\Heine\AppData\Roaming\Youtube Downloader HD 2010-04-14 06:27 . 2010-04-14 06:27 -------- d-----w- c:\program files\Common Files\Java 2010-04-12 15:29 . 2010-04-18 13:07 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-04-10 20:16 . 2010-04-10 20:16 691696 ----a-w- c:\windows\system32\drivers\sptd.sys 2010-04-09 21:00 . 2010-04-09 21:00 53248 ----a-r- c:\users\Heine\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe 2010-04-09 21:00 . 2010-04-09 21:00 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2010-04-03 20:55 . 2010-04-03 20:55 795104 ----a-w- c:\windows\system32\dpinst.exe 2010-04-03 16:26 . 2010-04-03 16:26 149608 ----a-w- c:\windows\system32\nv3dappshext.dll 2010-03-16 18:46 . 2010-03-16 18:46 985704 ----a-w- c:\windows\system32\nvsvc.dll 2010-03-16 18:46 . 2010-03-16 18:46 88168 ----a-w- c:\windows\system32\nvhotkey.dll 2010-03-16 18:46 . 2010-03-16 18:46 66664 ----a-w- c:\windows\system32\nvshext.dll 2010-03-16 18:46 . 2010-03-16 18:46 1515624 ----a-w- c:\windows\system32\nvsvcr.dll 2010-03-16 18:46 . 2010-03-16 18:46 13684328 ----a-w- c:\windows\system32\nvcpl.dll 2010-03-16 18:46 . 2010-03-16 18:46 129640 ----a-w- c:\windows\system32\nvvsvc.exe 2010-03-16 18:46 . 2010-03-16 18:46 110696 ----a-w- c:\windows\system32\nvmctray.dll 2010-03-16 18:45 . 2010-03-16 18:45 95994 ----a-w- c:\windows\system32\nvcoproc.bin 2010-03-16 18:45 . 2010-03-16 18:45 82024 ----a-w- c:\windows\system32\nv3dappshextr.dll 2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat 2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864] [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2010-05-26 13:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\users\Heine\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\users\Heine\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\users\Heine\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "Google Update"="c:\users\Heine\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-04-09 136176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-09 36864] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "NVHotkey"="c:\windows\system32\nvHotkey.dll" [2010-03-16 88168] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\nvinit.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-04-10 691696] R3 cxbu0wdm;OMNIKEY 3x21;c:\windows\system32\DRIVERS\cxbu0wdm.sys [2010-01-25 115712] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-03 1343400] S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168] S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360] S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992] S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504] . Contents of the 'Scheduled Tasks' folder 2010-06-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2498146308-1688095870-3263893864-1001Core.job - c:\users\Heine\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-09 17:39] 2010-06-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2498146308-1688095870-3263893864-1001UA.job - c:\users\Heine\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-09 17:39] . . ------- Supplementary Scan ------- . IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204 IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202 FF - ProfilePath - c:\users\Heine\AppData\Roaming\Mozilla\Firefox\Profiles\24fud1aw.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=EAC&o=102392&locale=en_US&apn_uid=640410ED-6291-4722-8639-455E4F6F5CF2&apn_ptnrs=QF&apn_sauid=D1FD2E05-6FD5-417F-A66C-F14C80D07CCD&apn_dtid=&q= FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll FF - plugin: c:\program files\Veetle\Player\npvlc.dll FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll FF - plugin: c:\users\Heine\AppData\Local\Google\Update\1.2.183.23\npGoogleOneClick8.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings][/skjul] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2010-06-12 22:55:13 ComboFix-quarantined-files.txt 2010-06-12 20:55 Pre-Run: 62,686,003,200 bytes free Post-Run: 65,659,678,720 bytes free - - End Of File - - 4BC534FA73E26F18E19719F465AA52B6 MalwareBytes-logg: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4192 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 12-Jun-10 22:44:28 mbam-log-2010-06-12 (22-44-28).txt Scan type: Quick scan Objects scanned: 117712 Time elapsed: 4 minute(s), 35 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Avira fant ingenting. Lenke til kommentar
snippsat Skrevet 13. juni 2010 Rapporter Del Skrevet 13. juni 2010 (endret) Combofix loggen ser bra ut. Dette er kjent problem og det ligger som regel internt i Hotmail/Windows Live. Bot-nettverk som har fått tilgang til din konto og sender ut masse spam. Bytte passord på kontoen fikser som regel dette problemet. https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1276455266&rver=5.5.4177.0&wp=SAPI&wreply=http:%2F%2Faccount.live.com%2F&lc=1033&id=38936 Endret 13. juni 2010 av SNIPPSAT 1 Lenke til kommentar
Zeph Skrevet 13. juni 2010 Forfatter Rapporter Del Skrevet 13. juni 2010 Supert, takk skal du ha! Passordet er no endra. Lenke til kommentar
cyclo Skrevet 13. juni 2010 Rapporter Del Skrevet 13. juni 2010 Tror dette er "noe som går". Har fått spam fra en rekke folk jeg kjenner med hotmail eller live konto siste par dagene.... Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå