Mer MSN/Live Messenger problemer...

Moskus · 16. april 2009

La meg først si:

Jeg trykker aldri på linker som blir sendt via Messenger om jeg ikke er sikker på at jeg vet hva det er. Dessuten prøver jeg å få andre til å gjøre det samme. Jeg får nå oftere og oftere slike spam-henvendelser fra folk. Fra en person ble det så galt at han ble blokkert. Andre er litt mer tilfeldig.

Det nye i dag er at noen visstnok har fått en "halv-erotisk link" fra meg. Hva i svarte h*lvete?!

Fant en artikkel her, og kilden er en post skrevet på diskusjon.no av "vår egen" Norbat.

Så jeg har kjørt ComboFix og HijackThis.

Jeg har lett etter beste evne etter filer med suspekte navn, men har så langt ikke klart å finne noen jeg ikke klarer (ved hjelp av Google) å identifisere og sette i en sammenheng.

Kan noen ta en titt?

ComboFix:

ComboFix 09-04-17.01 - mitt_navn 16.04.2009 22:23.1 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.47.1033.18.3071.1520 [GMT 2:00]

Kjører fra: c:\users\mitt_navn\Desktop\ComboFix.exe

AV: avast! antivirus 4.8.1290 [VPS 081124-0] *On-access scanning enabled* (Updated)

* Opprettet nytt gjenopprettingspunkt

.

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\users\mitt_navn\AppData\Roaming\Microsoft\SystemCertificates\Request

c:\users\mitt_navn\AppData\Roaming\Microsoft\SystemCertificates\Request\Certificates\6214EBD5BC9E5723F2AB62BDC985913A4FE9FF08

c:\users\mitt_navn\AppData\Roaming\Microsoft\SystemCertificates\Request\Certificates\65C5027DBCD9139936131EEF56E6231A1B9CA10F

c:\windows\system32\Memman.vxd

c:\windows\system32\skinboxer43.dll

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2009-03-17 til 2009-04-17 )))))))))))))))))))))))))))))))))

.

2009-04-15 17:16 . 2007-07-19 22:57 267112 ----a-w c:\windows\system32\xactengine2_9.dll

2009-04-15 17:15 . 2009-04-15 17:15 -------- d-----w c:\program files\AGEIA Technologies

2009-04-15 17:15 . 2009-04-15 17:15 -------- d-----w c:\windows\system32\AGEIA

2009-04-12 18:37 . 2009-04-14 18:20 189784 ----a-w c:\windows\system32\PnkBstrB.xtr

2009-04-09 13:08 . 2009-04-09 13:08 -------- d-----w c:\program files\GSpot

2009-04-09 10:54 . 2009-04-09 10:54 -------- d-----w c:\users\mitt_navn\AppData\Local\PunkBuster

2009-04-09 10:16 . 2009-04-09 10:16 -------- d-----w c:\program files\Microsoft Device Emulator

2009-04-09 10:15 . 2009-04-09 10:16 -------- d-----w c:\program files\Windows Mobile 5.0 SDK R2

2009-04-09 10:08 . 2009-04-09 10:08 -------- d-----w c:\windows\system32\1033

2009-04-09 10:05 . 2009-04-09 10:05 -------- d-----w c:\program files\Microsoft Web Designer Tools

2009-04-09 09:56 . 2009-04-09 09:56 -------- d-----w c:\users\All Users\id Software

2009-04-09 09:56 . 2009-04-09 09:56 -------- d-----w c:\programdata\id Software

2009-03-31 15:32 . 2008-06-19 14:24 28544 ----a-w c:\windows\system32\drivers\pavboot.sys

2009-03-31 15:31 . 2009-03-31 15:31 -------- d-----w c:\program files\Panda Security

2009-03-28 19:30 . 2005-01-14 15:32 53248 ----a-w c:\windows\system32\PAStiSvc.exe

2009-03-28 19:29 . 2009-03-28 19:29 -------- d-----w c:\windows\PixArt

2009-03-22 15:49 . 2009-03-22 15:49 28 ----a-w c:\windows\msgolf.ini

2009-03-22 12:36 . 2009-03-22 12:36 -------- d-----w c:\program files\SubDownloader

2009-03-22 12:33 . 2009-03-22 12:33 -------- d-----w c:\users\mitt_navn\AppData\Local\WinUI

2009-03-22 12:33 . 2009-03-22 12:33 -------- d-----w c:\program files\Sublight

2009-03-18 08:11 . 2009-03-18 08:11 -------- d-----w c:\users\All Users\FLEXnet

2009-03-18 08:11 . 2009-03-18 08:11 -------- d-----w c:\programdata\FLEXnet

2009-03-18 08:07 . 2009-03-18 08:07 -------- d-----w c:\program files\Bonjour

2009-03-18 07:58 . 2009-03-18 07:58 -------- d-----w c:\program files\Common Files\Macrovision Shared

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-16 20:27 . 2008-08-08 23:01 -------- d-----w c:\users\mitt_navn\AppData\Roaming\Hamachi

2009-04-16 20:23 . 2008-08-17 09:47 -------- d-----w c:\users\mitt_navn\AppData\Roaming\uTorrent

2009-04-16 03:00 . 2009-01-15 04:00 87616 ----a-w c:\windows\PSSDNSVC.EXE

2009-04-15 23:45 . 2008-08-08 06:52 -------- d-----w c:\program files\LogMeIn

2009-04-15 18:50 . 2008-08-10 07:46 -------- d-----w c:\users\mitt_navn\AppData\Roaming\FileZilla

2009-04-15 17:14 . 2008-08-21 15:01 -------- d-----w c:\program files\Common Files\Wise Installation Wizard

2009-04-15 16:39 . 2008-08-08 15:02 -------- d-----w c:\program files\Taskbar Shuffle

2009-04-15 16:35 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail

2009-04-15 15:15 . 2008-08-08 13:16 -------- d-----w c:\programdata\Microsoft Help

2009-04-14 18:21 . 2009-03-16 16:14 138944 ----a-w c:\windows\system32\drivers\PnkBstrK.sys

2009-04-14 18:20 . 2009-03-16 16:14 189784 ----a-w c:\windows\System32\PnkBstrB.exe

2009-04-13 17:40 . 2008-08-24 17:39 -------- d-----w c:\programdata\TrackMania

2009-04-13 16:42 . 2007-09-15 09:20 -------- d-----w c:\programdata\Roxio

2009-04-12 14:03 . 2008-11-07 17:02 -------- d-----w c:\program files\HomeSeer HSTouch

2009-04-11 14:04 . 2009-03-16 16:13 75064 ----a-w c:\windows\System32\PnkBstrA.exe

2009-04-09 19:27 . 2008-08-10 11:16 -------- d-----w c:\program files\HomeSeer 2

2009-04-09 11:07 . 2008-08-08 06:39 125752 ----a-w c:\users\mitt_navn\AppData\Local\GDIPFONTCACHEV1.DAT

2009-04-09 10:17 . 2008-11-14 17:26 -------- d-----w c:\program files\Microsoft SQL Server

2009-04-09 10:10 . 2008-11-14 17:23 -------- d-----w c:\program files\Microsoft Visual Studio 9.0

2009-04-09 10:10 . 2008-08-08 13:48 -------- d-----w c:\program files\Common Files\Merge Modules

2009-04-09 10:10 . 2006-11-02 12:37 -------- d-----w c:\program files\MSBuild

2009-04-09 09:56 . 2009-03-16 16:14 22328 ----a-w c:\users\mitt_navn\AppData\Roaming\PnkBstrK.sys

2009-04-09 09:56 . 2009-03-16 16:13 2246144 ----a-w c:\windows\System32\pbsvc.exe

2009-04-03 16:00 . 2008-08-12 19:57 -------- d-----w c:\users\mitt_navn\AppData\Roaming\Roxio

2009-03-28 19:29 . 2006-11-02 10:25 51200 ----a-w c:\windows\Inf\infpub.dat

2009-03-28 19:29 . 2006-11-02 10:25 143360 ----a-w c:\windows\Inf\infstrng.dat

2009-03-28 19:29 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstor.dat

2009-03-25 20:16 . 2008-08-08 07:39 -------- d-----w c:\program files\Windows Home Server

2009-03-22 15:45 . 2008-09-28 16:25 8797 ----a-w C:\log_fs.log

2009-03-19 15:34 . 2008-08-21 07:06 -------- d-----w c:\program files\Debugging Tools for Windows (x86)

2009-03-18 12:54 . 2008-09-05 10:41 -------- d-----w c:\program files\Common Files\Steam

2009-03-18 08:07 . 2008-08-17 14:38 -------- d-----w c:\program files\Common Files\Adobe

2009-03-17 03:38 . 2009-04-15 11:45 40960 ----a-w c:\windows\AppPatch\apihex86.dll

2009-03-17 03:38 . 2009-04-15 11:45 13824 ----a-w c:\windows\System32\apilogen.dll

2009-03-17 03:38 . 2009-04-15 11:45 24064 ----a-w c:\windows\System32\amxread.dll

2009-03-16 20:45 . 2007-09-15 09:11 -------- d--h--w c:\program files\InstallShield Installation Information

2009-03-07 16:04 . 2009-03-07 11:57 -------- d-----w c:\program files\PhotoFiltre

2009-03-05 19:56 . 2008-08-10 07:45 -------- d-----w c:\program files\FileZilla FTP Client

2009-03-05 04:02 . 2009-03-05 04:02 -------- d-----w c:\programdata\LogMeIn

2009-03-04 16:27 . 2008-08-08 13:48 -------- d-----w c:\programdata\PreEmptive Solutions

2009-03-04 16:27 . 2007-09-15 09:15 -------- d-----w c:\programdata\HP

2009-03-03 04:46 . 2009-04-15 11:45 3599328 ----a-w c:\windows\System32\ntkrnlpa.exe

2009-03-03 04:46 . 2009-04-15 11:45 3547632 ----a-w c:\windows\System32\ntoskrnl.exe

2009-03-03 04:40 . 2009-04-15 11:45 827392 ----a-w c:\windows\System32\wininet.dll

2009-03-03 04:39 . 2009-04-15 11:45 183296 ----a-w c:\windows\System32\sdohlp.dll

2009-03-03 04:39 . 2009-04-15 11:45 551424 ----a-w c:\windows\System32\rpcss.dll

2009-03-03 04:39 . 2009-04-15 11:45 26112 ----a-w c:\windows\System32\printfilterpipelineprxy.dll

2009-03-03 04:37 . 2009-04-15 11:45 78336 ----a-w c:\windows\System32\ieencode.dll

2009-03-03 04:37 . 2009-04-15 11:45 98304 ----a-w c:\windows\System32\iasrecst.dll

2009-03-03 04:37 . 2009-04-15 11:45 54784 ----a-w c:\windows\System32\iasads.dll

2009-03-03 04:37 . 2009-04-15 11:45 44032 ----a-w c:\windows\System32\iasdatastore.dll

2009-03-03 03:04 . 2009-04-15 11:45 666624 ----a-w c:\windows\System32\printfilterpipelinesvc.exe

2009-03-03 02:38 . 2009-04-15 11:45 17408 ----a-w c:\windows\System32\iashost.exe

2009-03-03 02:28 . 2009-04-15 11:45 26624 ----a-w c:\windows\System32\ieUnatt.exe

2009-03-02 16:41 . 2008-09-10 06:59 -------- d-----w c:\program files\Microsoft Silverlight

2009-03-01 14:42 . 2009-03-01 14:42 -------- d-----w c:\users\mitt_navn\AppData\Roaming\DivX

2009-03-01 14:41 . 2009-03-01 14:41 -------- d-----w c:\program files\DivX

2009-03-01 14:41 . 2007-09-15 09:16 -------- d-----w c:\program files\Common Files\PX Storage Engine

2009-02-25 16:24 . 2008-11-18 21:32 -------- d-----w c:\program files\Skype

2009-02-22 21:13 . 2008-08-08 15:30 -------- d-----w c:\program files\Windows Live

2009-02-16 17:58 . 2009-02-12 21:07 -------- d-----w c:\users\mitt_navn\AppData\Roaming\Vision Objects

2009-02-13 08:49 . 2009-04-15 11:45 72704 ----a-w c:\windows\System32\secur32.dll

2009-02-13 08:49 . 2009-04-15 11:45 1255936 ----a-w c:\windows\System32\lsasrv.dll

2009-02-09 03:10 . 2009-03-11 17:05 2033152 ----a-w c:\windows\System32\win32k.sys

2009-02-06 18:03 . 2009-02-06 18:03 307576 ----a-w c:\windows\WLXPGSS.SCR

2009-02-06 17:52 . 2009-02-06 17:52 49504 ----a-w c:\windows\System32\sirenacm.dll

2009-02-05 21:17 . 2009-02-05 18:34 850 ----a-w C:\logfile.dat

2009-01-24 16:21 . 2009-01-24 16:21 118784 ----a-w c:\windows\dsdxirmv.exe

2009-01-19 18:17 . 2009-01-19 18:17 130208 ------r c:\windows\bwUnin-8.1.1.87-8876480SL.exe

2008-11-30 12:02 . 2008-11-30 12:02 874 ----a-w c:\users\All Users\tmp825E.tmp

2008-11-30 12:02 . 2008-11-30 12:02 874 ----a-w c:\programdata\tmp825E.tmp

2008-11-30 12:01 . 2008-11-30 12:01 874 ----a-w c:\users\All Users\tmpE8CE.tmp

2008-11-30 12:01 . 2008-11-30 12:01 874 ----a-w c:\programdata\tmpE8CE.tmp

2008-08-08 08:40 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini

2008-08-08 07:17 . 2008-08-08 06:34 680 ----a-w c:\users\mitt_navn\AppData\Local\d3d9caps.dat

2008-01-17 07:51 . 2008-08-08 16:16 22 --sha-w c:\windows\SMINST\HPCD.SYS

2007-09-15 09:41 . 2007-09-15 09:36 8192 --sha-w c:\windows\Users\Default\NTUSER.DAT

.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]