Msn torjan? logger ligger ved om noen kan hjelpe meg?

[emosbaek]

dette er meldingen som blir sendt ut fra msnen til dama.

 

I am done trying all the different fat burner pills out there. I finally found one pill that forces your body to drop a lot of weight very quickly. Its called Acai, costs just 5 dolars and I always order from playstake.com

hun sier hun aldri har trykket på noe. men tar det med en klype salt

 

her er loggene hvert fall. (beklager med vet ikke hvordan jeg får dem komprimert som andre gjør. så her er rå text vist med engang.)

 

 

Malwarebytes' Anti-Malware 1.36

Databaseversjon: 1998

Windows 5.1.2600 Service Pack 2

 

18.04.2009 09:21:37

mbam-log-2009-04-18 (09-21-37).txt

 

Skanntype: Rask Skann

Objekter skannet: 100600

Tid tilbakelagt: 13 minute(s), 39 second(s)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 1

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 0

 

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

 

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

 

Registernøkler infisert:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c0036ac (Trojan.Vundo) -> Quarantined and deleted successfully.

 

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

 

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

 

Mapper infisert:

(Ingen mistenkelige filer funnet)

 

Filer infisert:

(Ingen mistenkelige filer funnet)

 

 

ComboFix 09-04-18.05 - Mosbæk 18.04.2009 9:26.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.47.1033.18.2046.869 [GMT 2:00]

Kjører fra: j:\_appz\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

* Opprettet nytt gjenopprettingspunkt

.

 

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\All Users\Application Data\vlc-0.9.6-win32.exe

C:\xcrashdump.dat

 

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2009-03-18 til 2009-04-18 )))))))))))))))))))))))))))))))))

.

 

2009-04-18 07:07 . 2009-04-18 07:07 -------- d-----w c:\documents and settings\Mosbæk\Application Data\Malwarebytes

2009-04-18 07:07 . 2009-04-18 07:07 -------- d-----w c:\documents and settings\Mosbæk\Application Data\Malwarebytes

2009-04-18 07:07 . 2009-04-18 07:07 -------- d-----w c:\documents and settings\Mosbæk\Application Data\Malwarebytes

2009-04-18 07:07 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-04-18 07:07 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-04-18 07:06 . 2009-04-18 07:06 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes

2009-04-17 07:48 . 2009-04-17 07:48 69 ----a-w c:\windows\NeroDigital.ini

2009-04-14 20:54 . 2009-04-14 20:54 -------- d-----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

2009-03-31 16:02 . 2009-04-13 11:41 -------- d-----w c:\documents and settings\Mosbæk\Application Data\Watchtower

2009-03-31 16:02 . 2009-04-13 11:41 -------- d-----w c:\documents and settings\Mosbæk\Application Data\Watchtower

2009-03-31 16:02 . 2009-04-13 11:41 -------- d-----w c:\documents and settings\Mosbæk\Application Data\Watchtower

2009-03-30 18:37 . 2009-03-30 18:38 -------- d-----w c:\documents and settings\Mosbæk\Application Data\Nero

2009-03-30 18:37 . 2009-03-30 18:38 -------- d-----w c:\documents and settings\Mosbæk\Application Data\Nero

2009-03-30 18:37 . 2009-03-30 18:38 -------- d-----w c:\documents and settings\Mosbæk\Application Data\Nero

2009-03-30 18:23 . 2009-03-30 18:23 4767 ----a-w c:\windows\Irremote.ini

2009-03-30 18:11 . 2009-03-30 18:18 -------- d-----w c:\documents and settings\All Users\Application Data\Nero

2009-03-25 18:06 . 2009-03-25 18:06 -------- d-----w c:\windows\system32\Adobe

2009-03-21 10:05 . 2009-03-21 10:10 -------- d-----w c:\documents and settings\Mosbæk\Local Settings\Application Data\MediaMonkey

2009-03-21 10:05 . 2009-03-21 10:10 -------- d-----w c:\documents and settings\Mosbæk\Local Settings\Application Data\MediaMonkey

2009-03-21 10:05 . 2009-03-21 10:10 -------- d-----w c:\documents and settings\Mosbæk\Local Settings\Application Data\MediaMonkey

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-18 07:07 . 2009-04-18 07:06 -------- d-----w c:\program files\Malwarebytes' Anti-Malware

2009-04-15 08:20 . 2009-01-13 19:19 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help

2009-04-14 20:54 . 2007-10-16 19:12 -------- d-----w c:\program files\iTunes

2009-04-14 20:54 . 2009-04-14 20:54 -------- d-----w c:\program files\iPod

2009-04-14 20:54 . 2007-07-08 13:47 -------- d-----w c:\program files\Common Files\Apple

2009-04-13 14:23 . 2008-12-24 17:40 -------- d-----w c:\documents and settings\Mosbæk\Application Data\dvdcss

2009-04-13 14:23 . 2008-12-24 17:40 -------- d-----w c:\documents and settings\Mosbæk\Application Data\dvdcss

2009-04-13 14:23 . 2008-12-24 17:40 -------- d-----w c:\documents and settings\Mosbæk\Application Data\dvdcss

2009-04-13 11:38 . 2009-03-31 15:31 -------- d-----w c:\program files\Watchtower

2009-04-13 11:38 . 2007-04-30 09:45 -------- d--h--w c:\program files\InstallShield Installation Information

2009-04-11 09:15 . 2008-12-16 20:54 -------- d-----w c:\documents and settings\Mosbæk\Application Data\Spotify

2009-04-11 09:15 . 2008-12-16 20:54 -------- d-----w c:\documents and settings\Mosbæk\Application Data\Spotify

2009-04-11 09:15 . 2008-12-16 20:54 -------- d-----w c:\documents and settings\Mosbæk\Application Data\Spotify

2009-04-02 21:11 . 2008-12-16 16:23 124392 ----a-w c:\documents and settings\Mosbæk\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-04-02 21:11 . 2008-12-16 16:23 124392 ----a-w c:\documents and settings\Mosbæk\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-04-02 21:11 . 2008-12-16 16:23 124392 ----a-w c:\documents and settings\Mosbæk\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-04-02 19:27 . 2009-03-16 18:05 -------- d-----w c:\documents and settings\Mosbæk\Application Data\LimeWire

2009-04-02 19:27 . 2009-03-16 18:05 -------- d-----w c:\documents and settings\Mosbæk\Application Data\LimeWire

2009-04-02 19:27 . 2009-03-16 18:05 -------- d-----w c:\documents and settings\Mosbæk\Application Data\LimeWire

2009-04-01 16:29 . 2008-12-26 00:59 -------- d-----w c:\documents and settings\Mosbæk\Application Data\mIRC

2009-04-01 16:29 . 2008-12-26 00:59 -------- d-----w c:\documents and settings\Mosbæk\Application Data\mIRC

2009-04-01 16:29 . 2008-12-26 00:59 -------- d-----w c:\documents and settings\Mosbæk\Application Data\mIRC

2009-04-01 16:06 . 2008-06-16 18:39 -------- d-----w c:\program files\mIRC

2009-03-30 18:32 . 2009-03-30 18:11 -------- d-----w c:\program files\Common Files\Nero

2009-03-30 18:22 . 2009-03-30 18:12 -------- d-----w c:\program files\Nero

2009-03-30 18:21 . 2009-03-30 18:21 -------- d-----w c:\program files\Windows Sidebar

2009-03-26 08:11 . 2008-12-04 15:52 -------- d-----w c:\program files\Windows Home Server

2009-03-24 17:35 . 2007-04-30 09:45 5056000 ----a-w c:\windows\system32\drivers\RtkHDAud.sys

2009-03-24 17:10 . 2007-04-30 09:45 17567744 ----a-w c:\windows\RTHDCPL.EXE

2009-03-21 10:10 . 2009-03-21 10:05 -------- d-----w c:\program files\MediaMonkey

2009-03-19 14:32 . 2008-01-29 10:01 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys

2009-03-17 11:58 . 2007-04-30 09:45 540672 ----a-w c:\windows\RtlExUpd.dll

2009-03-16 18:05 . 2008-06-29 17:46 -------- d-----w c:\program files\LimeWire

2009-03-13 06:08 . 2009-03-13 06:08 71992 ---ha-w c:\windows\system32\mlfcache.dat

2009-03-13 06:07 . 2008-12-16 16:50 -------- d-----w c:\documents and settings\Mosbæk\Application Data\Apple Computer

2009-03-13 06:07 . 2008-12-16 16:50 -------- d-----w c:\documents and settings\Mosbæk\Application Data\Apple Computer

2009-03-13 06:07 . 2008-12-16 16:50 -------- d-----w c:\documents and settings\Mosbæk\Application Data\Apple Computer

2009-03-13 06:07 . 2009-03-13 06:07 -------- d-----w c:\program files\Safari

2009-03-12 15:49 . 2009-03-12 15:49 -------- d-----w c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}

2009-03-12 15:48 . 2008-09-10 18:38 -------- d-----w c:\program files\QuickTime

2009-03-10 12:32 . 2007-04-30 09:45 2168320 ----a-w c:\windows\MicCal.exe

2009-03-08 20:09 . 2008-09-10 18:38 -------- d-----w c:\program files\Bonjour

2009-03-08 20:08 . 2008-07-03 16:23 -------- d-----w c:\program files\AirPort

2009-03-06 14:44 . 2004-08-10 19:00 283648 ----a-w c:\windows\system32\pdh.dll

2009-03-05 22:59 . 2008-09-10 18:36 1900544 ----a-w c:\windows\system32\usbaaplrc.dll

2009-03-05 22:59 . 2008-07-20 14:50 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys

2009-03-04 21:22 . 2009-03-04 19:20 -------- d-----w c:\documents and settings\Mosbæk\Application Data\DAEMON Tools

2009-03-04 21:22 . 2009-03-04 19:20 -------- d-----w c:\documents and settings\Mosbæk\Application Data\DAEMON Tools

2009-03-04 21:22 . 2009-03-04 19:20 -------- d-----w c:\documents and settings\Mosbæk\Application Data\DAEMON Tools

2009-03-04 16:19 . 2009-02-27 13:40 -------- d-----w c:\documents and settings\Mosbæk\Application Data\TeamViewer

2009-03-04 16:19 . 2009-02-27 13:40 -------- d-----w c:\documents and settings\Mosbæk\Application Data\TeamViewer

2009-03-04 16:19 . 2009-02-27 13:40 -------- d-----w c:\documents and settings\Mosbæk\Application Data\TeamViewer

2009-03-03 00:18 . 2005-07-03 02:11 826368 ----a-w c:\windows\system32\wininet.dll

2009-03-02 09:14 . 2008-06-20 21:13 57344 ----a-w c:\windows\ALCMTR.EXE

2009-02-27 23:53 . 2008-08-15 20:52 -------- d-----w c:\program files\Airfoil

2009-02-27 13:57 . 2009-02-27 13:57 -------- d-----w c:\program files\TeamViewer

2009-02-26 21:35 . 2008-06-20 20:54 -------- d-----w c:\program files\Microsoft Silverlight

2009-02-25 21:39 . 2008-06-19 15:57 114048 ----a-w c:\windows\system32\drivers\snapman.sys

2009-02-25 21:39 . 2009-02-25 21:39 -------- d-----w c:\program files\Common Files\Acronis

2009-02-25 21:39 . 2009-02-25 21:39 -------- d-----w c:\program files\Acronis

2009-02-25 21:06 . 2008-06-24 19:52 -------- d-----w c:\program files\CCleaner

2009-02-25 20:52 . 2009-02-25 20:52 -------- d-----w c:\documents and settings\All Users\Application Data\Acronis

2009-02-25 18:10 . 2009-02-25 18:10 -------- d-----w c:\program files\Microsoft

2009-02-25 18:10 . 2008-02-07 21:30 -------- d-----w c:\program files\Windows Live

2009-02-25 18:09 . 2009-02-25 18:09 -------- d-----w c:\program files\Windows Live SkyDrive

2009-02-25 17:46 . 2009-02-25 17:35 -------- d-----w c:\documents and settings\Mosbæk\Application Data\MSN6

2009-02-25 17:46 . 2009-02-25 17:35 -------- d-----w c:\documents and settings\Mosbæk\Application Data\MSN6

2009-02-25 17:46 . 2009-02-25 17:35 -------- d-----w c:\documents and settings\Mosbæk\Application Data\MSN6

2009-02-25 17:35 . 2009-02-25 17:35 -------- d-----w c:\documents and settings\All Users\Application Data\MSN6

2009-02-25 17:22 . 2009-02-25 17:22 -------- d-----w c:\program files\MessengerPlus! 3

2009-02-24 17:32 . 2009-02-24 17:32 -------- d-----w c:\program files\Common Files\Windows Live

2009-02-20 18:09 . 2004-08-10 19:00 78336 ----a-w c:\windows\system32\ieencode.dll

2009-02-09 10:20 . 2005-01-14 08:55 399360 ----a-w c:\windows\system32\rpcss.dll

2009-02-09 10:20 . 2004-10-28 01:21 723456 ----a-w c:\windows\system32\lsasrv.dll

2009-02-09 10:20 . 2004-08-10 19:00 714752 ----a-w c:\windows\system32\ntdll.dll

2009-02-09 10:20 . 2004-08-10 19:00 616960 ----a-w c:\windows\system32\advapi32.dll

2009-02-09 10:19 . 2005-03-02 01:06 1846272 ----a-w c:\windows\system32\win32k.sys

2009-02-06 17:52 . 2009-02-06 17:52 49504 ----a-w c:\windows\system32\sirenacm.dll

2009-02-06 17:22 . 2005-03-02 00:57 2136064 ----a-w c:\windows\system32\ntoskrnl.exe

2009-02-06 17:14 . 2004-08-10 19:00 110592 ----a-w c:\windows\system32\services.exe

2009-02-06 16:54 . 2004-08-10 19:00 35328 ----a-w c:\windows\system32\sc.exe

2009-02-06 16:49 . 2005-03-02 00:34 2015744 ----a-w c:\windows\system32\ntkrnlpa.exe

2009-02-03 20:08 . 2004-08-10 19:00 55808 ----a-w c:\windows\system32\secur32.dll

2009-02-01 02:56 . 2009-01-09 23:11 10520 ----a-w c:\windows\system32\avgrsstx.dll

2009-01-21 13:54 . 2007-04-30 09:45 1206816 ----a-w c:\windows\RtlUpd.exe

2009-01-20 07:48 . 2008-09-21 04:16 162512 ----a-w c:\windows\system32\AirfoilInject3.dll

2009-01-18 22:56 . 2007-11-10 08:04 268 ---ha-w C:\sqmdata17.sqm

2009-01-18 22:56 . 2007-11-10 08:04 244 ---ha-w C:\sqmnoopt18.sqm

2008-12-17 09:09 . 2007-05-30 15:32 68088 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2008-12-16 16:23 . 2008-12-16 16:23 129 ----a-w c:\documents and settings\Mosbæk\Local Settings\Application Data\fusioncache.dat

2008-12-16 16:23 . 2008-12-16 16:23 129 ----a-w c:\documents and settings\Mosbæk\Local Settings\Application Data\fusioncache.dat

2008-12-16 16:23 . 2008-12-16 16:23 129 ----a-w c:\documents and settings\Mosbæk\Local Settings\Application Data\fusioncache.dat

2008-10-27 17:01 . 2008-10-27 17:01 75032 ----a-w c:\documents and settings\Mosbæk\Autorun.exe

2008-10-27 17:01 . 2008-10-27 17:01 75032 ----a-w c:\documents and settings\Mosbæk\Autorun.exe

2008-06-20 20:53 . 2007-05-06 16:47 68280 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

2007-05-30 15:31 . 2007-05-30 15:31 136 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\fusioncache.dat

.

 

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885400]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-14 68856]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-08-25 737369]

"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-09-12 182808]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-01 1601304]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]

"OSSelectorReinstall"="c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2007-02-22 2209224]

"AirPort Base Station Agent"="c:\program files\AirPort\APAgent.exe" [2009-02-27 753664]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]

"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-07 61952]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-04-11 56080]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-03-24 17567744]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-10 15360]

 

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Windows Home Server.lnk - c:\windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe [2008-12-10 555880]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-02-01 02:56 10520 ----a-w c:\windows\system32\avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=AirfoilInject3.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]

2005-08-05 11:56 64512 ----a-w c:\windows\ehome\ehtray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2007-08-24 06:00 33648 ----a-w c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2007-05-08 15:24 54840 ----a-w c:\program files\Hp\HP Software Update\hpwuSchd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2009-04-02 14:11 342312 ----a-w c:\program files\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]

2007-10-25 15:33 563984 ----a-w c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]

2007-10-25 15:37 2178832 ----a-w c:\program files\Logitech\QuickCam\Quickcam.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]

2009-02-25 17:22 190024 ----a-w c:\program files\MessengerPlus! 3\MsgPlus.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2009-02-06 17:52 3885400 ----a-w c:\program files\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSSelectorReinstall]

2007-02-22 18:53 2209224 ----a-w c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-01-05 15:18 413696 ----a-w c:\program files\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]

2008-09-19 09:37 236016 ----a-w c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2007-07-14 10:09 68856 ----a-w c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VIARaidUtl]

2008-07-23 18:16 4914840 ----a-w c:\program files\VIA\RAID\raid_tool.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatcherHelper]

2007-06-27 12:56 120352 ----a-w c:\program files\Sierra Wireless Inc\3G Watcher\WaHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

2009-03-02 09:14 57344 ----a-w c:\windows\ALCMTR.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2009-03-24 17:10 17567744 ----a-w c:\windows\RTHDCPL.EXE

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\utorrent\\utorrent.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\TightVNC\\WinVNC.exe"=

"c:\\Program Files\\mIRC\\mirc.exe"=

"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=

"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=

"c:\\Program Files\\Windows Home Server\\Discovery.exe"=

"c:\\Program Files\\Spotify\\spotify.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"<NO NAME>"=

"c:\\Program Files\\Sierra Wireless Inc\\3G Watcher\\SwiApiMux.exe"=

"c:\\Program Files\\Opera\\opera.exe"=

"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=

"c:\\Program Files\\Airfoil\\Airfoil.exe"=

"c:\\Program Files\\Airfoil\\AirfoilSpeakers.exe"=

"c:\\Program Files\\AirPort\\APAgent.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"5353:UDP"= 5353:UDP:Bonjour

"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server

"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server

"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server

"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

 

R3 SWNC8U55;Sierra Wireless MUX NDIS Driver (UMTS55);c:\windows\system32\DRIVERS\swnc8u55.sys [2007-06-27 101248]

R3 SWUMX55;Sierra Wireless USB MUX Driver (UMTS55);c:\windows\system32\DRIVERS\swumx55.sys [2007-06-27 73856]

R3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl.sys [2009-03-05 36864]

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-02-01 325128]

S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-02-01 107272]

S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-02-01 903960]

S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-01 298264]

S2 esClient;Windows Media Center Client Service;c:\program files\Windows Home Server\esClient.exe [2009-03-10 94056]

S2 IAANTMON;Intel® Matrix Storage Event Monitor;c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2008-09-12 354840]

S2 VRAID Log Service;VRAID Log Service;c:\program files\VIA\RAID\vialogsv.exe [2008-07-09 45056]

S2 WHSConnector;Windows Home Server Connector Service;c:\program files\Windows Home Server\WHSConnector.exe [2009-03-10 335720]

S3 swivsp;AC8xx Virtual Serial Port;c:\windows\system32\DRIVERS\swivspnt.sys [2007-03-26 20352]

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f4bc283-3d5d-11dd-9463-0018de74ee6f}]

\Shell\AutoRun\command - h:\wd_windows_tools\setup.exe

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

 

2009-04-14 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 10:34]

.

- - - - TOMME PEKERE FJERNET - - - -

 

HKLM-Run-AirCardEnabler - (no file)

MSConfigStartUp-MSMSGS - c:\program files\Messenger\msmsgs.exe

 

 

.

------- Tilleggsskanning -------

.

uStart Page = hxxp://www.facebook.com/home.php

uInternet Settings,ProxyOverride = *.local

IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&ksporter til Microsoft Excel - c:\progra~1\Microsoft Office\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\Mosbæk\Application Data\Mozilla\Firefox\Profiles\be2g9guc.default\

FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll

FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll

 

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-18 09:28

Windows 5.1.2600 Service Pack 2 NTFS

 

skanner skjulte prosesser ...

 

skanner skjulte autostart-oppføringer ...

 

skanner skjulte filer ...

 

skanning vellykket

skjulte filer: 0

 

**************************************************************************

.

--------------------- LÅSTE REGISTERNØKLER ---------------------

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1C46498E-7B07-B7B8-6D19-742767396EE1}\InProcServer32*]

"kaabmjmcecahacchnbojnl"=hex:62,61,61,69,00,93

"jaabpjmmooebbnnjiekk"=hex:63,61,64,69,68,62,00,00

"iaabblaecmmkahibbh"=hex:69,61,63,69,66,62,6f,64,66,70,61,70,6b,64,6b,62,64,6f,

00,00

"kaabakhbpabbkgbepgkhmk"=hex:63,61,6d,68,6d,61,00,00

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

 

- - - - - - - > 'winlogon.exe'(804)

c:\windows\system32\AirfoilInject3.dll

c:\windows\system32\Ati2evxx.dll

 

- - - - - - - > 'lsass.exe'(864)

c:\windows\system32\AirfoilInject3.dll

.

Tidspunkt ferdig: 2009-04-18 9:31

ComboFix-quarantined-files.txt 2009-04-18 07:30

 

Pre-Run: 84 502 020 096 bytes free

Post-Run: 87 190 278 144 byte ledig

 

WindowsXP-KB310994-SP2-Pro-BootDisk-NOR.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

 

312 --- E O F --- 2009-04-15 08:23

 

Endret 18. april 2009 av Evenmosbek
Endret førstepost.

[Tosha0007]

fjern den klikkbar linken slik at andre ikkje kan trykke på den, skriv f.eks: hxxp://playstake.com

 

edit: innlegg rapportert for å få fjerna linken

Endret 18. april 2009 av tosha0007

[emosbaek]

saken er løst......

format c:\