[Løst]MSN virus, kan noen sjekke loggene?

Like clockwork · 6. oktober 2009

Hei.

Oppdaget i dag at jeg sendte ut følgende melding til kontaktene mine på msn:

Få bonus Ringtone

www.officialmelodies.c-m

Combofix loggen:

ComboFix 09-10-05.01 - Mats 06.10.2009 15:59.1.1 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.47.1044.18.2974.1886 [GMT 2:00]

Kjører fra: c:\users\Mats\Downloads\ComboFix.exe

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

* Anti-virus er aktiv

.

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\$recycle.bin\S-1-5-21-2700853051-1965746507-2489631745-500

c:\users\Mats\AppData\Roaming\.#

c:\windows\Suyin.reg

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2009-09-06 til 2009-10-06 )))))))))))))))))))))))))))))))))

.

2009-10-06 14:11 . 2009-10-06 14:12 -------- d-----w- c:\users\Mats\AppData\Local\temp

2009-10-06 14:11 . 2009-10-06 14:11 -------- d-----w- c:\users\Default\AppData\Local\temp

2009-10-06 13:27 . 2009-10-06 13:27 -------- d-----w- c:\users\Mats\AppData\Roaming\Malwarebytes

2009-10-06 13:26 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-10-06 13:26 . 2009-10-06 13:26 -------- d-----w- c:\programdata\Malwarebytes

2009-10-06 13:26 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-10-06 13:26 . 2009-10-06 13:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-10-04 14:06 . 2009-10-04 14:06 -------- d-----w- c:\program files\TVAnts

2009-10-03 12:04 . 2009-10-01 08:29 195440 ------w- c:\windows\system32\MpSigStub.exe

2009-10-02 14:46 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll

2009-10-02 14:46 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe

2009-10-02 14:46 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll

2009-10-02 14:46 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll

2009-10-02 14:44 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll

2009-10-02 14:44 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll

2009-10-02 14:44 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll

2009-10-02 14:44 . 2009-08-06 17:23 171608 ----a-w- c:\windows\system32\wuwebv.dll

2009-10-02 14:44 . 2009-08-06 16:44 33792 ----a-w- c:\windows\system32\wuapp.exe

2009-10-02 10:19 . 2009-10-02 10:20 -------- d-----w- c:\windows\system32\ca-ES

2009-10-02 10:19 . 2009-10-02 10:20 -------- d-----w- c:\windows\system32\eu-ES

2009-10-02 10:19 . 2009-10-02 10:20 -------- d-----w- c:\windows\system32\vi-VN

2009-10-02 09:52 . 2009-10-02 09:52 -------- d-----w- c:\windows\system32\EventProviders

2009-10-01 10:38 . 2009-10-01 10:38 -------- d-----w- c:\program files\Secunia

2009-09-29 23:29 . 2009-09-29 23:29 -------- d-----w- c:\windows\Sun

2009-09-29 23:26 . 2009-09-29 23:26 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-09-29 23:25 . 2009-09-29 23:25 -------- d-----w- c:\program files\Java

2009-09-29 18:47 . 2009-09-29 18:47 -------- d-----w- c:\users\Mats\AppData\Local\Osc

2009-09-29 17:44 . 2009-04-11 05:03 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll

2009-09-29 17:42 . 2009-04-11 06:28 758784 ----a-w- c:\windows\system32\qmgr.dll

2009-09-29 17:41 . 2009-04-11 06:33 926184 ----a-w- c:\windows\system32\winresume.exe

2009-09-29 17:39 . 2009-04-11 06:28 342528 ----a-w- c:\windows\system32\zipfldr.dll

2009-09-29 17:38 . 2009-04-11 06:28 85504 ----a-w- c:\windows\system32\msctfui.dll

2009-09-29 17:37 . 2009-04-11 04:46 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys

2009-09-29 17:37 . 2009-04-11 04:46 41472 ----a-w- c:\windows\system32\drivers\raspppoe.sys

2009-09-29 17:37 . 2009-04-11 06:22 7168 ----a-w- c:\windows\system32\f3ahvoas.dll

2009-09-29 17:37 . 2009-04-11 04:27 2560 ----a-w- c:\windows\system32\msimsg.dll

2009-09-29 17:37 . 2009-10-03 09:39 -------- d-----w- c:\users\Mats\AppData\Local\Mobilt Bredbånd

2009-09-29 17:35 . 2009-04-11 06:28 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll

2009-09-29 17:35 . 2009-04-11 06:28 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll

2009-09-29 17:35 . 2009-04-11 06:28 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll

2009-09-29 17:35 . 2009-04-11 06:28 189440 ----a-w- c:\windows\system32\wbem\mofd.dll

2009-09-29 17:35 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\esscli.dll

2009-09-29 17:35 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll

2009-09-29 17:35 . 2009-04-11 06:28 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll

2009-09-29 17:35 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll

2009-09-29 17:34 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll

2009-09-29 17:34 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe

2009-09-29 17:31 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll

2009-09-29 14:40 . 2009-09-29 14:40 -------- d-----w- c:\programdata\Local

2009-09-29 14:39 . 2009-09-29 14:39 -------- d-----w- c:\users\Mats\AppData\Local\Mobile Broadband

2009-09-29 14:38 . 2009-09-29 17:37 -------- d-----w- c:\programdata\Mobilt Bredbånd

2009-09-29 14:38 . 2009-09-29 14:38 -------- d-----w- c:\program files\Telenor

2009-09-29 14:37 . 2009-09-29 14:37 -------- d-----w- C:\Telenor

2009-09-28 19:05 . 2009-09-30 12:26 -------- d-----w- c:\users\Mats\AppData\Local\PokerStars

2009-09-28 19:02 . 2009-09-28 19:06 -------- d-----w- c:\program files\PokerStars

2009-09-28 13:51 . 2009-09-28 13:51 -------- d-----w- c:\users\Mats\AppData\Local\Christopher`s_Mafiasosbot

2009-09-27 00:12 . 2009-10-04 18:52 -------- d-----w- c:\users\Mats\AppData\Roaming\vlc

2009-09-26 21:53 . 2009-09-26 21:53 -------- d-----w- c:\users\Mats\AppData\Roaming\Acer

2009-09-26 17:18 . 2009-10-04 18:52 -------- d-----w- C:\Downloads

2009-09-26 17:08 . 2009-09-26 17:08 -------- d-----w- c:\program files\BitComet

2009-09-26 12:29 . 2009-09-26 12:29 -------- d-----w- c:\programdata\Oberon Games

2009-09-26 10:51 . 2009-09-26 10:51 -------- d-----w- c:\programdata\Office Genuine Advantage

2009-09-26 10:36 . 2009-03-08 11:32 72704 ----a-w- c:\windows\system32\admparse.dll

2009-09-26 10:14 . 2009-09-26 10:14 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help

2009-09-25 21:44 . 2009-09-25 21:44 -------- d-----w- c:\users\Mats\AppData\Local\Adobe

2009-09-25 05:55 . 2009-09-24 14:10 -------- d-----w- C:\acernb

2009-09-24 23:29 . 2009-06-22 10:09 2048 ----a-w- c:\windows\system32\tzres.dll

2009-09-24 23:00 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll

2009-09-24 22:43 . 2009-09-24 22:43 -------- d-----w- c:\users\Mats\AppData\Roaming\eSobi

2009-09-24 22:42 . 2009-09-24 22:42 -------- d-----w- c:\program files\VideoLAN

2009-09-24 19:59 . 2009-09-24 14:07 -------- d-----w- c:\windows\system32\Lang

2009-09-24 19:59 . 2009-05-13 05:22 997912 ----a-w- c:\windows\system32\igxpun.exe

2009-09-24 16:39 . 2009-09-24 16:39 -------- d-----w- c:\users\Mats\AppData\Local\Opera

2009-09-24 16:39 . 2009-09-24 16:39 -------- d-----w- c:\program files\Opera

2009-09-24 16:05 . 2009-10-05 23:41 -------- d-----w- c:\users\Mats\AppData\Local\Microsoft Games

2009-09-24 15:55 . 2009-10-06 13:45 -------- d-----w- c:\users\Mats\Tracing

2009-09-24 15:48 . 2009-09-24 15:48 -------- d-----w- c:\program files\Microsoft

2009-09-24 15:37 . 2009-10-05 13:30 -------- d-----w- c:\users\Mats\AppData\Roaming\Spotify

2009-09-24 15:37 . 2009-10-04 22:13 -------- d-----w- c:\users\Mats\AppData\Local\Spotify

2009-09-24 15:37 . 2009-09-24 15:37 -------- d-----w- c:\program files\Spotify

2009-09-24 15:35 . 2009-09-24 15:35 0 ----a-w- c:\windows\nsreg.dat

2009-09-24 15:35 . 2009-09-24 15:35 -------- d-----w- c:\users\Mats\AppData\Local\Mozilla

2009-09-24 15:24 . 2009-06-10 11:42 160256 ----a-w- c:\windows\system32\wkssvc.dll

2009-09-24 15:24 . 2009-04-21 11:39 2034688 ----a-w- c:\windows\system32\win32k.sys

2009-09-24 15:22 . 2009-08-14 16:27 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys

2009-09-24 15:22 . 2009-08-14 13:48 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

2009-09-24 15:22 . 2009-08-14 13:48 105984 ----a-w- c:\windows\system32\netiohlp.dll

2009-09-24 15:22 . 2009-08-14 13:49 27136 ----a-w- c:\windows\system32\NETSTAT.EXE

2009-09-24 15:22 . 2009-08-14 13:49 19968 ----a-w- c:\windows\system32\ARP.EXE

2009-09-24 15:22 . 2009-08-14 13:49 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE

2009-09-24 15:22 . 2009-08-14 13:49 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE

2009-09-24 15:22 . 2009-08-14 13:49 10240 ----a-w- c:\windows\system32\finger.exe

2009-09-24 15:22 . 2009-08-14 13:49 17920 ----a-w- c:\windows\system32\ROUTE.EXE

2009-09-24 15:22 . 2009-08-14 13:49 11264 ----a-w- c:\windows\system32\MRINFO.EXE

2009-09-24 15:22 . 2009-08-14 15:53 17920 ----a-w- c:\windows\system32\netevent.dll

2009-09-24 15:19 . 2009-06-15 14:53 156672 ----a-w- c:\windows\system32\t2embed.dll

2009-09-24 15:19 . 2009-06-15 14:52 72704 ----a-w- c:\windows\system32\fontsub.dll

2009-09-24 15:19 . 2009-06-15 12:42 289792 ----a-w- c:\windows\system32\atmfd.dll

2009-09-24 15:19 . 2009-06-15 14:52 23552 ----a-w- c:\windows\system32\lpk.dll

2009-09-24 15:19 . 2009-06-15 14:51 10240 ----a-w- c:\windows\system32\dciman32.dll

2009-09-24 15:19 . 2009-04-11 06:28 34304 ----a-w- c:\windows\system32\atmlib.dll

2009-09-24 15:19 . 2009-04-11 06:28 1696768 ----a-w- c:\windows\system32\gameux.dll

2009-09-24 15:19 . 2009-08-29 00:14 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

2009-09-24 15:19 . 2009-08-29 00:27 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2009-09-24 15:16 . 2009-04-23 12:14 623616 ----a-w- c:\windows\system32\localspl.dll

2009-09-24 15:16 . 2009-04-23 12:15 784896 ----a-w- c:\windows\system32\rpcrt4.dll

2009-09-24 15:16 . 2009-06-10 11:38 91136 ----a-w- c:\windows\system32\avifil32.dll

2009-09-24 14:56 . 2009-09-24 14:56 -------- d-----w- C:\MyWinLockerData

2009-09-24 14:39 . 2009-09-24 14:39 -------- d-----w- c:\users\Mats\AppData\Local\EgisTec

2009-09-24 14:39 . 2009-09-24 14:39 -------- d-----w- c:\programdata\EgisTec

2009-09-24 14:30 . 2009-09-24 14:30 -------- d-----w- c:\windows\Screensavers

2009-09-24 14:19 . 2009-09-24 14:19 -------- d-----w- c:\program files\EgisTec Egis Software Update

2009-09-24 14:19 . 2009-09-24 14:19 -------- d-----w- c:\program files\Common Files\EgisTec

2009-09-24 14:19 . 2009-09-24 14:19 -------- d-----w- c:\program files\EgisTec

2009-09-24 14:16 . 2009-09-24 14:16 -------- d-----w- c:\program files\WIDCOMM

2009-09-24 14:14 . 2009-09-24 14:14 -------- d-----w- c:\program files\Synaptics

2009-09-24 14:12 . 2008-07-29 17:29 200704 ----a-w- c:\windows\PLFSetI.exe

2009-09-24 14:12 . 2008-06-25 12:22 20480 ----a-w- c:\windows\USB_VIDEO_REG.exe

2009-09-24 14:12 . 2009-05-27 08:54 1654784 ----a-w- c:\windows\Acer Crystal Eye webcam.EXE

2009-09-24 14:12 . 2008-12-30 11:42 626688 ----a-w- c:\windows\Image.dll

2009-09-24 14:11 . 2009-09-24 14:11 -------- d-----w- c:\users\Mats\AppData\Roaming\InstallShield

2009-09-24 14:11 . 2009-09-24 15:33 -------- d-----w- c:\users\Mats\AppData\Local\Google

2009-09-24 14:11 . 2009-09-24 14:11 -------- d-----w- c:\users\Mats\AppData\Local\Acer ePower Management V4

2009-09-24 14:10 . 2009-09-24 14:10 70176 ----a-w- c:\users\Mats\AppData\Local\GDIPFONTCACHEV1.DAT

2009-09-24 14:10 . 2009-09-25 09:21 -------- d-----w- c:\users\Mats\AppData\Local\VirtualStore

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-10-06 13:51 . 2008-01-21 06:14 76478 ----a-w- c:\windows\system32\perfc014.dat

2009-10-06 13:51 . 2008-01-21 06:14 452326 ----a-w- c:\windows\system32\perfh014.dat

2009-10-05 09:46 . 2009-05-22 18:12 -------- d-----w- c:\program files\Common Files\Adobe

2009-10-02 10:20 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar

2009-10-02 10:20 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar

2009-10-02 10:20 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2009-10-02 10:20 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal

2009-10-02 10:20 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration

2009-10-02 10:20 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery

2009-10-02 10:20 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender

2009-09-30 08:15 . 2009-05-22 17:55 -------- d-----w- c:\program files\McAfee

2009-09-29 17:37 . 2009-09-29 14:38 -------- d-----w- c:\programdata\Mobilt Bredbånd

2009-09-29 14:56 . 2009-05-22 17:54 -------- d-----w- c:\programdata\McAfee

2009-09-26 10:16 . 2009-05-22 17:37 -------- d-----w- c:\programdata\Microsoft Help

2009-09-24 23:24 . 2009-05-22 17:38 -------- d-----w- c:\program files\Microsoft Works

2009-09-24 22:44 . 2009-05-22 18:14 -------- d-----w- c:\programdata\eSobi

2009-09-24 15:52 . 2009-05-22 17:44 -------- d-----w- c:\program files\Windows Live

2009-09-24 15:25 . 2009-05-22 17:35 -------- d-----w- c:\program files\Google

2009-09-24 14:26 . 2009-05-22 17:26 -------- d-----w- c:\program files\Common Files\InstallShield

2009-09-24 14:26 . 2009-05-22 18:09 -------- d-----w- c:\program files\CyberLink

2009-09-24 14:22 . 2009-05-22 17:17 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-09-24 14:14 . 2009-09-24 14:14 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01007.Wdf

2009-09-24 14:09 . 2009-05-22 17:49 -------- d-----w- c:\program files\Acer

2009-09-24 14:07 . 2009-05-22 17:17 -------- d-----w- c:\program files\Intel

2009-09-24 14:03 . 2009-09-24 14:03 -------- d-sh--we c:\programdata\Maler

2009-09-24 14:03 . 2009-09-24 14:03 -------- d-sh--we c:\program files\Fellesfiler

2009-09-24 14:03 . 2009-09-24 14:03 -------- d-sh--we c:\programdata\Start-meny

2009-09-24 14:03 . 2009-09-24 14:03 -------- d-sh--we c:\programdata\Skrivebord

2009-09-24 14:03 . 2009-09-24 14:03 -------- d-sh--we c:\programdata\Programdata

2009-09-24 14:03 . 2009-09-24 14:03 -------- d-sh--we c:\programdata\Favoritter

2009-09-24 14:03 . 2009-09-24 14:03 -------- d-sh--we c:\programdata\Dokumenter

2009-08-03 13:07 . 2009-08-03 13:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll

2009-08-03 13:07 . 2009-08-03 13:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll

2009-08-03 13:07 . 2009-08-03 13:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe

2009-07-26 14:44 . 2009-07-26 14:44 48448 ----a-w- c:\windows\system32\sirenacm.dll

2009-07-21 21:52 . 2009-09-26 10:37 915456 ----a-w- c:\windows\system32\wininet.dll

2009-07-21 21:47 . 2009-09-26 10:37 109056 ----a-w- c:\windows\system32\iesysprep.dll

2009-07-21 21:47 . 2009-09-26 10:37 71680 ----a-w- c:\windows\system32\iesetup.dll

2009-07-21 20:13 . 2009-09-26 10:37 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2009-07-17 13:54 . 2009-09-24 15:17 71680 ----a-w- c:\windows\system32\atl.dll

2009-07-16 10:32 . 2009-05-22 17:56 130424 ----a-w- c:\windows\system32\drivers\Mpfp.sys

2009-07-15 12:40 . 2009-09-24 15:17 8147456 ----a-w- c:\windows\system32\wmploc.DLL

2009-07-15 12:39 . 2009-09-24 15:17 313344 ----a-w- c:\windows\system32\wmpdxm.dll

2009-07-15 12:39 . 2009-09-24 15:17 4096 ----a-w- c:\windows\system32\dxmasf.dll

2009-07-15 12:39 . 2009-09-24 15:17 7680 ----a-w- c:\windows\system32\spwmp.dll

2009-07-11 19:01 . 2009-09-24 15:17 513536 ----a-w- c:\windows\system32\wlansvc.dll

2009-07-11 19:01 . 2009-09-24 15:17 302592 ----a-w- c:\windows\system32\wlansec.dll

2009-07-11 19:01 . 2009-09-24 15:17 293376 ----a-w- c:\windows\system32\wlanmsm.dll

2009-07-11 19:01 . 2009-09-24 15:17 65024 ----a-w- c:\windows\system32\wlanapi.dll

2009-07-11 17:03 . 2009-09-24 15:17 127488 ----a-w- c:\windows\system32\L2SecHC.dll

2009-07-10 11:28 . 2009-07-10 11:28 307048 ----a-w- c:\windows\WLXPGSS.SCR

.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2009-05-14 21:02 120104 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-10 6957600]

"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-04-08 1067528]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-05-22 30192]

"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-05-15 440864]

"BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-04-01 249600]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-05-13 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-05-07 175128]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-05-13 153624]

"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-07-09 645328]

"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-06 1434920]

"EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2009-05-13 199464]

"mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-05-14 345384]

"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2009-03-30 62760]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-29 149280]

"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-10 1833504]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-5-22 565248]

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-3-25 791840]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

SetupExecute REG_MULTI_SZ

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"VistaSp2"=hex(b):9b,a8,af,eb,4a,43,ca,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{7AAEDCE7-71B9-4B65-9A4F-88A831EC5A3C}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{5962AB55-31F3-40D6-8C0D-264F6D865D12}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{B142FDF8-980C-440E-9823-ADE89C519111}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent

"{468223FA-50D5-4B20-A0E2-909191263D4B}"= c:\program files\Acer\Acer VCM\VC.exe:AcerVCM-VC

"{6684396F-1CE7-47D1-9270-EBDA80F8D4E0}"= c:\program files\Acer\Acer VCM\RS_Service.exe:AcerVCM-RS_Service

"{B9DAAC96-264E-47A6-AD85-0F919EA2681B}"= c:\program files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD

"{7F2DF2FA-50EB-4712-851C-B1F6C215A9B5}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync

"{78EF76E8-1997-427C-8B39-BF079863E04D}"= UDP:c:\program files\BitComet\BitComet.exe:BitComet.exe

"{C12A3AD5-2BC1-4ECE-A979-AA6C6A4EF2D9}"= TCP:c:\program files\BitComet\BitComet.exe:BitComet.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

R1 mwlPSDFilter;mwlPSDFilter;c:\windows\System32\drivers\mwlPSDFilter.sys [04.12.2008 18:34 19504]

R1 mwlPSDNServ;mwlPSDNServ;c:\windows\System32\drivers\mwlPSDNserv.sys [04.12.2008 18:34 16432]

R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\System32\drivers\mwlPSDVDisk.sys [04.12.2008 18:34 59952]

R2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [23.05.2009 03:12 117256]

R2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [22.05.2009 19:49 703008]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [22.05.2009 19:58 210216]

R2 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\MWLService.exe [14.05.2009 23:03 305448]

R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [01.04.2009 21:06 54528]

R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [22.05.2009 20:19 237568]

R2 SesamService;Sesam Control Service;c:\program files\Telenor\Mobilt Bredbånd\Sesam\BIN\SecMIPService.exe [09.05.2008 17:01 1216296]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\System32\drivers\IntcHdmi.sys [23.05.2009 03:12 112640]

R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\System32\drivers\L1C60x86.sys [22.05.2009 13:20 50176]

R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [23.05.2009 03:12 3668480]

R3 wtsmpadap;Sesam Virtual Adapter;c:\windows\System32\drivers\wtsmpadap.sys [29.04.2008 16:24 39720]

R3 WtSmpFlt;Sesam Adapter;c:\windows\System32\drivers\wtsmpflt.sys [29.04.2008 16:24 272424]

S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [22.05.2009 19:35 30192]

S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\System32\drivers\Gt51Ip.sys [18.02.2008 17:14 106624]

S3 GT72UBUS;GT 72 U BUS;c:\windows\System32\drivers\gt72ubus.sys [08.02.2008 13:00 59648]

S3 GTMM Device Service;GTMM Device Service;c:\program files\Telenor\Mobilt Bredbånd\GtmmDeviceService.exe [11.05.2009 05:46 106496]

S3 GTPTSER;GT PT SER;c:\windows\System32\drivers\gtptser.sys [30.03.2007 13:38 8064]

S3 Partner Service;Partner Service;c:\programdata\Partner\partner.exe [24.09.2009 16:08 110576]

S3 PSI;PSI;c:\windows\System32\drivers\psi_mf.sys [17.06.2009 14:20 12648]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

2009-05-22 c:\windows\Tasks\McDefragTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-09-29 19:26]

2009-05-22 c:\windows\Tasks\McQcTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-09-29 19:26]

.

------- Tilleggsskanning -------

.

uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0414&s=2&o=vp32&d=0909&m=aspire_3810t

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0414&s=2&o=vp32&d=0909&m=aspire_3810t

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm

IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm

IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm

IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Send bilde til &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send side til &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

FF - ProfilePath - c:\users\Mats\AppData\Roaming\Mozilla\Firefox\Profiles\ldto6lgh.default\

FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll

FF - component: c:\users\Mats\AppData\Roaming\Mozilla\Firefox\Profiles\ldto6lgh.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: c:\users\Mats\AppData\Roaming\Mozilla\Firefox\Profiles\ldto6lgh.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-10-06 16:12

Windows 6.0.6002 Service Pack 2 NTFS

skanner skjulte prosesser ...

skanner skjulte autostart-oppføringer ...

skanner skjulte filer ...

skanning vellykket

skjulte filer: 0

**************************************************************************

.

Tidspunkt ferdig: 2009-10-06 16:14

ComboFix-quarantined-files.txt 2009-10-06 14:14

Pre-Run: 260 379 262 976 byte ledig

Post-Run: 259 417 952 256 byte ledig

327 --- E O F --- 2009-10-05 14:55

Malwarbytes loggen: (dette er skann nr. 2, kjørte først en skann og da fant den seks infisert filer, som har blitt slettet, uten at det løste problemet)

Malwarebytes' Anti-Malware 1.41

Databaseversjon: 2915

Windows 6.0.6002 Service Pack 2

06.10.2009 16:34:37

mbam-log-2009-10-06 (16-34-37).txt

Skanntype: Rask Skann

Objekter skannet: 87617

Tid tilbakelagt: 7 minute(s), 21 second(s)

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 0

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

Registernøkler infisert:

(Ingen mistenkelige filer funnet)

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

Mapper infisert:

(Ingen mistenkelige filer funnet)

Filer infisert:

(Ingen mistenkelige filer funnet)

Tusen takk for alle svar

Mvh

norbat · 6. oktober 2009

loggen viser ikke noe malware. Prøv å endre passordet ditt på msn-kontoen og se om ikke det hjelper.

Kunne du også ha postet den 1. loggen fra mbam også?

Like clockwork · 6. oktober 2009

loggen viser ikke noe malware. Prøv å endre passordet ditt på msn-kontoen og se om ikke det hjelper.

Kunne du også ha postet den 1. loggen fra mbam også?

Skulle gjerne ha gjort det, men pc`n måtte restartet, og jeg hadde ikke lagret loggen, lagres den automatisk? i så fall hvor?

Edit: Fant det ut.

Malwarebytes' Anti-Malware 1.41

Databaseversjon: 2915

Windows 6.0.6002 Service Pack 2

06.10.2009 15:38:18

mbam-log-2009-10-06 (15-38-18).txt

Skanntype: Rask Skann

Objekter skannet: 87194

Tid tilbakelagt: 7 minute(s), 30 second(s)

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 5

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 1

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

Registernøkler infisert:

HKEY_CLASSES_ROOT\kt_bho.KettleBho (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{86676e13-d6d8-4652-9fcf-f2047f1fb000} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} (Trojan.BHO) -> Quarantined and deleted successfully.

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

Mapper infisert:

(Ingen mistenkelige filer funnet)

Filer infisert:

C:\ProgramData\Partner\partner.dll (Trojan.BHO) -> Quarantined and deleted successfully.

Edit: Har nå endret passordet, men ser ikke ut at det har hjelpet noe, sender fortsatt meldinger når jeg er avlogget:/

Endret 6. oktober 2009 av Blueone

norbat · 6. oktober 2009

Klikk Start og skriv cmd i søk/kjør-feltet. Høyreklikk på cmd.exe og velg å kjøre som administrator.

Fra ledetekst skriv følgende, klikk Enter etter hver linje:

sc stop Partner Service

sc delete Partner Service

exit

Restart pc'n og post en ny combofix-logg.

Like clockwork · 6. oktober 2009

Vet ikke om ledeteksten var vellykket eller ikke, men legger ved et bilde etter jeg har skrivet inn to av linjene:

Ny combofix logg:

ComboFix 09-10-05.01 - Mats 06.10.2009 23:12.2.1 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.47.1044.18.2974.1881 [GMT 2:00]

Kjører fra: c:\users\Mats\Downloads\ComboFix.exe

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

* Anti-virus er aktiv

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2009-09-06 til 2009-10-06 )))))))))))))))))))))))))))))))))

.

2009-10-06 21:21 . 2009-10-06 21:22 -------- d-----w- c:\users\Mats\AppData\Local\temp

2009-10-06 21:21 . 2009-10-06 21:21 -------- d-----w- c:\users\Public\AppData\Local\temp

2009-10-06 21:21 . 2009-10-06 21:21 -------- d-----w- c:\users\Default\AppData\Local\temp

2009-10-06 15:54 . 2009-10-06 15:54 -------- d-----w- c:\programdata\McAfee Security Scan

2009-10-06 15:53 . 2009-10-06 15:53 -------- d-----w- c:\program files\McAfee Security Scan

2009-10-06 14:26 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-10-06 14:26 . 2009-10-06 14:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-10-06 14:26 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys