The_Darkness Skrevet 27. september 2010 Del Skrevet 27. september 2010 Hei. For noen dager siden startet hotmailen min å sende diverse spam til alle kontaktene mine. Har kjørt scan med; Malwarebytes Anti-Malware, SuperAntiSpyware, spywareblaster, spyware terminator, og ad-aware. Alle fant noen "skadelige programvarer" som ble slettet, men problemet er vedvarende. Jeg legger ved MBAM-logg og dds-logg i håp om at noen kan hjelpe meg med dette problemet. MBAM Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Databaseversjon: 4052 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18943 27.09.2010 20:07:54 mbam-log-2010-09-27 (20-07-54).txt Skanntype: Hurtigsøk Objekter skannet: 127205 Tid tilbakelagt: 3 minutt(er), 39 sekund(er) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert 0 Minneprosesser infisert: (Ingen skadelige objekter funnet) Minnemoduler infisert: (Ingen skadelige objekter funnet) Registernøkler infisert: (Ingen skadelige objekter funnet) Registerverdier infisert: (Ingen skadelige objekter funnet) Registerfiler infisert: (Ingen skadelige objekter funnet) Mapper infisert: (Ingen skadelige objekter funnet) Filer infisert (Ingen skadelige objekter funnet) dds DDS (Ver_10-03-17.01) - NTFSX64 Run by S at 20:09:22,09 on 27.09.2010 Internet Explorer: 8.0.6001.18943 BrowserJavaVersion: 1.6.0_15 Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.47.1044.18.4090.1717 [GMT 2:00] SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7} SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Program Files (x86)\Program DJ\Dualview Server\dualviewsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Windows\system32\WLANExt.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe C:\Windows\system32\rundll32.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\agr64svc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Windows\system32\SVC_LTT.exe C:\Windows\system32\lxcycoms.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Program Files (x86)\Program DJ\Smart Watchdog\SWDsvc.exe C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Voddler\service\voddler.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\System32\rundll32.exe C:\Windows\RAVCpl64.exe C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Windows\ehome\ehmsas.exe C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Program DJ\Wireless Switch\wlss.exe C:\Program Files (x86)\Program DJ\Program DJ\ProgramDJ.exe C:\Program Files\Program DJ\Green Charger\GCTray.exe C:\Program Files (x86)\Program DJ\Safety Guard\SftgLnch.exe C:\Program Files (x86)\Program DJ\Program DJ\PdjAssistant64.exe C:\Program Files (x86)\Program DJ\Wow Video&Audio\WVAMain.exe C:\Program Files (x86)\Winamp\winampa.exe C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Voddler\service\VNetManager.exe C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe C:\Windows\Samsung\PanelMgr\SSMMgr.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Windows\Samsung\PanelMgr\caller64.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\conime.exe C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\LTT\FingerLogon\FingerLogon.exe C:\Program Files\LTT\FingerLogon\UACProcess.exe C:\Program Files\LTT\FingerLogon\ScreenSaver.exe C:\Windows\system32\EncryptWatchingService.exe C:\Program Files\LTT\FingerLogon\PswdFilterMsgDlg.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\splwow64.exe C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe C:\Program Files (x86)\Internet Explorer\IELowutil.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\Spotify\spotify.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\S\Downloads\dds.scr C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uSearch Page = uStart Page = hxxp://radio1.no/?by=trondheim uSearch Bar = mLocal Page = c:\windows\syswow64\blank.htm uURLSearchHooks: H - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll BHO: Påloggingshjelp for Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files (x86)\daemon tools toolbar\DTToolbar.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [DAEMON Tools Lite] "c:\program files (x86)\daemon tools lite\daemon.exe" -autorun uRun: [sUPERAntiSpyware] c:\program files (x86)\superantispyware\SUPERAntiSpyware.exe uRun: [<NO NAME>] uRun: [msnmsgr] "c:\program files (x86)\windows live\messenger\msnmsgr.exe" /background uRun: [skype] "c:\program files (x86)\skype\phone\Skype.exe" /nosplash /minimized uRun: [AutoStartNPSAgent] c:\program files (x86)\samsung\samsung new pc studio\NPSAgent.exe uRun: [spywareTerminatorUpdate] "c:\program files (x86)\spyware terminator\SpywareTerminatorUpdate.exe" mRun: [WLSS] c:\program files (x86)\program dj\wireless switch\WLSS.exe mRun: [Program DJ] "c:\program files (x86)\program dj\program dj\ProgramDJ.exe" mRun: [GCTray] c:\program files\program dj\green charger\GCTray.exe mRun: [sftgLnch] c:\program files (x86)\program dj\safety guard\SftgLnch.exe mRun: [<NO NAME>] mRun: [Wow Video&Audio] c:\program files (x86)\program dj\wow video&audio\WVAMain.exe mRun: [WinampAgent] "c:\program files (x86)\winamp\winampa.exe" mRun: [Adobe Acrobat Speed Launcher] "c:\program files (x86)\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe" mRun: [Acrobat Assistant 8.0] "c:\program files (x86)\adobe\acrobat 9.0\acrobat\Acrotray.exe" mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe" mRun: [GrooveMonitor] "c:\program files (x86)\microsoft office\office12\GrooveMonitor.exe" mRun: [VoddlerNet Manager] "c:\program files (x86)\voddler\service\VNetManager.exe" mRun: [NokiaMServer] c:\program files (x86)\common files\nokia\mplatform\NokiaMServer /watchfiles startup mRun: [samsung PanelMgr] c:\windows\samsung\panelmgr\ssmmgr.exe /autorun mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe mRun: [NPSStartup] StartupFolder: c:\users\s\appdata\roaming\micros~1\windows\startm~1\programs\startup\btguar~1.lnk - c:\btguard\update_check.bat mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0) mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Append Link Target to Existing PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html IE: E&ksporter til Microsoft Excel - c:\progra~2\micros~1\office12\EXCEL.EXE/3000 IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files (x86)\pokerstars\PokerStarsUpdate.exe IE: {aad080d5-9287-40ed-bdec-2cbed012baaa} - c:\program files\ltt\fingerlogon\Toolbar.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~1\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~1\office12\REFIEBAR.DLL DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {25C29129-E95F-4564-BFE3-000000007100} - hxxp://www.123hjemmeside.no/builder/pages/KvikVideo-7-1-0-0.CAB DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files (x86)\microsoft office\office12\GrooveSystemServices.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL Notify: !SASWinLogon - c:\program files (x86)\superantispyware\SASWINLO.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files (x86)\superantispyware\SASSEH.DLL SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll LSA: Notification Packages = scecli PasswordFilter {32099AAC-C132-4136-9E9A-4E364A424E17} TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File EB-X64: {aad080d5-9287-40ed-bdec-2cbed012baaa} - No File mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun-x64: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun-x64: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun-x64: [RtHDVCpl] RAVCpl64.exe mRun-x64: [skytel] Skytel.exe mRun-x64: [sMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe mRun-x64: [FPTools] c:\program files\ltt\fingerlogon\FingerLogon.exe 1 mRun-x64: [CleanEncReg] c:\windows\system32\CleanEncReg.exe mRun-x64: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe IE-X64: {aad080d5-9287-40ed-bdec-2cbed012baaa} - c:\program files\ltt\fingerlogon\Toolbar.exe STS-X64: {1984DD45-52CF-49cd-AB77-18F378FEA264}: FencesShellExt ================= FIREFOX =================== FF - ProfilePath - c:\users\s\appdata\roaming\mozilla\firefox\profiles\ixi7mc4n.default\ FF - prefs.js: browser.startup.homepage - google.com FF - plugin: c:\program files (x86)\mozilla firefox\plugins\NPAdbESD.dll FF - plugin: c:\program files (x86)\vizky\npVizky.dll FF - plugin: c:\program files (x86)\voddler\plugin\npvoddler.dll FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [2007-10-25 19752] R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-9-25 69152] R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [2006-7-5 77688] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-1-10 89680] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-1-10 22096] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-1-10 65616] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-1-10 138680] R2 DualView Server;DualView Server Service;c:\program files (x86)\program dj\dualview server\dualviewsvc.exe [2008-5-23 126976] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\lavasoft\ad-aware\AAWService.exe [2010-8-12 1355928] R2 LTT_UAC_CTRL;Lightuning UAC Controller Service;c:\windows\system32\SVC_LTT.exe [2008-11-14 250880] R2 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?] R2 Smart Watchdog;Smart Watchdog Service;c:\program files (x86)\program dj\smart watchdog\SWDsvc.exe [2008-4-14 208896] R2 sp_rsdrv2;Spyware Terminator Driver Filter;c:\windows\system32\drivers\stflt.sys [2010-7-7 50696] R2 VoddlerNet;VoddlerNet;c:\program files (x86)\voddler\service\voddler.exe [2010-3-25 1160912] R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-1-10 254040] R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-1-10 352920] R3 DualViewFilter;DualViewFilter;c:\windows\system32\drivers\DualviewFilter.sys [2008-5-6 25088] R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-11-4 120720] R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\lavasoft\ad-aware\kernexplorer64.sys [2010-8-12 16928] R3 LTT_ENCRYPT_WATCHING;Lightuning Encrypt Watching Service;c:\windows\system32\encryptwatchingservice.exe -service --> c:\windows\system32\EncryptWatchingService.exe -service [?] R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam_x64.sys [2008-3-13 27136] R3 NETw5v64;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit ;c:\windows\system32\drivers\NETw5v64.sys [2008-4-28 4730368] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2008-4-24 54816] R3 USB_FPRd;FingerPrinterReader;c:\windows\system32\drivers\UT_FPRd.sys [2008-11-14 19072] S1 SASDIFSV;SASDIFSV;c:\program files (x86)\superantispyware\sasdifsv.sys [2009-1-15 8944] S1 SASKUTIL;SASKUTIL;c:\program files (x86)\superantispyware\SASKUTIL.SYS [2009-1-15 55024] S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-9-11 89920] S3 FontCache;Windows skriftbuffertjeneste;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-11-3 27648] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-6-29 40464] S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-11-3 19968] S3 SASENUM;SASENUM;c:\program files (x86)\superantispyware\SASENUM.SYS [2009-1-15 7408] S3 Symantec Core LC;Symantec Core LC;c:\progra~2\common~1\symant~1\ccpd-lc\symlcsvc.exe [2008-11-20 1251720] S3 TFsExDisk;TFsExDisk;c:\windows\system32\drivers\TFsExDisk.sys [2010-6-9 16448] S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2009-8-28 49152] ============== File Associations =============== JSEFile=c:\windows\syswow64\WScript.exe "%1" %* =============== Created Last 30 ================ 2010-09-25 21:37:53 15880 ----a-w- c:\windows\system32\lsdelete.exe 2010-09-25 18:58:31 69152 ----a-w- c:\windows\system32\drivers\Lbd.sys 2010-09-25 18:51:44 0 dc-h--w- c:\programdata\{ECC164E0-3133-4C70-A831-F08DB2940F70} 2010-09-25 18:51:29 0 d-----w- c:\programdata\Lavasoft 2010-09-25 18:51:29 0 d-----w- c:\program files (x86)\Lavasoft 2010-09-25 18:50:18 0 d-----w- c:\windows\system32\Spyware Terminator 2010-09-25 18:50:03 0 d-----w- c:\users\s\appdata\roaming\Spyware Terminator 2010-09-25 18:50:02 0 d-----w- c:\programdata\Spyware Terminator 2010-09-25 18:50:01 0 d-----w- c:\program files (x86)\Spyware Terminator 2010-09-25 18:46:52 0 d-----w- c:\program files (x86)\SpywareBlaster 2010-09-15 18:00:55 317952 ----a-w- c:\windows\syswow64\MP4SDECD.DLL 2010-09-15 18:00:55 295424 ----a-w- c:\windows\system32\MP4SDECD.DLL 2010-09-15 18:00:53 273920 ----a-w- c:\windows\system32\spoolsv.exe 2010-09-15 18:00:49 975360 ----a-w- c:\windows\system32\inetcomm.dll 2010-09-15 18:00:49 739328 ----a-w- c:\windows\syswow64\inetcomm.dll 2010-09-15 18:00:47 621568 ----a-w- c:\windows\system32\usp10.dll 2010-09-15 18:00:47 502272 ----a-w- c:\windows\syswow64\usp10.dll 2010-09-10 22:00:48 0 d-----w- c:\users\s\appdata\roaming\Stardock 2010-09-10 22:00:43 0 dc-h--w- c:\programdata\{A3A26C56-02C3-4F76-A033-12EE2FB52AE6} 2010-09-10 22:00:42 0 d-----w- c:\program files (x86)\Stardock 2010-09-09 22:31:01 1234900 ----a-w- c:\windows\syswow64\PerfStringBackup.INI 2010-09-09 22:25:46 0 d-----w- c:\users\s\{0c80baa2-8895-4445-9d4c-d906b61c1680} 2010-09-09 22:18:58 0 d-----w- c:\users\s\{b13690e3-1853-4932-9677-1680b6d1e374} 2010-09-09 22:14:44 0 d-----w- c:\users\s\{03749aeb-1654-4601-b3cb-10f6a5bc7e0a} 2010-09-09 22:13:11 0 d-----w- c:\programdata\Samsung 2010-09-09 21:41:18 2898 ----a-w- C:\aqua_bitmap.cpp ==================== Find3M ==================== 2010-09-27 17:52:49 176382 ----a-w- c:\programdata\nvModes.dat 2010-09-25 21:49:39 77462 ----a-w- c:\windows\system32\perfc014.dat 2010-09-25 21:49:39 454964 ----a-w- c:\windows\system32\perfh014.dat 2010-09-25 21:41:40 6111 ----a-w- c:\windows\bthservsdp.dat 2010-09-09 23:22:12 162816 ----a-w- c:\users\s\fbchathistory.dat 2010-09-09 22:30:40 51200 ----a-w- c:\windows\inf\infpub.dat 2010-09-09 22:30:40 143360 ----a-w- c:\windows\inf\infstrng.dat 2010-09-09 22:30:40 143360 ----a-w- c:\windows\inf\infstor.dat 2010-07-29 07:46:42 25960 ----a-w- c:\windows\syswow64\FsExService64.Exe 2010-07-26 15:51:48 11584512 ----a-w- c:\windows\syswow64\shell32.dll 2009-11-18 02:19:27 665600 ----a-w- c:\windows\inf\drvindex.dat 2008-11-03 22:21:22 174 --sha-w- c:\program files\desktop.ini 2008-11-03 22:21:22 174 --sha-w- c:\program files (x86)\desktop.ini 2006-11-21 06:19:17 35166 ----a-w- c:\windows\inf\perflib\0414\perfd.dat 2006-11-21 06:19:17 35166 ----a-w- c:\windows\inf\perflib\0414\perfc.dat 2006-11-21 06:19:17 294254 ----a-w- c:\windows\inf\perflib\0414\perfi.dat 2006-11-21 06:19:17 294254 ----a-w- c:\windows\inf\perflib\0414\perfh.dat 2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat 2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat 2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat 2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat 2010-04-22 20:11:54 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\cookies\index.dat 2010-04-22 20:11:54 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\history\history.ie5\index.dat 2010-04-22 20:11:54 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\temporary internet files\content.ie5\index.dat 2008-12-13 15:56:50 16384 --sha-w- c:\windows\temp\cookies\index.dat 2008-12-13 15:56:50 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat 2008-12-13 15:56:50 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat ============= FINISH: 20:10:44,03 =============== Mvh The_Darkness Lenke til kommentar
kjetilkl Skrevet 27. september 2010 Del Skrevet 27. september 2010 Hvis hotmailen din sender spam så er vel sjansen stor for at du har logget deg inn et sted som ikke er hotmail med brukernavn/passord, heller enn at det ligger lokalt? Lenke til kommentar
The_Darkness Skrevet 27. september 2010 Forfatter Del Skrevet 27. september 2010 Det er jo absolutt en mulighet, selv om jeg trodde jeg var oppegående og kritisk nok til å unngå det. Menmen, vi har vel alle våre svake øyeblikk Jeg har byttet passord på mailen nå, vil det hjelpe? Lenke til kommentar
kjetilkl Skrevet 27. september 2010 Del Skrevet 27. september 2010 Jeg har byttet passord på mailen nå, vil det hjelpe? Spør du meg? - ja, hvis det er det som er problemet så vil det nok det... Lenke til kommentar
Christiαno Skrevet 27. september 2010 Del Skrevet 27. september 2010 Sjekk Sendt mail-mappa di på Hotmail. Om det ikke er no der er det nok bare E-mail spoofing. Det har skjedd med meg også og det er etter det jeg har forstått ikke noe man kan gjøre med dette. Om du derimot finner spammen som ble sendt til kontaktene dine i Sendt-mappa er det nok noe du har gjort som gjør at en eller annen har logga seg inn på e-mailen din og sendt spammen. Lenke til kommentar
The_Darkness Skrevet 28. september 2010 Forfatter Del Skrevet 28. september 2010 Det ligger ikke noe i "sendt" mappa mi, så da er det sikkert E-mail spoofing som du snakker om.. Ikke noe å gjøre med dette altså? Lenke til kommentar
kjetilkl Skrevet 28. september 2010 Del Skrevet 28. september 2010 Det ligger ikke noe i "sendt" mappa mi, så da er det sikkert E-mail spoofing som du snakker om.. Ikke noe å gjøre med dette altså? Hjalp det ikke å bytte passord? - Spoofing får du ikke gjort noe med, men spoofing mailer blir som oftest sendt til *alle da, og ikke bare kontaktene dine.. - hvis mailene bare går til kontaktene dine synes jeg det er rart om det er spoofing... Lenke til kommentar
cocopara Skrevet 29. september 2010 Del Skrevet 29. september 2010 Jeg har byttet passord på mailen nå, vil det hjelpe? Spør du meg? - ja, hvis det er det som er problemet så vil det nok det... Det vil bare hjelpe om du ikke er infisert med en keylogger. Jeg tviler på at du har logger på fra feil hotmail side, dette er nok et resultat av et dårlig passord eller en infeksjon. Har selv opplevd dette men av en merkelig grunn var jeg ikke infisert og hadde ikke logget inn på falske hotmail sider. Anbefaler Hitmanpro.nl (den er på engelsk) som gir deg en 30 dager fri trial, den er super effektiv på lik linje med Malwarebytes og gir deg et større bilde en med for eksempel MBAM fordi den bruker flere anti malware motorer som Eset og G-data + 3-4 andre. Den skanner om ting den tror er virus også men kan ha falske positiver, den finner for eksempel Superantispyware som "mistenksom" men tenker dette er fordi den oppfører seg som et "snillt virus" Lenke til kommentar
The_Darkness Skrevet 3. oktober 2010 Forfatter Del Skrevet 3. oktober 2010 Jeg vet ikke om det var passordbyttet eller noe annet som hjalp.. men nå er jeg hvertfall kvitt problemet. Tusen takk for hjelpen! Lenke til kommentar
Mr Wonderful Skrevet 3. oktober 2010 Del Skrevet 3. oktober 2010 Jeg vet ikke om det var passordbyttet eller noe annet som hjalp.. men nå er jeg hvertfall kvitt problemet. Tusen takk for hjelpen! Det er nok passordbyttet som hjalp ja;) Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå