Spionvare eller noe?

31 innlegg i emnet

Skrevet (endret)

Hei

Det er en stund siden det startet. Det kom opp vinduer hvor det feks. sto: Jeg liker deg .. (og navnet mitt) Også: Du har fine ...... (skriver ikke det ordet her)

H*n har fortsettet og skrevet til meg, og h*n kan både se hva jeg gjør og sikkert passord og sånn. + h*n sa h*n kunne ødelegge dataen min og slå den av

I dag fortelte h*n at h*n jobbet i Kripos, så det var ikke vits for meg å få hjelp av noen. H*n sa altså at h*n var ei som jobbet i Kripos

Endret av Issi
0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Hei, og velkommen som medlem. :)

Hvordan dukker disse meldingene opp? Fra MSN eller lignende, eller nettleseren?

Vedkommende er garantert ikke fra kripos eller en annen "etterretningstjeneste", ettersom de ikke opererer på det viset.

Uansett, anbefaler deg å ta en runde med punktene som står i denne veiledningene og legg ved loggene du får: http://itpro.no/supportforum/index.php?app=forums&module=forums&section=rules&f=164

Ta malwarebytes og hijackthis i første omgang. Combofix kan du vente med til det eventuelt blir nødvendig. :)

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Det er en overskridelse på straffelovens paragraf 3.28 som sier at det er forbudt å utgi seg for å ha offentlig tjeneste. Brudd på denne loven gir bøter eller fengsel i inntil tre måneder.

Så spar på loggen over det han/hun har skrevet. Anmeld det.

Og er personen mot all formodning ansatt bør du anmelde alikevel.

Også bør du gjøre som KongKlykken over skrev.

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet (endret)

Nei, det kommer ikke opp fra MSN eller lignende. Det bare kommer opp vinduer fra dataen på en måte fra den personen .

Jeg har nå sagt ifra til Kripos, og nei det var ikke ei som jobbet der.

Jeg har søkt etter virus og sånn, men finner h*n ikke .. Skal prøve det som sto på den linken.

Burde jeg anmelde?

Og forresten så har jeg tatt bilder av de vinduene, og sendt til ei på msn, men har ikke lagret de :S

Endret av Issi
0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Anmeldelse kan være en vei og gå, ja.

Ellers vil du få god hjelp til å fjerne problemet hvis du legger ved logger fra programmene som ble etterspurt i mitt forrige svar. :)

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Ok, men hvem burde jeg anmelde til da?

Jeg holdte på med å søke med Malwarebytes, men så klikka alt. Jeg har en følelse på at h*n overvåker meg, men ikke tørr å sende noen vinduer lengre..

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Hvis det fortsatt er probl. med å kjøre mbam, last ned dds.scr til skrivebordet. Dobbeltklikk på dds.scr og la programmet kjøre. Det laget 2 logger. Post loggen som heter DDS.txt

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Ok, men hvem burde jeg anmelde til da?

Anmeld det hos politiet. Det er der man anmelder kriminalitet ;) så sender de det nok videre internt til de som kan gjøre no med det.

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet (endret)

Når du sier at det dukker opp vinduer, høres det ut som om han kontakter deg gjennom MS-Dos, etter å ha fått tak i profil- og IPinformasjon fra PCen din. Etter å ha lastet ned de nødvendige scannerene, anbefaler jeg deg å kople fra nettverkskabler/trådløst internett, evt. ta ut nettverkskort (bare for å unngå at h*n kan hindre deg).

Deretter kjører du skann på systemet, legger resultatene på en minnepenn, og laster dem opp her fra en annen, trygg PC.

Endret av Jeggis
0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Jeg søkte med Malwarebytes i går kveld, og da kom det frem en rekke med Trojan.Agent eller hva det sto. Det var 11 filer som ble funnet. Jeg lagret en logg, men er det noe med Trojan.Agent?

Jeg prøvde også å slette de, men da klikket det.

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Hvis det fortsatt er probl. med å kjøre mbam, last ned dds.scr til skrivebordet. Dobbeltklikk på dds.scr og la programmet kjøre. Det laget 2 logger. Post loggen som heter DDS.txt

Det blir litt vanskelig å hjelpe deg hvis du ikke legger ved loggene vi etterspør. :)

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet (endret)

Trojan Agent er en falsk trussel som kan komme seg inn i systemet på forskjellige måter. Disse blir liggende i registeret ditt, og blir som oftest oppfattet som virus eller spyware.

Hvis du ikke får fjernet dem, anbefaler jeg å prøve i sikkerhetsmodus, eller med en ekstern skanner, f.eks TrendMicro HouseCall.

Husk, det finnes mange falske, gratis "Trojan Agent"-skannere der ute. Så ikke la deg lokke av fancy reklame eller lignende.

Endret av JørgenH
0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Nå har jeg søkt med HijackThis. Skal jeg legge ut den loggen og Malwarebytes loggen?

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Ja

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Jeg vet ikke om dette ble rett men ..

HijackThis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:24:13, on 18.03.2010

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18385)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe

C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe

C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

C:\Program Files\Canal Digital Sikkerhetspakken\Common\FSM32.EXE

C:\Windows\PixArt\PAC207\Monitor.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\Program Files\Logitech\Logitech Vid\Vid.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Users\Iselin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scvhost.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe

C:\Windows\system32\WTablet\Pen_TabletUser.exe

C:\Program Files\Canal Digital Sikkerhetspakken\FSGUI\fsguidll.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

C:\Program Files\Internet Explorer\IEUser.exe

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Program Files\Windows Live\Toolbar\wltuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe

C:\Windows\system32\wuauclt.exe

C:\HJT\test.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/'>http://www.google.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.no

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll

O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup

O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start

O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

O4 - HKLM\..\Run: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe

O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe

O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Canal Digital Sikkerhetspakken\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Canal Digital Sikkerhetspakken\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Tryggere for familien\fssui.exe" -autorun

O4 - HKLM\..\Run: [skytel] Skytel.exe

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\RunOnce: [browserBallot] browserchoice.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent

O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Logitech Vid\vid.exe" -bootmode

O4 - HKCU\..\Run: [AARC] C:\Users\Iselin\Documents\System\Rotte2.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\RunOnce: [shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~3.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; GTB6.4; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; InfoPath.1; .NET CLR 3.5.30729; .NET CLR 3.0.30618; Tablet PC 2.0; AskTB5.3)" -"http://pixelhotell.servegame.org/da/client"

O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')

O4 - Startup: scvhost.exe

O4 - Startup: TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

O9 - Extra button: Foreldre... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Canal Digital Sikkerhetspakken\FSPC\fspcmsie.dll

O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Canal Digital Sikkerhetspakken\FSPC\fspcmsie.dll

O9 - Extra 'Tools' menuitem: Foreldre... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Canal Digital Sikkerhetspakken\FSPC\fspcmsie.dll

O9 - Extra button: Blogg dette - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blogg dette i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: eBay - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url2.pl?NO (file missing)

O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home (file missing)

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)

O13 - Gopher Prefix:

O15 - Trusted IP range: http://192.168.0.1

O15 - ESC Trusted IP range: http://192.168.0.1

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUpldnb-no.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v51/bejeweled/bejeweled.cab

O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab

O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://play.battlefield-heroes.com/static/updater/BFHUpdater_4.0.15.0.cab

O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O20 - AppInit_DLLs: ~1??????(

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Canal Digital Sikkerhetspakken\Anti-Virus\fsgk32st.exe

O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Canal Digital Sikkerhetspakken\FSAUA\program\fsaua.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Canal Digital Sikkerhetspakken\FWES\Program\fsdfwd.exe

O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Canal Digital Sikkerhetspakken\Common\FSMA32.EXE

O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Canal Digital Sikkerhetspakken\ORSP Client\fsorsp.exe

O23 - Service: Googles oppdateringstjeneste (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe

O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe

O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 13765 bytes

Malwarebytes

Malwarebytes' Anti-Malware 1.44

Databaseversjon: 3876

Windows 6.0.6001 Service Pack 1

Internet Explorer 7.0.6001.18000

17.03.2010 19:15:01

mbam-log-2010-03-17 (19-15-01).txt

Skanntype: Rask Skann

Objekter skannet: 118710

Tid tilbakelagt: 44 minute(s), 18 second(s)

Minneprosesser infisert: 1

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 1

Registerfiler infisert: 0

Mapper infisert: 2

Filer infisert: 11

Minneprosesser infisert:

C:\Users\Iselin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Winupdate.exe (Trojan.Banker) -> Unloaded process successfully.

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

Registernøkler infisert:

(Ingen mistenkelige filer funnet)

Registerverdier infisert:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\desktop sms (Worm.P2P) -> Quarantined and deleted successfully.

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

Mapper infisert:

C:\Program Files\premieropinion (Trojan.Agent) -> Delete on reboot.

C:\Program Files\premieropinion\components (Trojan.Agent) -> Delete on reboot.

Filer infisert:

C:\Program Files\premieropinion\install.rdf (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Program Files\premieropinion\MSVCP71.DLL (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Program Files\premieropinion\MSVCR71.DLL (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Program Files\premieropinion\pmls.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Program Files\premieropinion\pmls64.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Program Files\premieropinion\pmoci.bin (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Program Files\premieropinion\pmph.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Program Files\premieropinion\pmxf.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Program Files\premieropinion\components\pmxg.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\Iselin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WinUpdate.exe (Trojan.Banker) -> Quarantined and deleted successfully.

C:\Users\Iselin\AppData\Local\Temp\scvhost.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Start hjt, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked:

O4 - Startup: scvhost.exe

O20 - AppInit_DLLs: ~1??????(

Hent deretter Combofix, og legg det på skrivebordet

Kjør combofix.exe, og følg veiledningen.

Du må ikke klikke på vinduet mens programmet kjører.

Post loggfilen fra combofix (c:\combofix.txt)

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Problemene jeg ser/tror og de jeg synes virker mistenksomme er + filer som ikke lenger eksisterer:

C:\Users\Iselin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scvhost.exe

O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe

O4 - Startup: scvhost.exe

O9 - Extra button: eBay - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://www.webtip.ch...cker_url2.pl?NO (file missing)

O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co...nk-21&site=home (file missing)

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab

O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab

den siste er jeg ikke sikker på, men resten er jeg ganske sikker på

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet (endret)

Har det noe å gjøre med h*n som sender vinduene da?

Men her er loggen til Combofix:

ComboFix 10-03-17.07 - Iselin 18.03.2010 19:45:17.1.1 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.47.1044.18.1917.952 [GMT 1:00]

Kjører fra: c:\users\Iselin\Desktop\ComboFix.exe

* Anti-virus er aktiv

.

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\TEMP\logishrd\LVPrcInj01.dll

E:\install.exe

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2010-02-18 til 2010-03-18 )))))))))))))))))))))))))))))))))

.

2010-03-18 18:58 . 2010-03-18 19:05 -------- d-----w- c:\users\Iselin\AppData\Local\temp

2010-03-18 18:58 . 2010-03-18 18:58 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-03-18 14:21 . 2010-03-18 18:37 -------- d-----w- C:\HJT

2010-03-18 12:52 . 2010-02-12 10:48 293376 ----a-w- c:\windows\system32\browserchoice.exe

2010-03-17 15:39 . 2010-03-17 15:39 -------- d-----w- c:\users\Iselin\AppData\Roaming\Malwarebytes

2010-03-17 15:38 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-03-17 15:38 . 2010-03-17 15:38 -------- d-----w- c:\programdata\Malwarebytes

2010-03-17 15:38 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-17 15:38 . 2010-03-17 15:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-03-16 14:56 . 2010-03-16 15:19 -------- d-----w- c:\users\Public\Public Files

2010-03-13 11:10 . 2010-03-13 11:10 -------- d-----w- c:\users\Iselin\AppData\Roaming\Vivox

2010-03-13 11:08 . 2010-03-17 20:16 -------- d-----w- c:\users\Iselin\AppData\Roaming\IMVU

2010-03-13 11:06 . 2010-03-13 11:08 -------- d-----w- c:\users\Iselin\AppData\Roaming\IMVUClient

2010-03-11 13:23 . 2010-02-20 23:39 24064 ----a-w- c:\windows\system32\nshhttp.dll

2010-03-11 13:23 . 2010-02-20 21:18 411136 ----a-w- c:\windows\system32\drivers\http.sys

2010-03-11 13:23 . 2010-02-20 23:37 31232 ----a-w- c:\windows\system32\httpapi.dll

2010-03-05 15:16 . 2010-03-05 15:16 29184 ----a-w- c:\users\Public\winupdate.exe

2010-03-01 17:35 . 2010-03-01 17:35 -------- d-----w- c:\windows\Simple Port Forwarding

2010-03-01 17:35 . 2010-03-01 18:05 -------- d-----w- c:\program files\Simple Port Forwarding

2010-02-28 19:13 . 2010-02-28 19:13 -------- d-----w- c:\program files\PFPortChecker

2010-02-26 14:41 . 2010-02-27 09:08 -------- d---a-w- C:\xampp

2010-02-24 09:41 . 2010-01-23 09:44 2048 ----a-w- c:\windows\system32\tzres.dll

2010-02-24 09:41 . 2010-01-25 08:35 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe

2010-02-24 09:41 . 2010-01-25 08:34 511488 ----a-w- c:\windows\system32\RMActivate.exe

2010-02-24 09:41 . 2010-01-25 08:34 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe

2010-02-24 09:41 . 2010-01-25 12:48 472576 ----a-w- c:\windows\system32\secproc_isv.dll

2010-02-24 09:41 . 2010-01-25 12:48 472064 ----a-w- c:\windows\system32\secproc.dll

2010-02-24 09:41 . 2010-01-25 08:35 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe

2010-02-24 09:41 . 2010-01-25 12:48 151040 ----a-w- c:\windows\system32\secproc_ssp.dll

2010-02-24 09:41 . 2010-01-25 12:48 151040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll

2010-02-24 09:41 . 2010-01-25 12:45 329216 ----a-w- c:\windows\system32\msdrm.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-03-18 19:03 . 2009-09-05 10:45 -------- d-----w- c:\users\Iselin\AppData\Roaming\WTablet

2010-03-18 16:43 . 2008-10-27 09:20 -------- d-----w- c:\program files\Canal Digital Sikkerhetspakken

2010-03-17 17:18 . 2008-03-04 09:34 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-03-11 16:22 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2010-03-06 22:26 . 2009-07-21 12:47 -------- d-----w- c:\program files\emote

2010-02-26 06:48 . 2008-10-27 08:24 98640 ----a-w- c:\users\Iselin\AppData\Local\GDIPFONTCACHEV1.DAT

2010-02-24 08:16 . 2009-10-02 21:10 181632 ------w- c:\windows\system32\MpSigStub.exe

2010-02-08 15:55 . 2006-11-21 05:16 524336 ----a-w- c:\windows\system32\perfh014.dat

2010-02-08 15:55 . 2006-11-21 05:16 103864 ----a-w- c:\windows\system32\perfc014.dat

2010-02-08 15:52 . 2010-02-08 15:16 -------- d-----w- c:\program files\Microsoft SQL Server

2010-02-08 15:47 . 2009-01-10 11:36 -------- d-----w- c:\program files\Microsoft.NET

2010-02-08 15:15 . 2010-02-08 15:02 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0

2010-02-08 15:15 . 2010-02-08 15:15 -------- d-----w- c:\program files\Microsoft Synchronization Services

2010-02-08 15:15 . 2008-12-25 09:47 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition

2010-02-08 15:14 . 2010-02-08 15:02 -------- d-----w- c:\programdata\Microsoft Help

2010-02-08 14:59 . 2010-02-08 14:59 -------- d-----w- c:\program files\Microsoft SDKs

2010-02-06 17:22 . 2010-02-06 17:22 12 ----a-w- c:\windows\system32\winsbi.sys

2010-02-05 15:24 . 2010-02-05 15:24 -------- d-----w- c:\users\Iselin\AppData\Roaming\TortoiseSVN

2010-02-05 15:21 . 2010-02-05 15:21 -------- d-----w- c:\users\Iselin\AppData\Roaming\Subversion

2010-02-05 13:25 . 2010-02-05 13:25 -------- d-----w- c:\program files\TortoiseSVN

2010-02-05 13:25 . 2010-02-05 13:25 -------- d-----w- c:\program files\Common Files\TortoiseOverlays

2010-02-05 12:08 . 2010-02-05 12:08 -------- d-----w- c:\program files\MySQL

2010-02-04 16:15 . 2010-02-04 16:15 -------- d-----w- c:\program files\DebboProject

2010-02-03 15:37 . 2010-02-03 15:37 -------- d-----w- c:\program files\LogMeIn Hamachi

2010-01-29 16:14 . 2008-03-04 10:16 -------- d-----w- c:\program files\Google

2010-01-24 08:32 . 2008-03-04 09:27 -------- d-----w- c:\program files\Java

2010-01-22 06:37 . 2008-12-29 09:26 -------- d-----w- c:\programdata\Electronic Arts

2010-01-22 06:36 . 2010-01-22 06:36 -------- d-----w- c:\program files\Common Files\Adobe AIR

2010-01-20 18:13 . 2009-08-04 14:56 -------- d-----w- c:\program files\Microsoft Silverlight

2010-01-19 18:32 . 2010-01-19 18:32 -------- d-----w- c:\users\Iselin\AppData\Roaming\nswb

2009-12-28 12:35 . 2010-02-10 14:13 11776 ----a-w- c:\windows\system32\tsbyuv.dll

2009-12-28 12:35 . 2010-02-10 14:13 1314816 ----a-w- c:\windows\system32\quartz.dll

2009-12-28 12:32 . 2010-02-10 14:13 22528 ----a-w- c:\windows\system32\msyuv.dll

2009-12-28 12:32 . 2010-02-10 14:13 31744 ----a-w- c:\windows\system32\msvidc32.dll

2009-12-28 12:32 . 2010-02-10 14:13 123904 ----a-w- c:\windows\system32\msvfw32.dll

2009-12-28 12:32 . 2010-02-10 14:13 13312 ----a-w- c:\windows\system32\msrle32.dll

2009-12-28 12:31 . 2010-02-10 14:13 82944 ----a-w- c:\windows\system32\mciavi32.dll

2009-12-28 12:31 . 2010-02-10 14:13 50176 ----a-w- c:\windows\system32\iyuv_32.dll

2009-12-28 12:28 . 2010-02-10 14:13 65024 ----a-w- c:\windows\system32\avicap32.dll

2009-12-28 12:28 . 2010-02-10 14:13 91136 ----a-w- c:\windows\system32\avifil32.dll

2009-12-26 16:16 . 2009-03-21 14:38 680 ----a-w- c:\users\Iselin\AppData\Local\d3d9caps.dat

.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2009-02-26 10:25 809864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-02-26 809864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-02-26 809864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2010-01-18 18:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2010-01-18 18:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2010-01-18 18:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2010-01-18 18:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2010-01-18 18:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2010-01-18 18:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2010-01-18 18:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2010-01-18 18:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2010-01-18 18:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]

"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 2153472]

"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-27 39408]

"Logitech Vid"="c:\program files\Logitech\Logitech Vid\vid.exe" [2009-04-30 5472016]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]

"RtHDVCpl"="RtHDVCpl.exe" [2008-01-29 4911104]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]

"NDSTray.exe"="NDSTray.exe" [bU]

"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]

"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-10-25 413696]

"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]

"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-01-25 509816]

"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-01-22 712704]

"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-05-04 571024]

"F-Secure Manager"="c:\program files\Canal Digital Sikkerhetspakken\Common\FSM32.EXE" [2008-12-04 182936]

"F-Secure TNB"="c:\program files\Canal Digital Sikkerhetspakken\FSGUI\TNBUtil.exe" [2008-12-04 957024]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]

"Skytel"="Skytel.exe" [2007-11-20 1826816]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]

"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]

"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

c:\users\Iselin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2007-7-27 389120]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-2-12 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

R2 gupdate;Googles oppdateringstjeneste (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 135664]

R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-12-05 507136]

R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2008-03-17 15144]

R4 F-Secure Filter;F-Secure File System Filter;c:\program files\Canal Digital Sikkerhetspakken\Anti-Virus\Win2K\FSfilter.sys [2008-12-04 39776]

R4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Canal Digital Sikkerhetspakken\Anti-Virus\Win2K\FSrec.sys [2008-12-04 25184]

R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 47128]

R4 RsFx0102;RsFx0102 Driver;c:\windows\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]

R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 369688]

S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2009-07-11 33920]

S1 F-Secure HIPS;F-Secure HIPS;c:\program files\Canal Digital Sikkerhetspakken\HIPS\drivers\fshs.sys [2008-12-04 67808]

S1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2008-12-04 35552]

S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2008-12-04 70944]

S1 fsvista;F-Secure Vista Support Driver;c:\program files\Canal Digital Sikkerhetspakken\Anti-Virus\minifilter\fsvista.sys [2008-12-04 12384]

S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2007-12-25 40960]

S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2009-10-29 1074568]

S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2008-05-01 3032360]

S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976]

S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Canal Digital Sikkerhetspakken\Anti-Virus\minifilter\fsgk.sys [2009-12-09 107104]

S3 FSORSPClient;F-Secure ORSP Client;c:\program files\Canal Digital Sikkerhetspakken\ORSP Client\fsorsp.exe [2008-12-04 55904]

S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]

S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]

S3 RTL8187B;Realtek RTL8187B trådløs 802.11b/g 54M bps USB 2.0 nettverksadapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2007-12-26 290304]

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

2010-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 16:13]

2010-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 16:13]

.

.

------- Tilleggsskanning -------

.

uStart Page = hxxp://www.google.no/

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url2.pl?NO

IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home

LSP: c:\program files\Canal Digital Sikkerhetspakken\FSPS\program\fslsp.dll

DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://play.battlefield-heroes.com/static/updater/BFHUpdater_4.0.15.0.cab

FF - ProfilePath - c:\users\Iselin\AppData\Roaming\Mozilla\Firefox\Profiles\5qddli0d.default\

FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

.

- - - - TOMME PEKERE FJERNET - - - -

HKCU-Run-TOSCDSPD - TOSCDSPD.EXE

HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe

HKCU-Run-AARC - c:\users\Iselin\Documents\System\Rotte2.exe

HKLM-Run-fssui - c:\program files\Windows Live\Tryggere for familien\fssui.exe

AddRemove-GhostMouse 2.0 - c:\gmouse20\DeIsL1.isu

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-03-18 20:05

Windows 6.0.6001 Service Pack 1 NTFS

skanner skjulte prosesser ...

skanner skjulte autostart-oppføringer ...

skanner skjulte filer ...

skanning vellykket

skjulte filer: 0

**************************************************************************

.

--------------------- LÅSTE REGISTERNØKLER ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

- - - - - - - > 'Explorer.exe'(3292)

c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

c:\program files\TortoiseSVN\bin\TortoiseStub.dll

c:\program files\TortoiseSVN\bin\TortoiseSVN.dll

c:\program files\TortoiseSVN\bin\intl3_tsvn.dll

.

------------------------ Andre Kjørende Prosesser ------------------------

.

c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

c:\windows\system32\Ati2evxx.exe

c:\windows\SYSTEM32\WISPTIS.EXE

c:\program files\Common Files\microsoft shared\ink\TabTip.exe

c:\windows\system32\Ati2evxx.exe

c:\windows\SYSTEM32\WISPTIS.EXE

c:\program files\Common Files\microsoft shared\ink\TabTip.exe

c:\program files\Canal Digital Sikkerhetspakken\Anti-Virus\fsgk32st.exe

c:\program files\Canal Digital Sikkerhetspakken\Common\FSMA32.EXE

c:\program files\Canal Digital Sikkerhetspakken\Anti-Virus\FSGK32.EXE

c:\program files\Canal Digital Sikkerhetspakken\Common\FSMB32.EXE

c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\Canal Digital Sikkerhetspakken\Common\FCH32.EXE

c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\program files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe

c:\windows\system32\TODDSrv.exe

c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe

c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

c:\windows\system32\DRIVERS\xaudio.exe

c:\program files\Canal Digital Sikkerhetspakken\Common\FAMEH32.EXE

c:\program files\Canal Digital Sikkerhetspakken\Anti-Virus\fsqh.exe

c:\windows\system32\WTablet\Pen_TabletUser.exe

c:\program files\Canal Digital Sikkerhetspakken\FSPC\fspc.exe

c:\windows\system32\conime.exe

c:\program files\Canal Digital Sikkerhetspakken\FSAUA\program\fsaua.exe

c:\program files\Canal Digital Sikkerhetspakken\Anti-Virus\fssm32.exe

c:\program files\Canal Digital Sikkerhetspakken\FWES\Program\fsdfwd.exe

c:\program files\Canal Digital Sikkerhetspakken\Anti-Virus\fsav32.exe

c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

c:\windows\servicing\TrustedInstaller.exe

c:\program files\TortoiseSVN\bin\TSVNCache.exe

.

**************************************************************************

.

Tidspunkt ferdig: 2010-03-18 20:19:49 - maskinen ble startet på nytt

ComboFix-quarantined-files.txt 2010-03-18 19:19

Pre-Run: 14 873 755 648 byte ledig

Post-Run: 15 778 766 848 byte ledig

- - End Of File - - 0D2767518232BA18B578D4CD8D021672

Endret av Issi
0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt.

Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Post loggen.

6af2c97f0f4e497013ed9b32fc36b566.gif

File::

c:\users\Public\winupdate.exe

C:\Users\Iselin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scvhost.exe

dirlook::

c:\users\Public

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet (endret)

Her er den

ComboFix 10-03-17.07 - Iselin 18.03.2010 21:26:08.2.1 - x86

Microsoft® Windows Vista Home Premium 6.0.6001.1.1252.47.1044.18.1917.958 [GMT 1:00]

Kjører fra: c:\users\Iselin\Desktop\ComboFix.exe

Command switches brukt :: c:\users\Iselin\Desktop\CFScript.txt

* Anti-virus er aktiv

FILE ::

"c:\users\Iselin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scvhost.exe"

"c:\users\Public\winupdate.exe"

.

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\users\Public\winupdate.exe

c:\windows\TEMP\logishrd\LVPrcInj01.dll

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2010-02-18 til 2010-03-18 )))))))))))))))))))))))))))))))))

.

2010-03-18 20:38 . 2010-03-18 20:42 -------- d-----w- c:\users\Iselin\AppData\Local\temp

2010-03-18 20:38 . 2010-03-18 20:38 -------- d-----w- c:\users\Public\AppData\Local\temp

2010-03-18 20:38 . 2010-03-18 20:38 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-03-18 14:21 . 2010-03-18 18:37 -------- d-----w- C:\HJT

2010-03-18 12:52 . 2010-02-12 10:48 293376 ----a-w- c:\windows\system32\browserchoice.exe

2010-03-17 15:39 . 2010-03-17 15:39 -------- d-----w- c:\users\Iselin\AppData\Roaming\Malwarebytes

2010-03-17 15:38 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-03-17 15:38 . 2010-03-17 15:38 -------- d-----w- c:\programdata\Malwarebytes

2010-03-17 15:38 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-17 15:38 . 2010-03-17 15:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-03-16 14:56 . 2010-03-16 15:19 -------- d-----w- c:\users\Public\Public Files

2010-03-13 11:10 . 2010-03-13 11:10 -------- d-----w- c:\users\Iselin\AppData\Roaming\Vivox

2010-03-13 11:08 . 2010-03-17 20:16 -------- d-----w- c:\users\Iselin\AppData\Roaming\IMVU

2010-03-13 11:06 . 2010-03-13 11:08 -------- d-----w- c:\users\Iselin\AppData\Roaming\IMVUClient

2010-03-11 13:23 . 2010-02-20 23:39 24064 ----a-w- c:\windows\system32\nshhttp.dll

2010-03-11 13:23 . 2010-02-20 21:18 411136 ----a-w- c:\windows\system32\drivers\http.sys

2010-03-11 13:23 . 2010-02-20 23:37 31232 ----a-w- c:\windows\system32\httpapi.dll

2010-03-01 17:35 . 2010-03-01 17:35 -------- d-----w- c:\windows\Simple Port Forwarding

2010-03-01 17:35 . 2010-03-01 18:05 -------- d-----w- c:\program files\Simple Port Forwarding

2010-02-28 19:13 . 2010-02-28 19:13 -------- d-----w- c:\program files\PFPortChecker

2010-02-26 14:41 . 2010-02-27 09:08 -------- d---a-w- C:\xampp

2010-02-24 09:41 . 2010-01-23 09:44 2048 ----a-w- c:\windows\system32\tzres.dll

2010-02-24 09:41 . 2010-01-25 08:35 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe

2010-02-24 09:41 . 2010-01-25 08:34 511488 ----a-w- c:\windows\system32\RMActivate.exe

2010-02-24 09:41 . 2010-01-25 08:34 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe

2010-02-24 09:41 . 2010-01-25 12:48 472576 ----a-w- c:\windows\system32\secproc_isv.dll

2010-02-24 09:41 . 2010-01-25 12:48 472064 ----a-w- c:\windows\system32\secproc.dll

2010-02-24 09:41 . 2010-01-25 08:35 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe

2010-02-24 09:41 . 2010-01-25 12:48 151040 ----a-w- c:\windows\system32\secproc_ssp.dll

2010-02-24 09:41 . 2010-01-25 12:48 151040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll

2010-02-24 09:41 . 2010-01-25 12:45 329216 ----a-w- c:\windows\system32\msdrm.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-03-18 20:43 . 2008-10-27 09:20 -------- d-----w- c:\program files\Canal Digital Sikkerhetspakken

2010-03-18 20:41 . 2009-09-05 10:45 -------- d-----w- c:\users\Iselin\AppData\Roaming\WTablet

2010-03-18 18:58 . 2009-07-19 18:50 -------- d-----w- c:\program files\Cheat Engine

2010-03-17 17:18 . 2008-03-04 09:34 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-03-11 16:22 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2010-03-06 22:26 . 2009-07-21 12:47 -------- d-----w- c:\program files\emote

2010-02-26 06:48 . 2008-10-27 08:24 98640 ----a-w- c:\users\Iselin\AppData\Local\GDIPFONTCACHEV1.DAT

2010-02-24 08:16 . 2009-10-02 21:10 181632 ------w- c:\windows\system32\MpSigStub.exe

2010-02-08 15:55 . 2006-11-21 05:16 524336 ----a-w- c:\windows\system32\perfh014.dat

2010-02-08 15:55 . 2006-11-21 05:16 103864 ----a-w- c:\windows\system32\perfc014.dat

2010-02-08 15:52 . 2010-02-08 15:16 -------- d-----w- c:\program files\Microsoft SQL Server

2010-02-08 15:47 . 2009-01-10 11:36 -------- d-----w- c:\program files\Microsoft.NET

2010-02-08 15:15 . 2010-02-08 15:02 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0

2010-02-08 15:15 . 2010-02-08 15:15 -------- d-----w- c:\program files\Microsoft Synchronization Services

2010-02-08 15:15 . 2008-12-25 09:47 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition

2010-02-08 15:14 . 2010-02-08 15:02 -------- d-----w- c:\programdata\Microsoft Help

2010-02-08 14:59 . 2010-02-08 14:59 -------- d-----w- c:\program files\Microsoft SDKs

2010-02-06 17:22 . 2010-02-06 17:22 12 ----a-w- c:\windows\system32\winsbi.sys

2010-02-05 15:24 . 2010-02-05 15:24 -------- d-----w- c:\users\Iselin\AppData\Roaming\TortoiseSVN

2010-02-05 15:21 . 2010-02-05 15:21 -------- d-----w- c:\users\Iselin\AppData\Roaming\Subversion

2010-02-05 13:25 . 2010-02-05 13:25 -------- d-----w- c:\program files\TortoiseSVN

2010-02-05 13:25 . 2010-02-05 13:25 -------- d-----w- c:\program files\Common Files\TortoiseOverlays

2010-02-05 12:08 . 2010-02-05 12:08 -------- d-----w- c:\program files\MySQL

2010-02-04 16:15 . 2010-02-04 16:15 -------- d-----w- c:\program files\DebboProject

2010-02-03 15:37 . 2010-02-03 15:37 -------- d-----w- c:\program files\LogMeIn Hamachi

2010-01-29 16:14 . 2008-03-04 10:16 -------- d-----w- c:\program files\Google

2010-01-24 08:32 . 2008-03-04 09:27 -------- d-----w- c:\program files\Java

2010-01-22 06:37 . 2008-12-29 09:26 -------- d-----w- c:\programdata\Electronic Arts

2010-01-22 06:36 . 2010-01-22 06:36 -------- d-----w- c:\program files\Common Files\Adobe AIR

2010-01-20 18:13 . 2009-08-04 14:56 -------- d-----w- c:\program files\Microsoft Silverlight

2010-01-19 18:32 . 2010-01-19 18:32 -------- d-----w- c:\users\Iselin\AppData\Roaming\nswb

2009-12-28 12:35 . 2010-02-10 14:13 11776 ----a-w- c:\windows\system32\tsbyuv.dll

2009-12-28 12:35 . 2010-02-10 14:13 1314816 ----a-w- c:\windows\system32\quartz.dll

2009-12-28 12:32 . 2010-02-10 14:13 22528 ----a-w- c:\windows\system32\msyuv.dll

2009-12-28 12:32 . 2010-02-10 14:13 31744 ----a-w- c:\windows\system32\msvidc32.dll

2009-12-28 12:32 . 2010-02-10 14:13 123904 ----a-w- c:\windows\system32\msvfw32.dll

2009-12-28 12:32 . 2010-02-10 14:13 13312 ----a-w- c:\windows\system32\msrle32.dll

2009-12-28 12:31 . 2010-02-10 14:13 82944 ----a-w- c:\windows\system32\mciavi32.dll

2009-12-28 12:31 . 2010-02-10 14:13 50176 ----a-w- c:\windows\system32\iyuv_32.dll

2009-12-28 12:28 . 2010-02-10 14:13 65024 ----a-w- c:\windows\system32\avicap32.dll

2009-12-28 12:28 . 2010-02-10 14:13 91136 ----a-w- c:\windows\system32\avifil32.dll

2009-12-26 16:16 . 2009-03-21 14:38 680 ----a-w- c:\users\Iselin\AppData\Local\d3d9caps.dat

.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

---- Directory of c:\users\Public ----

2010-03-18 18:40 . 2010-03-18 18:40 1594 ----a-w- c:\users\Public\Desktop\Valg av nettleser.lnk

2010-03-17 15:38 . 2010-03-17 15:38 823 ----a-w- c:\users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

2010-03-16 14:56 . 2010-03-16 14:56 172032 ----a-w- c:\users\Public\Public Files\Winupdate.exe

2010-03-05 15:16 . 2010-03-05 15:16 29184 ----a-w- c:\users\Public\winupdate.exe

2010-01-22 06:37 . 2010-01-22 06:37 2052 ----a-w- c:\users\Public\Desktop\EA Download Manager.lnk

2010-01-02 09:46 . 2010-01-02 09:46 823 ----a-w- c:\users\Public\Desktop\WolfQuest Survival of the Pack.lnk

2009-12-26 09:22 . 2009-12-26 09:22 2052 ----a-w- c:\users\Public\Desktop\The Sims 2 Bon Voyage.lnk

2009-12-26 09:11 . 2009-12-26 09:11 2000 ----a-w- c:\users\Public\Desktop\The Sims 2 Dyreliv.lnk

2009-12-25 12:41 . 2009-12-25 12:41 2009 ----a-w- c:\users\Public\Desktop\The Sims 2 Årstider.lnk

2009-12-16 15:19 . 2009-12-16 15:19 935 ----a-w- c:\users\Public\Desktop\Logitech Vid.lnk

2009-12-16 15:11 . 2009-12-16 15:11 1991 ----a-w- c:\users\Public\Desktop\Logitech Webcam-programvare.lnk

2009-08-31 14:08 . 2009-08-31 14:08 1695 ----a-w- c:\users\Public\Desktop\Star Stable 4.lnk

2009-07-26 18:15 . 2009-07-26 18:15 140616 ----a-w- c:\users\Public\Downloads\hu_2009_setup-dm[1].exe

2009-06-07 12:25 . 2009-06-07 12:25 1859 ----a-w- c:\users\Public\Desktop\The Sims 3.lnk

2009-05-10 17:58 . 2009-05-10 17:58 1892 ----a-w- c:\users\Public\Desktop\Adobe Reader 8.lnk

2009-03-21 13:49 . 2009-03-21 13:49 2175 ----a-w- c:\users\Public\Desktop\The Sims 2 Double Deluxe.lnk

2009-02-27 13:05 . 2009-02-27 13:05 1695 ----a-w- c:\users\Public\Desktop\Star Stable 3.lnk

2009-02-17 21:30 . 2009-02-17 21:30 939 ----a-w- c:\users\Public\Desktop\Paint.NET.lnk

2009-01-04 08:20 . 2009-01-04 08:20 524288 --sha-w- c:\users\Public\NTUSER.DAT{701676ba-da36-11dd-ab21-001e336b3c1a}.TMContainer00000000000000000002.regtrans-ms

2009-01-04 08:20 . 2010-03-18 18:44 524288 --sha-w- c:\users\Public\NTUSER.DAT{701676ba-da36-11dd-ab21-001e336b3c1a}.TMContainer00000000000000000001.regtrans-ms

2009-01-04 08:20 . 2010-03-18 18:44 65536 --sha-w- c:\users\Public\NTUSER.DAT{701676ba-da36-11dd-ab21-001e336b3c1a}.TM.blf

2008-12-25 21:53 . 2009-10-08 15:31 3041 --sh--w- c:\users\Public\Music\Sample Music\AlbumArt_{208F236E-B511-4949-BDF9-3791602ED53A}_Small.jpg

2008-12-25 21:53 . 2009-10-08 15:31 15736 --sh--w- c:\users\Public\Music\Sample Music\AlbumArt_{208F236E-B511-4949-BDF9-3791602ED53A}_Large.jpg

2008-12-25 21:53 . 2008-12-25 22:08 2080 --sh--w- c:\users\Public\Music\Sample Music\AlbumArt_{D4213C57-0F32-4AED-82E0-A6560E1EA35F}_Small.jpg

2008-12-25 21:53 . 2008-12-25 22:08 8669 --sh--w- c:\users\Public\Music\Sample Music\AlbumArt_{D4213C57-0F32-4AED-82E0-A6560E1EA35F}_Large.jpg

2008-12-25 21:53 . 2008-12-25 22:08 1603 --sh--w- c:\users\Public\Music\Sample Music\AlbumArt_{2BEDE989-0477-48C8-8E85-D5FC97494EC0}_Small.jpg

2008-12-25 21:53 . 2008-12-25 22:08 4910 --sh--w- c:\users\Public\Music\Sample Music\AlbumArt_{2BEDE989-0477-48C8-8E85-D5FC97494EC0}_Large.jpg

2008-12-25 21:52 . 2008-12-25 22:08 1558 --sh--w- c:\users\Public\Music\Sample Music\AlbumArt_{81244B04-70BE-47F1-9A5E-2026093D598F}_Small.jpg

2008-12-25 21:52 . 2008-12-25 22:08 4580 --sh--w- c:\users\Public\Music\Sample Music\AlbumArt_{81244B04-70BE-47F1-9A5E-2026093D598F}_Large.jpg

2008-12-25 21:52 . 2008-12-25 22:08 2359 --sh--w- c:\users\Public\Music\Sample Music\AlbumArt_{DAAE5A7A-D07D-4C7C-AE7B-E926C737721B}_Small.jpg

2008-12-25 21:52 . 2008-12-25 22:08 8527 --sh--w- c:\users\Public\Music\Sample Music\AlbumArt_{DAAE5A7A-D07D-4C7C-AE7B-E926C737721B}_Large.jpg

2008-12-25 21:52 . 2008-12-25 22:08 2090 --sh--w- c:\users\Public\Music\Sample Music\AlbumArt_{CA6465E3-92B8-4969-B053-E091250B3E3E}_Small.jpg

2008-12-25 21:52 . 2008-12-25 22:08 7917 --sh--w- c:\users\Public\Music\Sample Music\AlbumArt_{CA6465E3-92B8-4969-B053-E091250B3E3E}_Large.jpg

2008-12-25 21:52 . 2008-12-25 22:08 1608 --sh--w- c:\users\Public\Music\Sample Music\AlbumArt_{F87D14E5-4DEB-4169-B9EA-D067EBCD4297}_Small.jpg

2008-12-25 21:52 . 2008-12-25 22:08 4938 --sh--w- c:\users\Public\Music\Sample Music\AlbumArt_{F87D14E5-4DEB-4169-B9EA-D067EBCD4297}_Large.jpg

2008-12-25 21:52 . 2009-10-08 15:31 15736 --sh--w- c:\users\Public\Music\Sample Music\Folder.jpg

2008-12-25 21:52 . 2009-10-08 15:31 3041 --sh--w- c:\users\Public\Music\Sample Music\AlbumArtSmall.jpg

2008-12-25 08:41 . 2008-12-25 08:41 1243 ----a-w- c:\users\Public\Desktop\Imagine Pet Vet at the Zoo.lnk

2008-12-24 23:17 . 2008-12-24 23:17 1731 ----a-w- c:\users\Public\Desktop\QuickTime Player.lnk

2008-10-27 09:18 . 2008-10-27 09:18 524288 --sha-w- c:\users\Public\NTUSER.DAT{7fa70910-a404-11dd-9cc7-001e336b3c1a}.TMContainer00000000000000000002.regtrans-ms

2008-10-27 09:18 . 2008-10-27 09:18 524288 --sha-w- c:\users\Public\NTUSER.DAT{7fa70910-a404-11dd-9cc7-001e336b3c1a}.TMContainer00000000000000000001.regtrans-ms

2008-10-27 09:18 . 2008-10-27 09:18 65536 --sha-w- c:\users\Public\NTUSER.DAT{7fa70910-a404-11dd-9cc7-001e336b3c1a}.TM.blf

2008-10-27 09:18 . 2010-03-18 18:44 262144 ----a-w- c:\users\Public\NTUSER.DAT

2008-10-27 09:18 . 2010-03-18 18:44 5120 ---ha-w- c:\users\Public\NTUSER.DAT.LOG1

2008-10-27 09:18 . 2008-10-27 09:18 0 ---ha-w- c:\users\Public\NTUSER.DAT.LOG2

2008-10-27 09:17 . 2008-10-27 09:17 1750 ----a-w- c:\users\Public\Desktop\TOSHIBA Brukerhåndbok.lnk

2008-03-06 09:09 . 2009-06-11 19:24 999 ----a-w- c:\users\Public\Desktop\Microsoft Works.lnk

2008-03-04 10:19 . 2008-03-04 10:19 1864 ----a-w- c:\users\Public\Desktop\Desktop SMS.lnk

2008-03-04 10:18 . 2008-03-04 10:18 1626 ----a-w- c:\users\Public\Desktop\Amazon.co.uk.lnk

2008-03-04 10:18 . 2008-10-27 08:28 1440 ----a-w- c:\users\Public\Desktop\eBay.lnk

2008-03-04 10:13 . 2008-01-19 10:32 1656 ----a-w- c:\users\Public\Desktop\McAfee Internet Security Suite.lnk

2008-03-04 10:09 . 2008-03-04 10:09 996 ----a-w- c:\users\Public\Desktop\TOSHIBA Recovery Disc Creator.lnk

2008-03-04 09:53 . 2008-03-04 09:53 1633 ----a-w- c:\users\Public\Desktop\TOSHIBA Assist.lnk

2006-11-02 12:50 . 2008-12-27 18:12 174 --sha-w- c:\users\Public\desktop.ini

2006-11-02 12:50 . 2008-12-27 18:12 174 --sh--w- c:\users\Public\Desktop\desktop.ini

2006-11-02 12:50 . 2008-12-27 18:12 280 --sha-w- c:\users\Public\Documents\desktop.ini

2006-11-02 12:50 . 2008-12-27 18:12 174 --sha-w- c:\users\Public\Downloads\desktop.ini

2006-11-02 12:50 . 2008-12-27 18:12 382 --sha-w- c:\users\Public\Music\desktop.ini

2006-11-02 12:50 . 2008-12-27 18:12 382 --sha-w- c:\users\Public\Pictures\desktop.ini

2006-11-02 12:50 . 2008-12-27 18:12 382 --sha-w- c:\users\Public\Videos\desktop.ini

2006-11-02 12:37 . 2009-10-08 15:31 381 --sh--w- c:\users\Public\Music\Sample Music\desktop.ini

2006-11-02 12:37 . 2008-12-25 22:08 6214617 ----a-w- c:\users\Public\Music\Sample Music\Despertar.wma

2006-11-02 12:37 . 2008-12-25 22:08 5805995 ----a-w- c:\users\Public\Music\Sample Music\Din Din Wo (Little Child).wma

2006-11-02 12:37 . 2008-12-25 22:08 4078842 ----a-w- c:\users\Public\Music\Sample Music\Love Comes.wma

2006-11-02 12:37 . 2008-12-25 22:08 3507171 ----a-w- c:\users\Public\Music\Sample Music\Muita Bobeira.wma

2006-11-02 12:37 . 2008-12-25 22:08 5416446 ----a-w- c:\users\Public\Music\Sample Music\OAM's Blues.wma

2006-11-02 12:37 . 2008-12-25 22:08 7407286 ----a-w- c:\users\Public\Music\Sample Music\One Step Beyond.wma

2006-11-02 12:37 . 2009-10-08 15:31 7215413 ----a-w- c:\users\Public\Music\Sample Music\Symphony_No_3.wma

2006-11-02 12:37 . 2008-12-25 22:08 4990823 ----a-w- c:\users\Public\Music\Sample Music\Amanda.wma

2006-11-02 12:37 . 2008-12-25 22:08 6623806 ----a-w- c:\users\Public\Music\Sample Music\Distance.wma

2006-11-02 12:37 . 2008-12-25 22:08 4302820 ----a-w- c:\users\Public\Music\Sample Music\I Guess You're Right.wma

2006-11-02 12:37 . 2008-12-25 22:08 6097007 ----a-w- c:\users\Public\Music\Sample Music\I Ka Barra (Your Work).wma

2006-11-02 12:37 . 2010-01-09 15:37 276216 ----a-w- c:\users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg

2006-11-02 12:37 . 2010-01-09 15:37 264409 ----a-w- c:\users\Public\Pictures\Sample Pictures\Creek.jpg

2006-11-02 12:37 . 2010-01-09 15:37 228863 ----a-w- c:\users\Public\Pictures\Sample Pictures\Desert Landscape.jpg

2006-11-02 12:37 . 2008-12-27 18:12 1982 --sha-w- c:\users\Public\Pictures\Sample Pictures\desktop.ini

2006-11-02 12:37 . 2010-01-09 15:37 316892 ----a-w- c:\users\Public\Pictures\Sample Pictures\Dock.jpg

2006-11-02 12:37 . 2010-01-09 15:37 128755 ----a-w- c:\users\Public\Pictures\Sample Pictures\Forest Flowers.jpg

2006-11-02 12:37 . 2010-01-09 15:37 664489 ----a-w- c:\users\Public\Pictures\Sample Pictures\Forest.jpg

2006-11-02 12:37 . 2010-01-09 15:37 108051 ----a-w- c:\users\Public\Pictures\Sample Pictures\Frangipani Flowers.jpg

2006-11-02 12:37 . 2010-01-09 15:37 516424 ----a-w- c:\users\Public\Pictures\Sample Pictures\Garden.jpg

2006-11-02 12:37 . 2010-01-09 15:37 378729 ----a-w- c:\users\Public\Pictures\Sample Pictures\Green Sea Turtle.jpg

2006-11-02 12:37 . 2010-01-09 15:37 262368 ----a-w- c:\users\Public\Pictures\Sample Pictures\Humpback Whale.jpg

2006-11-02 12:37 . 2010-01-09 15:37 297834 ----a-w- c:\users\Public\Pictures\Sample Pictures\Oryx Antelope.jpg

2006-11-02 12:37 . 2010-01-09 15:37 114852 ----a-w- c:\users\Public\Pictures\Sample Pictures\Toco Toucan.jpg

2006-11-02 12:37 . 2010-01-09 15:37 770042 ----a-w- c:\users\Public\Pictures\Sample Pictures\Tree.jpg

2006-11-02 12:37 . 2010-01-09 15:37 287631 ----a-w- c:\users\Public\Pictures\Sample Pictures\Waterfall.jpg

2006-11-02 12:37 . 2010-01-09 15:37 211207 ----a-w- c:\users\Public\Pictures\Sample Pictures\Winter Leaves.jpg

2006-11-02 12:37 . 2010-01-09 15:37 4045744 ----a-w- c:\users\Public\Videos\Sample Videos\Bear.wmv

2006-11-02 12:37 . 2008-12-27 18:12 536 --sha-w- c:\users\Public\Videos\Sample Videos\desktop.ini

2006-11-02 12:37 . 2006-11-02 12:37 50076040 ----a-w- c:\users\Public\Recorded TV\Sample Media\Apollo 13.dvr-ms

2006-11-02 12:37 . 2006-11-02 12:37 17073 --sha-w- c:\users\Public\Recorded TV\Sample Media\Apollo 13.jpg

2006-11-02 12:37 . 2006-11-02 12:37 322 --sha-w- c:\users\Public\Recorded TV\Sample Media\desktop.ini

2006-11-02 12:37 . 2006-11-02 12:37 46930390 ----a-w- c:\users\Public\Recorded TV\Sample Media\Jewels of Caribbean.dvr-ms

2006-11-02 12:37 . 2006-11-02 12:37 53090734 ----a-w- c:\users\Public\Recorded TV\Sample Media\Vertigo.dvr-ms

2006-11-02 12:37 . 2006-11-02 12:37 17655 --sha-w- c:\users\Public\Recorded TV\Sample Media\Vertigo.jpg

2006-11-02 12:37 . 2010-01-09 15:37 2797732 ----a-w- c:\users\Public\Videos\Sample Videos\Butterfly.wmv

2006-11-02 12:37 . 2010-01-09 15:37 2981738 ----a-w- c:\users\Public\Videos\Sample Videos\Lake.wmv

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2009-02-26 10:25 809864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-02-26 809864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-02-26 809864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2010-01-18 18:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2010-01-18 18:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2010-01-18 18:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2010-01-18 18:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2010-01-18 18:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2010-01-18 18:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2010-01-18 18:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2010-01-18 18:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2010-01-18 18:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]

"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 2153472]

"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-27 39408]

"Logitech Vid"="c:\program files\Logitech\Logitech Vid\vid.exe" [2009-04-30 5472016]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]

"RtHDVCpl"="RtHDVCpl.exe" [2008-01-29 4911104]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]

"NDSTray.exe"="NDSTray.exe" [bU]

"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]

"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-10-25 413696]

"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]

"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-01-25 509816]

"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-01-22 712704]

"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-05-04 571024]

"F-Secure Manager"="c:\program files\Canal Digital Sikkerhetspakken\Common\FSM32.EXE" [2008-12-04 182936]

"F-Secure TNB"="c:\program files\Canal Digital Sikkerhetspakken\FSGUI\TNBUtil.exe" [2008-12-04 957024]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]

"Skytel"="Skytel.exe" [2007-11-20 1826816]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]

"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]

"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

c:\users\Iselin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2007-7-27 389120]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-2-12 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

R2 gupdate;Googles oppdateringstjeneste (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 135664]

R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-12-05 507136]

R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2008-03-17 15144]

R4 F-Secure Filter;F-Secure File System Filter;c:\program files\Canal Digital Sikkerhetspakken\Anti-Virus\Win2K\FSfilter.sys [2008-12-04 39776]

R4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Canal Digital Sikkerhetspakken\Anti-Virus\Win2K\FSrec.sys [2008-12-04 25184]

R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 47128]

R4 RsFx0102;RsFx0102 Driver;c:\windows\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]

R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 369688]

S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2009-07-11 33920]

S1 F-Secure HIPS;F-Secure HIPS;c:\program files\Canal Digital Sikkerhetspakken\HIPS\drivers\fshs.sys [2008-12-04 67808]

S1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2008-12-04 35552]

S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2008-12-04 70944]

S1 fsvista;F-Secure Vista Support Driver;c:\program files\Canal Digital Sikkerhetspakken\Anti-Virus\minifilter\fsvista.sys [2008-12-04 12384]

S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2007-12-25 40960]

S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2009-10-29 1074568]

S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2008-05-01 3032360]

S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976]

S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Canal Digital Sikkerhetspakken\Anti-Virus\minifilter\fsgk.sys [2009-12-09 107104]

S3 FSORSPClient;F-Secure ORSP Client;c:\program files\Canal Digital Sikkerhetspakken\ORSP Client\fsorsp.exe [2008-12-04 55904]

S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]

S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]

S3 RTL8187B;Realtek RTL8187B trådløs 802.11b/g 54M bps USB 2.0 nettverksadapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2007-12-26 290304]

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

2010-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 16:13]

2010-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 16:13]

.

.

------- Tilleggsskanning -------

.

uStart Page = hxxp://www.google.no/

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url2.pl?NO

IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home

LSP: c:\program files\Canal Digital Sikkerhetspakken\FSPS\program\fslsp.dll

DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://play.battlefield-heroes.com/static/updater/BFHUpdater_4.0.15.0.cab

FF - ProfilePath - c:\users\Iselin\AppData\Roaming\Mozilla\Firefox\Profiles\5qddli0d.default\

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-03-18 21:41

Windows 6.0.6001 Service Pack 1 NTFS

skanner skjulte prosesser ...

skanner skjulte autostart-oppføringer ...

skanner skjulte filer ...

skanning vellykket

skjulte filer: 0

**************************************************************************

.

--------------------- LÅSTE REGISTERNØKLER ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

- - - - - - - > 'Explorer.exe'(2016)

c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

c:\program files\TortoiseSVN\bin\TortoiseStub.dll

c:\program files\TortoiseSVN\bin\TortoiseSVN.dll

c:\program files\TortoiseSVN\bin\intl3_tsvn.dll

.

------------------------ Andre Kjørende Prosesser ------------------------

.

c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

c:\windows\system32\Ati2evxx.exe

c:\windows\SYSTEM32\WISPTIS.EXE

c:\program files\Common Files\microsoft shared\ink\TabTip.exe

c:\windows\system32\Ati2evxx.exe

c:\windows\SYSTEM32\WISPTIS.EXE

c:\program files\Common Files\microsoft shared\ink\TabTip.exe

c:\program files\Canal Digital Sikkerhetspakken\Anti-Virus\fsgk32st.exe

c:\program files\Canal Digital Sikkerhetspakken\Common\FSMA32.EXE

c:\program files\Canal Digital Sikkerhetspakken\Anti-Virus\FSGK32.EXE

c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

c:\program files\Canal Digital Sikkerhetspakken\Common\FSMB32.EXE

c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\program files\Canal Digital Sikkerhetspakken\Common\FCH32.EXE

c:\program files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe

c:\windows\system32\TODDSrv.exe

c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe

c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

c:\windows\system32\DRIVERS\xaudio.exe

c:\program files\Canal Digital Sikkerhetspakken\Common\FAMEH32.EXE

c:\program files\Canal Digital Sikkerhetspakken\Anti-Virus\fsqh.exe

c:\program files\Canal Digital Sikkerhetspakken\FSPC\fspc.exe

c:\windows\system32\WTablet\Pen_TabletUser.exe

c:\program files\Canal Digital Sikkerhetspakken\FSAUA\program\fsaua.exe

c:\program files\Canal Digital Sikkerhetspakken\Anti-Virus\fssm32.exe

c:\program files\Canal Digital Sikkerhetspakken\FWES\Program\fsdfwd.exe

c:\windows\system32\conime.exe

c:\program files\Canal Digital Sikkerhetspakken\Anti-Virus\fsav32.exe

c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

c:\windows\servicing\TrustedInstaller.exe

c:\program files\TortoiseSVN\bin\TSVNCache.exe

.

**************************************************************************

.

Tidspunkt ferdig: 2010-03-18 21:55:32 - maskinen ble startet på nytt

ComboFix-quarantined-files.txt 2010-03-18 20:55

ComboFix2.txt 2010-03-18 19:19

Pre-Run: 15 688 376 320 byte ledig

Post-Run: 16 441 253 888 byte ledig

- - End Of File - - 7CA75BA9687A1500B18B5518BBEB3041

Endret av Issi
0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Gå til virscan.org og last opp følgende filer for sjekk:

c:\users\Public\Public Files\Winupdate.exe

c:\users\Public\winupdate.exe

Gi tilbakemelding på resultatet.

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Her er resultatet

VirSCAN.org Scanned Report :

Scanned time : 2010/03/19 08:34:41 (CET)

Scanner results: Scanners did not find malware!

File Name : text.txt

File Size : 73 byte

File Type : ASCII text, with CRLF line terminators

MD5 : d321ba18c31b3320e735d133b647ee95

SHA1 : f1168fa7e3530a95b02f9a1ca9c28094eb6847a0

Online report : http://virscan.org/report/482340cb552518c5b2c6db4c27a766cd.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result

a-squared 4.5.0.8 20100319063127 2010-03-19 5.03 -

AhnLab V3 2010.03.19.03 2010.03.19 2010-03-19 1.06 -

AntiVir 8.2.1.194 7.10.5.136 2010-03-18 0.25 -

Antiy 2.0.18 20100318.4019584 2010-03-18 0.02 -

Arcavir 2009 201003181827 2010-03-18 0.01 -

Authentium 5.1.1 201003182251 2010-03-18 1.30 -

AVAST! 4.7.4 100318-1 2010-03-18 0.00 -

AVG 8.5.720 271.1.1/2755 2010-03-19 0.24 -

BitDefender 7.81008.5473997 7.30840 2010-03-19 5.62 -

ClamAV 0.95.3 10596 2010-03-19 0.00 -

Comodo 3.13.579 4314 2010-03-19 0.92 -

CP Secure 1.3.0.5 2010.03.18 2010-03-18 0.00 -

Dr.Web 5.0.1.12222 2010.03.19 2010-03-19 6.14 -

F-Prot 4.4.4.56 20100318 2010-03-18 1.30 -

F-Secure 7.02.73807 2010.03.19.03 2010-03-19 10.66 -

Fortinet 4.0.14 11.596 2010-03-18 0.15 -

GData 19.10827/19.829 20100319 2010-03-19 6.70 -

ViRobot 20100318 2010.03.18 2010-03-18 0.43 -

Ikarus T3.1.01.80 2010.03.19.75433 2010-03-19 5.31 -

JiangMin 13.0.900 2010.03.19 2010-03-19 7.82 -

Kaspersky 5.5.10 2010.03.19 2010-03-19 0.04 -

KingSoft 2009.2.5.15 2010.3.19.7 2010-03-19 0.64 -

McAfee 5.3.00 5924 2010-03-18 3.68 -

Microsoft 1.5605 2010.03.19 2010-03-19 6.24 -

Norman 6.01.09 6.01.00 2010-02-10 4.01 -

Panda 9.05.01 2010.03.18 2010-03-18 2.27 -

Trend Micro 9.120-1004 6.934.02 2010-03-18 0.02 -

Quick Heal 10.00 2010.03.19 2010-03-19 1.43 -

Rising 20.0 22.39.04.03 2010-03-19 0.25 -

Sophos 3.05.4 4.51 2010-03-19 3.66 -

Sunbelt 3.9.2410.2 5963 2010-03-18 4.20 -

Symantec 1.3.0.24 20100311.002 2010-03-11 0.47 -

nProtect 20100318.01 7775972 2010-03-18 4.86 -

The Hacker 6.5.2.0 v00238 2010-03-19 0.37 -

VBA32 3.12.12.2 20100316.2232 2010-03-16 2.67 -

VirusBuster 4.5.11.10 10.122.3/2002821 2010-03-18 2.35 -

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Mitt råd her er vel også og fjerne Toolbars og slike ting om du kan avinstallere dette fra

Legg til fjern programmer!

Så at du har det via

O8 - Extra context menu item: Google Sidewiki - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

Om du ikke er noe pokerspiller så kan jeg også si at dette skaper også reklame. Adware

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Jeg har aldri spilt det poker spillet og det er fjernet (tror jeg)

Har google toolbaren noe med h*n som sender vinduer da? Det er h*n jeg vil fjerne

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

  • Hvem er aktive   0 medlemmer

    Ingen innloggede medlemmer aktive