69 svar til dette emnet

[Issi]

Har enda ikke fått ordnet dette, og den forige emnet ble inaktivt.
Her er Hijackthis logg, MBAM viste bare ren

Spoiler

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:58:36, on 11.04.2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18444)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Canal Digital Sikkerhetspakken\Common\FSM32.EXE
C:\Windows\PixArt\PAC207\Monitor.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Logitech\Logitech Vid\Vid.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Program Files\Canal Digital Sikkerhetspakken\FSGUI\fsguidll.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
C:\Windows\System32\mspaint.exe
C:\HJT\test.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.no
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.no
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 74.115.6.57:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: FCTBPos00Pos - {180E37B8-072D-48E4-800D-F353EE800672} - C:\Program Files\myYearbook Toolbar\Toolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Canal Digital Sikkerhetspakken\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Canal Digital Sikkerhetspakken\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Logitech Vid\vid.exe" -bootmode
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~3.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; GTB6.4; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; InfoPath.1; .NET CLR 3.5.30729; .NET CLR 3.0.30618; Tablet PC 2.0; AskTB5.3)" -"http://pixelhotell.s....org/da/client"
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')
O4 - Startup: TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: Foreldre... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Canal Digital Sikkerhetspakken\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Canal Digital Sikkerhetspakken\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Foreldre... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Canal Digital Sikkerhetspakken\FSPC\fspcmsie.dll
O9 - Extra button: Blogg dette - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blogg dette i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: eBay - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://www.webtip.ch...cker_url2.pl?NO (file missing)
O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co...nk-21&site=home (file missing)
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....NPUpldnb-no.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zon...wn.cab56986.cab
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinn...d/bejeweled.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.c.../acclaim_v5.cab
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://play.battlef...er_4.0.15.0.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Canal Digital Sikkerhetspakken\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Canal Digital Sikkerhetspakken\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Canal Digital Sikkerhetspakken\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Canal Digital Sikkerhetspakken\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Canal Digital Sikkerhetspakken\ORSP Client\fsorsp.exe
O23 - Service: GTMM Device Service - Option nv - C:\Program Files\Telenor\Mobilt Bredbånd\GtmmDeviceService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Sesam Control Service (SesamService) - Swisscom - C:\Program Files\Telenor\Mobilt Bredbånd\Sesam\BIN\SecMIPService.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12337 bytes

[Kakeshoma]

Hvilke meldinger dukker opp?

[Issi]

Vel, det er sånn meldinger der en person skriver på, så gjør h*n til at jeg kan trykke ja, nei eller ignorer (kanskje flere alternativer) De bare dukker opp. Ikke via MSN eller lignende. Først fikk jeg: Bill gates is watching you!!!, så kom det: Windows kan ikke finne filen, vil du ha en iskrem istedet? eller noe sånt. Så skrev den personen flere, og på flere av meldingene sto navnet mitt, og på den ene litt av etternavnet. H*n har skrevet flere personlige meldinger. Aner ikke hva han bruker, h*n kan overvåke hva jeg gjør også, så jeg snakket med han med notepad.

Skriver h*n fordi jeg ikke vet kjønn. Garantert en han

Dette innlegget er endret av Issi: 11 April 2010 - 18:05

[Kakeshoma]

Vil anbefale deg å ikke være tilkoblet internett og nettverket på den maskinen inntil du har fått hjelp.

Du kan prøve å starte i sikkerhetsmodus (trykk F8 under oppstart) og velg Sikkerhetsmodus uten nettverkstilkobling.
Og kjør fult systemsøk med antivirusprogram og MBAM.

Dette innlegget er endret av Kakeshoma: 11 April 2010 - 18:16

[Issi]

Ok, men han skrev også at han ble aldri funnet, så det var ikke vits for meg å finne ut. Og at han kan slå av dataen min og ødelegge den. Jeg har søkt mye med MBAM og flere som er anbefalt her, men på forige tråden min fikk jeg ikke hjelp med det jeg trengte hjelp til.

[snippsat]

Start HijackThis "scan" finn denne linjen merk den,så trykk fix checked.
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe

Last Combofix ned ,legg på skrivebordet.
Ikke klikk på vindu mens programmet kjører.
post logg C:\combofix.txt

[Issi]

Sånn.

Combofix logg:

Spoiler

ComboFix 10-04-10.02 - Iselin 11.04.2010 18:53:47.3.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.47.1044.18.1917.1087 [GMT 2:00]
Kjører fra: c:\users\Iselin\Downloads\ComboFix.exe
* Anti-virus er aktiv

.

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((((( Filer Opprettet Fra 2010-03-11 til 2010-04-11 )))))))))))))))))))))))))))))))))
.

2010-04-11 17:06 . 2010-04-11 17:10 -------- d-----w- c:\users\Iselin\AppData\Local\temp
2010-04-11 17:06 . 2010-04-11 17:06 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-04-11 17:06 . 2010-04-11 17:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-05 15:14 . 2010-04-05 15:14 0 ----a-w- c:\users\Iselin\jagex__preferences3.dat
2010-04-02 12:57 . 2010-04-03 07:05 -------- d-----w- c:\users\Iselin\AppData\Local\Mobilt Bredbånd
2010-04-02 12:45 . 2010-04-02 12:45 -------- d-----w- c:\programdata\Local
2010-04-02 12:43 . 2010-04-02 12:43 -------- d-----w- c:\users\Iselin\AppData\Local\Mobile Broadband
2010-04-02 12:42 . 2010-04-02 12:57 -------- d-----w- c:\programdata\Mobilt Bredbånd
2010-04-02 12:42 . 2010-04-02 12:42 -------- d-----w- c:\program files\Telenor
2010-03-30 19:07 . 2010-03-30 19:48 -------- d-----w- c:\program files\PhotoScape
2010-03-30 06:41 . 2010-02-03 13:56 26176 ---ha-w- c:\windows\system32\hamachi.sys
2010-03-28 11:16 . 2010-03-28 11:16 -------- d-----w- C:\GMouse20
2010-03-27 16:20 . 2010-03-27 16:20 -------- d-----w- c:\program files\CCleaner
2010-03-18 14:21 . 2010-04-11 16:41 -------- d-----w- C:\HJT
2010-03-18 12:52 . 2010-02-12 10:48 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-03-17 15:39 . 2010-03-17 15:39 -------- d-----w- c:\users\Iselin\AppData\Roaming\Malwarebytes
2010-03-17 15:38 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-17 15:38 . 2010-03-17 15:38 -------- d-----w- c:\programdata\Malwarebytes
2010-03-17 15:38 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-17 15:38 . 2010-03-17 15:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-16 14:56 . 2010-03-16 15:19 -------- d-----w- c:\users\Public\Public Files
2010-03-13 11:10 . 2010-03-13 11:10 -------- d-----w- c:\users\Iselin\AppData\Roaming\Vivox
2010-03-13 11:08 . 2010-03-25 13:50 -------- d-----w- c:\users\Iselin\AppData\Roaming\IMVU
2010-03-13 11:06 . 2010-03-13 11:08 -------- d-----w- c:\users\Iselin\AppData\Roaming\IMVUClient

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-11 17:09 . 2009-09-05 10:45 -------- d-----w- c:\users\Iselin\AppData\Roaming\WTablet
2010-04-11 15:51 . 2008-10-27 09:20 -------- d-----w- c:\program files\Canal Digital Sikkerhetspakken
2010-04-07 14:44 . 2006-11-21 05:16 524336 ----a-w- c:\windows\system32\perfh014.dat
2010-04-07 14:44 . 2006-11-21 05:16 103864 ----a-w- c:\windows\system32\perfc014.dat
2010-04-06 18:29 . 2010-01-22 06:36 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-04-06 18:20 . 2008-03-04 10:15 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-02 12:57 . 2010-04-02 12:42 -------- d-----w- c:\programdata\Mobilt Bredbånd
2010-03-29 06:44 . 2008-10-27 08:24 98640 ----a-w- c:\users\Iselin\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-19 15:45 . 2008-03-04 10:16 -------- d-----w- c:\program files\Google
2010-03-17 17:18 . 2008-03-04 09:34 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-11 16:22 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-09 16:28 . 2010-03-31 07:46 833024 ----a-w- c:\windows\system32\wininet.dll
2010-03-09 16:25 . 2010-03-31 07:46 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-09 14:01 . 2010-03-31 07:46 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2010-03-06 22:26 . 2009-07-21 12:47 -------- d-----w- c:\program files\emote
2010-02-28 19:13 . 2010-02-28 19:13 -------- d-----w- c:\program files\PFPortChecker
2010-02-24 09:16 . 2009-10-02 21:10 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-20 23:39 . 2010-03-11 13:23 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:37 . 2010-03-11 13:23 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 21:18 . 2010-03-11 13:23 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-06 17:22 . 2010-02-06 17:22 12 ----a-w- c:\windows\system32\winsbi.sys
2010-01-25 12:48 . 2010-02-24 09:41 472576 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:48 . 2010-02-24 09:41 151040 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:48 . 2010-02-24 09:41 151040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:48 . 2010-02-24 09:41 472064 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 12:45 . 2010-02-24 09:41 329216 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:35 . 2010-02-24 09:41 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:35 . 2010-02-24 09:41 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:34 . 2010-02-24 09:41 511488 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:34 . 2010-02-24 09:41 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:44 . 2010-02-24 09:41 2048 ----a-w- c:\windows\system32\tzres.dll
.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 2153472]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\vid.exe" [2009-04-30 5472016]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-29 4911104]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"NDSTray.exe"="NDSTray.exe" [BU]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-10-25 413696]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-01-25 509816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-01-22 712704]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-05-04 571024]
"F-Secure Manager"="c:\program files\Canal Digital Sikkerhetspakken\Common\FSM32.EXE" [2008-12-04 182936]
"F-Secure TNB"="c:\program files\Canal Digital Sikkerhetspakken\FSGUI\TNBUtil.exe" [2008-12-04 957024]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

c:\users\Iselin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2007-7-27 389120]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-2-12 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R3 GTMM Device Service;GTMM Device Service;c:\program files\Telenor\Mobilt Bredbånd\GtmmDeviceService.exe [2009-05-11 106496]
R3 GTUHSBUS;GT UHS BUS;c:\windows\system32\DRIVERS\gtuhsbus.sys [2009-02-04 63360]
R3 GTUHSNDISIPXP;GT UHS IP NDIS;c:\windows\system32\DRIVERS\gtuhs51.sys [2009-02-04 105856]
R3 GTUHSSER;GT UHS SER;c:\windows\system32\DRIVERS\gtuhsser.sys [2009-02-04 8064]
R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-12-05 507136]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2008-03-17 15144]
R4 F-Secure Filter;F-Secure File System Filter;c:\program files\Canal Digital Sikkerhetspakken\Anti-Virus\Win2K\FSfilter.sys [2008-12-04 39776]
R4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Canal Digital Sikkerhetspakken\Anti-Virus\Win2K\FSrec.sys [2008-12-04 25184]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 47128]
R4 RsFx0102;RsFx0102 Driver;c:\windows\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 369688]
S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2009-07-11 33920]
S1 F-Secure HIPS;F-Secure HIPS;c:\program files\Canal Digital Sikkerhetspakken\HIPS\drivers\fshs.sys [2008-12-04 67808]
S1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2008-12-04 35552]
S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2008-12-04 70944]
S1 fsvista;F-Secure Vista Support Driver;c:\program files\Canal Digital Sikkerhetspakken\Anti-Virus\minifilter\fsvista.sys [2008-12-04 12384]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2007-12-25 40960]
S2 SesamService;Sesam Control Service;c:\program files\Telenor\Mobilt Bredbånd\Sesam\BIN\SecMIPService.exe [2008-05-09 1216296]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2008-05-01 3032360]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Canal Digital Sikkerhetspakken\Anti-Virus\minifilter\fsgk.sys [2010-03-29 111296]
S3 FSORSPClient;F-Secure ORSP Client;c:\program files\Canal Digital Sikkerhetspakken\ORSP Client\fsorsp.exe [2008-12-04 55904]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
S3 RTL8187B;Realtek RTL8187B trådløs 802.11b/g 54M bps USB 2.0 nettverksadapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2007-12-26 290304]
S3 wtsmpadap;Sesam Virtual Adapter;c:\windows\system32\DRIVERS\wtsmpadap.sys [2008-04-29 39720]
S3 WtSmpFlt;Sesam Adapter;c:\windows\system32\DRIVERS\wtsmpflt.sys [2008-04-29 272424]

.
.
------- Tilleggsskanning -------
.
uStart Page = hxxp://www.google.no/
uInternet Settings,ProxyServer = 74.115.6.57:80
IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - http://www.webtip.ch...cker_url2.pl?NO
IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co...nk-21&site=home
LSP: c:\program files\Canal Digital Sikkerhetspakken\FSPS\program\fslsp.dll
FF - ProfilePath - c:\users\Iselin\AppData\Roaming\Mozilla\Firefox\Profiles\5qddli0d.default\
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Iselin\AppData\LocalLow\Sony Online Entertainment\npsoe.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - TOMME PEKERE FJERNET - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-11 19:10
Windows 6.0.6001 Service Pack 1 NTFS

skanner skjulte prosesser ...

skanner skjulte autostart-oppføringer ...

skanner skjulte filer ...

skanning vellykket
skjulte filer: 0

**************************************************************************
.
--------------------- LÅSTE REGISTERNØKLER ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

- - - - - - - > 'Explorer.exe'(5204)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\windows\system32\WINHTTP.dll
.
------------------------ Andre Kjørende Prosesser ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\program files\Canal Digital Sikkerhetspakken\Anti-Virus\fsgk32st.exe
c:\program files\Canal Digital Sikkerhetspakken\Common\FSMA32.EXE
c:\program files\Canal Digital Sikkerhetspakken\Anti-Virus\FSGK32.EXE
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Canal Digital Sikkerhetspakken\Common\FSMB32.EXE
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\program files\Canal Digital Sikkerhetspakken\Common\FCH32.EXE
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\WTablet\Pen_TabletUser.exe
c:\program files\Canal Digital Sikkerhetspakken\Common\FAMEH32.EXE
c:\program files\Canal Digital Sikkerhetspakken\Anti-Virus\fsqh.exe
c:\program files\Canal Digital Sikkerhetspakken\FSPC\fspc.exe
c:\windows\system32\conime.exe
c:\program files\Canal Digital Sikkerhetspakken\FSAUA\program\fsaua.exe
c:\program files\Canal Digital Sikkerhetspakken\Anti-Virus\fssm32.exe
c:\program files\Canal Digital Sikkerhetspakken\FWES\Program\fsdfwd.exe
c:\program files\Canal Digital Sikkerhetspakken\Anti-Virus\fsav32.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Tidspunkt ferdig: 2010-04-11 19:26:04 - maskinen ble startet på nytt
ComboFix-quarantined-files.txt 2010-04-11 17:25
ComboFix2.txt 2010-03-18 20:55
ComboFix3.txt 2010-03-18 19:19

Pre-Run: 15 624 060 928 byte ledig
Post-Run: 15 610 937 344 byte ledig

- - End Of File - - 8B423654D26DEB08A6DC8464481267E9

Dette innlegget er endret av Issi: 11 April 2010 - 19:33

[snippsat]

loggen ser bra ut.

Du har en fil fra hamachi
Bruker du den sørg for og ha den oppdatert eventuelt skift passord.
Den kan brukes til og få tilgang til din pc.

Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc.

Last ned kjør CCleaner
'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t.
Kjør register-renser "svar ja til og reparere" --> backup svar ja når du blir spørt.
Kjør register-renser et par ganger til alle feil er borte.

Se om meldinding blir borte.

[Issi]

Har gjort det nå.

Jeg må bare si at han har utgitt seg for å være ei i Kripos, men jeg har sendt mail til dem og det var ikke henne, så jeg tror han er litt rett. Han overvåker sikkert, men tørr ikke å sende meldinger sånn at jeg vet han ser på. Så det er litt vanskelig å vite om han er borte.

[snippsat]

Ja gir det seg ikke får du si fra,da går vi hardere tilverks og monitorer nettverket.
Eventult skifte ut brannmuren din fra Canal Digital Sikkerhetspakken som du har nå med online armor.

[Morten58]

Ideen om å overvåke nettverket er kanskje ikke så dum. Jeg vurderte å foreslå TCPVIEW da jeg sjekket logger tidlig i påsken, men jeg fant ut at et slik forslag burde begrunnes i noe konkret.

Combofix-loggene i den forrige tråden som ble stengt lister opp en haug av programmeringsverktøy som nå er blitt borte igjen:
2010-03-18 18:58 . 2009-07-19 18:50 -------- d-----w- c:\program files\Cheat Engine
2010-02-26 14:41 . 2010-02-27 09:08 -------- d---a-w- C:\xampp
+ En lang rekke med programmeringsverktøy. Disse er loggført mellom 5. og 8. februar - dvs. rett etter Hamachi LogMeIn.

Førsteinntrykket mitt da jeg leste beskrivelsen hennes var at dette lignet mer på en "hacker" enn på "normal malware". Jeg har ikke fulgt godt med på malware-saker det siste året, men jeg gjetter på at de sjelden pleier å kommunisere direkte med folk "Jeg liker deg", "Du har fine ...", "Jeg jobber i Kripos". Stilmessig minner dette mer om en hacker som "dør" etter å teste om ting virker, men som er lite opptatt av om programmene blir oppdaget.

Dette innlegget er endret av Morten58: 12 April 2010 - 01:18

[Bajazz]

Bare for å gi et lite bidrag hvis overvåking av nettverket blr valgt.

Nirsoft har et utmerket verktøy (CurrPorts) som viser en liste over alle åpne TCP/IP og UDP-porter på din lokale datamaskin.
For hver port i listen vises informasjon om prosessen som åpnet porten.(Produktnavn, filbeskrivelse, osv)

Programmet gir deg mulighet til å avslutte uønskede TCP-forbindelser og drepe prosessen som åpnet portene
og lagre TCP/UDP-portene's informasjon til tekstfil.

Merker automatisk (rosa) mistenkelige TCP/UDP porter som er åpnet av uidentifiserte programmer.
(Programmer uten versjons informasjon og ikoner)
http://www.nirsoft.n...ils/cports.html

Det kan også være verdt å sjekke ut hosts-filen.
http://itpro.no/supp...showtopic=75070

[Issi]

Jeg lastet ned Currports som Bajazz skrev om.
Jeg aner ikke hva som er hva osv. (Har ikke så mye peiling på data og slikt), men noe het Unknown der og hva er det? Og mange System'er.. Er det normalt?

Det er nok sikkert en hacker ja, Morten. Men hva skal jeg gjøre nå?

[Bajazz]

Jeg er ingen ekspert når det gjelder nevt program, men lastet det ned pga nysgjerrighet for å sjekke hva som forgikk på min pc.
Spesielt var jeg inntressert i hva som skjedde mens det teoretisk ikke skulle skje noe.

Eksempel på hva som ble logget mens pc'n ikke var satt til noen oppgaver.
Prosessen som startet tilhører Norton så resultatet var egentlig ingen overraskelse.

13.04.2010 12:15:56 Added           ccSvcHst.exe         TCP 10.0.0.2:3550:3550     217.13.4.151:80:80    13.04.2010 12:15:57 Removed         ccSvcHst.exe         TCP 10.0.0.2:3550:3550     217.13.4.151:80:80    13.04.2010 12:18:22 Added           ccSvcHst.exe         TCP 10.0.0.2:3551:3551     217.13.4.152:80:80    13.04.2010 12:18:22 Added           ccSvcHst.exe         TCP 10.0.0.2:3552:3552     217.13.4.152:80:80    13.04.2010 12:18:22 Added           ccSvcHst.exe         TCP 10.0.0.2:3553:3553     217.13.4.152:80:80    13.04.2010 12:18:22 Added           ccSvcHst.exe         TCP 10.0.0.2:3554:3554     217.13.4.152:80:80    13.04.2010 12:18:33 Removed         ccSvcHst.exe         TCP 10.0.0.2:3551:3551     217.13.4.152:80:80    13.04.2010 12:18:33 Removed         ccSvcHst.exe         TCP 10.0.0.2:3552:3552     217.13.4.152:80:80    13.04.2010 12:18:33 Removed         ccSvcHst.exe         TCP 10.0.0.2:3553:3553     217.13.4.152:80:80    13.04.2010 12:18:33 Removed         ccSvcHst.exe         TCP 10.0.0.2:3554:3554     217.13.4.152:80:80    13.04.2010 12:18:48 Added           ccSvcHst.exe         TCP 10.0.0.2:3555:3555     143.127.102.25:443:44313.04.2010 12:18:49 Removed         ccSvcHst.exe         TCP 10.0.0.2:3555:3555     143.127.102.25:443:44313.04.2010 12:24:57 Added           ccSvcHst.exe         UDP 0.0.0.0:3557:3557      *:*                   13.04.2010 12:24:58 Removed         ccSvcHst.exe         UDP 0.0.0.0:3557:3557      *:*                   13.04.2010 12:25:57 Added           ccSvcHst.exe         TCP 10.0.0.2:3558:3558     217.13.4.150:80:80    13.04.2010 12:25:59 Removed         ccSvcHst.exe         TCP 10.0.0.2:3558:3558     217.13.4.150:80:80    13.04.2010 12:30:59 Added           ccSvcHst.exe         TCP 10.0.0.2:3564:3564     217.13.4.151:80:80    13.04.2010 12:31:00 Removed         ccSvcHst.exe         TCP 10.0.0.2:3564:3564     217.13.4.151:80:80    13.04.2010 12:41:00 Added           ccSvcHst.exe         TCP 10.0.0.2:3566:3566     217.13.4.151:80:80    13.04.2010 12:41:01 Removed         ccSvcHst.exe         TCP 10.0.0.2:3566:3566     217.13.4.151:80:80    13.04.2010 12:46:21 Added           ccSvcHst.exe         TCP 10.0.0.2:3567:3567     217.13.4.150:80:80    13.04.2010 12:46:22 Removed         ccSvcHst.exe         TCP 10.0.0.2:3567:3567     217.13.4.150:80:80    13.04.2010 12:51:22 Added           ccSvcHst.exe         TCP 10.0.0.2:3568:3568     217.13.4.150:80:80    13.04.2010 12:51:23 Removed         ccSvcHst.exe         TCP 10.0.0.2:3568:3568     217.13.4.150:80:80    13.04.2010 12:56:23 Added           ccSvcHst.exe         TCP 10.0.0.2:3569:3569     217.13.4.151:80:80    13.04.2010 12:56:24 Removed         ccSvcHst.exe         TCP 10.0.0.2:3569:3569     217.13.4.151:80:80    13.04.2010 13:06:24 Added           ccSvcHst.exe         TCP 10.0.0.2:3571:3571     217.13.4.152:80:80    13.04.2010 13:06:25 Removed         ccSvcHst.exe         TCP 10.0.0.2:3571:3571     217.13.4.152:80:80    13.04.2010 13:11:45 Added           ccSvcHst.exe         TCP 10.0.0.2:3572:3572     217.13.4.150:80:80    13.04.2010 13:11:46 Removed         ccSvcHst.exe         TCP 10.0.0.2:3572:3572     217.13.4.150:80:80    13.04.2010 13:19:14 Added           ccSvcHst.exe         TCP 10.0.0.2:3577:3577     217.13.4.151:80:80    13.04.2010 13:19:14 Added           ccSvcHst.exe         TCP 10.0.0.2:3574:3574     217.13.4.151:80:80    13.04.2010 13:19:14 Added           ccSvcHst.exe         TCP 10.0.0.2:3575:3575     217.13.4.151:80:80    13.04.2010 13:19:14 Added           ccSvcHst.exe         TCP 10.0.0.2:3576:3576     217.13.4.151:80:80    13.04.2010 13:19:15 Removed         ccSvcHst.exe         TCP 10.0.0.2:3577:3577     217.13.4.151:80:80    13.04.2010 13:19:15 Removed         ccSvcHst.exe         TCP 10.0.0.2:3574:3574     217.13.4.151:80:80    13.04.2010 13:19:15 Removed         ccSvcHst.exe         TCP 10.0.0.2:3575:3575     217.13.4.151:80:80

Startet og avsluttet Firefox

13.04.2010 15:10:05 Added           firefox.exe          TCP 10.0.0.2:4169:4169     91.198.174.2:80:80    13.04.2010 15:10:05 Added           firefox.exe          TCP 10.0.0.2:4167:4167     74.125.77.100:80:80   13.04.2010 15:10:05 Added           ccSvcHst.exe         TCP 10.0.0.2:4165:4165     143.127.102.125:80:80 13.04.2010 15:10:05 Added           ccSvcHst.exe         TCP 10.0.0.2:4168:4168     143.127.102.125:80:80 13.04.2010 15:10:05 Added           firefox.exe          TCP 10.0.0.2:4163:4163     74.125.77.104:80:80   13.04.2010 15:10:05 Added           firefox.exe          TCP 10.0.0.2:4166:4166     64.41.151.141:80:80   13.04.2010 15:10:05 Added           firefox.exe          TCP 10.0.0.2:4164:4164     74.125.77.104:80:80   13.04.2010 15:10:05 Added           svchost.exe          UDP 0.0.0.0:59930:59930    *:*                   13.04.2010 15:10:05 Added           svchost.exe          UDP 0.0.0.0:53387:53387    *:*                   13.04.2010 15:10:05 Added           svchost.exe          UDP 0.0.0.0:55334:55334    *:*                   13.04.2010 15:10:06 Removed         firefox.exe          TCP 10.0.0.2:4169:4169     91.198.174.2:80:80    13.04.2010 15:10:06 Removed         ccSvcHst.exe         TCP 10.0.0.2:4165:4165     143.127.102.125:80:80 13.04.2010 15:10:06 Removed         ccSvcHst.exe         TCP 10.0.0.2:4168:4168     143.127.102.125:80:80 13.04.2010 15:10:06 Removed         firefox.exe          TCP 10.0.0.2:4166:4166     64.41.151.141:80:80   13.04.2010 15:10:06 Removed         svchost.exe          UDP 0.0.0.0:59930:59930    *:*                   13.04.2010 15:10:06 Removed         svchost.exe          UDP 0.0.0.0:53387:53387    *:*                   13.04.2010 15:10:06 Removed         svchost.exe          UDP 0.0.0.0:55334:55334    *:*                   13.04.2010 15:10:16 Added           Unknown              TCP 10.0.0.2:4167:4167     74.125.77.100:80:80   13.04.2010 15:10:16 Added           Unknown              TCP 10.0.0.2:4163:4163     74.125.77.104:80:80   13.04.2010 15:10:16 Added           Unknown              TCP 10.0.0.2:4164:4164     74.125.77.104:80:80   13.04.2010 15:10:16 Removed         firefox.exe          TCP 10.0.0.2:4167:4167     74.125.77.100:80:80

Bruk google for søk etter System Process, legg til ID nr.
System Process ID 4 http://support.microsoft.com/kb/837243

Unknown: kan være linker på websider, som dukker opp når du stenger nettleseren og de forsvinner over tid.
Åpner du f.eks din mailklient og trykker send/motta vil også det legge til oppføringer merket "Unknown"


Søkte litt etter chat via notepad hvor denne dukket opp.
http://forums.fedora...ad.php?t=235440

Det eneste jeg kan forslå er å sette igang logging når disse meldingene dukker opp, gjøres via File>Log changes.
Anbefaler også at du setter programmet til Auto refresh via options.
Steng alle åpne program som nettleser, windows live messenger osv for at loggen skal bli så "ren" som mulig.

[pijano]

En liten tanke.
Ettersom du har en fil fra Hamachi i systemmappa di, så hadde jeg tatt en titt etter et program som heter LogMeIn i Programmer og Funksjoner (der ligger installerte programmer, samt Windows-oppdateringer), som du finner gjennom kontrollpanelet. Dette er et fjernstyringsprogram. Koble fra internett og sjekk etter LogMeIn og avinstaller det.
Om du ikke finner det, kan det være greit å oppgi her diverse program som ligger der som du er usikker på.

Dette innlegget er endret av pijano: 13 April 2010 - 16:54