Mer MSN/Live Messenger problemer...

[Moskus]

La meg først si:

Jeg trykker aldri på linker som blir sendt via Messenger om jeg ikke er sikker på at jeg vet hva det er. Dessuten prøver jeg å få andre til å gjøre det samme. Jeg får nå oftere og oftere slike spam-henvendelser fra folk. Fra en person ble det så galt at han ble blokkert. Andre er litt mer tilfeldig.

 

Det nye i dag er at noen visstnok har fått en "halv-erotisk link" fra meg. Hva i svarte h*lvete?!

 

Fant en artikkel her, og kilden er en post skrevet på diskusjon.no av "vår egen" Norbat.

Så jeg har kjørt ComboFix og HijackThis.

 

Jeg har lett etter beste evne etter filer med suspekte navn, men har så langt ikke klart å finne noen jeg ikke klarer (ved hjelp av Google) å identifisere og sette i en sammenheng.

 

 

Kan noen ta en titt?

 

ComboFix:

 

 

ComboFix 09-04-17.01 - mitt_navn 16.04.2009 22:23.1 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.47.1033.18.3071.1520 [GMT 2:00]

Kjører fra: c:\users\mitt_navn\Desktop\ComboFix.exe

AV: avast! antivirus 4.8.1290 [VPS 081124-0] *On-access scanning enabled* (Updated)

* Opprettet nytt gjenopprettingspunkt

.

 

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\users\mitt_navn\AppData\Roaming\Microsoft\SystemCertificates\Request

c:\users\mitt_navn\AppData\Roaming\Microsoft\SystemCertificates\Request\Certificates\6214EBD5BC9E5723F2AB62BDC985913A4FE9FF08

c:\users\mitt_navn\AppData\Roaming\Microsoft\SystemCertificates\Request\Certificates\65C5027DBCD9139936131EEF56E6231A1B9CA10F

c:\windows\system32\Memman.vxd

c:\windows\system32\skinboxer43.dll

 

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2009-03-17 til 2009-04-17 )))))))))))))))))))))))))))))))))

.

 

2009-04-15 17:16 . 2007-07-19 22:57 267112 ----a-w c:\windows\system32\xactengine2_9.dll

2009-04-15 17:15 . 2009-04-15 17:15 -------- d-----w c:\program files\AGEIA Technologies

2009-04-15 17:15 . 2009-04-15 17:15 -------- d-----w c:\windows\system32\AGEIA

2009-04-12 18:37 . 2009-04-14 18:20 189784 ----a-w c:\windows\system32\PnkBstrB.xtr

2009-04-09 13:08 . 2009-04-09 13:08 -------- d-----w c:\program files\GSpot

2009-04-09 10:54 . 2009-04-09 10:54 -------- d-----w c:\users\mitt_navn\AppData\Local\PunkBuster

2009-04-09 10:16 . 2009-04-09 10:16 -------- d-----w c:\program files\Microsoft Device Emulator

2009-04-09 10:15 . 2009-04-09 10:16 -------- d-----w c:\program files\Windows Mobile 5.0 SDK R2

2009-04-09 10:08 . 2009-04-09 10:08 -------- d-----w c:\windows\system32\1033

2009-04-09 10:05 . 2009-04-09 10:05 -------- d-----w c:\program files\Microsoft Web Designer Tools

2009-04-09 09:56 . 2009-04-09 09:56 -------- d-----w c:\users\All Users\id Software

2009-04-09 09:56 . 2009-04-09 09:56 -------- d-----w c:\programdata\id Software

2009-03-31 15:32 . 2008-06-19 14:24 28544 ----a-w c:\windows\system32\drivers\pavboot.sys

2009-03-31 15:31 . 2009-03-31 15:31 -------- d-----w c:\program files\Panda Security

2009-03-28 19:30 . 2005-01-14 15:32 53248 ----a-w c:\windows\system32\PAStiSvc.exe

2009-03-28 19:29 . 2009-03-28 19:29 -------- d-----w c:\windows\PixArt

2009-03-22 15:49 . 2009-03-22 15:49 28 ----a-w c:\windows\msgolf.ini

2009-03-22 12:36 . 2009-03-22 12:36 -------- d-----w c:\program files\SubDownloader

2009-03-22 12:33 . 2009-03-22 12:33 -------- d-----w c:\users\mitt_navn\AppData\Local\WinUI

2009-03-22 12:33 . 2009-03-22 12:33 -------- d-----w c:\program files\Sublight

2009-03-18 08:11 . 2009-03-18 08:11 -------- d-----w c:\users\All Users\FLEXnet

2009-03-18 08:11 . 2009-03-18 08:11 -------- d-----w c:\programdata\FLEXnet

2009-03-18 08:07 . 2009-03-18 08:07 -------- d-----w c:\program files\Bonjour

2009-03-18 07:58 . 2009-03-18 07:58 -------- d-----w c:\program files\Common Files\Macrovision Shared

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-16 20:27 . 2008-08-08 23:01 -------- d-----w c:\users\mitt_navn\AppData\Roaming\Hamachi

2009-04-16 20:23 . 2008-08-17 09:47 -------- d-----w c:\users\mitt_navn\AppData\Roaming\uTorrent

2009-04-16 03:00 . 2009-01-15 04:00 87616 ----a-w c:\windows\PSSDNSVC.EXE

2009-04-15 23:45 . 2008-08-08 06:52 -------- d-----w c:\program files\LogMeIn

2009-04-15 18:50 . 2008-08-10 07:46 -------- d-----w c:\users\mitt_navn\AppData\Roaming\FileZilla

2009-04-15 17:14 . 2008-08-21 15:01 -------- d-----w c:\program files\Common Files\Wise Installation Wizard

2009-04-15 16:39 . 2008-08-08 15:02 -------- d-----w c:\program files\Taskbar Shuffle

2009-04-15 16:35 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail

2009-04-15 15:15 . 2008-08-08 13:16 -------- d-----w c:\programdata\Microsoft Help

2009-04-14 18:21 . 2009-03-16 16:14 138944 ----a-w c:\windows\system32\drivers\PnkBstrK.sys

2009-04-14 18:20 . 2009-03-16 16:14 189784 ----a-w c:\windows\System32\PnkBstrB.exe

2009-04-13 17:40 . 2008-08-24 17:39 -------- d-----w c:\programdata\TrackMania

2009-04-13 16:42 . 2007-09-15 09:20 -------- d-----w c:\programdata\Roxio

2009-04-12 14:03 . 2008-11-07 17:02 -------- d-----w c:\program files\HomeSeer HSTouch

2009-04-11 14:04 . 2009-03-16 16:13 75064 ----a-w c:\windows\System32\PnkBstrA.exe

2009-04-09 19:27 . 2008-08-10 11:16 -------- d-----w c:\program files\HomeSeer 2

2009-04-09 11:07 . 2008-08-08 06:39 125752 ----a-w c:\users\mitt_navn\AppData\Local\GDIPFONTCACHEV1.DAT

2009-04-09 10:17 . 2008-11-14 17:26 -------- d-----w c:\program files\Microsoft SQL Server

2009-04-09 10:10 . 2008-11-14 17:23 -------- d-----w c:\program files\Microsoft Visual Studio 9.0

2009-04-09 10:10 . 2008-08-08 13:48 -------- d-----w c:\program files\Common Files\Merge Modules

2009-04-09 10:10 . 2006-11-02 12:37 -------- d-----w c:\program files\MSBuild

2009-04-09 09:56 . 2009-03-16 16:14 22328 ----a-w c:\users\mitt_navn\AppData\Roaming\PnkBstrK.sys

2009-04-09 09:56 . 2009-03-16 16:13 2246144 ----a-w c:\windows\System32\pbsvc.exe

2009-04-03 16:00 . 2008-08-12 19:57 -------- d-----w c:\users\mitt_navn\AppData\Roaming\Roxio

2009-03-28 19:29 . 2006-11-02 10:25 51200 ----a-w c:\windows\Inf\infpub.dat

2009-03-28 19:29 . 2006-11-02 10:25 143360 ----a-w c:\windows\Inf\infstrng.dat

2009-03-28 19:29 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstor.dat

2009-03-25 20:16 . 2008-08-08 07:39 -------- d-----w c:\program files\Windows Home Server

2009-03-22 15:45 . 2008-09-28 16:25 8797 ----a-w C:\log_fs.log

2009-03-19 15:34 . 2008-08-21 07:06 -------- d-----w c:\program files\Debugging Tools for Windows (x86)

2009-03-18 12:54 . 2008-09-05 10:41 -------- d-----w c:\program files\Common Files\Steam

2009-03-18 08:07 . 2008-08-17 14:38 -------- d-----w c:\program files\Common Files\Adobe

2009-03-17 03:38 . 2009-04-15 11:45 40960 ----a-w c:\windows\AppPatch\apihex86.dll

2009-03-17 03:38 . 2009-04-15 11:45 13824 ----a-w c:\windows\System32\apilogen.dll

2009-03-17 03:38 . 2009-04-15 11:45 24064 ----a-w c:\windows\System32\amxread.dll

2009-03-16 20:45 . 2007-09-15 09:11 -------- d--h--w c:\program files\InstallShield Installation Information

2009-03-07 16:04 . 2009-03-07 11:57 -------- d-----w c:\program files\PhotoFiltre

2009-03-05 19:56 . 2008-08-10 07:45 -------- d-----w c:\program files\FileZilla FTP Client

2009-03-05 04:02 . 2009-03-05 04:02 -------- d-----w c:\programdata\LogMeIn

2009-03-04 16:27 . 2008-08-08 13:48 -------- d-----w c:\programdata\PreEmptive Solutions

2009-03-04 16:27 . 2007-09-15 09:15 -------- d-----w c:\programdata\HP

2009-03-03 04:46 . 2009-04-15 11:45 3599328 ----a-w c:\windows\System32\ntkrnlpa.exe

2009-03-03 04:46 . 2009-04-15 11:45 3547632 ----a-w c:\windows\System32\ntoskrnl.exe

2009-03-03 04:40 . 2009-04-15 11:45 827392 ----a-w c:\windows\System32\wininet.dll

2009-03-03 04:39 . 2009-04-15 11:45 183296 ----a-w c:\windows\System32\sdohlp.dll

2009-03-03 04:39 . 2009-04-15 11:45 551424 ----a-w c:\windows\System32\rpcss.dll

2009-03-03 04:39 . 2009-04-15 11:45 26112 ----a-w c:\windows\System32\printfilterpipelineprxy.dll

2009-03-03 04:37 . 2009-04-15 11:45 78336 ----a-w c:\windows\System32\ieencode.dll

2009-03-03 04:37 . 2009-04-15 11:45 98304 ----a-w c:\windows\System32\iasrecst.dll

2009-03-03 04:37 . 2009-04-15 11:45 54784 ----a-w c:\windows\System32\iasads.dll

2009-03-03 04:37 . 2009-04-15 11:45 44032 ----a-w c:\windows\System32\iasdatastore.dll

2009-03-03 03:04 . 2009-04-15 11:45 666624 ----a-w c:\windows\System32\printfilterpipelinesvc.exe

2009-03-03 02:38 . 2009-04-15 11:45 17408 ----a-w c:\windows\System32\iashost.exe

2009-03-03 02:28 . 2009-04-15 11:45 26624 ----a-w c:\windows\System32\ieUnatt.exe

2009-03-02 16:41 . 2008-09-10 06:59 -------- d-----w c:\program files\Microsoft Silverlight

2009-03-01 14:42 . 2009-03-01 14:42 -------- d-----w c:\users\mitt_navn\AppData\Roaming\DivX

2009-03-01 14:41 . 2009-03-01 14:41 -------- d-----w c:\program files\DivX

2009-03-01 14:41 . 2007-09-15 09:16 -------- d-----w c:\program files\Common Files\PX Storage Engine

2009-02-25 16:24 . 2008-11-18 21:32 -------- d-----w c:\program files\Skype

2009-02-22 21:13 . 2008-08-08 15:30 -------- d-----w c:\program files\Windows Live

2009-02-16 17:58 . 2009-02-12 21:07 -------- d-----w c:\users\mitt_navn\AppData\Roaming\Vision Objects

2009-02-13 08:49 . 2009-04-15 11:45 72704 ----a-w c:\windows\System32\secur32.dll

2009-02-13 08:49 . 2009-04-15 11:45 1255936 ----a-w c:\windows\System32\lsasrv.dll

2009-02-09 03:10 . 2009-03-11 17:05 2033152 ----a-w c:\windows\System32\win32k.sys

2009-02-06 18:03 . 2009-02-06 18:03 307576 ----a-w c:\windows\WLXPGSS.SCR

2009-02-06 17:52 . 2009-02-06 17:52 49504 ----a-w c:\windows\System32\sirenacm.dll

2009-02-05 21:17 . 2009-02-05 18:34 850 ----a-w C:\logfile.dat

2009-01-24 16:21 . 2009-01-24 16:21 118784 ----a-w c:\windows\dsdxirmv.exe

2009-01-19 18:17 . 2009-01-19 18:17 130208 ------r c:\windows\bwUnin-8.1.1.87-8876480SL.exe

2008-11-30 12:02 . 2008-11-30 12:02 874 ----a-w c:\users\All Users\tmp825E.tmp

2008-11-30 12:02 . 2008-11-30 12:02 874 ----a-w c:\programdata\tmp825E.tmp

2008-11-30 12:01 . 2008-11-30 12:01 874 ----a-w c:\users\All Users\tmpE8CE.tmp

2008-11-30 12:01 . 2008-11-30 12:01 874 ----a-w c:\programdata\tmpE8CE.tmp

2008-08-08 08:40 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini

2008-08-08 07:17 . 2008-08-08 06:34 680 ----a-w c:\users\mitt_navn\AppData\Local\d3d9caps.dat

2008-01-17 07:51 . 2008-08-08 16:16 22 --sha-w c:\windows\SMINST\HPCD.SYS

2007-09-15 09:41 . 2007-09-15 09:36 8192 --sha-w c:\windows\Users\Default\NTUSER.DAT

.

 

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 15:52 80384 ----a-w c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 15:52 80384 ----a-w c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 15:52 80384 ----a-w c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 15:52 80384 ----a-w c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 15:52 80384 ----a-w c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 15:52 80384 ----a-w c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 15:52 80384 ----a-w c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 15:52 80384 ----a-w c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 15:52 80384 ----a-w c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]

"Taskbar Shuffle"="c:\program files\Taskbar Shuffle\taskbarshuffle.exe" [2008-04-16 818176]

"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]

"Google Update"="c:\users\mitt_navn\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-02 133104]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CCUTRAYICON"="FactoryMode" [X]

"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]

"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]

"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]

"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-02-28 63048]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

"BigDogPath"="c:\windows\VM_STI.EXE" [2004-06-09 40960]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]

"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]

"M-Audio Taskbar Icon"="c:\windows\System32\M-AudioTaskBarIcon.exe" [2008-06-17 356864]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704]

"FlyMonitor"="c:\program files\Leapfrog\FlyWorld\bin\FlyMonitor.exe" [2008-05-13 664904]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]

"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-10-25 4702208]

"IncaPan"="IncaPan.Exe" - c:\windows\System32\IncaPan.exe [2002-04-11 348160]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"="c:\windows\SMINST\launcher.exe" [2007-04-03 44168]

 

c:\users\mitt_navn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

HomeSeer Script Client.lnk - c:\users\mitt_navn\AppData\Roaming\Microsoft\Installer\{4F566C91-B8DA-445B-8AC6-604ED638D0BC}\_5A31217019778314E44D6B.exe [2008-8-14 10134]

HomeSeer Speaker.lnk - c:\program files\HomeSeer 2\Speaker.exe [2007-11-4 204800]

HSTouch Client.lnk - c:\program files\HomeSeer HSTouch\HSTouch.exe [2009-4-11 381440]

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

C-Pen 20.lnk - c:\windows\Installer\{ED10A1F7-C0D9-44F4-AA62-E6EACFE9188C}\_5A1930EDFA8D_4359_BB47_DE9376F17160.exe [2009-1-18 45056]

Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-1-19 91440]

Windows Home Server.lnk - c:\windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe [2008-8-8 555880]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.i420"= i263_32.drv

"msacm.divxa32"= divxa32.acm

"Midi1"= usbmn2x2.dll

"Midi2"= ma_cmidn.dll

"msacm.g723"= g723.acm

"vidc.I263"= I263_32.drv

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]

"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= c:\program files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{CBE657A7-4B45-46C3-B533-435C28463CB3}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM

"{2C4852E5-09AD-41F9-926F-E68605ECE309}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM

"{BF70481A-7824-4050-A79A-78B5C2CFFD98}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv Media Server

"{E39AD4FC-43AA-4BAC-8019-470518D09C85}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv Media Server

"{60A84F38-4C21-4FA0-9D3A-92001D79BA3C}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service

"{37D410E8-F03E-42FC-BFC4-BCC15AA27423}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service

"{480F44F7-034F-4B19-8075-9AADF7CD2F2D}"= TCP:9442:127.0.0.1:Intel® Viiv Media Server Discovery

"{251D1366-84D2-42D0-A6E5-6B59A5596036}"= TCP:1900:LocalSubnet:LocalSubnet:Intel® Viiv Media Server UPnP Discovery

"{206AAB88-AF02-4543-8490-9DEAB5486720}"= UDP:c:\program files\Windows Home Server\Discovery.exe:Windows Home Server Connector

"{6E32452C-DD0C-4BB0-8762-79CD9F80A764}"= TCP:c:\program files\Windows Home Server\Discovery.exe:Windows Home Server Connector

"{ECB5ACBE-2A9A-4C16-B1DC-77A3340958F1}"= UDP:16107:LocalSubnet:LocalSubnet|c:\program files\Alwil Software\Avast4\ashServ.exe:avast! WHS Connector (TCP-In)

"{A28B6ED1-34F9-4971-A6FA-92B6117112AB}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"{E81E8515-2EA9-4111-88EA-2B6CB6DBCF48}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{A0E82E7B-5321-4BAA-87D9-89D725688B6A}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"TCP Query User{8489CE64-CF8D-48FB-B7DC-590B00E7726D}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox

"UDP Query User{7F3ADD6B-922F-47A0-9264-2FC1F5CFFB03}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox

"TCP Query User{A8B5B537-63B6-4384-A858-C2FF25650AC1}c:\\program files\\filezilla ftp client\\filezilla.exe"= UDP:c:\program files\filezilla ftp client\filezilla.exe:FileZilla FTP Client

"UDP Query User{8B6D568A-DDFF-49F7-BF28-6FDA01F04351}c:\\program files\\filezilla ftp client\\filezilla.exe"= TCP:c:\program files\filezilla ftp client\filezilla.exe:FileZilla FTP Client

"TCP Query User{969ABE43-8CA1-4D4B-9FBC-D33AAACA4991}c:\\program files\\ultravnc\\vncviewer.exe"= UDP:c:\program files\ultravnc\vncviewer.exe:VNCViewer

"UDP Query User{33640362-1DCD-4FB2-A9DF-DD3FC73588FF}c:\\program files\\ultravnc\\vncviewer.exe"= TCP:c:\program files\ultravnc\vncviewer.exe:VNCViewer

"TCP Query User{9DA9480D-7F14-4FA6-9CE9-896CDCC2B7CC}c:\\program files\\homeseer 2\\hsscript.exe"= UDP:c:\program files\homeseer 2\hsscript.exe:HsScript

"UDP Query User{3F9B02B3-E3BF-46C7-8178-2C939EB11138}c:\\program files\\homeseer 2\\hsscript.exe"= TCP:c:\program files\homeseer 2\hsscript.exe:HsScript

"{11DB979E-688A-4332-9B70-EDE87762F31F}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)

"{2289D8FD-FD01-45AE-8A91-F14126BBFF3D}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

"TCP Query User{3B77374D-8A22-4BF7-8804-DF5EAF0AF844}c:\\program files\\sagetv\\placeshifter\\sagetvplaceshifter.exe"= UDP:c:\program files\sagetv\placeshifter\sagetvplaceshifter.exe:SageTV

"UDP Query User{ED78016E-6367-44C2-8975-382578B855D1}c:\\program files\\sagetv\\placeshifter\\sagetvplaceshifter.exe"= TCP:c:\program files\sagetv\placeshifter\sagetvplaceshifter.exe:SageTV

"TCP Query User{BF68225B-55A4-45AE-AE39-9864FA876F38}c:\\spill\\tmnationsforever\\tmforever.exe"= UDP:c:\spill\tmnationsforever\tmforever.exe:TmForever

"UDP Query User{493A127C-0E61-4FD8-948D-401D3CEABF4F}c:\\spill\\tmnationsforever\\tmforever.exe"= TCP:c:\spill\tmnationsforever\tmforever.exe:TmForever

"TCP Query User{77C7E513-2DA1-4A6D-A64A-E3227711E948}c:\\program files\\streammygame\\streamer_server.exe"= UDP:c:\program files\streammygame\streamer_server.exe:Streamer Server

"UDP Query User{AADB6462-C83B-497C-8080-A93523BC3A3C}c:\\program files\\streammygame\\streamer_server.exe"= TCP:c:\program files\streammygame\streamer_server.exe:Streamer Server

"{60FB263F-169B-4D2C-AEBC-7A9EBDA02014}"= UDP:c:\program files\SageTV\SageTV\SageTVClient.exe:SageTVClient

"{73DB72B4-E38C-4935-933A-3EA4326685BE}"= TCP:c:\program files\SageTV\SageTV\SageTVClient.exe:SageTVClient

"{DD7967B6-BDA9-4C8B-BE4C-E000C75900B4}"= TCP:5656:GRemote

"TCP Query User{7818ED16-5C56-4B3B-B934-614B8924F142}c:\\program files\\homeseer\\hstouch\\hstouch.exe"= UDP:c:\program files\homeseer\hstouch\hstouch.exe:HSTouch

"UDP Query User{053F6E8E-EBD3-42F0-AA8B-B28456AF9710}c:\\program files\\homeseer\\hstouch\\hstouch.exe"= TCP:c:\program files\homeseer\hstouch\hstouch.exe:HSTouch

"{02B5ABDC-27AF-4447-99B8-72F2309A5F9E}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{1D4B32A4-8817-4241-8572-B19664314154}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{7E3C6600-3394-4280-959F-8ED3693AC31B}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"TCP Query User{06D81843-8804-418A-A73F-38A14665D790}c:\\spill\\steam\\steamapps\\moskus\\half-life 2 deathmatch\\hl2.exe"= UDP:c:\spill\steam\steamapps\moskus\half-life 2 deathmatch\hl2.exe:hl2

"UDP Query User{C15560C2-CBC5-4F39-B043-E0CFBEF857AD}c:\\spill\\steam\\steamapps\\moskus\\half-life 2 deathmatch\\hl2.exe"= TCP:c:\spill\steam\steamapps\moskus\half-life 2 deathmatch\hl2.exe:hl2

"TCP Query User{511EC52A-F954-43E6-8911-B2E63C7CCF06}c:\\spill\\steam\\steamapps\\moskus\\counter-strike source\\hl2.exe"= UDP:c:\spill\steam\steamapps\moskus\counter-strike source\hl2.exe:hl2

"UDP Query User{58FD37BC-71D9-4F8D-B58A-321929812D21}c:\\spill\\steam\\steamapps\\moskus\\counter-strike source\\hl2.exe"= TCP:c:\spill\steam\steamapps\moskus\counter-strike source\hl2.exe:hl2

"{CA1129E8-A110-43B3-94F8-2ECFBE1B2C7A}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger

"{64FCD953-2769-44F2-A630-20D253C70D39}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger

"TCP Query User{E4EE981A-B1DB-49E0-B2FC-4196C0F05AAA}c:\\program files\\homeseer hstouch\\hstouch.exe"= UDP:c:\program files\homeseer hstouch\hstouch.exe:HSTouch

"UDP Query User{2C71D771-29A4-4966-B638-5FDDD89C8059}c:\\program files\\homeseer hstouch\\hstouch.exe"= TCP:c:\program files\homeseer hstouch\hstouch.exe:HSTouch

"{76169612-F2CF-4A8A-A38D-1BE8150D47E2}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger

"{AE6A8DB3-344E-426C-A21E-2510F18F807D}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger

"TCP Query User{34D42C22-5A1B-4D64-BDB5-637FDDB40EBA}c:\\windows\\system32\\javaw.exe"= UDP:c:\windows\system32\javaw.exe:Java Platform SE binary

"UDP Query User{8B207024-AFB8-4A95-9B94-91AE8B3724FC}c:\\windows\\system32\\javaw.exe"= TCP:c:\windows\system32\javaw.exe:Java Platform SE binary

"{4A1B3163-E9C1-4E3F-9B1A-5932ED51DFEE}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync

"TCP Query User{926100B2-110C-4EBB-BCB1-B2122EA3C584}c:\\program files\\homeseer 2\\bluetoothclient.exe"= UDP:c:\program files\homeseer 2\bluetoothclient.exe:BluetoothClient

"UDP Query User{BD366512-EAC4-4D95-A622-9FB3C9D4D5E9}c:\\program files\\homeseer 2\\bluetoothclient.exe"= TCP:c:\program files\homeseer 2\bluetoothclient.exe:BluetoothClient

"{6513BCFC-B22F-4EA4-B06D-3A3E6535B1B9}"= UDP:c:\program files\Hotspot Shield\HssWPR\hsssrv.exe:hsssrv.exe

"{3CC8D178-65AF-497B-A9FF-3899E7F74B4C}"= TCP:c:\program files\Hotspot Shield\HssWPR\hsssrv.exe:hsssrv.exe

"{23DE7795-2CB8-49F3-B029-391FA34EA7E1}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA

"{FADBCA5A-0052-4738-A646-3C7DBC253E62}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA

"{6BA60FE0-A883-4FB3-BB8B-FEA35FE6CCC2}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB

"{E18FC0CE-4581-43C1-BD4E-72CDA74B4AE8}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB

"{D140A3FD-E03A-409F-91CD-F4EAC20D35AF}"= UDP:c:\spill\Mirror's Edge\Binaries\MirrorsEdge.exe:Mirror's Edge™

"{800199AB-271A-439F-B526-9210FD4F0885}"= TCP:c:\spill\Mirror's Edge\Binaries\MirrorsEdge.exe:Mirror's Edge™

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]

"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= c:\program files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7

 

R2 IntelDHSvcConf;Intel DH Service;c:\program files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-05-10 29696]

R3 CPen20;C-Pen 20;c:\windows\system32\Drivers\CPen20.sys [2005-02-16 14382]

R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys [2008-05-13 19456]

R3 Inca_01;Service for INCA 88-1;c:\windows\system32\drivers\Incawdm1.sys [2002-04-11 22816]

R3 Inca_02;Service for INCA 88-2;c:\windows\system32\drivers\Incawdm2.sys [2002-04-11 22816]

R3 Inca_03;Service for INCA 88-3;c:\windows\system32\drivers\Incawdm3.sys [2002-04-11 22816]

R3 Inca_04;Service for INCA 88-4;c:\windows\system32\drivers\Incawdm4.sys [2002-04-11 22816]

R3 Inca_05;Service for INCA 88-5;c:\windows\system32\drivers\Incawdm5.sys [2002-04-11 22816]

R3 Inca_AA;Service for INCA 88 Audio Driver (EWDM);c:\windows\system32\drivers\Inca.sys [2002-04-11 28240]

R3 Inca_AB;Service for MIDITRAK Inca88;c:\windows\system32\drivers\mBridge.sys [2003-07-11 7140]

R3 MAMOBILEPREDFU;M-Audio MobilePre DFU Driver;c:\windows\system32\Drivers\madfump.sys [2008-07-09 23048]

R3 MAUSBMP;Service for M-Audio Mobile Pre (WDM);c:\windows\system32\DRIVERS\mausbmp.sys [2008-07-09 144008]

R3 MAUSBRI;MAUSBRI;c:\windows\system32\DRIVERS\mausbft8r.sys [2008-05-09 135688]

R3 PAC7311;Trust Webcam 14839;c:\windows\system32\DRIVERS\PA707UCM.SYS [2005-10-18 154752]

R3 pendfu;PenDfu (pendfu.sys);c:\windows\system32\Drivers\pendfu.sys [2005-02-14 32408]

R3 PsShutdownSvc;PsShutdown;c:\windows\PSSDNSVC.EXE [2009-04-16 87616]

R3 stusb2ir;USB 2.0 IrDA Bridge;c:\windows\system32\DRIVERS\stusb2ir.sys [2006-11-02 41728]

R3 USB22LDR;M-Audio USB MIDISPORT 2x2 Loader;c:\windows\system32\drivers\usb22ldr.sys [2007-11-14 20936]

R3 USBMIDIM;Midiman USB MidiSport Midi Kernel Driver;c:\windows\system32\drivers\usbmidim.sys [2002-09-25 5664]

R3 USBMM2X2;Midiman USB MidiSport 2x2 USB Driver;c:\windows\system32\drivers\usbmm2x2.sys [2002-09-25 23392]

R4 LMIRfsClientNP;LMIRfsClientNP; [x]

R4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2007-02-22 2808664]

S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-06-19 28544]

S1 aswSP;avast! Self Protection; [x]

S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-02-05 51792]

S2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 208896]

S2 esClient;Windows Media Center Client Service;c:\program files\Windows Home Server\esClient.exe [2009-03-10 94056]

S2 HamachiService;Hamachi Service;c:\program files\Hamachi\hamachi.exe [2008-08-18 625952]

S2 HPBtnSrv;HP Chasis Button Service;c:\hp\HPEZBTN\HPBtnSrv.exe [2007-05-29 198240]

S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2008-02-28 12856]

S2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-10-17 47640]

S2 ROCKEY6SMARTSVC;ROCKEY6SMART SERVICE;c:\program files\Odeon9Combined\rockey6smartsvc.exe [2007-10-15 106496]

S2 WHSConnector;Windows Home Server Connector Service;c:\program files\Windows Home Server\WHSConnector.exe [2009-03-10 335720]

S3 BackupReader;BackupReader;c:\windows\system32\DRIVERS\BackupReader.sys [2008-07-12 46368]

 

 

--- Andre tjenester/drivere lastet i minnet ---

 

*NewlyCreated* - PAVBOOT

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

bthsvcs REG_MULTI_SZ BthServ

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73adfe64-a627-11dd-a66b-001d60649087}]

\shell\AutoRun\command - O:\LaunchU3.exe -a

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b62264c-f8aa-11dd-83a7-001d60649087}]

\shell\AutoRun\command - m:\peninkviewer\Viewer_for_Windows\PenInkViewer.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dd6c31b4-659e-11dd-aff2-001d60649087}]

\shell\AutoRun\command - L:\Autorun.exe

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

 

2009-04-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4262635934-2967341287-804034638-1001.job

- c:\users\mitt_navn\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-02 20:39]

.

- - - - TOMME PEKERE FJERNET - - - -

 

HKCU-Run-Polar Sync - (no file)

HKLM-Run-HP Software Update - c:\program files\HP\HP Software Update\HPWuSchd2.exe

 

 

.

------- Tilleggsskanning -------

.

uStart Page = hxxp://www.google.no/

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

TCP: {F2FEB7D8-EA1A-4B94-B097-3DDDBE67A226} = 192.168.0.2,193.75.75.75

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

DPF: {2328F294-DD85-11D3-B4AF-00C04F2B300E} - hxxp://mitt_navn.no-ip.org:86/eng/activex/activex.CAB

DPF: {D7208880-9B7A-43E1-AABB-8C888A5704F9} - hxxp://192.168.0.20/NetCamPlayerWeb11gv2.cab

FF - ProfilePath - c:\users\mitt_navn\AppData\Roaming\Mozilla\Firefox\Profiles\qxmiam1k.default\

FF - prefs.js: browser.startup.homepage - hxxp://192.168.0.10:81/

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll

FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: c:\programdata\id Software\QuakeLive\npquakezero.dll

FF - plugin: c:\users\mitt_navn\AppData\Local\Google\Update\1.2.141.5\npGoogleOneClick7.dll

FF - plugin: c:\users\mitt_navn\AppData\Roaming\Mozilla\Firefox\Profiles\qxmiam1k.default\extensions\[email protected]\plugins\npRACtrl.dll

.

 

**************************************************************************

 

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-16 22:27

Windows 6.0.6001 Service Pack 1 NTFS

 

skanner skjulte prosesser ...

 

skanner skjulte autostart-oppføringer ...

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Polar Sync = ?:\program files\polar\polar sync\?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

 

skanner skjulte filer ...

 

skanning vellykket

skjulte filer: 0

 

**************************************************************************

.

Tidspunkt ferdig: 2009-04-16 22:29

ComboFix-quarantined-files.txt 2009-04-16 20:29

 

Pre-Run: 173 310 414 848 bytes free

Post-Run: 174 852 337 664 bytes free

 

373 --- E O F --- 2009-04-15 15:19

 

 

 

 

 

HijackThis:

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:35:01, on 16.04.2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18226)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\hp\support\hpsysdrv.exe

C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

C:\WINDOWS\RtHDVCpl.exe

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\Windows\system32\schtasks.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Windows\system32\jusched.exe

C:\WINDOWS\VM_STI.EXE

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\WINDOWS\WindowsMobile\wmdc.exe

C:\WINDOWS\System32\M-AudioTaskBarIcon.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\LeapFrog\FlyWorld\bin\FLYMonitor.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe

C:\Users\mitt_navn\AppData\Local\Google\Update\GoogleUpdate.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\C Technologies\C-Pen 20\CPen20.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\Windows Home Server\WHSTrayApp.exe

C:\Program Files\C Technologies\C-Pen 20\CPenOCR.exe

C:\Program Files\HomeSeer 2\HsScript.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\C Technologies\C-Pen 20\CPenDesk.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\Program Files\LogMeIn\x86\LMIGuardian.exe

C:\hp\kbd\kbd.exe

C:\Spill\Steam\Steam.exe

C:\Program Files\uTorrent\uTorrent.exe

E:\Visual Studio 2005\Projects\Privat\SageTV Remote\SageTV Remote\bin\Debug\SageTV Remote.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Windows\system32\notepad.exe

C:\Windows\Explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\mitt_navn\Desktop\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: BrowserHelper Class - {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Program Files\Windows Home Server\WHSDeskBands.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Home Server Banner - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE

O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode

O4 - HKLM\..\Run: [sunJavaUpdateReg] "C:\Windows\system32\jureg.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [incaPan] IncaPan.Exe

O4 - HKLM\..\Run: [bigDogPath] C:\Windows\VM_STI.EXE Philips SPC 200NC PC Camera

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe

O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\Windows\System32\M-AudioTaskBarIcon.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [FlyMonitor] "C:\Program Files\Leapfrog\FlyWorld\bin\FlyMonitor.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [Taskbar Shuffle] C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Google Update] "C:\Users\mitt_navn\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - Startup: HomeSeer Script Client.lnk = ?

O4 - Startup: HomeSeer Speaker.lnk = C:\Program Files\HomeSeer 2\Speaker.exe

O4 - Startup: HSTouch Client.lnk = C:\Program Files\HomeSeer HSTouch\HSTouch.exe

O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: C-Pen 20.lnk = ?

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - Global Startup: Windows Home Server.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll

O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll

O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {2328F294-DD85-11D3-B4AF-00C04F2B300E} (XSockClient Control) - http://mitt_navn.no-ip.org:86/eng/activex/activex.CAB

O16 - DPF: {D7208880-9B7A-43E1-AABB-8C888A5704F9} (NetCamPlayerWeb11gv2 Control) - http://192.168.0.20/NetCamPlayerWeb11gv2.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{F2FEB7D8-EA1A-4B94-B097-3DDDBE67A226}: NameServer = 192.168.0.2,193.75.75.75

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Hamachi Service (HamachiService) - LogMeIn Inc. - C:\Program Files\Hamachi\hamachi.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe

O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe

O23 - Service: Intel® Viiv Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe

O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: PsShutdown (PsShutdownSvc) - Systems Internals - C:\Windows\PSSDNSVC.EXE

O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe

O23 - Service: ROCKEY6SMART SERVICE (ROCKEY6SMARTSVC) - Feitian Technologies Co., Ltd. - C:\Program Files\Odeon9Combined\rockey6smartsvc.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: STI Simulator - Unknown owner - C:\Windows\System32\PAStiSvc.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

 

--

End of file - 12336 bytes

 

 

 

 

 

På forhånd takk for hjelpen!

 

 

 

 

 

EDIT: Mulig jeg var litt kjapp her... Øverst i ComboFix-loggen finnes disse filene:

c:\windows\system32\Memman.vxd

c:\windows\system32\skinboxer43.dll

... men så vidt jeg vet har de ikke noe direkte med Messenger-problemer å gjøre. Jeg vil uansett få dem fjernet. Det merkelige er at Avast! ikke reagerer når jeg scanner dem...

Endret 16. april 2009 av Moskus

[Gjest]

Hei!

Har du kjørt MBAM?

Hvis ikke, last ned: http://www.download.com/Malwarebytes-Anti-...4-10804572.html

Og la den oppdatere seg før du velger "hurtigskann"

[raWrz]

" EDIT: Mulig jeg var litt kjapp her... Øverst i ComboFix-loggen finnes disse filene:

c:\windows\system32\Memman.vxd

c:\windows\system32\skinboxer43.dll

... men så vidt jeg vet har de ikke noe direkte med Messenger-problemer å gjøre. Jeg vil uansett få dem fjernet. Det merkelige er at Avast! ikke reagerer når jeg scanner dem..."

 

hvis du ser på overskriften så står Det (((( Andre Slettninger)))))) så de filene er slettet

 

@ ColdIce: også lurt og be de poste ny Combofix logg hvis de ikke har kjørt Mbam og den finner noe

 

hvis Mbam finner noe så poster du loggen her sammen med en ny Combofix logg

[Moskus]

Nå har jeg kjørt MBAM og den fant ingenting. Regner med at det ikke er jeg som har problemet!

Takk til begge for innspill!

 

 

hvis du ser på overskriften så står Det (((( Andre Slettninger)))))) så de filene er slettet

Jo, jeg registrerte det, men fant fremdeles filene blant temporære filer og i regsvr32-registeret...