pr0xZen Skrevet 7. september 2008 Del Skrevet 7. september 2008 Noen ivrige hender har klikket villt på det meste av tilbud, "du er besøkende nr 100000000", msn spam-linker etc... så laptopen er litt suppete, og strør spam via MSN rundt til andre brukere. Trenger et kyndig hode til å se igjennom loggene. MBAM-logg Denne virker nokså ren Klikk for å se/fjerne innholdet nedenfor Malwarebytes' Anti-Malware 1.26 Database versjon: 1122 Windows 5.1.2600 Service Pack 3 07.09.2008 16:41:54 mbam-log-2008-09-07 (16-41-54).txt Skanntype: Rask Skann Objekter skannet: 40572 Tid tilbakelagt: 2 minute(s), 35 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet) ComboFix-logg Klikk for å se/fjerne innholdet nedenfor ComboFix 08-09-05.03 - Vero 2008-09-07 16:43:43.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1044.18.668 [GMT 2:00] Running from: C:\Viktige filer\Rens\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-08-07 to 2008-09-07 ))))))))))))))))))))))))))))))) . 2008-09-07 16:38 . 2008-09-07 16:38 <DIR> d-------- C:\Programfiler\Malwarebytes' Anti-Malware 2008-09-07 16:38 . 2008-09-07 16:38 <DIR> d-------- C:\Documents and Settings\Vero\Programdata\Malwarebytes 2008-09-07 16:38 . 2008-09-07 16:38 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Malwarebytes 2008-09-07 16:38 . 2008-09-02 00:16 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-09-07 16:38 . 2008-09-02 00:16 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-09-07 16:35 . 2008-09-07 16:42 <DIR> dr-h----- C:\Documents and Settings\Vero\Siste 2008-09-05 16:15 . 2008-09-05 16:15 317,505 --a------ C:\Signert_Reisekonto avtale for v_05_09_08_1615.sdo 2008-09-05 08:20 . 2008-09-05 08:20 <DIR> d-------- C:\Documents and Settings\Vero\Programdata\InterVideo 2008-08-28 13:38 . 2008-08-28 13:38 <DIR> d-------- C:\Documents and Settings\Vero\Programdata\Clue 2008-08-28 13:38 . 2008-08-29 15:47 <DIR> d-------- C:\Clue 2008-08-19 00:06 . 2008-08-19 00:06 <DIR> d-------- C:\Documents and Settings\Vero\Programdata\vlc 2008-08-18 23:57 . 2008-08-18 23:57 <DIR> d-------- C:\Programfiler\VideoLAN 2008-08-18 23:55 . 2008-09-07 16:29 <DIR> d-------- C:\Viktige filer 2008-08-18 11:37 . 2008-04-16 05:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2008-08-17 21:34 . 2008-08-17 21:36 <DIR> d-------- C:\Bilder 2008-08-17 11:13 . 2008-08-17 11:13 <DIR> d-------- C:\WINDOWS\Sun 2008-08-17 11:13 . 2008-08-17 17:35 <DIR> d-------- C:\Programfiler\Google 2008-08-17 11:13 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-08-17 11:12 . 2008-08-17 11:12 <DIR> d-------- C:\Programfiler\Java 2008-08-17 11:11 . 2008-08-17 11:11 <DIR> d-------- C:\Programfiler\Fellesfiler\Java 2008-08-15 11:56 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll 2008-08-15 11:56 . 2008-07-18 22:07 210,976 --a------ C:\WINDOWS\system32\muweb.dll 2008-08-15 11:56 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-08-14 11:27 . 2008-08-14 11:27 <DIR> d-------- C:\Programfiler\Winamp Toolbar 2008-08-14 11:27 . 2008-08-14 11:27 <DIR> d-------- C:\Programfiler\Winamp Remote 2008-08-14 11:27 . 2008-08-14 11:27 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Winamp Toolbar 2008-08-14 11:27 . 2008-08-14 11:28 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\OrbNetworks 2008-08-14 11:24 . 2008-08-14 11:27 <DIR> d-------- C:\Programfiler\Winamp 2008-08-14 11:24 . 2008-08-14 11:31 <DIR> d-------- C:\Documents and Settings\Vero\Programdata\Winamp 2008-08-14 11:21 . 2008-08-14 11:21 <DIR> d-------- C:\Programfiler\uTorrent 2008-08-14 11:21 . 2008-09-06 20:33 <DIR> d-------- C:\Documents and Settings\Vero\Programdata\uTorrent 2008-08-14 09:12 . 2008-06-14 19:36 272,256 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-08-14 09:12 . 2008-06-14 19:36 272,256 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys 2008-08-14 08:58 . 2008-09-02 19:48 <DIR> d--h----- C:\WINDOWS\$hf_mig$ 2008-08-14 08:58 . 2006-09-06 17:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe 2008-08-14 06:26 . 2008-08-14 06:26 <DIR> d--hs---- C:\Documents and Settings\Vero\UserData 2008-08-14 01:44 . 2008-08-14 01:44 <DIR> d-------- C:\Documents and Settings\Vero\Programdata\Yahoo! 2008-08-14 01:35 . 2001-10-06 13:36 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2008-08-14 01:35 . 2001-10-06 13:36 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys 2008-08-14 01:35 . 2008-04-16 05:00 10,368 --a------ C:\WINDOWS\system32\drivers\hidusb.sys 2008-08-14 01:35 . 2008-04-16 05:00 10,368 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys 2008-08-14 01:31 . 2007-04-13 11:51 321,024 --a------ C:\WINDOWS\system32\ERUpdateHidden.EXE 2008-08-14 01:31 . 2006-03-23 12:02 258,048 --a------ C:\WINDOWS\system32\Uninstall_eRecovery.exe 2008-08-14 01:31 . 2006-03-30 13:06 258,048 --a------ C:\WINDOWS\system32\CheckD2DSystem.exe 2008-08-14 01:31 . 2004-11-03 09:06 159,744 --a------ C:\WINDOWS\system32\CloseProcessWindow.dll 2008-08-14 01:31 . 2005-12-09 09:12 16,384 --a------ C:\WINDOWS\system32\ClearEvent.exe 2008-08-14 01:31 . 2006-03-23 21:55 730 --a------ C:\WINDOWS\system32\setup.iss 2008-08-14 01:30 . 2008-08-14 01:30 <DIR> d-------- C:\WINDOWS\JMCR_DIR 2008-08-14 01:30 . 2008-08-14 01:31 <DIR> d-------- C:\Acer 2008-08-14 01:30 . 2008-05-14 12:53 110,080 --a------ C:\WINDOWS\system32\JmCrIcon.dll 2008-08-14 01:30 . 2008-07-08 03:16 96,856 --a------ C:\WINDOWS\system32\drivers\jmcr.sys 2008-08-14 01:30 . 2008-08-14 01:30 124 --a------ C:\WINDOWS\xUninstall.bat 2008-08-14 01:28 . 2008-08-14 01:28 <DIR> d-------- C:\Programfiler\Fellesfiler\CrystalEye 2008-08-14 01:28 . 2007-04-20 06:30 222,382 --a------ C:\WINDOWS\Acer Crystal Eye webcam.ico 2008-08-14 01:27 . 2008-09-07 16:33 <DIR> d-------- C:\Programfiler\Yahoo! 2008-08-14 01:26 . 2008-08-14 11:21 <DIR> dr------- C:\Documents and Settings\Vero\Start-meny 2008-08-14 01:26 . 2008-07-17 00:30 <DIR> d--h----- C:\Documents and Settings\Vero\Skrivere 2008-08-14 01:26 . 2008-09-07 16:37 <DIR> d-------- C:\Documents and Settings\Vero\Skrivebord 2008-08-14 01:26 . 2008-08-14 10:08 <DIR> d-------- C:\Documents and Settings\Vero\Programdata\InstallShield 2008-08-14 01:26 . 2008-09-07 16:38 <DIR> dr-h----- C:\Documents and Settings\Vero\Programdata 2008-08-14 01:26 . 2008-09-04 17:59 <DIR> dr------- C:\Documents and Settings\Vero\Mine dokumenter 2008-08-14 01:26 . 2008-08-14 10:08 <DIR> d--h----- C:\Documents and Settings\Vero\Maler 2008-08-14 01:26 . 2008-09-07 16:45 <DIR> d--h----- C:\Documents and Settings\Vero\Lokale innstillinger 2008-08-14 01:26 . 2008-09-01 15:54 <DIR> dr------- C:\Documents and Settings\Vero\Favoritter 2008-08-14 01:26 . 2008-09-01 17:49 <DIR> d--h----- C:\Documents and Settings\Vero\AndrMask 2008-08-14 01:25 . 2008-09-07 16:35 <DIR> d-------- C:\Documents and Settings\Vero 2008-08-14 01:25 . 2008-04-14 09:23 16,384 --a------ C:\WINDOWS\system32\ipsink.ax 2008-08-14 01:25 . 2008-04-16 05:00 15,232 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys 2008-08-14 01:25 . 2008-04-16 05:00 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys 2008-08-14 01:25 . 2008-04-13 11:46 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys 2008-08-14 01:25 . 2008-04-13 11:39 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys 2008-08-14 01:24 . 2008-04-13 11:46 85,248 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys 2008-08-14 01:24 . 2008-04-13 11:46 19,200 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS 2008-08-14 01:24 . 2008-04-13 11:46 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys 2008-08-14 01:15 . 2008-08-14 01:15 <DIR> d-------- C:\WINDOWS\WebCam 2008-08-14 01:15 . 2008-04-14 09:23 91,648 --a------ C:\WINDOWS\kswdmcap.ax 2008-08-14 01:15 . 2008-04-14 09:23 61,952 --a------ C:\WINDOWS\kstvtune.ax 2008-08-14 01:15 . 2008-04-14 09:22 53,760 --a------ C:\WINDOWS\vfwwdm32.dll 2008-08-14 01:15 . 2008-04-14 09:23 43,008 --a------ C:\WINDOWS\ksxbar.ax 2008-08-14 01:15 . 2008-04-14 09:23 28,672 --a------ C:\WINDOWS\vidcap.ax 2008-08-14 01:15 . 2008-08-14 01:15 8,192 --a------ C:\WINDOWS\REGLOCS.OLD 2008-08-13 19:58 . 2008-08-13 19:58 <DIR> d-------- C:\Documents and Settings\Vero\Contacts 2008-08-13 19:53 . 2008-08-13 19:56 <DIR> d--hsc--- C:\Programfiler\Fellesfiler\WindowsLiveInstaller 2008-08-13 19:52 . 2008-08-13 19:57 <DIR> d-------- C:\Programfiler\Windows Live 2008-08-13 19:52 . 2008-08-13 19:52 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\WLInstaller 2008-08-13 19:47 . 2008-08-13 19:47 <DIR> d-------- C:\Documents and Settings\NetworkService\Start-meny . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-31 22:04 --------- d-----w C:\Documents and Settings\All Users\Programdata\McAfee 2008-08-31 22:01 --------- d-----w C:\Documents and Settings\All Users\Programdata\SiteAdvisor 2008-08-31 21:58 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-08-28 16:27 --------- d-----w C:\Programfiler\Fellesfiler\Adobe 2008-08-14 08:10 --------- d-----w C:\Programfiler\Synaptics 2008-08-14 08:10 --------- d-----w C:\Programfiler\Realtek 2008-08-14 08:10 --------- d-----w C:\Programfiler\Microsoft.NET 2008-08-14 08:10 --------- d-----w C:\Programfiler\Microsoft Works 2008-08-14 08:10 --------- d-----w C:\Programfiler\microsoft frontpage 2008-08-14 08:09 --------- d-----w C:\Programfiler\InterVideo 2008-08-14 08:09 --------- d-----w C:\Programfiler\Intel 2008-08-14 08:09 --------- d-----w C:\Programfiler\Fellesfiler\Tjenester 2008-08-14 08:09 --------- d-----w C:\Programfiler\Fellesfiler\InterVideo 2008-08-14 08:09 --------- d-----w C:\Programfiler\Fellesfiler\InstallShield 2008-08-14 08:09 --------- d-----w C:\Programfiler\Elektroniske tjenester 2008-08-14 08:09 --------- d-----w C:\Programfiler\Atheros 2008-08-14 08:09 --------- d-----w C:\Programfiler\Activation Assistant for the 2007 Microsoft Office suites 2008-08-14 08:08 --------- d-----w C:\Documents and Settings\All Users\Programdata\Atheros 2008-08-14 08:08 --------- d-----w C:\Documents and Settings\All Users\Programdata\{174892B1-CBE7-44F5-86FF-AB555EFD73A3} 2008-08-14 07:33 --------- d-----w C:\Documents and Settings\All Users\Programdata\Microsoft Help 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-16 20:48 315,392 ----a-w C:\WINDOWS\HideWin.exe 2008-07-07 20:29 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-06-24 16:46 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-06-20 17:49 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "C:\Programfiler\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992] [HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-16 15360] "MsnMsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "Orb"="C:\Programfiler\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904] "swg"="C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-08-17 171448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LaunchApp"="Alaunch" [X] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2008-02-28 141848] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2008-02-28 166424] "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2008-02-28 137752] "AzMixerSel"="C:\Programfiler\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-17 53248] "SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1044480] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2008-04-16 208952] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-16 59392] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-16 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-16 455168] "WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2007-02-20 61440] "eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2008-05-22 425984] "WinampAgent"="C:\Programfiler\Winamp\winampa.exe" [2008-08-04 36352] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "RTHDCPL"="RTHDCPL.EXE" [2008-05-16 C:\WINDOWS\RTHDCPL.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-16 15360] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ InterVideo WinCinema Manager.lnk - C:\Programfiler\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-06-04 114688] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "C:\\Programfiler\\uTorrent\\uTorrent.exe"= "C:\\Programfiler\\Winamp Remote\\bin\\Orb.exe"= "C:\\Programfiler\\Winamp Remote\\bin\\OrbTray.exe"= "C:\\Programfiler\\Winamp Remote\\bin\\OrbStreamerClient.exe"= R3 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 69632] R3 M3000Srv;Acer Crystal Eye webcam Driver;C:\WINDOWS\system32\Drivers\M3000KNT.sys [2008-05-05 254976] S3 JMCR;JMCR;C:\WINDOWS\system32\DRIVERS\jmcr.sys [2008-07-08 96856] *Newly Created Service* - PROCEXP90 . - - - - ORPHANS REMOVED - - - - HKLM-Run-M3000Mnt - M3000Rmv.dll . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://www.google.no/ R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://no.intl.acer.yahoo.com/ R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s O8 -: &Winamp Search - C:\Documents and Settings\All Users\Programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 -: E&ksporter til Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-07 16:45:16 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... C:\DOCUME~1\Vero\LOKALE~1\Temp\RGI1F.tmp scan completed successfully hidden files: 1 ************************************************************************** . Completion time: 2008-09-07 16:46:21 ComboFix-quarantined-files.txt 2008-09-07 14:46:17 Pre-Run: 89,894,883,328 byte ledig Post-Run: 89,886,007,296 byte ledig 213 --- E O F --- 2008-09-02 17:48:38 Hijackthis-logg Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:47:41, on 07.09.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Fellesfiler\InterVideo\RegMgr\iviRegMgr.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\igfxsrvc.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\Programfiler\Winamp\winampa.exe C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Programfiler\InterVideo\Common\Bin\WinCinemaMgr.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Windows Live\Messenger\usnsvc.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\Vero\Skrivebord\No touchy touchy\test2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://no.intl.acer.yahoo.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programfiler\Winamp Toolbar\winamptb.dll R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programfiler\Winamp Toolbar\winamptb.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar2.dll O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programfiler\Winamp Toolbar\winamptb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar2.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [AzMixerSel] C:\Programfiler\Realtek\Audio\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe /idle O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe O4 - HKLM\..\Run: [WinampAgent] C:\Programfiler\Winamp\winampa.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Orb] "C:\Programfiler\Winamp Remote\bin\OrbTray.exe" /background O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programfiler\InterVideo\Common\Bin\WinCinemaMgr.exe O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programfiler\Yahoo!\Common\yinsthelper.dll O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: IviRegMgr - InterVideo - C:\Programfiler\Fellesfiler\InterVideo\RegMgr\iviRegMgr.exe -- End of file - 7194 bytes Lenke til kommentar
norbat Skrevet 7. september 2008 Del Skrevet 7. september 2008 Resten av loggene ser også greie ut. Du bør uansett bytte passord på MSN- brukerkontoen. Er det ting som fortstat tilsier at du har noe rammel på pc'n? Lenke til kommentar
pr0xZen Skrevet 8. september 2008 Forfatter Del Skrevet 8. september 2008 Fikk ny spam fra denne pc'n etter rensen, men dette var før passord ble byttet. Dem kommer med såpass stort mellomrom, så det gjenstår å se. Takker Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå