Hjelp til gjennomgang av logger [Notepad]

[pr0xZen]

Noen ivrige hender har klikket villt på det meste av tilbud, "du er besøkende nr 100000000", msn spam-linker etc... så laptopen er litt suppete, og strør spam via MSN rundt til andre brukere. Trenger et kyndig hode til å se igjennom loggene.

 

MBAM-logg

Denne virker nokså ren

 

Klikk for å se/fjerne innholdet nedenfor

Malwarebytes' Anti-Malware 1.26

Database versjon: 1122

Windows 5.1.2600 Service Pack 3

 

07.09.2008 16:41:54

mbam-log-2008-09-07 (16-41-54).txt

 

Skanntype: Rask Skann

Objekter skannet: 40572

Tid tilbakelagt: 2 minute(s), 35 second(s)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 0

 

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

 

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

 

Registernøkler infisert:

(Ingen mistenkelige filer funnet)

 

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

 

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

 

Mapper infisert:

(Ingen mistenkelige filer funnet)

 

Filer infisert:

(Ingen mistenkelige filer funnet)

 

 

ComboFix-logg

 

Klikk for å se/fjerne innholdet nedenfor

ComboFix 08-09-05.03 - Vero 2008-09-07 16:43:43.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1044.18.668 [GMT 2:00]

Running from: C:\Viktige filer\Rens\ComboFix.exe

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((( Files Created from 2008-08-07 to 2008-09-07 )))))))))))))))))))))))))))))))

.

 

2008-09-07 16:38 . 2008-09-07 16:38 <DIR> d-------- C:\Programfiler\Malwarebytes' Anti-Malware

2008-09-07 16:38 . 2008-09-07 16:38 <DIR> d-------- C:\Documents and Settings\Vero\Programdata\Malwarebytes

2008-09-07 16:38 . 2008-09-07 16:38 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Malwarebytes

2008-09-07 16:38 . 2008-09-02 00:16 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-09-07 16:38 . 2008-09-02 00:16 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-09-07 16:35 . 2008-09-07 16:42 <DIR> dr-h----- C:\Documents and Settings\Vero\Siste

2008-09-05 16:15 . 2008-09-05 16:15 317,505 --a------ C:\Signert_Reisekonto avtale for v_05_09_08_1615.sdo

2008-09-05 08:20 . 2008-09-05 08:20 <DIR> d-------- C:\Documents and Settings\Vero\Programdata\InterVideo

2008-08-28 13:38 . 2008-08-28 13:38 <DIR> d-------- C:\Documents and Settings\Vero\Programdata\Clue

2008-08-28 13:38 . 2008-08-29 15:47 <DIR> d-------- C:\Clue

2008-08-19 00:06 . 2008-08-19 00:06 <DIR> d-------- C:\Documents and Settings\Vero\Programdata\vlc

2008-08-18 23:57 . 2008-08-18 23:57 <DIR> d-------- C:\Programfiler\VideoLAN

2008-08-18 23:55 . 2008-09-07 16:29 <DIR> d-------- C:\Viktige filer

2008-08-18 11:37 . 2008-04-16 05:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2008-08-17 21:34 . 2008-08-17 21:36 <DIR> d-------- C:\Bilder

2008-08-17 11:13 . 2008-08-17 11:13 <DIR> d-------- C:\WINDOWS\Sun

2008-08-17 11:13 . 2008-08-17 17:35 <DIR> d-------- C:\Programfiler\Google

2008-08-17 11:13 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-08-17 11:12 . 2008-08-17 11:12 <DIR> d-------- C:\Programfiler\Java

2008-08-17 11:11 . 2008-08-17 11:11 <DIR> d-------- C:\Programfiler\Fellesfiler\Java

2008-08-15 11:56 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll

2008-08-15 11:56 . 2008-07-18 22:07 210,976 --a------ C:\WINDOWS\system32\muweb.dll

2008-08-15 11:56 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-08-14 11:27 . 2008-08-14 11:27 <DIR> d-------- C:\Programfiler\Winamp Toolbar

2008-08-14 11:27 . 2008-08-14 11:27 <DIR> d-------- C:\Programfiler\Winamp Remote

2008-08-14 11:27 . 2008-08-14 11:27 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Winamp Toolbar

2008-08-14 11:27 . 2008-08-14 11:28 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\OrbNetworks

2008-08-14 11:24 . 2008-08-14 11:27 <DIR> d-------- C:\Programfiler\Winamp

2008-08-14 11:24 . 2008-08-14 11:31 <DIR> d-------- C:\Documents and Settings\Vero\Programdata\Winamp

2008-08-14 11:21 . 2008-08-14 11:21 <DIR> d-------- C:\Programfiler\uTorrent

2008-08-14 11:21 . 2008-09-06 20:33 <DIR> d-------- C:\Documents and Settings\Vero\Programdata\uTorrent

2008-08-14 09:12 . 2008-06-14 19:36 272,256 --------- C:\WINDOWS\system32\drivers\bthport.sys

2008-08-14 09:12 . 2008-06-14 19:36 272,256 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

2008-08-14 08:58 . 2008-09-02 19:48 <DIR> d--h----- C:\WINDOWS\$hf_mig$

2008-08-14 08:58 . 2006-09-06 17:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe

2008-08-14 06:26 . 2008-08-14 06:26 <DIR> d--hs---- C:\Documents and Settings\Vero\UserData

2008-08-14 01:44 . 2008-08-14 01:44 <DIR> d-------- C:\Documents and Settings\Vero\Programdata\Yahoo!

2008-08-14 01:35 . 2001-10-06 13:36 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys

2008-08-14 01:35 . 2001-10-06 13:36 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys

2008-08-14 01:35 . 2008-04-16 05:00 10,368 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

2008-08-14 01:35 . 2008-04-16 05:00 10,368 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys

2008-08-14 01:31 . 2007-04-13 11:51 321,024 --a------ C:\WINDOWS\system32\ERUpdateHidden.EXE

2008-08-14 01:31 . 2006-03-23 12:02 258,048 --a------ C:\WINDOWS\system32\Uninstall_eRecovery.exe

2008-08-14 01:31 . 2006-03-30 13:06 258,048 --a------ C:\WINDOWS\system32\CheckD2DSystem.exe

2008-08-14 01:31 . 2004-11-03 09:06 159,744 --a------ C:\WINDOWS\system32\CloseProcessWindow.dll

2008-08-14 01:31 . 2005-12-09 09:12 16,384 --a------ C:\WINDOWS\system32\ClearEvent.exe

2008-08-14 01:31 . 2006-03-23 21:55 730 --a------ C:\WINDOWS\system32\setup.iss

2008-08-14 01:30 . 2008-08-14 01:30 <DIR> d-------- C:\WINDOWS\JMCR_DIR

2008-08-14 01:30 . 2008-08-14 01:31 <DIR> d-------- C:\Acer

2008-08-14 01:30 . 2008-05-14 12:53 110,080 --a------ C:\WINDOWS\system32\JmCrIcon.dll

2008-08-14 01:30 . 2008-07-08 03:16 96,856 --a------ C:\WINDOWS\system32\drivers\jmcr.sys

2008-08-14 01:30 . 2008-08-14 01:30 124 --a------ C:\WINDOWS\xUninstall.bat

2008-08-14 01:28 . 2008-08-14 01:28 <DIR> d-------- C:\Programfiler\Fellesfiler\CrystalEye

2008-08-14 01:28 . 2007-04-20 06:30 222,382 --a------ C:\WINDOWS\Acer Crystal Eye webcam.ico

2008-08-14 01:27 . 2008-09-07 16:33 <DIR> d-------- C:\Programfiler\Yahoo!

2008-08-14 01:26 . 2008-08-14 11:21 <DIR> dr------- C:\Documents and Settings\Vero\Start-meny

2008-08-14 01:26 . 2008-07-17 00:30 <DIR> d--h----- C:\Documents and Settings\Vero\Skrivere

2008-08-14 01:26 . 2008-09-07 16:37 <DIR> d-------- C:\Documents and Settings\Vero\Skrivebord

2008-08-14 01:26 . 2008-08-14 10:08 <DIR> d-------- C:\Documents and Settings\Vero\Programdata\InstallShield

2008-08-14 01:26 . 2008-09-07 16:38 <DIR> dr-h----- C:\Documents and Settings\Vero\Programdata

2008-08-14 01:26 . 2008-09-04 17:59 <DIR> dr------- C:\Documents and Settings\Vero\Mine dokumenter

2008-08-14 01:26 . 2008-08-14 10:08 <DIR> d--h----- C:\Documents and Settings\Vero\Maler

2008-08-14 01:26 . 2008-09-07 16:45 <DIR> d--h----- C:\Documents and Settings\Vero\Lokale innstillinger

2008-08-14 01:26 . 2008-09-01 15:54 <DIR> dr------- C:\Documents and Settings\Vero\Favoritter

2008-08-14 01:26 . 2008-09-01 17:49 <DIR> d--h----- C:\Documents and Settings\Vero\AndrMask

2008-08-14 01:25 . 2008-09-07 16:35 <DIR> d-------- C:\Documents and Settings\Vero

2008-08-14 01:25 . 2008-04-14 09:23 16,384 --a------ C:\WINDOWS\system32\ipsink.ax

2008-08-14 01:25 . 2008-04-16 05:00 15,232 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys

2008-08-14 01:25 . 2008-04-16 05:00 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys

2008-08-14 01:25 . 2008-04-13 11:46 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys

2008-08-14 01:25 . 2008-04-13 11:39 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys

2008-08-14 01:24 . 2008-04-13 11:46 85,248 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys

2008-08-14 01:24 . 2008-04-13 11:46 19,200 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS

2008-08-14 01:24 . 2008-04-13 11:46 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys

2008-08-14 01:15 . 2008-08-14 01:15 <DIR> d-------- C:\WINDOWS\WebCam

2008-08-14 01:15 . 2008-04-14 09:23 91,648 --a------ C:\WINDOWS\kswdmcap.ax

2008-08-14 01:15 . 2008-04-14 09:23 61,952 --a------ C:\WINDOWS\kstvtune.ax

2008-08-14 01:15 . 2008-04-14 09:22 53,760 --a------ C:\WINDOWS\vfwwdm32.dll

2008-08-14 01:15 . 2008-04-14 09:23 43,008 --a------ C:\WINDOWS\ksxbar.ax

2008-08-14 01:15 . 2008-04-14 09:23 28,672 --a------ C:\WINDOWS\vidcap.ax

2008-08-14 01:15 . 2008-08-14 01:15 8,192 --a------ C:\WINDOWS\REGLOCS.OLD

2008-08-13 19:58 . 2008-08-13 19:58 <DIR> d-------- C:\Documents and Settings\Vero\Contacts

2008-08-13 19:53 . 2008-08-13 19:56 <DIR> d--hsc--- C:\Programfiler\Fellesfiler\WindowsLiveInstaller

2008-08-13 19:52 . 2008-08-13 19:57 <DIR> d-------- C:\Programfiler\Windows Live

2008-08-13 19:52 . 2008-08-13 19:52 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\WLInstaller

2008-08-13 19:47 . 2008-08-13 19:47 <DIR> d-------- C:\Documents and Settings\NetworkService\Start-meny

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-31 22:04 --------- d-----w C:\Documents and Settings\All Users\Programdata\McAfee

2008-08-31 22:01 --------- d-----w C:\Documents and Settings\All Users\Programdata\SiteAdvisor

2008-08-31 21:58 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2008-08-28 16:27 --------- d-----w C:\Programfiler\Fellesfiler\Adobe

2008-08-14 08:10 --------- d-----w C:\Programfiler\Synaptics

2008-08-14 08:10 --------- d-----w C:\Programfiler\Realtek

2008-08-14 08:10 --------- d-----w C:\Programfiler\Microsoft.NET

2008-08-14 08:10 --------- d-----w C:\Programfiler\Microsoft Works

2008-08-14 08:10 --------- d-----w C:\Programfiler\microsoft frontpage

2008-08-14 08:09 --------- d-----w C:\Programfiler\InterVideo

2008-08-14 08:09 --------- d-----w C:\Programfiler\Intel

2008-08-14 08:09 --------- d-----w C:\Programfiler\Fellesfiler\Tjenester

2008-08-14 08:09 --------- d-----w C:\Programfiler\Fellesfiler\InterVideo

2008-08-14 08:09 --------- d-----w C:\Programfiler\Fellesfiler\InstallShield

2008-08-14 08:09 --------- d-----w C:\Programfiler\Elektroniske tjenester

2008-08-14 08:09 --------- d-----w C:\Programfiler\Atheros

2008-08-14 08:09 --------- d-----w C:\Programfiler\Activation Assistant for the 2007 Microsoft Office suites

2008-08-14 08:08 --------- d-----w C:\Documents and Settings\All Users\Programdata\Atheros

2008-08-14 08:08 --------- d-----w C:\Documents and Settings\All Users\Programdata\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}

2008-08-14 07:33 --------- d-----w C:\Documents and Settings\All Users\Programdata\Microsoft Help

2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll

2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe

2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll

2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll

2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll

2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll

2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll

2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll

2008-07-16 20:48 315,392 ----a-w C:\WINDOWS\HideWin.exe

2008-07-07 20:29 253,952 ----a-w C:\WINDOWS\system32\es.dll

2008-06-24 16:46 74,240 ----a-w C:\WINDOWS\system32\mscms.dll

2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-06-20 17:49 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "C:\Programfiler\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992]

 

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]

[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-16 15360]

"MsnMsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"Orb"="C:\Programfiler\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]

"swg"="C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-08-17 171448]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LaunchApp"="Alaunch" [X]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2008-02-28 141848]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2008-02-28 166424]

"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2008-02-28 137752]

"AzMixerSel"="C:\Programfiler\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-17 53248]

"SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1044480]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2008-04-16 208952]

"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-16 59392]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-16 455168]

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-16 455168]

"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2007-02-20 61440]

"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2008-05-22 425984]

"WinampAgent"="C:\Programfiler\Winamp\winampa.exe" [2008-08-04 36352]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 C:\WINDOWS\RTHDCPL.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-16 15360]

 

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

InterVideo WinCinema Manager.lnk - C:\Programfiler\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-06-04 114688]

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Programfiler\\uTorrent\\uTorrent.exe"=

"C:\\Programfiler\\Winamp Remote\\bin\\Orb.exe"=

"C:\\Programfiler\\Winamp Remote\\bin\\OrbTray.exe"=

"C:\\Programfiler\\Winamp Remote\\bin\\OrbStreamerClient.exe"=

 

R3 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 69632]

R3 M3000Srv;Acer Crystal Eye webcam Driver;C:\WINDOWS\system32\Drivers\M3000KNT.sys [2008-05-05 254976]

S3 JMCR;JMCR;C:\WINDOWS\system32\DRIVERS\jmcr.sys [2008-07-08 96856]

 

*Newly Created Service* - PROCEXP90

.

- - - - ORPHANS REMOVED - - - -

 

HKLM-Run-M3000Mnt - M3000Rmv.dll

 

 

.

------- Supplementary Scan -------

.

R0 -: HKCU-Main,Start Page = hxxp://www.google.no/

R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://no.intl.acer.yahoo.com/

R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s

O8 -: &Winamp Search - C:\Documents and Settings\All Users\Programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

O8 -: E&ksporter til Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-07 16:45:16

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

 

C:\DOCUME~1\Vero\LOKALE~1\Temp\RGI1F.tmp

 

scan completed successfully

hidden files: 1

 

**************************************************************************

.

Completion time: 2008-09-07 16:46:21

ComboFix-quarantined-files.txt 2008-09-07 14:46:17

 

Pre-Run: 89,894,883,328 byte ledig

Post-Run: 89,886,007,296 byte ledig

 

213 --- E O F --- 2008-09-02 17:48:38

 

 

Hijackthis-logg

 

Klikk for å se/fjerne innholdet nedenfor

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:47:41, on 07.09.2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Fellesfiler\InterVideo\RegMgr\iviRegMgr.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\igfxsrvc.exe

C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

C:\Programfiler\Winamp\winampa.exe

C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Programfiler\InterVideo\Common\Bin\WinCinemaMgr.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Vero\Skrivebord\No touchy touchy\test2.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://no.intl.acer.yahoo.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programfiler\Winamp Toolbar\winamptb.dll

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programfiler\Winamp Toolbar\winamptb.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar2.dll

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programfiler\Winamp Toolbar\winamptb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar2.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [AzMixerSel] C:\Programfiler\Realtek\Audio\InstallShield\AzMixerSel.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe /idle

O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Programfiler\Winamp\winampa.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Orb] "C:\Programfiler\Winamp Remote\bin\OrbTray.exe" /background

O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programfiler\InterVideo\Common\Bin\WinCinemaMgr.exe

O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programfiler\Yahoo!\Common\yinsthelper.dll

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: IviRegMgr - InterVideo - C:\Programfiler\Fellesfiler\InterVideo\RegMgr\iviRegMgr.exe

 

--

End of file - 7194 bytes

[norbat]

Resten av loggene ser også greie ut. Du bør uansett bytte passord på MSN- brukerkontoen.

 

Er det ting som fortstat tilsier at du har noe rammel på pc'n?

[pr0xZen]

Fikk ny spam fra denne pc'n etter rensen, men dette var før passord ble byttet. Dem kommer med såpass stort mellomrom, så det gjenstår å se. Takker