quakie Skrevet 21. desember 2008 Del Skrevet 21. desember 2008 (endret) MBAM-logg Malwarebytes' Anti-Malware 1.31 Databaseversjon: 1456 Windows 5.1.2600 Service Pack 3 21.12.2008 18:08:43 mbam-log-2008-12-21 (18-08-34).txt Skanntype: Rask Skann Objekter skannet: 55884 Tid tilbakelagt: 19 minute(s), 25 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 2 Registerverdier infisert: 2 Registerfiler infisert: 2 Mapper infisert: 12 Filer infisert: 11 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: HKEY_LOCAL_MACHINE\SOFTWARE\rhcgd3j0e5bc (Rogue.Multiple) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> No action taken. Registerverdier infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\rhcgd3j0e5bc (Rogue.AntivirusXP2008) -> No action taken. HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> No action taken. Registerfiler infisert: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken. Mapper infisert: C:\Programfiler\rhcgd3j0e5bc (Rogue.Multiple) -> No action taken. C:\Documents and Settings\Oddny\Programdata\rhcgd3j0e5bc (Rogue.Multiple) -> No action taken. C:\Documents and Settings\Oddny\Programdata\rhcgd3j0e5bc\Quarantine (Rogue.Multiple) -> No action taken. C:\Documents and Settings\Oddny\Programdata\rhcgd3j0e5bc\Quarantine\Autorun (Rogue.Multiple) -> No action taken. C:\Documents and Settings\Oddny\Programdata\rhcgd3j0e5bc\Quarantine\Autorun\HKCU (Rogue.Multiple) -> No action taken. C:\Documents and Settings\Oddny\Programdata\rhcgd3j0e5bc\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> No action taken. C:\Documents and Settings\Oddny\Programdata\rhcgd3j0e5bc\Quarantine\Autorun\HKLM (Rogue.Multiple) -> No action taken. C:\Documents and Settings\Oddny\Programdata\rhcgd3j0e5bc\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> No action taken. C:\Documents and Settings\Oddny\Programdata\rhcgd3j0e5bc\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> No action taken. C:\Documents and Settings\Oddny\Programdata\rhcgd3j0e5bc\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> No action taken. C:\Documents and Settings\Oddny\Programdata\rhcgd3j0e5bc\Quarantine\BrowserObjects (Rogue.Multiple) -> No action taken. C:\Documents and Settings\Oddny\Programdata\rhcgd3j0e5bc\Quarantine\Packages (Rogue.Multiple) -> No action taken. Filer infisert: C:\Programfiler\rhcgd3j0e5bc\database.dat (Rogue.Multiple) -> No action taken. C:\Programfiler\rhcgd3j0e5bc\license.txt (Rogue.Multiple) -> No action taken. C:\Programfiler\rhcgd3j0e5bc\MFC71.dll (Rogue.Multiple) -> No action taken. C:\Programfiler\rhcgd3j0e5bc\MFC71ENU.DLL (Rogue.Multiple) -> No action taken. C:\Programfiler\rhcgd3j0e5bc\msvcp71.dll (Rogue.Multiple) -> No action taken. C:\Programfiler\rhcgd3j0e5bc\msvcr71.dll (Rogue.Multiple) -> No action taken. C:\Programfiler\rhcgd3j0e5bc\rhcgd3j0e5bc.exe.local (Rogue.Multiple) -> No action taken. C:\Documents and Settings\Oddny\Lokale innstillinger\Temp\.ttB.tmp (Trojan.Downloader) -> No action taken. C:\Documents and Settings\Oddny\Lokale innstillinger\Temp\.ttC.tmp (Trojan.Downloader) -> No action taken. C:\Documents and Settings\Oddny\Lokale innstillinger\Temp\.ttD.tmp (Trojan.Downloader) -> No action taken. C:\Documents and Settings\Oddny\Lokale innstillinger\Temp\.ttE.tmp (Trojan.Downloader) -> No action taken. ComboFix ComboFix 08-12-20.05 - Oddny 2008-12-21 18:29:59.1 - NTFSx86 Running from: c:\documents and settings\Oddny\Skrivebord\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\Downloaded Program Files\setup.inf C:\xcrashdump.dat . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_sysrest.sys ((((((((((((((((((((((((( Files Created from 2008-11-21 to 2008-12-21 ))))))))))))))))))))))))))))))) . 2008-12-21 18:26 . 2008-12-21 18:27 <DIR> d-------- C:\32788R22FWJFW 2008-12-21 17:47 . 2008-12-21 17:47 <DIR> d-------- c:\programfiler\Malwarebytes' Anti-Malware 2008-12-21 17:47 . 2008-12-21 17:47 <DIR> d-------- c:\documents and settings\Oddny\Programdata\Malwarebytes 2008-12-21 17:47 . 2008-12-21 17:47 <DIR> d-------- c:\documents and settings\All Users\Programdata\Malwarebytes 2008-12-21 17:47 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-12-21 17:47 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-12-19 11:58 . 2008-12-19 12:39 <DIR> d-------- c:\documents and settings\Oddny\Programdata\Spotify 2008-12-19 11:57 . 2008-12-19 11:57 <DIR> d-------- c:\programfiler\Spotify 2008-12-19 09:23 . 2008-12-19 09:23 <DIR> d-------- c:\documents and settings\All Users\Programdata\SUPERAntiSpyware.com 2008-12-19 09:20 . 2008-12-19 09:20 <DIR> d-------- c:\programfiler\SUPERAntiSpyware 2008-12-19 09:20 . 2008-12-19 09:20 <DIR> d-------- c:\documents and settings\Oddny\Programdata\SUPERAntiSpyware.com . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-21 16:44 --------- d-----w c:\programfiler\Levende 2008-12-21 16:14 5,427 ----a-w c:\windows\system32\EGATHDRV.SYS 2008-12-19 20:13 --------- d-----w c:\programfiler\Java 2008-12-19 08:20 --------- d-----w c:\programfiler\Fellesfiler\Wise Installation Wizard 2008-12-18 10:50 --------- d-----w c:\programfiler\MSN Messenger 2008-12-13 06:40 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll 2008-11-20 19:25 --------- d-----w c:\programfiler\HOTALBUMMyBOX 2008-11-13 20:01 --------- d-----w c:\programfiler\Windows Media Connect 2 2008-11-13 19:53 --------- d-----w c:\programfiler\Windows Media Connect 2008-11-13 17:59 --------- d-----w c:\documents and settings\Oddny\Programdata\LimeWire 2008-10-26 12:13 --------- d-----w c:\documents and settings\Oddny\Programdata\AVGTOOLBAR 2008-10-26 07:28 --------- d-----w c:\documents and settings\All Users\Programdata\avg8 2008-10-26 07:21 97,928 ----a-w c:\windows\system32\drivers\avgldx86.sys 2008-10-26 07:21 10,520 ----a-w c:\windows\system32\avgrsstx.dll 2008-10-26 07:21 --------- d-----w c:\programfiler\AVG 2008-10-26 07:10 --------- d-----w c:\programfiler\ATI Technologies 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys 2008-10-23 12:43 286,720 ----a-w c:\windows\system32\gdi32.dll 2008-10-23 12:43 286,720 ------w c:\windows\system32\dllcache\gdi32.dll 2008-10-16 13:15 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll 2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll 2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll 2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll 2008-10-15 16:38 337,408 ------w c:\windows\system32\dllcache\netapi32.dll 2008-10-15 07:06 633,632 ------w c:\windows\system32\dllcache\iexplore.exe 2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll 2008-10-03 10:04 247,326 ----a-w c:\windows\system32\strmdll.dll 2008-10-03 10:04 247,326 ------w c:\windows\system32\dllcache\strmdll.dll 2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll 2006-12-31 10:28 20,040 ----a-w c:\documents and settings\Oddny\Programdata\GDIPFONTCACHEV1.DAT 2008-12-19 11:42 67,688 ----a-w c:\programfiler\mozilla firefox\components\jar50.dll 2008-12-19 11:42 54,368 ----a-w c:\programfiler\mozilla firefox\components\jsd3250.dll 2008-12-19 11:42 34,944 ----a-w c:\programfiler\mozilla firefox\components\myspell.dll 2008-12-19 11:42 46,712 ----a-w c:\programfiler\mozilla firefox\components\spellchk.dll 2008-12-19 11:42 172,136 ----a-w c:\programfiler\mozilla firefox\components\xpinstal.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "amsg"="c:\programfiler\ThinkVantage\AMSG\Amsg.exe" [2005-08-01 475136] "LogitechSoftwareUpdate"="c:\programfiler\Logitech\Video\ManifestEngine.exe" [2005-01-18 196608] "WMPNSCFG"="c:\programfiler\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288] "SUPERAntiSpyware"="c:\programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-04 1809648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPLpr"="c:\programfiler\Synaptics\SynTP\SynTPLpr.exe" [2005-08-01 110592] "SynTPEnh"="c:\programfiler\Synaptics\SynTP\SynTPEnh.exe" [2005-08-01 512000] "EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2005-08-31 237568] "TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2005-08-29 94208] "suScheduler"="c:\programfiler\ThinkVantage\SystemUpdate\UCLauncher.exe" [2005-08-01 40960] "LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2005-08-31 98304] "AMSG"="c:\programfiler\ThinkVantage\AMSG\Amsg.exe" [2005-08-01 475136] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-19 127037] "ISUSPM Startup"="c:\progra~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "ISUSScheduler"="c:\programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" [2004-07-27 81920] "cssauth"="c:\programfiler\IBM ThinkVantage\Client Security Solution\cssauth.exe" [2005-08-02 1988144] "PDService.exe"="c:\programfiler\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe" [2005-07-07 49152] "DiskeeperSystray"="c:\programfiler\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2005-07-14 196696] "QCWLICON"="c:\programfiler\ThinkPad\ConnectUtilities\QCWLICON.EXE" [2005-08-10 86016] "PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2005-08-31 139264] "BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-08-31 208896] "TPKMAPHELPER"="c:\programfiler\ThinkPad\Utilities\TpKmapAp.exe" [2005-08-23 864256] "OfficeScanNT Monitor"="c:\programfiler\Trend Micro\OfficeScan Client\pccntmon.exe" [2006-02-07 356352] "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-10-08 221184] "LogitechVideoRepair"="c:\programfiler\Logitech\Video\ISStart.exe" [2005-01-18 458752] "LogitechVideoTray"="c:\programfiler\Logitech\Video\LogiTray.exe" [2005-01-18 217088] "MBBalloon"="c:\programfiler\HOTALBUMMyBOX\MBBalloon.exe" [2007-02-09 789120] "SunJavaUpdateSched"="c:\programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "QuickTime Task"="c:\programfiler\QuickTime\qttask.exe" [2008-03-28 413696] "iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe" [2008-03-30 267048] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-19 1261336] "TpShocks"="TpShocks.exe" [2005-08-22 c:\windows\system32\TpShocks.exe] "TP4EX"="tp4ex.exe" [2005-08-24 c:\windows\system32\TP4EX.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ BTTray.lnk - c:\programfiler\ThinkPad\Bluetooth Software\BTTray.exe [2005-07-21 577597] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-11-28 24576] Hurtigstart for Adobe Reader.lnk - c:\programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-12-12 450560] MediaChecker.lnk - c:\programfiler\HOTALBUMMyBOX\MediaChecker.exe [2007-02-13 915096] Microsoft Office.lnk - c:\programfiler\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] WinZip Quick Pick.lnk - c:\programfiler\WinZip\WZQKPICK.EXE [2006-12-07 118784] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-03 14:56 352256 c:\programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus] 2005-07-12 09:45 109664 c:\programfiler\ThinkVantage Fingerprint Software\psfus.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina] 2005-08-10 03:08 262144 c:\windows\system32\QConGina.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2] 2005-07-05 23:45 28672 c:\windows\system32\notifyf2.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey] 2005-06-16 22:23 24576 c:\windows\system32\tphklock.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli csspwntfy [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programfiler\\ThinkVantage\\SystemUpdate\\jre\\bin\\javaw.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "c:\\Programfiler\\LimeWire\\LimeWire.exe"= "c:\\Programfiler\\iTunes\\iTunes.exe"= "c:\\Programfiler\\AVG\\AVG8\\avgupd.exe"= "c:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "c:\\Programfiler\\MSN Messenger\\livecall.exe"= "c:\\Programfiler\\Spotify\\spotify.exe"= R0 PzWDM;PzWDM;c:\windows\system32\Drivers\PzWDM.sys [2007-12-30 15172] R0 Shockprf;Shockprf;c:\windows\system32\drivers\Shockprf.sys [2006-11-28 59904] R1 ANC;ANC;c:\windows\system32\drivers\ANC.SYS [2006-11-28 11520] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-10-26 97928] R1 IBMTPCHK;IBMTPCHK;c:\windows\system32\drivers\IBMBLDID.SYS [2006-11-28 2432] R1 SASDIFSV;SASDIFSV;\??\c:\programfiler\SUPERAntiSpyware\SASDIFSV.SYS [2008-12-04 8944] R1 SASKUTIL;SASKUTIL;\??\c:\programfiler\SUPERAntiSpyware\SASKUTIL.sys [2008-12-04 55024] R1 ShockMgr;ShockMgr;c:\windows\system32\drivers\ShockMgr.sys [2006-11-28 4736] R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\Tppwrif.sys [2006-11-28 4442] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-10-26 231704] R2 ibmfilter;ibmfilter;\??\c:\windows\system32\drivers\ibmfilter.sys [2005-08-02 13184] R2 PrivateDisk;PrivateDisk;\??\c:\programfiler\IBM ThinkVantage\SafeGuard PrivateDisk\PrivateDiskM.sys [2005-06-28 46142] R2 smi2;smi2;\??\c:\programfiler\SMI2\smi2.sys [2005-08-02 3968] R2 SmiHlp;SMI helper driver;\??\c:\programfiler\ThinkVantage Fingerprint Software\smihlp.sys [2005-07-12 3328] R2 TmFilter;Trend Micro Filter;\??\c:\programfiler\Trend Micro\OfficeScan Client\TmXPFlt.sys [2005-02-18 205328] R2 TmPreFilter;Trend Micro PreFilter;\??\c:\programfiler\Trend Micro\OfficeScan Client\TmPreFlt.sys [2005-02-18 36368] R3 SASENUM;SASENUM;\??\c:\programfiler\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408] S3 QCNDISIF;QCNDISIF;c:\windows\system32\drivers\qcndisif.SYS [2006-11-28 12288] S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl.sys [2008-02-26 30464] . Contents of the 'Scheduled Tasks' folder 2008-12-19 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57] 2008-12-21 c:\windows\Tasks\PMTask.job - c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2005-08-31 01:10] 2006-12-06 c:\windows\Tasks\Symantec NetDetect.job - c:\programfiler\Symantec\LiveUpdate\NDETECT.EXE [2005-03-31 17:32] . - - - - ORPHANS REMOVED - - - - Notify-NavLogon - (no file) . ------- Supplementary Scan ------- . IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: Send til &Bluetooth - c:\programfiler\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm FF - ProfilePath - c:\documents and settings\Oddny\Programdata\Mozilla\Firefox\Profiles\2otl7zu8.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.nettavisen.no FF - component: c:\programfiler\AVG\AVG8\Firefox\components\avgssff.dll FF - component: c:\programfiler\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-21 18:40:18 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(924) c:\programfiler\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\Ati2evxx.dll c:\programfiler\ThinkVantage Fingerprint Software\psfus.dll c:\programfiler\Fellesfiler\Virtual Token\psutil.dll c:\windows\system32\tphklock.dll - - - - - - - > 'lsass.exe'(984) c:\programfiler\IBM ThinkVantage\Client Security Solution\csspwntfy.dll c:\programfiler\IBM ThinkVantage\Client Security Solution\ibmtsp.dll c:\programfiler\IBM ThinkVantage\Client Security Solution\tcsrpc.dll c:\programfiler\IBM ThinkVantage\Client Security Solution\cssuserdatadispatcher.dll . ------------------------ Other Running Processes ------------------------ . c:\programfiler\Fellesfiler\Virtual Token\vtserver.exe c:\windows\system32\ibmpmsvc.exe c:\windows\system32\ati2evxx.exe c:\programfiler\Intel\Wireless\Bin\EvtEng.exe c:\programfiler\Intel\Wireless\Bin\S24EvMon.exe c:\windows\system32\IPSSVC.EXE c:\programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\programfiler\Bonjour\mDNSResponder.exe c:\programfiler\ThinkPad\Bluetooth Software\bin\btwdins.exe c:\programfiler\Diskeeper Corporation\Diskeeper\DkService.exe c:\programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe c:\programfiler\Trend Micro\OfficeScan Client\NTRtScan.exe c:\windows\system32\QCONSVC.EXE c:\programfiler\Intel\Wireless\Bin\RegSrvc.exe c:\programfiler\Trend Micro\OfficeScan Client\TmListen.exe c:\windows\system32\TPHDEXLG.exe c:\windows\system32\TpKmpSvc.exe c:\programfiler\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe c:\programfiler\IBM ThinkVantage\Rescue and Recovery\rrservice.exe c:\programfiler\IBM ThinkVantage\Common\Scheduler\tvtsched.exe c:\programfiler\ThinkVantage\SystemUpdate\UCLauncherService.exe c:\programfiler\Trend Micro\OfficeScan Client\OfcPfwSvc.exe c:\programfiler\Windows Media Player\wmpnetwk.exe c:\windows\system32\ati2evxx.exe c:\programfiler\IBM ThinkVantage\Common\Logger\logmon.exe c:\windows\Temp\EZ589F.EXE c:\progra~1\AVG\AVG8\avgrsx.exe c:\windows\system32\wbem\wmiapsrv.exe c:\programfiler\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe c:\programfiler\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe c:\windows\system32\rundll32.exe c:\programfiler\Logitech\Video\FxSvr2.exe c:\programfiler\iPod\bin\iPodService.exe c:\programfiler\IBM ThinkVantage\Client Security Solution\pwmgr.exe . ************************************************************************** . Completion time: 2008-12-21 18:50:01 - machine was rebooted [Oddny] ComboFix-quarantined-files.txt 2008-12-21 17:49:45 Pre-Run: 57,710,817,280 byte ledig Post-Run: 58,014,199,808 byte ledig 269 --- E O F --- 2008-12-19 07:13:52 HJT-logg Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:55:17, on 21.12.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Programfiler\Fellesfiler\Virtual Token\vtserver.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\IPSSVC.EXE C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\ThinkPad\Bluetooth Software\bin\btwdins.exe C:\Programfiler\Diskeeper Corporation\Diskeeper\DkService.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe C:\Programfiler\Trend Micro\OfficeScan Client\ntrtscan.exe C:\WINDOWS\System32\QCONSVC.EXE C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Trend Micro\OfficeScan Client\tmlisten.exe C:\WINDOWS\System32\TPHDEXLG.EXE C:\WINDOWS\system32\TpKmpSVC.exe C:\Programfiler\IBM ThinkVantage\Rescue and Recovery\rrservice.exe C:\Programfiler\IBM ThinkVantage\Common\Scheduler\tvtsched.exe C:\Programfiler\ThinkVantage\SystemUpdate\UCLauncherService.exe C:\Programfiler\Trend Micro\OfficeScan Client\OfcPfwSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Programfiler\IBM ThinkVantage\Common\Logger\logmon.exe C:\WINDOWS\TEMP\EZ589F.EXE C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\TpShocks.exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe C:\Programfiler\ThinkVantage\AMSG\Amsg.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Programfiler\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe C:\Programfiler\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe C:\Programfiler\IBM ThinkVantage\Client Security Solution\cssauth.exe C:\Programfiler\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe C:\Programfiler\ThinkPad\ConnectUtilities\QCWLICON.EXE C:\WINDOWS\system32\rundll32.exe C:\Programfiler\Trend Micro\OfficeScan Client\pccntmon.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Programfiler\Logitech\Video\LogiTray.exe C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Windows Media Player\WMPNSCFG.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\ThinkPad\Bluetooth Software\BTTray.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Programfiler\Logitech\Video\FxSvr2.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\IBM ThinkVantage\Client Security Solution\pwmgr.exe C:\Programfiler\HOTALBUMMyBOX\MediaChecker.exe C:\Programfiler\WinZip\WZQKPICK.EXE C:\WINDOWS\explorer.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Programfiler\MSN Messenger\msnmsgr.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programfiler\AVG\AVG8\avgssie.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programfiler\AVG\AVG8\avgtoolbar.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programfiler\AVG\AVG8\avgtoolbar.dll O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [TpShocks] TpShocks.exe O4 - HKLM\..\Run: [TP4EX] tp4ex.exe O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe O4 - HKLM\..\Run: [suScheduler] C:\Programfiler\ThinkVantage\SystemUpdate\UCLauncher.exe /SCHEDULER O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe O4 - HKLM\..\Run: [AMSG] C:\Programfiler\ThinkVantage\AMSG\Amsg.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [iSUSPM Startup] c:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "c:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [cssauth] "C:\Programfiler\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent O4 - HKLM\..\Run: [PDService.exe] "C:\Programfiler\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe" O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programfiler\Diskeeper Corporation\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [QCWLICON] C:\Programfiler\ThinkPad\ConnectUtilities\QCWLICON.EXE O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor O4 - HKLM\..\Run: rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Programfiler\ThinkPad\Utilities\TpKmapAp.exe -helper O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Programfiler\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programfiler\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programfiler\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [MBBalloon] C:\Programfiler\HOTALBUMMyBOX\MBBalloon.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [amsg] C:\Programfiler\ThinkVantage\AMSG\Amsg.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programfiler\Logitech\Video\ManifestEngine.exe boot O4 - HKCU\..\Run: [WMPNSCFG] C:\Programfiler\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Last.fm Helper.lnk = C:\Programfiler\Last.fm\LastFMHelper.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: MediaChecker.lnk = C:\Programfiler\HOTALBUMMyBOX\MediaChecker.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programfiler\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Send til &Bluetooth - C:\Programfiler\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Oppdater ThinkPad-programvare - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Programfiler\Lenovo\PkgMgr\\PkgMgr.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O11 - Options group: [JAVA_IBM] Java (IBM) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1165498880703 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programfiler\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\ThinkPad\Bluetooth Software\bin\btwdins.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programfiler\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: EvtEng - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: IPS Core Service (IPSSVC) - Lenovo Ltd. - C:\WINDOWS\system32\IPSSVC.EXE O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Programfiler\Trend Micro\OfficeScan Client\ntrtscan.exe O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Programfiler\Trend Micro\OfficeScan Client\OfcPfwSvc.exe O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing) O23 - Service: QCONSVC - Lenovo - C:\WINDOWS\System32\QCONSVC.EXE O23 - Service: RegSrvc - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Programfiler\Trend Micro\OfficeScan Client\tmlisten.exe O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Programfiler\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe O23 - Service: TVT Backup Service - Unknown owner - C:\Programfiler\IBM ThinkVantage\Rescue and Recovery\rrservice.exe O23 - Service: TVT Scheduler - Unknown owner - C:\Programfiler\IBM ThinkVantage\Common\Scheduler\tvtsched.exe O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Programfiler\ThinkVantage\SystemUpdate\UCLauncherService.exe O23 - Service: Protector Suite Virtual Token (vtserver) - UPEK Inc. - C:\Programfiler\Fellesfiler\Virtual Token\vtserver.exe -- End of file - 13180 bytes Endret 21. desember 2008 av quakie Lenke til kommentar
raWrz Skrevet 21. desember 2008 Del Skrevet 21. desember 2008 (endret) kjør MBAM igjen og trykk på FIX CHECKED og etter det poster du ny combofix logg Endret 21. desember 2008 av Submit Lenke til kommentar
quakie Skrevet 22. desember 2008 Forfatter Del Skrevet 22. desember 2008 (endret) Ny logg: ComboFix 08-12-20.05 - Oddny 2008-12-22 10:21:21.2 - NTFSx86 Kjører fra: c:\documents and settings\Oddny\Skrivebord\ComboFix.exe . ((((((((((((((((((((((((((( Filer Opprettet Fra 2008-11-22 til 2008-12-22 ))))))))))))))))))))))))))))))))) . 2008-12-21 17:47 . 2008-12-21 17:47 <DIR> d-------- c:\programfiler\Malwarebytes' Anti-Malware 2008-12-21 17:47 . 2008-12-21 17:47 <DIR> d-------- c:\documents and settings\Oddny\Programdata\Malwarebytes 2008-12-21 17:47 . 2008-12-21 17:47 <DIR> d-------- c:\documents and settings\All Users\Programdata\Malwarebytes 2008-12-21 17:47 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-12-21 17:47 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-12-19 11:58 . 2008-12-19 12:39 <DIR> d-------- c:\documents and settings\Oddny\Programdata\Spotify 2008-12-19 11:57 . 2008-12-19 11:57 <DIR> d-------- c:\programfiler\Spotify 2008-12-19 09:23 . 2008-12-19 09:23 <DIR> d-------- c:\documents and settings\All Users\Programdata\SUPERAntiSpyware.com 2008-12-19 09:20 . 2008-12-19 09:20 <DIR> d-------- c:\programfiler\SUPERAntiSpyware 2008-12-19 09:20 . 2008-12-19 09:20 <DIR> d-------- c:\documents and settings\Oddny\Programdata\SUPERAntiSpyware.com . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-21 17:54 --------- d-----w c:\programfiler\Trend Micro 2008-12-21 16:44 --------- d-----w c:\programfiler\Levende 2008-12-21 16:14 5,427 ----a-w c:\windows\system32\EGATHDRV.SYS 2008-12-19 20:13 --------- d-----w c:\programfiler\Java 2008-12-19 08:20 --------- d-----w c:\programfiler\Fellesfiler\Wise Installation Wizard 2008-12-18 10:50 --------- d-----w c:\programfiler\MSN Messenger 2008-12-13 06:40 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll 2008-11-20 19:25 --------- d-----w c:\programfiler\HOTALBUMMyBOX 2008-11-13 20:01 --------- d-----w c:\programfiler\Windows Media Connect 2 2008-11-13 19:53 --------- d-----w c:\programfiler\Windows Media Connect 2008-11-13 17:59 --------- d-----w c:\documents and settings\Oddny\Programdata\LimeWire 2008-10-26 12:13 --------- d-----w c:\documents and settings\Oddny\Programdata\AVGTOOLBAR 2008-10-26 07:28 --------- d-----w c:\documents and settings\All Users\Programdata\avg8 2008-10-26 07:21 97,928 ----a-w c:\windows\system32\drivers\avgldx86.sys 2008-10-26 07:21 10,520 ----a-w c:\windows\system32\avgrsstx.dll 2008-10-26 07:21 --------- d-----w c:\programfiler\AVG 2008-10-26 07:10 --------- d-----w c:\programfiler\ATI Technologies 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys 2008-10-23 12:43 286,720 ----a-w c:\windows\system32\gdi32.dll 2008-10-23 12:43 286,720 ------w c:\windows\system32\dllcache\gdi32.dll 2008-10-16 13:15 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll 2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll 2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll 2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll 2008-10-15 16:38 337,408 ------w c:\windows\system32\dllcache\netapi32.dll 2008-10-15 07:06 633,632 ------w c:\windows\system32\dllcache\iexplore.exe 2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll 2008-10-03 10:04 247,326 ----a-w c:\windows\system32\strmdll.dll 2008-10-03 10:04 247,326 ------w c:\windows\system32\dllcache\strmdll.dll 2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll 2006-12-31 10:28 20,040 ----a-w c:\documents and settings\Oddny\Programdata\GDIPFONTCACHEV1.DAT 2008-12-19 11:42 67,688 ----a-w c:\programfiler\mozilla firefox\components\jar50.dll 2008-12-19 11:42 54,368 ----a-w c:\programfiler\mozilla firefox\components\jsd3250.dll 2008-12-19 11:42 34,944 ----a-w c:\programfiler\mozilla firefox\components\myspell.dll 2008-12-19 11:42 46,712 ----a-w c:\programfiler\mozilla firefox\components\spellchk.dll 2008-12-19 11:42 172,136 ----a-w c:\programfiler\mozilla firefox\components\xpinstal.dll . ((((((((((((((((((((((((((((( snapshot@2008-12-21_18.47.44.75 ))))))))))))))))))))))))))))))))))))))))) . - 2008-12-21 17:38:47 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_140.dat + 2008-12-22 09:28:46 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_140.dat + 2006-02-07 15:10:04 172,099 ----a-w c:\windows\Temp\VN86AE.EXE . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "amsg"="c:\programfiler\ThinkVantage\AMSG\Amsg.exe" [2005-08-01 475136] "LogitechSoftwareUpdate"="c:\programfiler\Logitech\Video\ManifestEngine.exe" [2005-01-18 196608] "WMPNSCFG"="c:\programfiler\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288] "SUPERAntiSpyware"="c:\programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-04 1809648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPLpr"="c:\programfiler\Synaptics\SynTP\SynTPLpr.exe" [2005-08-01 110592] "SynTPEnh"="c:\programfiler\Synaptics\SynTP\SynTPEnh.exe" [2005-08-01 512000] "EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2005-08-31 237568] "TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2005-08-29 94208] "suScheduler"="c:\programfiler\ThinkVantage\SystemUpdate\UCLauncher.exe" [2005-08-01 40960] "LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2005-08-31 98304] "AMSG"="c:\programfiler\ThinkVantage\AMSG\Amsg.exe" [2005-08-01 475136] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-19 127037] "ISUSPM Startup"="c:\progra~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "ISUSScheduler"="c:\programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" [2004-07-27 81920] "cssauth"="c:\programfiler\IBM ThinkVantage\Client Security Solution\cssauth.exe" [2005-08-02 1988144] "PDService.exe"="c:\programfiler\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe" [2005-07-07 49152] "DiskeeperSystray"="c:\programfiler\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2005-07-14 196696] "QCWLICON"="c:\programfiler\ThinkPad\ConnectUtilities\QCWLICON.EXE" [2005-08-10 86016] "PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2005-08-31 139264] "BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-08-31 208896] "TPKMAPHELPER"="c:\programfiler\ThinkPad\Utilities\TpKmapAp.exe" [2005-08-23 864256] "OfficeScanNT Monitor"="c:\programfiler\Trend Micro\OfficeScan Client\pccntmon.exe" [2006-02-07 356352] "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-10-08 221184] "LogitechVideoRepair"="c:\programfiler\Logitech\Video\ISStart.exe" [2005-01-18 458752] "LogitechVideoTray"="c:\programfiler\Logitech\Video\LogiTray.exe" [2005-01-18 217088] "MBBalloon"="c:\programfiler\HOTALBUMMyBOX\MBBalloon.exe" [2007-02-09 789120] "SunJavaUpdateSched"="c:\programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "QuickTime Task"="c:\programfiler\QuickTime\qttask.exe" [2008-03-28 413696] "iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe" [2008-03-30 267048] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-19 1261336] "TpShocks"="TpShocks.exe" [2005-08-22 c:\windows\system32\TpShocks.exe] "TP4EX"="tp4ex.exe" [2005-08-24 c:\windows\system32\TP4EX.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ BTTray.lnk - c:\programfiler\ThinkPad\Bluetooth Software\BTTray.exe [2005-07-21 577597] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-11-28 24576] Hurtigstart for Adobe Reader.lnk - c:\programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-12-12 450560] MediaChecker.lnk - c:\programfiler\HOTALBUMMyBOX\MediaChecker.exe [2007-02-13 915096] Microsoft Office.lnk - c:\programfiler\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] WinZip Quick Pick.lnk - c:\programfiler\WinZip\WZQKPICK.EXE [2006-12-07 118784] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-03 14:56 352256 c:\programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus] 2005-07-12 09:45 109664 c:\programfiler\ThinkVantage Fingerprint Software\psfus.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina] 2005-08-10 03:08 262144 c:\windows\system32\QConGina.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2] 2005-07-05 23:45 28672 c:\windows\system32\notifyf2.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey] 2005-06-16 22:23 24576 c:\windows\system32\tphklock.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli csspwntfy [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programfiler\\ThinkVantage\\SystemUpdate\\jre\\bin\\javaw.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "c:\\Programfiler\\LimeWire\\LimeWire.exe"= "c:\\Programfiler\\iTunes\\iTunes.exe"= "c:\\Programfiler\\AVG\\AVG8\\avgupd.exe"= "c:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "c:\\Programfiler\\MSN Messenger\\livecall.exe"= "c:\\Programfiler\\Spotify\\spotify.exe"= R0 PzWDM;PzWDM;c:\windows\system32\Drivers\PzWDM.sys [2007-12-30 15172] R0 Shockprf;Shockprf;c:\windows\system32\drivers\Shockprf.sys [2006-11-28 59904] R1 ANC;ANC;c:\windows\system32\drivers\ANC.SYS [2006-11-28 11520] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-10-26 97928] R1 IBMTPCHK;IBMTPCHK;c:\windows\system32\drivers\IBMBLDID.SYS [2006-11-28 2432] R1 SASDIFSV;SASDIFSV;\??\c:\programfiler\SUPERAntiSpyware\SASDIFSV.SYS [2008-12-04 8944] R1 SASKUTIL;SASKUTIL;\??\c:\programfiler\SUPERAntiSpyware\SASKUTIL.sys [2008-12-04 55024] R1 ShockMgr;ShockMgr;c:\windows\system32\drivers\ShockMgr.sys [2006-11-28 4736] R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\Tppwrif.sys [2006-11-28 4442] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-10-26 231704] R2 ibmfilter;ibmfilter;\??\c:\windows\system32\drivers\ibmfilter.sys [2005-08-02 13184] R2 PrivateDisk;PrivateDisk;\??\c:\programfiler\IBM ThinkVantage\SafeGuard PrivateDisk\PrivateDiskM.sys [2005-06-28 46142] R2 smi2;smi2;\??\c:\programfiler\SMI2\smi2.sys [2005-08-02 3968] R2 SmiHlp;SMI helper driver;\??\c:\programfiler\ThinkVantage Fingerprint Software\smihlp.sys [2005-07-12 3328] R2 TmFilter;Trend Micro Filter;\??\c:\programfiler\Trend Micro\OfficeScan Client\TmXPFlt.sys [2005-02-18 205328] R2 TmPreFilter;Trend Micro PreFilter;\??\c:\programfiler\Trend Micro\OfficeScan Client\TmPreFlt.sys [2005-02-18 36368] R3 SASENUM;SASENUM;\??\c:\programfiler\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408] S3 QCNDISIF;QCNDISIF;c:\windows\system32\drivers\qcndisif.SYS [2006-11-28 12288] S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl.sys [2008-02-26 30464] . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2008-12-19 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57] 2008-12-22 c:\windows\Tasks\PMTask.job - c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2005-08-31 01:10] 2006-12-06 c:\windows\Tasks\Symantec NetDetect.job - c:\programfiler\Symantec\LiveUpdate\NDETECT.EXE [2005-03-31 17:32] . . ------- Tilleggsskanning ------- . IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: Send til &Bluetooth - c:\programfiler\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm FF - ProfilePath - c:\documents and settings\Oddny\Programdata\Mozilla\Firefox\Profiles\2otl7zu8.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.nettavisen.no FF - component: c:\programfiler\AVG\AVG8\Firefox\components\avgssff.dll FF - component: c:\programfiler\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-22 10:30:22 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(924) c:\programfiler\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\Ati2evxx.dll c:\programfiler\ThinkVantage Fingerprint Software\psfus.dll c:\programfiler\Fellesfiler\Virtual Token\psutil.dll c:\windows\system32\tphklock.dll - - - - - - - > 'lsass.exe'(984) c:\programfiler\IBM ThinkVantage\Client Security Solution\csspwntfy.dll c:\programfiler\IBM ThinkVantage\Client Security Solution\ibmtsp.dll c:\programfiler\IBM ThinkVantage\Client Security Solution\tcsrpc.dll c:\programfiler\IBM ThinkVantage\Client Security Solution\cssuserdatadispatcher.dll . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\programfiler\Fellesfiler\Virtual Token\vtserver.exe c:\windows\system32\ibmpmsvc.exe c:\windows\system32\ati2evxx.exe c:\programfiler\Intel\Wireless\Bin\EvtEng.exe c:\programfiler\Intel\Wireless\Bin\S24EvMon.exe c:\windows\system32\IPSSVC.EXE c:\programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\programfiler\Bonjour\mDNSResponder.exe c:\programfiler\ThinkPad\Bluetooth Software\bin\btwdins.exe c:\programfiler\Diskeeper Corporation\Diskeeper\DkService.exe c:\programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe c:\programfiler\Trend Micro\OfficeScan Client\NTRtScan.exe c:\windows\system32\QCONSVC.EXE c:\programfiler\Intel\Wireless\Bin\RegSrvc.exe c:\programfiler\Trend Micro\OfficeScan Client\TmListen.exe c:\windows\system32\TPHDEXLG.exe c:\windows\system32\TpKmpSvc.exe c:\programfiler\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe c:\programfiler\IBM ThinkVantage\Rescue and Recovery\rrservice.exe c:\windows\system32\ati2evxx.exe c:\programfiler\IBM ThinkVantage\Common\Scheduler\tvtsched.exe c:\programfiler\ThinkVantage\SystemUpdate\UCLauncherService.exe c:\programfiler\Windows Media Player\wmpnetwk.exe c:\programfiler\Trend Micro\OfficeScan Client\OfcPfwSvc.exe c:\windows\Temp\VN86AE.EXE c:\windows\system32\wbem\wmiapsrv.exe c:\programfiler\IBM ThinkVantage\Common\Logger\logmon.exe c:\programfiler\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe c:\programfiler\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe c:\windows\system32\rundll32.exe c:\programfiler\IBM ThinkVantage\Client Security Solution\pwmgr.exe c:\programfiler\iPod\bin\iPodService.exe c:\programfiler\Logitech\Video\FxSvr2.exe c:\programfiler\AVG\AVG8\avgrsx.exe c:\programfiler\AVG\AVG8\avgrsx.exe c:\programfiler\AVG\AVG8\avgrsx.exe c:\programfiler\AVG\AVG8\avgrsx.exe . ************************************************************************** . Tidspunkt ferdig: 2008-12-22 10:40:54 - maskinen ble startet på nytt ComboFix-quarantined-files.txt 2008-12-22 09:40:37 ComboFix2.txt 2008-12-21 17:50:09 Pre-Run: 58 020 003 840 byte ledig Post-Run: 58,005,790,720 byte ledig WindowsXP-KB310994-SP2-Pro-BootDisk-NOR.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect 275 --- E O F --- 2008-12-19 07:13:52 Endret 22. desember 2008 av quakie Lenke til kommentar
norbat Skrevet 22. desember 2008 Del Skrevet 22. desember 2008 Du kjører med flere av-prog (AVG, Trend Micro..) Behold ett og avinstaller resten fra legg til/fjern programmer. Lenke til kommentar
quakie Skrevet 22. desember 2008 Forfatter Del Skrevet 22. desember 2008 Nå er det gjort, noe mer? Lenke til kommentar
norbat Skrevet 22. desember 2008 Del Skrevet 22. desember 2008 Last ned CCleaner. Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer......." Klikk på 'Renser' og deretter 'Kjør CCleaner'. Kjør også noen runder med 'Register'til det ikke finner flere feil. Si ja til å lage backup av det som fjernes. Hvordan kjører pc'n? Lenke til kommentar
quakie Skrevet 22. desember 2008 Forfatter Del Skrevet 22. desember 2008 Den er ganske treg i oppstarten, har også enkelte problemer med den trådløse tilkoblingen. I tillegg er det 80(!) prosesser som kjører nå, og det er vel litt mange. Lenke til kommentar
snippsat Skrevet 22. desember 2008 Del Skrevet 22. desember 2008 tillegg er det 80(!) prosesser som kjører nå Du kan rydde litt ja. Process-scanner + Autorun Auslogics Registry Defrag(gratis) http://www.auslogics.com/en/software/registry-defrag Auslogics Disk Defrag(gratis) http://www.auslogics.com/en/software/disk-defrag Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå