Enya
-
Innlegg
271 -
Ble med
-
Besøkte siden sist
Innholdstype
Profiler
Forum
Hendelser
Blogger
Om forumet
Innlegg skrevet av Enya
-
-
Fin tråd med mange gode argument
Jeg befinner meg i samme situsajon som trådstarter gjør. Så jeg "låner" tråden litt i stedefor å lage en ny.
Jeg har bestemt meg for et D90 hus etter at jeg har prøvd dette i butikk og fikk sammenligne med Canon og Sony. Så var det å velge et allround objektiv til å starte med. Jeg vil nok fotografere mest natur, solnedganger, feriebilder, men også en del innendørs familiebilder. Har sett på dette objektivet:
16 mm - 85 mm - f/3.5-5.6 G IF-ED Nikon AF-S DX VR
Vil dette fungere bra for en uten særlig erfaring til å starte med? Huset blir som sagt D90.
-
Prøv virusdelen av forumet, der får du garantert hjelp.
-
Greit, den skal instaleres
Takker igjen for hjelp
Hva skulle jeg og andre gjort uten dere virus folk 
-
Nei, har ikke hatt noe antivirus instalert på denne maskinen. Har aldri hatt noe særlig problemer med det siden jeg sitter bak en "syk" brannmur i routeren fra internett leverandøren. Aner ikke hvordan den virker, men er noe TelNet greier. Den blir vist oppdatert jevnlig og i følge leverandøren er det ikke nødvendig med antivirus når jeg har den.
Nå er dette riktignok en laptop, så problemene kan ha kommet via internett fra et annet nettverk.
Kan vel alikevel ikke være for sikker, så blir nok antivirus på den fra nå av
-
Ok. Tusen takk for rask hjelp
Et siste spørsmål. Har du noe peiling på hvor dette "skitet" kan ha kommet fra? Sånn at jeg kan gi lillesøsteren min på 11 en liten alvlorspreken
Bør vel også oppdatere windows, java, flash og slikt også nå for å tette alle hull.
-
Hehe...
Enda en logg:
Klikk for å se/fjerne innholdet nedenforComboFix 08-11-27.07 - Sigrid 2008-11-28 19:45:38.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.743 [GMT 1:00]
Kjører fra: c:\documents and settings\Sigrid\Skrivebord\ComboFix.exe
Command switches brukt :: c:\documents and settings\Sigrid\Skrivebord\CFScript.txt
* Opprettet nytt gjenopprettingspunkt
ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !!
FILE ::
c:\windows\system32\1C.tmp
.
((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programfiler\temp01\
c:\windows\system32\1C.tmp
.
((((((((((((((((((((((((((( Filer Opprettet Fra 2008-10-28 til 2008-11-28 )))))))))))))))))))))))))))))))))
.
2008-11-28 18:50 . 2008-11-28 18:50 268 --ah----- C:\sqmdata12.sqm
2008-11-28 18:50 . 2008-11-28 18:50 244 --ah----- C:\sqmnoopt12.sqm
2008-11-28 18:04 . 2008-11-28 18:04 268 --ah----- C:\sqmdata11.sqm
2008-11-28 18:04 . 2008-11-28 18:04 244 --ah----- C:\sqmnoopt11.sqm
2008-11-28 17:48 . 2008-11-28 19:44 <DIR> dr-h----- c:\documents and settings\Sigrid\Siste
2008-11-28 17:46 . 2008-11-28 17:46 <DIR> d-------- c:\programfiler\Yahoo!
2008-11-28 17:46 . 2008-11-28 17:46 <DIR> d-------- c:\programfiler\CCleaner
2008-11-28 17:21 . 2008-11-28 17:21 <DIR> d-------- c:\programfiler\Trend Micro
2008-11-28 17:06 . 2008-11-28 17:06 268 --ah----- C:\sqmdata10.sqm
2008-11-28 17:06 . 2008-11-28 17:06 244 --ah----- C:\sqmnoopt10.sqm
2008-11-28 17:02 . 2008-11-28 17:02 <DIR> d-------- c:\programfiler\Malwarebytes' Anti-Malware
2008-11-28 17:02 . 2008-11-28 17:02 <DIR> d-------- c:\documents and settings\Sigrid\Programdata\Malwarebytes
2008-11-28 17:02 . 2008-11-28 17:02 <DIR> d-------- c:\documents and settings\All Users\Programdata\Malwarebytes
2008-11-28 17:02 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-28 17:02 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-09 18:13 . 2008-11-09 18:13 <DIR> d-------- c:\programfiler\Electronic Arts
2008-11-07 22:08 . 2008-11-07 22:08 268 --ah----- C:\sqmdata06.sqm
2008-11-07 22:08 . 2008-11-07 22:08 244 --ah----- C:\sqmnoopt08.sqm
2008-11-07 22:08 . 2008-11-07 22:08 244 --ah----- C:\sqmnoopt07.sqm
2008-11-07 22:08 . 2008-11-07 22:08 244 --ah----- C:\sqmnoopt06.sqm
2008-11-07 22:08 . 2008-11-07 22:08 232 --ah----- C:\sqmdata08.sqm
2008-11-07 22:08 . 2008-11-07 22:08 232 --ah----- C:\sqmdata07.sqm
2008-11-07 22:08 . 2008-11-07 22:08 172 --ah----- C:\sqmnoopt09.sqm
2008-11-07 22:08 . 2008-11-07 22:08 172 --ah----- C:\sqmdata09.sqm
2008-11-07 18:39 . 2008-11-07 18:39 268 --ah----- C:\sqmdata05.sqm
2008-11-07 18:39 . 2008-11-07 18:39 244 --ah----- C:\sqmnoopt05.sqm
2008-11-07 18:38 . 2008-11-07 18:38 268 --ah----- C:\sqmdata04.sqm
2008-11-07 18:38 . 2008-11-07 18:38 244 --ah----- C:\sqmnoopt04.sqm
2008-11-07 17:49 . 2008-11-07 17:49 268 --ah----- C:\sqmdata03.sqm
2008-11-07 17:49 . 2008-11-07 17:49 244 --ah----- C:\sqmnoopt03.sqm
2008-11-02 12:07 . 2008-11-02 12:07 <DIR> d-------- c:\documents and settings\Sigrid\Programdata\Pogo Games
2008-10-31 15:28 . 2008-10-31 15:28 <DIR> d-------- c:\documents and settings\Sigrid\Programdata\blg
2008-10-31 15:28 . 2008-10-31 15:28 <DIR> d-------- c:\documents and settings\All Users\Programdata\blg
2008-10-31 14:17 . 2008-10-31 14:17 <DIR> d-------- c:\documents and settings\Sigrid\Programdata\PetShowCraze
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-02 11:44 --------- d---a-w c:\documents and settings\All Users\Programdata\TEMP
2008-11-02 11:07 --------- d-----w c:\documents and settings\All Users\Programdata\BigFishGamesCache
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-06 10:51 --------- d-----w c:\documents and settings\Sigrid\Programdata\PlayFirst
2008-10-06 10:05 --------- d-----w c:\documents and settings\Sigrid\Programdata\EleFun Games
2008-09-15 15:42 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-09-04 16:46 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-03-02 10:13 0 ----a-w c:\programfiler\temp01
.
((((((((((((((((((((((((((((( snapshot@2008-11-28_17.20.13,95 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-26 15:36:34 39,992 ----a-w c:\windows\system32\perfc009.dat
+ 2008-11-28 16:54:59 39,992 ----a-w c:\windows\system32\perfc009.dat
- 2008-10-26 15:36:34 46,134 ----a-w c:\windows\system32\perfc014.dat
+ 2008-11-28 16:54:59 46,134 ----a-w c:\windows\system32\perfc014.dat
- 2008-10-26 15:36:34 311,604 ----a-w c:\windows\system32\perfh009.dat
+ 2008-11-28 16:54:59 311,604 ----a-w c:\windows\system32\perfh009.dat
- 2008-10-26 15:36:34 318,652 ----a-w c:\windows\system32\perfh014.dat
+ 2008-11-28 16:54:59 318,652 ----a-w c:\windows\system32\perfh014.dat
.
(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"MsnMsgr"="c:\programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"SoundMan"="SOUNDMAN.EXE" [2003-04-24 c:\windows\SOUNDMAN.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R3 P0630VID;Creative WebCam Live!;c:\windows\system32\DRIVERS\P0630Vid.sys [2008-09-24 67968]
.
Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)
2008-11-28 c:\windows\Tasks\Se etter oppdateringer for Windows Live Toolbar.job
- c:\programfiler\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-28 19:46:12
Windows 5.1.2600 Service Pack 2 NTFS
skanner skjulte prosesser ...
skanner skjulte autostart-oppføringer ...
skanner skjulte filer ...
skanning vellykket
skjulte filer: 0
**************************************************************************
.
Tidspunkt ferdig: 2008-11-28 19:46:49
ComboFix-quarantined-files.txt 2008-11-28 18:46:32
ComboFix2.txt 2008-11-28 18:28:19
ComboFix3.txt 2008-11-28 18:18:13
ComboFix4.txt 2008-11-28 17:23:19
ComboFix5.txt 2008-11-28 18:45:05
Pre-Run: 228 376 203 264 byte ledig
Post-Run: 228,368,719,872 byte ledig
117 --- E O F --- 2008-11-17 18:02:19
-
Ny Combofix logg:
Klikk for å se/fjerne innholdet nedenforComboFix 08-11-27.07 - Sigrid 2008-11-28 19:26:58.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.752 [GMT 1:00]
Kjører fra: c:\documents and settings\Sigrid\Skrivebord\ComboFix.exe
Command switches brukt :: c:\documents and settings\Sigrid\Skrivebord\CFScript.txt
* Opprettet nytt gjenopprettingspunkt
ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !!
FILE ::
c:\windows\system32\2.tmp
c:\windows\system32\2D.tmp
c:\windows\system32\3.tmp
c:\windows\system32\32.tmp
c:\windows\system32\35.tmp
c:\windows\system32\4.tmp
c:\windows\system32\5.tmp
.
((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\2.tmp
c:\windows\system32\2D.tmp
c:\windows\system32\3.tmp
c:\windows\system32\32.tmp
c:\windows\system32\35.tmp
c:\windows\system32\4.tmp
c:\windows\system32\5.tmp
.
((((((((((((((((((((((((((( Filer Opprettet Fra 2008-10-28 til 2008-11-28 )))))))))))))))))))))))))))))))))
.
2008-11-28 18:50 . 2008-11-28 18:50 268 --ah----- C:\sqmdata12.sqm
2008-11-28 18:50 . 2008-11-28 18:50 244 --ah----- C:\sqmnoopt12.sqm
2008-11-28 18:04 . 2008-11-28 18:04 268 --ah----- C:\sqmdata11.sqm
2008-11-28 18:04 . 2008-11-28 18:04 244 --ah----- C:\sqmnoopt11.sqm
2008-11-28 17:48 . 2008-11-28 19:26 <DIR> dr-h----- c:\documents and settings\Sigrid\Siste
2008-11-28 17:46 . 2008-11-28 17:46 <DIR> d-------- c:\programfiler\Yahoo!
2008-11-28 17:46 . 2008-11-28 17:46 <DIR> d-------- c:\programfiler\CCleaner
2008-11-28 17:21 . 2008-11-28 17:21 <DIR> d-------- c:\programfiler\Trend Micro
2008-11-28 17:06 . 2008-11-28 17:06 268 --ah----- C:\sqmdata10.sqm
2008-11-28 17:06 . 2008-11-28 17:06 244 --ah----- C:\sqmnoopt10.sqm
2008-11-28 17:02 . 2008-11-28 17:02 <DIR> d-------- c:\programfiler\Malwarebytes' Anti-Malware
2008-11-28 17:02 . 2008-11-28 17:02 <DIR> d-------- c:\documents and settings\Sigrid\Programdata\Malwarebytes
2008-11-28 17:02 . 2008-11-28 17:02 <DIR> d-------- c:\documents and settings\All Users\Programdata\Malwarebytes
2008-11-28 17:02 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-28 17:02 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-10 16:15 . 2008-11-10 16:15 318,464 --ahs---- c:\windows\system32\1C.tmp
2008-11-09 18:13 . 2008-11-09 18:13 <DIR> d-------- c:\programfiler\Electronic Arts
2008-11-07 22:08 . 2008-11-07 22:08 268 --ah----- C:\sqmdata06.sqm
2008-11-07 22:08 . 2008-11-07 22:08 244 --ah----- C:\sqmnoopt08.sqm
2008-11-07 22:08 . 2008-11-07 22:08 244 --ah----- C:\sqmnoopt07.sqm
2008-11-07 22:08 . 2008-11-07 22:08 244 --ah----- C:\sqmnoopt06.sqm
2008-11-07 22:08 . 2008-11-07 22:08 232 --ah----- C:\sqmdata08.sqm
2008-11-07 22:08 . 2008-11-07 22:08 232 --ah----- C:\sqmdata07.sqm
2008-11-07 22:08 . 2008-11-07 22:08 172 --ah----- C:\sqmnoopt09.sqm
2008-11-07 22:08 . 2008-11-07 22:08 172 --ah----- C:\sqmdata09.sqm
2008-11-07 18:39 . 2008-11-07 18:39 268 --ah----- C:\sqmdata05.sqm
2008-11-07 18:39 . 2008-11-07 18:39 244 --ah----- C:\sqmnoopt05.sqm
2008-11-07 18:38 . 2008-11-07 18:38 268 --ah----- C:\sqmdata04.sqm
2008-11-07 18:38 . 2008-11-07 18:38 244 --ah----- C:\sqmnoopt04.sqm
2008-11-07 17:49 . 2008-11-07 17:49 268 --ah----- C:\sqmdata03.sqm
2008-11-07 17:49 . 2008-11-07 17:49 244 --ah----- C:\sqmnoopt03.sqm
2008-11-02 12:07 . 2008-11-02 12:07 <DIR> d-------- c:\documents and settings\Sigrid\Programdata\Pogo Games
2008-10-31 15:28 . 2008-10-31 15:28 <DIR> d-------- c:\documents and settings\Sigrid\Programdata\blg
2008-10-31 15:28 . 2008-10-31 15:28 <DIR> d-------- c:\documents and settings\All Users\Programdata\blg
2008-10-31 14:17 . 2008-10-31 14:17 <DIR> d-------- c:\documents and settings\Sigrid\Programdata\PetShowCraze
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-02 11:44 --------- d---a-w c:\documents and settings\All Users\Programdata\TEMP
2008-11-02 11:07 --------- d-----w c:\documents and settings\All Users\Programdata\BigFishGamesCache
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-06 10:51 --------- d-----w c:\documents and settings\Sigrid\Programdata\PlayFirst
2008-10-06 10:05 --------- d-----w c:\documents and settings\Sigrid\Programdata\EleFun Games
2008-09-15 15:42 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-09-04 16:46 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-03-02 10:13 0 ----a-w c:\programfiler\temp01
.
((((((((((((((((((((((((((((( snapshot@2008-11-28_17.20.13,95 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-26 15:36:34 39,992 ----a-w c:\windows\system32\perfc009.dat
+ 2008-11-28 16:54:59 39,992 ----a-w c:\windows\system32\perfc009.dat
- 2008-10-26 15:36:34 46,134 ----a-w c:\windows\system32\perfc014.dat
+ 2008-11-28 16:54:59 46,134 ----a-w c:\windows\system32\perfc014.dat
- 2008-10-26 15:36:34 311,604 ----a-w c:\windows\system32\perfh009.dat
+ 2008-11-28 16:54:59 311,604 ----a-w c:\windows\system32\perfh009.dat
- 2008-10-26 15:36:34 318,652 ----a-w c:\windows\system32\perfh014.dat
+ 2008-11-28 16:54:59 318,652 ----a-w c:\windows\system32\perfh014.dat
.
(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"MsnMsgr"="c:\programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"SoundMan"="SOUNDMAN.EXE" [2003-04-24 c:\windows\SOUNDMAN.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R3 P0630VID;Creative WebCam Live!;c:\windows\system32\DRIVERS\P0630Vid.sys [2008-09-24 67968]
.
Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)
2008-11-28 c:\windows\Tasks\Se etter oppdateringer for Windows Live Toolbar.job
- c:\programfiler\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-28 19:27:41
Windows 5.1.2600 Service Pack 2 NTFS
skanner skjulte prosesser ...
skanner skjulte autostart-oppføringer ...
skanner skjulte filer ...
skanning vellykket
skjulte filer: 0
**************************************************************************
.
Tidspunkt ferdig: 2008-11-28 19:28:18
ComboFix-quarantined-files.txt 2008-11-28 18:28:00
ComboFix2.txt 2008-11-28 18:18:13
ComboFix3.txt 2008-11-28 17:23:19
ComboFix4.txt 2008-11-28 16:20:42
Pre-Run: 228 395 118 592 byte ledig
Post-Run: 228,387,393,536 byte ledig
128 --- E O F --- 2008-11-17 18:02:19
-
Slik ble den nye Combofiksen etter CFScript
Klikk for å se/fjerne innholdet nedenforComboFix 08-11-27.07 - Sigrid 2008-11-28 19:13:48.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.762 [GMT 1:00]
Kjører fra: c:\documents and settings\Sigrid\Skrivebord\ComboFix.exe
Command switches brukt :: c:\documents and settings\Sigrid\Skrivebord\CFScript.txt
* Opprettet nytt gjenopprettingspunkt
ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !!
FILE ::
c:\windows\system32\10.tmp
c:\windows\system32\11.tmp
c:\windows\system32\12.tmp
c:\windows\system32\13.tmp
c:\windows\system32\132.tmp
c:\windows\system32\134.tmp
c:\windows\system32\14.tmp
c:\windows\system32\15.tmp
c:\windows\system32\16.tmp
c:\windows\system32\17.tmp
c:\windows\system32\18.tmp
c:\windows\system32\19.tmp
c:\windows\system32\1A.tmp
c:\windows\system32\1B.tmp
c:\windows\system32\1D.tmp
c:\windows\system32\1E.tmp
c:\windows\system32\1F.tmp
c:\windows\system32\20.tmp
c:\windows\system32\21.tmp
c:\windows\system32\22.tmp
c:\windows\system32\23.tmp
c:\windows\system32\24.tmp
c:\windows\system32\25.tmp
c:\windows\system32\26.tmp
c:\windows\system32\27.tmp
c:\windows\system32\2738.tmp
c:\windows\system32\28.tmp
c:\windows\system32\29.tmp
c:\windows\system32\2A.tmp
c:\windows\system32\2B.tmp
c:\windows\system32\2C.tmp
c:\windows\system32\2E.tmp
c:\windows\system32\2F.tmp
c:\windows\system32\30.tmp
c:\windows\system32\34.tmp
c:\windows\system32\49.tmp
c:\windows\system32\4A.tmp
c:\windows\system32\4B.tmp
c:\windows\system32\4C.tmp
c:\windows\system32\87.tmp
c:\windows\system32\88.tmp
c:\windows\system32\CF.tmp
c:\windows\system32\D0.tmp
c:\windows\system32\dxtrans32.dll
c:\windows\system32\F.tmp
c:\windows\system32\filemgmt32.dll
.
((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\10.tmp
c:\windows\system32\11.tmp
c:\windows\system32\12.tmp
c:\windows\system32\13.tmp
c:\windows\system32\132.tmp
c:\windows\system32\134.tmp
c:\windows\system32\14.tmp
c:\windows\system32\15.tmp
c:\windows\system32\16.tmp
c:\windows\system32\17.tmp
c:\windows\system32\18.tmp
c:\windows\system32\19.tmp
c:\windows\system32\1A.tmp
c:\windows\system32\1B.tmp
c:\windows\system32\1D.tmp
c:\windows\system32\1E.tmp
c:\windows\system32\1F.tmp
c:\windows\system32\20.tmp
c:\windows\system32\21.tmp
c:\windows\system32\22.tmp
c:\windows\system32\23.tmp
c:\windows\system32\24.tmp
c:\windows\system32\25.tmp
c:\windows\system32\26.tmp
c:\windows\system32\27.tmp
c:\windows\system32\2738.tmp
c:\windows\system32\28.tmp
c:\windows\system32\29.tmp
c:\windows\system32\2A.tmp
c:\windows\system32\2B.tmp
c:\windows\system32\2C.tmp
c:\windows\system32\2E.tmp
c:\windows\system32\2F.tmp
c:\windows\system32\30.tmp
c:\windows\system32\34.tmp
c:\windows\system32\49.tmp
c:\windows\system32\4A.tmp
c:\windows\system32\4B.tmp
c:\windows\system32\4C.tmp
c:\windows\system32\87.tmp
c:\windows\system32\88.tmp
c:\windows\system32\CF.tmp
c:\windows\system32\D0.tmp
c:\windows\system32\dxtrans32.dll
c:\windows\system32\F.tmp
c:\windows\system32\filemgmt32.dll
.
((((((((((((((((((((((((((( Filer Opprettet Fra 2008-10-28 til 2008-11-28 )))))))))))))))))))))))))))))))))
.
2008-11-28 18:50 . 2008-11-28 18:50 268 --ah----- C:\sqmdata12.sqm
2008-11-28 18:50 . 2008-11-28 18:50 244 --ah----- C:\sqmnoopt12.sqm
2008-11-28 18:25 . 2008-11-28 18:25 0 --a------ c:\windows\system32\4.tmp
2008-11-28 18:10 . 2008-11-28 18:10 0 --a------ c:\windows\system32\5.tmp
2008-11-28 18:05 . 2008-11-28 18:05 0 --a------ c:\windows\system32\3.tmp
2008-11-28 18:04 . 2008-11-28 18:04 268 --ah----- C:\sqmdata11.sqm
2008-11-28 18:04 . 2008-11-28 18:04 244 --ah----- C:\sqmnoopt11.sqm
2008-11-28 17:50 . 2008-11-28 17:50 0 --a------ c:\windows\system32\2.tmp
2008-11-28 17:48 . 2008-11-28 18:34 <DIR> dr-h----- c:\documents and settings\Sigrid\Siste
2008-11-28 17:46 . 2008-11-28 17:46 <DIR> d-------- c:\programfiler\Yahoo!
2008-11-28 17:46 . 2008-11-28 17:46 <DIR> d-------- c:\programfiler\CCleaner
2008-11-28 17:21 . 2008-11-28 17:21 <DIR> d-------- c:\programfiler\Trend Micro
2008-11-28 17:18 . 2008-11-28 17:18 0 --a------ c:\windows\system32\35.tmp
2008-11-28 17:08 . 2008-11-28 17:08 0 --a------ c:\windows\system32\32.tmp
2008-11-28 17:07 . 2008-11-28 17:07 0 --a------ c:\windows\system32\2D.tmp
2008-11-28 17:06 . 2008-11-28 17:06 268 --ah----- C:\sqmdata10.sqm
2008-11-28 17:06 . 2008-11-28 17:06 244 --ah----- C:\sqmnoopt10.sqm
2008-11-28 17:02 . 2008-11-28 17:02 <DIR> d-------- c:\programfiler\Malwarebytes' Anti-Malware
2008-11-28 17:02 . 2008-11-28 17:02 <DIR> d-------- c:\documents and settings\Sigrid\Programdata\Malwarebytes
2008-11-28 17:02 . 2008-11-28 17:02 <DIR> d-------- c:\documents and settings\All Users\Programdata\Malwarebytes
2008-11-28 17:02 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-28 17:02 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-10 16:15 . 2008-11-10 16:15 318,464 --ahs---- c:\windows\system32\1C.tmp
2008-11-09 18:13 . 2008-11-09 18:13 <DIR> d-------- c:\programfiler\Electronic Arts
2008-11-07 22:08 . 2008-11-07 22:08 268 --ah----- C:\sqmdata06.sqm
2008-11-07 22:08 . 2008-11-07 22:08 244 --ah----- C:\sqmnoopt08.sqm
2008-11-07 22:08 . 2008-11-07 22:08 244 --ah----- C:\sqmnoopt07.sqm
2008-11-07 22:08 . 2008-11-07 22:08 244 --ah----- C:\sqmnoopt06.sqm
2008-11-07 22:08 . 2008-11-07 22:08 232 --ah----- C:\sqmdata08.sqm
2008-11-07 22:08 . 2008-11-07 22:08 232 --ah----- C:\sqmdata07.sqm
2008-11-07 22:08 . 2008-11-07 22:08 172 --ah----- C:\sqmnoopt09.sqm
2008-11-07 22:08 . 2008-11-07 22:08 172 --ah----- C:\sqmdata09.sqm
2008-11-07 18:39 . 2008-11-07 18:39 268 --ah----- C:\sqmdata05.sqm
2008-11-07 18:39 . 2008-11-07 18:39 244 --ah----- C:\sqmnoopt05.sqm
2008-11-07 18:38 . 2008-11-07 18:38 268 --ah----- C:\sqmdata04.sqm
2008-11-07 18:38 . 2008-11-07 18:38 244 --ah----- C:\sqmnoopt04.sqm
2008-11-07 17:49 . 2008-11-07 17:49 268 --ah----- C:\sqmdata03.sqm
2008-11-07 17:49 . 2008-11-07 17:49 244 --ah----- C:\sqmnoopt03.sqm
2008-11-02 12:07 . 2008-11-02 12:07 <DIR> d-------- c:\documents and settings\Sigrid\Programdata\Pogo Games
2008-10-31 15:28 . 2008-10-31 15:28 <DIR> d-------- c:\documents and settings\Sigrid\Programdata\blg
2008-10-31 15:28 . 2008-10-31 15:28 <DIR> d-------- c:\documents and settings\All Users\Programdata\blg
2008-10-31 14:17 . 2008-10-31 14:17 <DIR> d-------- c:\documents and settings\Sigrid\Programdata\PetShowCraze
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-02 11:44 --------- d---a-w c:\documents and settings\All Users\Programdata\TEMP
2008-11-02 11:07 --------- d-----w c:\documents and settings\All Users\Programdata\BigFishGamesCache
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-06 10:51 --------- d-----w c:\documents and settings\Sigrid\Programdata\PlayFirst
2008-10-06 10:05 --------- d-----w c:\documents and settings\Sigrid\Programdata\EleFun Games
2008-03-02 10:13 0 ----a-w c:\programfiler\temp01
.
((((((((((((((((((((((((((((( snapshot@2008-11-28_17.20.13,95 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-26 15:36:34 39,992 ----a-w c:\windows\system32\perfc009.dat
+ 2008-11-28 16:54:59 39,992 ----a-w c:\windows\system32\perfc009.dat
- 2008-10-26 15:36:34 46,134 ----a-w c:\windows\system32\perfc014.dat
+ 2008-11-28 16:54:59 46,134 ----a-w c:\windows\system32\perfc014.dat
- 2008-10-26 15:36:34 311,604 ----a-w c:\windows\system32\perfh009.dat
+ 2008-11-28 16:54:59 311,604 ----a-w c:\windows\system32\perfh009.dat
- 2008-10-26 15:36:34 318,652 ----a-w c:\windows\system32\perfh014.dat
+ 2008-11-28 16:54:59 318,652 ----a-w c:\windows\system32\perfh014.dat
.
(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"MsnMsgr"="c:\programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"SoundMan"="SOUNDMAN.EXE" [2003-04-24 c:\windows\SOUNDMAN.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R3 P0630VID;Creative WebCam Live!;c:\windows\system32\DRIVERS\P0630Vid.sys [2008-09-24 67968]
.
Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)
2008-11-28 c:\windows\Tasks\Se etter oppdateringer for Windows Live Toolbar.job
- c:\programfiler\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-28 19:16:27
Windows 5.1.2600 Service Pack 2 NTFS
skanner skjulte prosesser ...
skanner skjulte autostart-oppføringer ...
skanner skjulte filer ...
skanning vellykket
skjulte filer: 0
**************************************************************************
.
------------------------ Andre Kjørende Prosesser ------------------------
.
c:\programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Tidspunkt ferdig: 2008-11-28 19:18:12 - maskinen ble startet på nytt
ComboFix-quarantined-files.txt 2008-11-28 18:18:10
ComboFix2.txt 2008-11-28 17:23:19
ComboFix3.txt 2008-11-28 16:20:42
Pre-Run: 228 413 886 464 byte ledig
Post-Run: 228,404,715,520 byte ledig
217 --- E O F --- 2008-11-17 18:02:19
-
Nei, kjenner ikke til de mappene. Lager ny Combofix nå.
-
Usikker på hvilken rekkefølge du vil ha det i etter du editerte litt, men jeg tolket det slik:
Restart --> CCleaner --> Restart --> MBAM --> Restart --> Combofix
Da fikk jeg disse loggene:
MBAM
Klikk for å se/fjerne innholdet nedenforMalwarebytes' Anti-Malware 1.30
Database versjon: 1431
Windows 5.1.2600 Service Pack 2
28.11.2008 18:00:38
mbam-log-2008-11-28 (18-00-38).txt
Skanntype: Rask Skann
Objekter skannet: 42944
Tid tilbakelagt: 7 minute(s), 33 second(s)
Minneprosesser infisert: 0
Minnemoduler infisert: 0
Registernøkler infisert: 0
Registerverdier infisert: 0
Registerfiler infisert: 0
Mapper infisert: 0
Filer infisert: 0
Minneprosesser infisert:
(Ingen mistenkelige filer funnet)
Minnemoduler infisert:
(Ingen mistenkelige filer funnet)
Registernøkler infisert:
(Ingen mistenkelige filer funnet)
Registerverdier infisert:
(Ingen mistenkelige filer funnet)
Registerfiler infisert:
(Ingen mistenkelige filer funnet)
Mapper infisert:
(Ingen mistenkelige filer funnet)
Filer infisert:
(Ingen mistenkelige filer funnet)
Combofix
Klikk for å se/fjerne innholdet nedenforComboFix 08-11-27.07 - Sigrid 2008-11-28 18:21:53.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.751 [GMT 1:00]
Kjører fra: f:\virusfjerning\ComboFix.exe
ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !!
.
((((((((((((((((((((((((((( Filer Opprettet Fra 2008-10-28 til 2008-11-28 )))))))))))))))))))))))))))))))))
.
2008-11-28 18:10 . 2008-11-28 18:10 0 --a------ c:\windows\system32\5.tmp
2008-11-28 18:05 . 2008-11-28 18:05 0 --a------ c:\windows\system32\3.tmp
2008-11-28 18:04 . 2008-11-28 18:04 268 --ah----- C:\sqmdata11.sqm
2008-11-28 18:04 . 2008-11-28 18:04 244 --ah----- C:\sqmnoopt11.sqm
2008-11-28 17:50 . 2008-11-28 17:50 0 --a------ c:\windows\system32\2.tmp
2008-11-28 17:48 . 2008-11-28 18:01 <DIR> dr-h----- c:\documents and settings\Sigrid\Siste
2008-11-28 17:46 . 2008-11-28 17:46 <DIR> d-------- c:\programfiler\Yahoo!
2008-11-28 17:46 . 2008-11-28 17:46 <DIR> d-------- c:\programfiler\CCleaner
2008-11-28 17:21 . 2008-11-28 17:21 <DIR> d-------- c:\programfiler\Trend Micro
2008-11-28 17:18 . 2008-11-28 17:18 0 --a------ c:\windows\system32\35.tmp
2008-11-28 17:08 . 2008-11-28 17:08 0 --a------ c:\windows\system32\32.tmp
2008-11-28 17:07 . 2008-11-28 17:07 0 --a------ c:\windows\system32\2D.tmp
2008-11-28 17:06 . 2008-11-28 17:06 268 --ah----- C:\sqmdata10.sqm
2008-11-28 17:06 . 2008-11-28 17:06 244 --ah----- C:\sqmnoopt10.sqm
2008-11-28 17:02 . 2008-11-28 17:02 <DIR> d-------- c:\programfiler\Malwarebytes' Anti-Malware
2008-11-28 17:02 . 2008-11-28 17:02 <DIR> d-------- c:\documents and settings\Sigrid\Programdata\Malwarebytes
2008-11-28 17:02 . 2008-11-28 17:02 <DIR> d-------- c:\documents and settings\All Users\Programdata\Malwarebytes
2008-11-28 17:02 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-28 17:02 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-21 21:12 . 2008-11-21 21:12 0 --a------ c:\windows\system32\30.tmp
2008-11-20 18:52 . 2008-11-20 18:52 0 --a------ c:\windows\system32\2F.tmp
2008-11-17 16:11 . 2008-11-17 16:11 0 --a------ c:\windows\system32\34.tmp
2008-11-17 16:02 . 2008-11-17 16:02 0 --a------ c:\windows\system32\2E.tmp
2008-11-17 16:01 . 2008-11-17 16:01 318,464 --ahs---- c:\windows\system32\26.tmp
2008-11-13 21:00 . 2008-11-13 21:00 0 --a------ c:\windows\system32\2C.tmp
2008-11-13 18:25 . 2008-11-13 18:25 0 --a------ c:\windows\system32\2B.tmp
2008-11-12 20:50 . 2008-11-12 20:50 0 --a------ c:\windows\system32\4A.tmp
2008-11-12 20:07 . 2008-11-12 20:07 0 --a------ c:\windows\system32\2A.tmp
2008-11-11 15:23 . 2008-11-11 15:23 0 --a------ c:\windows\system32\29.tmp
2008-11-10 19:39 . 2008-11-10 19:39 0 --a------ c:\windows\system32\28.tmp
2008-11-10 16:15 . 2008-11-10 16:15 318,464 --ahs---- c:\windows\system32\1C.tmp
2008-11-10 16:15 . 2008-11-10 16:15 0 --a------ c:\windows\system32\27.tmp
2008-11-09 18:33 . 2008-11-09 18:33 0 --a------ c:\windows\system32\25.tmp
2008-11-09 18:13 . 2008-11-09 18:13 <DIR> d-------- c:\programfiler\Electronic Arts
2008-11-09 14:13 . 2008-11-09 14:13 0 --a------ c:\windows\system32\24.tmp
2008-11-08 21:18 . 2008-11-08 21:18 0 --a------ c:\windows\system32\23.tmp
2008-11-08 17:56 . 2008-11-08 17:56 0 --a------ c:\windows\system32\22.tmp
2008-11-08 10:33 . 2008-11-08 10:33 0 --a------ c:\windows\system32\21.tmp
2008-11-07 22:27 . 2008-11-07 22:27 0 --a------ c:\windows\system32\134.tmp
2008-11-07 22:26 . 2008-11-07 22:26 0 --a------ c:\windows\system32\132.tmp
2008-11-07 22:08 . 2008-11-07 22:08 268 --ah----- C:\sqmdata06.sqm
2008-11-07 22:08 . 2008-11-07 22:08 244 --ah----- C:\sqmnoopt08.sqm
2008-11-07 22:08 . 2008-11-07 22:08 244 --ah----- C:\sqmnoopt07.sqm
2008-11-07 22:08 . 2008-11-07 22:08 244 --ah----- C:\sqmnoopt06.sqm
2008-11-07 22:08 . 2008-11-07 22:08 232 --ah----- C:\sqmdata08.sqm
2008-11-07 22:08 . 2008-11-07 22:08 232 --ah----- C:\sqmdata07.sqm
2008-11-07 22:08 . 2008-11-07 22:08 172 --ah----- C:\sqmnoopt09.sqm
2008-11-07 22:08 . 2008-11-07 22:08 172 --ah----- C:\sqmdata09.sqm
2008-11-07 18:39 . 2008-11-07 18:39 268 --ah----- C:\sqmdata05.sqm
2008-11-07 18:39 . 2008-11-07 18:39 244 --ah----- C:\sqmnoopt05.sqm
2008-11-07 18:38 . 2008-11-07 18:38 268 --ah----- C:\sqmdata04.sqm
2008-11-07 18:38 . 2008-11-07 18:38 244 --ah----- C:\sqmnoopt04.sqm
2008-11-07 18:38 . 2008-11-07 18:38 0 --a------ c:\windows\system32\20.tmp
2008-11-07 17:49 . 2008-11-07 17:49 268 --ah----- C:\sqmdata03.sqm
2008-11-07 17:49 . 2008-11-07 17:49 244 --ah----- C:\sqmnoopt03.sqm
2008-11-07 17:25 . 2008-11-07 17:25 0 --a------ c:\windows\system32\1F.tmp
2008-11-05 18:56 . 2008-11-05 18:56 0 --a------ c:\windows\system32\1E.tmp
2008-11-03 20:33 . 2008-11-03 20:33 0 --a------ c:\windows\system32\1D.tmp
2008-11-03 19:18 . 2008-11-03 19:18 318,464 --ahs---- c:\windows\system32\18.tmp
2008-11-02 17:26 . 2008-11-02 17:26 0 --a------ c:\windows\system32\1A.tmp
2008-11-02 17:25 . 2008-11-02 17:25 318,464 --ahs---- c:\windows\system32\16.tmp
2008-11-02 16:19 . 2008-11-02 16:19 0 --a------ c:\windows\system32\2738.tmp
2008-11-02 14:56 . 2008-11-02 14:56 0 --a------ c:\windows\system32\15.tmp
2008-11-02 13:04 . 2008-11-02 13:04 318,464 --ahs---- c:\windows\system32\14.tmp
2008-11-02 13:04 . 2008-11-02 13:04 318,464 --ahs---- c:\windows\system32\13.tmp
2008-11-02 12:07 . 2008-11-02 12:07 <DIR> d-------- c:\documents and settings\Sigrid\Programdata\Pogo Games
2008-11-02 11:33 . 2008-11-02 11:33 318,464 --ahs---- c:\windows\system32\12.tmp
2008-11-01 21:45 . 2008-11-01 21:45 318,464 --ahs---- c:\windows\system32\10.tmp
2008-11-01 16:53 . 2008-11-01 16:53 0 --a------ c:\windows\system32\11.tmp
2008-11-01 15:38 . 2008-11-01 15:38 0 --a------ c:\windows\system32\F.tmp
2008-10-31 15:28 . 2008-10-31 15:28 <DIR> d-------- c:\documents and settings\Sigrid\Programdata\blg
2008-10-31 15:28 . 2008-10-31 15:28 <DIR> d-------- c:\documents and settings\All Users\Programdata\blg
2008-10-31 14:17 . 2008-10-31 14:17 <DIR> d-------- c:\documents and settings\Sigrid\Programdata\PetShowCraze
2008-10-30 20:00 . 2008-10-30 20:00 318,464 --ahs---- c:\windows\system32\19.tmp
2008-10-30 19:59 . 2008-10-30 19:59 318,464 --ahs---- c:\windows\system32\17.tmp
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-02 11:44 --------- d---a-w c:\documents and settings\All Users\Programdata\TEMP
2008-11-02 11:07 --------- d-----w c:\documents and settings\All Users\Programdata\BigFishGamesCache
2008-10-25 20:18 318,464 --sha-w c:\windows\system32\D0.tmp
2008-10-25 20:18 318,464 --sha-w c:\windows\system32\CF.tmp
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-22 17:21 318,464 --sha-w c:\windows\system32\88.tmp
2008-10-22 16:21 318,464 --sha-w c:\windows\system32\87.tmp
2008-10-22 15:18 318,464 --sha-w c:\windows\system32\4C.tmp
2008-10-22 14:18 318,464 --sha-w c:\windows\system32\4B.tmp
2008-10-22 13:18 318,464 --sha-w c:\windows\system32\49.tmp
2008-10-22 12:18 318,464 --sha-w c:\windows\system32\1B.tmp
2008-10-22 12:17 131,072 ----a-w c:\windows\system32\dxtrans32.dll
2008-10-17 14:20 126,976 ----a-w c:\windows\system32\filemgmt32.dll
2008-10-06 10:51 --------- d-----w c:\documents and settings\Sigrid\Programdata\PlayFirst
2008-10-06 10:05 --------- d-----w c:\documents and settings\Sigrid\Programdata\EleFun Games
2008-09-15 15:42 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-09-04 16:46 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-03-02 10:13 0 ----a-w c:\programfiler\temp01
.
((((((((((((((((((((((((((((( snapshot@2008-11-28_17.20.13,95 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-26 15:36:34 39,992 ----a-w c:\windows\system32\perfc009.dat
+ 2008-11-28 16:54:59 39,992 ----a-w c:\windows\system32\perfc009.dat
- 2008-10-26 15:36:34 46,134 ----a-w c:\windows\system32\perfc014.dat
+ 2008-11-28 16:54:59 46,134 ----a-w c:\windows\system32\perfc014.dat
- 2008-10-26 15:36:34 311,604 ----a-w c:\windows\system32\perfh009.dat
+ 2008-11-28 16:54:59 311,604 ----a-w c:\windows\system32\perfh009.dat
- 2008-10-26 15:36:34 318,652 ----a-w c:\windows\system32\perfh014.dat
+ 2008-11-28 16:54:59 318,652 ----a-w c:\windows\system32\perfh014.dat
.
(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"MsnMsgr"="c:\programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"SoundMan"="SOUNDMAN.EXE" [2003-04-24 c:\windows\SOUNDMAN.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\6c16de67486]
2008-10-22 13:17 131072 c:\windows\system32\dxtrans32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\dxtrans32.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R3 P0630VID;Creative WebCam Live!;c:\windows\system32\DRIVERS\P0630Vid.sys [2008-09-24 67968]
.
Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)
2008-11-28 c:\windows\Tasks\Se etter oppdateringer for Windows Live Toolbar.job
- c:\programfiler\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
.
------- Tilleggsskanning -------
.
FireFox -: Profile - c:\documents and settings\Sigrid\Programdata\Mozilla\Firefox\Profiles\ayoumz6v.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.startsiden.no
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-28 18:22:33
Windows 5.1.2600 Service Pack 2 NTFS
skanner skjulte prosesser ...
skanner skjulte autostart-oppføringer ...
skanner skjulte filer ...
skanning vellykket
skjulte filer: 0
**************************************************************************
.
--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------
- - - - - - - > 'winlogon.exe'(680)
c:\windows\System32\dxtrans32.dll
.
Tidspunkt ferdig: 2008-11-28 18:23:18
ComboFix-quarantined-files.txt 2008-11-28 17:23:09
ComboFix2.txt 2008-11-28 16:20:42
Pre-Run: 228,436,852,736 byte ledig
Post-Run: 228,428,034,048 byte ledig
170 --- E O F --- 2008-11-17 18:02:19
Restartet og kjørte en MBAM til:
Klikk for å se/fjerne innholdet nedenforMalwarebytes' Anti-Malware 1.30
Database versjon: 1431
Windows 5.1.2600 Service Pack 2
28.11.2008 18:34:19
mbam-log-2008-11-28 (18-34-19).txt
Skanntype: Rask Skann
Objekter skannet: 42910
Tid tilbakelagt: 7 minute(s), 29 second(s)
Minneprosesser infisert: 0
Minnemoduler infisert: 0
Registernøkler infisert: 0
Registerverdier infisert: 0
Registerfiler infisert: 0
Mapper infisert: 0
Filer infisert: 0
Minneprosesser infisert:
(Ingen mistenkelige filer funnet)
Minnemoduler infisert:
(Ingen mistenkelige filer funnet)
Registernøkler infisert:
(Ingen mistenkelige filer funnet)
Registerverdier infisert:
(Ingen mistenkelige filer funnet)
Registerfiler infisert:
(Ingen mistenkelige filer funnet)
Mapper infisert:
(Ingen mistenkelige filer funnet)
Filer infisert:
(Ingen mistenkelige filer funnet)
Maskinen har også sendt ut/inn 30 millioner pakker på ganske kort tid nå. Så noe er alvorlig galt
-
Ja, jeg har tatt på meg ansvaret med å prøve å fikse pcen til søsteren min. Symptomet er vel at den går fryktelig tregt og er enkelte ting jeg ikke klarer å åpne som "Ctrl+Alt+Del" og internett. Hun påstår at dette skjedde plutselig så jeg regner med at det er noe snusk som er kommet.
Har kjørt igjennom MBAM, Combofix og Hijackthis så her er loggene.
Håper noen kan finne ut hva den er infisert av
MBAM
Klikk for å se/fjerne innholdet nedenforMalwarebytes' Anti-Malware 1.30
Database versjon: 1431
Windows 5.1.2600 Service Pack 2
28.11.2008 17:06:16
mbam-log-2008-11-28 (17-06-16).txt
Skanntype: Rask Skann
Objekter skannet: 43797
Tid tilbakelagt: 2 minute(s), 24 second(s)
Minneprosesser infisert: 0
Minnemoduler infisert: 1
Registernøkler infisert: 1
Registerverdier infisert: 5
Registerfiler infisert: 0
Mapper infisert: 0
Filer infisert: 18
Minneprosesser infisert:
(Ingen mistenkelige filer funnet)
Minnemoduler infisert:
C:\WINDOWS\system32\__c008B268.dat (Trojan.Agent) -> Delete on reboot.
Registernøkler infisert:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c008b268 (Trojan.Vundo) -> Delete on reboot.
Registerverdier infisert:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f2d92de.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f34af5d.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f5b0341.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f17bc2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f8dd1a.exe (Trojan.Agent) -> Quarantined and deleted successfully.
Registerfiler infisert:
(Ingen mistenkelige filer funnet)
Mapper infisert:
(Ingen mistenkelige filer funnet)
Filer infisert:
C:\WINDOWS\system32\__c0012462.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sigrid\Lokale innstillinger\Temp\_A00F2D92DE.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sigrid\Lokale innstillinger\Temp\_A00F34AF5D.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sigrid\Lokale innstillinger\Temp\_A00F5B0341.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sigrid\Lokale innstillinger\Temp\_A00F17BC2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sigrid\Lokale innstillinger\Temp\_A00F8DD1A.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c008B268.dat (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\__c0026468.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c008D7D2.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c009FCC3.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00A8118.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00D752D.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\~.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\E.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c0013252.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c0039EB7.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c0041AA6.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00DC844.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
Combofix
Klikk for å se/fjerne innholdet nedenforComboFix 08-11-27.07 - Sigrid 2008-11-28 17:18:53.1 - NTFSx86
Kjører fra: f:\virusfjerning\ComboFix.exe
ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !!
.
((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\IE4 Error Log.txt
c:\windows\system32\1.tmp
c:\windows\system32\2.tmp
c:\windows\system32\3.tmp
c:\windows\system32\4.tmp
c:\windows\system32\5.tmp
c:\windows\system32\6.tmp
c:\windows\system32\7.tmp
c:\windows\system32\8.tmp
c:\windows\system32\9.tmp
c:\windows\system32\A.tmp
c:\windows\system32\B.tmp
c:\windows\system32\C.tmp
c:\windows\system32\D.tmp
C:\xcrashdump.dat
.
((((((((((((((((((((((((((( Filer Opprettet Fra 2008-10-28 til 2008-11-28 )))))))))))))))))))))))))))))))))
.
2008-11-28 17:18 . 2008-11-28 17:18 0 --a------ c:\windows\system32\35.tmp
2008-11-28 17:08 . 2008-11-28 17:08 0 --a------ c:\windows\system32\32.tmp
2008-11-28 17:07 . 2008-11-28 17:07 0 --a------ c:\windows\system32\2D.tmp
2008-11-28 17:06 . 2008-11-28 17:06 268 --ah----- C:\sqmdata10.sqm
2008-11-28 17:06 . 2008-11-28 17:06 244 --ah----- C:\sqmnoopt10.sqm
2008-11-28 17:02 . 2008-11-28 17:02 <DIR> d-------- c:\programfiler\Malwarebytes' Anti-Malware
2008-11-28 17:02 . 2008-11-28 17:02 <DIR> d-------- c:\documents and settings\Sigrid\Programdata\Malwarebytes
2008-11-28 17:02 . 2008-11-28 17:02 <DIR> d-------- c:\documents and settings\All Users\Programdata\Malwarebytes
2008-11-28 17:02 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-28 17:02 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-21 21:12 . 2008-11-21 21:12 0 --a------ c:\windows\system32\30.tmp
2008-11-20 18:52 . 2008-11-20 18:52 0 --a------ c:\windows\system32\2F.tmp
2008-11-17 16:11 . 2008-11-17 16:11 0 --a------ c:\windows\system32\34.tmp
2008-11-17 16:02 . 2008-11-17 16:02 0 --a------ c:\windows\system32\2E.tmp
2008-11-17 16:01 . 2008-11-17 16:01 318,464 --ahs---- c:\windows\system32\26.tmp
2008-11-13 21:00 . 2008-11-13 21:00 0 --a------ c:\windows\system32\2C.tmp
2008-11-13 18:25 . 2008-11-13 18:25 0 --a------ c:\windows\system32\2B.tmp
2008-11-12 20:50 . 2008-11-12 20:50 0 --a------ c:\windows\system32\4A.tmp
2008-11-12 20:07 . 2008-11-12 20:07 0 --a------ c:\windows\system32\2A.tmp
2008-11-11 15:23 . 2008-11-11 15:23 0 --a------ c:\windows\system32\29.tmp
2008-11-10 19:39 . 2008-11-10 19:39 0 --a------ c:\windows\system32\28.tmp
2008-11-10 16:15 . 2008-11-10 16:15 318,464 --ahs---- c:\windows\system32\1C.tmp
2008-11-10 16:15 . 2008-11-10 16:15 0 --a------ c:\windows\system32\27.tmp
2008-11-09 18:33 . 2008-11-09 18:33 0 --a------ c:\windows\system32\25.tmp
2008-11-09 18:13 . 2008-11-09 18:13 <DIR> d-------- c:\programfiler\Electronic Arts
2008-11-09 14:13 . 2008-11-09 14:13 0 --a------ c:\windows\system32\24.tmp
2008-11-08 21:18 . 2008-11-08 21:18 0 --a------ c:\windows\system32\23.tmp
2008-11-08 17:56 . 2008-11-08 17:56 0 --a------ c:\windows\system32\22.tmp
2008-11-08 10:33 . 2008-11-08 10:33 0 --a------ c:\windows\system32\21.tmp
2008-11-07 22:27 . 2008-11-07 22:27 0 --a------ c:\windows\system32\134.tmp
2008-11-07 22:26 . 2008-11-07 22:26 0 --a------ c:\windows\system32\132.tmp
2008-11-07 22:08 . 2008-11-07 22:08 268 --ah----- C:\sqmdata06.sqm
2008-11-07 22:08 . 2008-11-07 22:08 244 --ah----- C:\sqmnoopt08.sqm
2008-11-07 22:08 . 2008-11-07 22:08 244 --ah----- C:\sqmnoopt07.sqm
2008-11-07 22:08 . 2008-11-07 22:08 244 --ah----- C:\sqmnoopt06.sqm
2008-11-07 22:08 . 2008-11-07 22:08 232 --ah----- C:\sqmdata08.sqm
2008-11-07 22:08 . 2008-11-07 22:08 232 --ah----- C:\sqmdata07.sqm
2008-11-07 22:08 . 2008-11-07 22:08 172 --ah----- C:\sqmnoopt09.sqm
2008-11-07 22:08 . 2008-11-07 22:08 172 --ah----- C:\sqmdata09.sqm
2008-11-07 18:39 . 2008-11-07 18:39 268 --ah----- C:\sqmdata05.sqm
2008-11-07 18:39 . 2008-11-07 18:39 244 --ah----- C:\sqmnoopt05.sqm
2008-11-07 18:38 . 2008-11-07 18:38 268 --ah----- C:\sqmdata04.sqm
2008-11-07 18:38 . 2008-11-07 18:38 244 --ah----- C:\sqmnoopt04.sqm
2008-11-07 18:38 . 2008-11-07 18:38 0 --a------ c:\windows\system32\20.tmp
2008-11-07 17:49 . 2008-11-07 17:49 268 --ah----- C:\sqmdata03.sqm
2008-11-07 17:49 . 2008-11-07 17:49 244 --ah----- C:\sqmnoopt03.sqm
2008-11-07 17:25 . 2008-11-07 17:25 0 --a------ c:\windows\system32\1F.tmp
2008-11-05 18:56 . 2008-11-05 18:56 0 --a------ c:\windows\system32\1E.tmp
2008-11-03 20:33 . 2008-11-03 20:33 0 --a------ c:\windows\system32\1D.tmp
2008-11-03 19:18 . 2008-11-03 19:18 318,464 --ahs---- c:\windows\system32\18.tmp
2008-11-02 17:26 . 2008-11-02 17:26 0 --a------ c:\windows\system32\1A.tmp
2008-11-02 17:25 . 2008-11-02 17:25 318,464 --ahs---- c:\windows\system32\16.tmp
2008-11-02 16:19 . 2008-11-02 16:19 0 --a------ c:\windows\system32\2738.tmp
2008-11-02 14:56 . 2008-11-02 14:56 0 --a------ c:\windows\system32\15.tmp
2008-11-02 13:04 . 2008-11-02 13:04 318,464 --ahs---- c:\windows\system32\14.tmp
2008-11-02 13:04 . 2008-11-02 13:04 318,464 --ahs---- c:\windows\system32\13.tmp
2008-11-02 12:07 . 2008-11-02 12:07 <DIR> d-------- c:\documents and settings\Sigrid\Programdata\Pogo Games
2008-11-02 11:33 . 2008-11-02 11:33 318,464 --ahs---- c:\windows\system32\12.tmp
2008-11-01 21:45 . 2008-11-01 21:45 318,464 --ahs---- c:\windows\system32\10.tmp
2008-11-01 16:53 . 2008-11-01 16:53 0 --a------ c:\windows\system32\11.tmp
2008-11-01 15:38 . 2008-11-01 15:38 0 --a------ c:\windows\system32\F.tmp
2008-10-31 15:28 . 2008-10-31 15:28 <DIR> d-------- c:\documents and settings\Sigrid\Programdata\blg
2008-10-31 15:28 . 2008-10-31 15:28 <DIR> d-------- c:\documents and settings\All Users\Programdata\blg
2008-10-31 14:17 . 2008-10-31 14:17 <DIR> d-------- c:\documents and settings\Sigrid\Programdata\PetShowCraze
2008-10-30 20:00 . 2008-10-30 20:00 318,464 --ahs---- c:\windows\system32\19.tmp
2008-10-30 19:59 . 2008-10-30 19:59 318,464 --ahs---- c:\windows\system32\17.tmp
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-02 11:44 --------- d---a-w c:\documents and settings\All Users\Programdata\TEMP
2008-11-02 11:07 --------- d-----w c:\documents and settings\All Users\Programdata\BigFishGamesCache
2008-10-25 20:18 318,464 --sha-w c:\windows\system32\D0.tmp
2008-10-25 20:18 318,464 --sha-w c:\windows\system32\CF.tmp
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-22 17:21 318,464 --sha-w c:\windows\system32\88.tmp
2008-10-22 16:21 318,464 --sha-w c:\windows\system32\87.tmp
2008-10-22 15:18 318,464 --sha-w c:\windows\system32\4C.tmp
2008-10-22 14:18 318,464 --sha-w c:\windows\system32\4B.tmp
2008-10-22 13:18 318,464 --sha-w c:\windows\system32\49.tmp
2008-10-22 12:18 318,464 --sha-w c:\windows\system32\1B.tmp
2008-10-22 12:17 131,072 ----a-w c:\windows\system32\dxtrans32.dll
2008-10-17 14:20 126,976 ----a-w c:\windows\system32\filemgmt32.dll
2008-10-06 10:51 --------- d-----w c:\documents and settings\Sigrid\Programdata\PlayFirst
2008-10-06 10:05 --------- d-----w c:\documents and settings\Sigrid\Programdata\EleFun Games
2008-09-15 15:42 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-09-04 16:46 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-03-02 10:13 0 ----a-w c:\programfiler\temp01
.
(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"MsnMsgr"="c:\programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"SoundMan"="SOUNDMAN.EXE" [2003-04-24 c:\windows\SOUNDMAN.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\6c16de67486]
2008-10-22 13:17 131072 c:\windows\system32\dxtrans32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\dxtrans32.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R3 P0630VID;Creative WebCam Live!;c:\windows\system32\DRIVERS\P0630Vid.sys [2008-09-24 67968]
*Newly Created Service* - PROCEXP90
.
Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)
2008-11-21 c:\windows\Tasks\Se etter oppdateringer for Windows Live Toolbar.job
- c:\programfiler\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
.
------- Tilleggsskanning -------
.
FireFox -: Profile - c:\documents and settings\Sigrid\Programdata\Mozilla\Firefox\Profiles\ayoumz6v.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.startsiden.no
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-28 17:19:53
Windows 5.1.2600 Service Pack 2 NTFS
skanner skjulte prosesser ...
skanner skjulte autostart-oppføringer ...
skanner skjulte filer ...
skanning vellykket
skjulte filer: 0
**************************************************************************
.
--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------
- - - - - - - > 'winlogon.exe'(684)
c:\windows\System32\dxtrans32.dll
- - - - - - - > 'lsass.exe'(744)
c:\windows\System32\dxtrans32.dll
.
Tidspunkt ferdig: 2008-11-28 17:20:41
ComboFix-quarantined-files.txt 2008-11-28 16:20:28
Pre-Run: 228 277 305 344 byte ledig
Post-Run: 228,404,908,032 byte ledig
169 --- E O F --- 2008-11-17 18:02:19
Hijackthis
Klikk for å se/fjerne innholdet nedenforLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:23:15, on 28.11.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Java\jre1.6.0_03\bin\jucheck.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\explorer.exe
C:\Programfiler\Trend Micro\HijackThis\test.exe.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1201982593843
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O20 - AppInit_DLLs: C:\WINDOWS\System32\dxtrans32.dll
O20 - Winlogon Notify: 6c16de67486 - C:\WINDOWS\System32\dxtrans32.dll
--
End of file - 4359 bytes
-
Skal på julebord snart og tenkte derfor det var på tide å finne ut hva jeg skal ha på meg. Jeg har en dress som er helt svart, men synst av en merkelig grunn at det ikke passer helt for anledningen. Har bare hvit skjorte, og noen vanlige utbrukte slips. Kanskje det kan blir bra med en litt fresh skjorte/slips kombo?
Det jeg tenkte meg vertfall var dressbuksen, svart vest, hvit skjorte og rødt slips (det er jo jul
)Noen som har noen formeninger om dette?
Er selvfølgelig åpen for andre forslag. Håper klærne er mulig å kjøpe på nettet, er to timer inn til nærmeste "sentrum"
.Håper på litt hjelp.
-
Ja, Diesel motoren er bare på 1.7l, 90hk og et dreiemoment på 190Nm originalt. Den som jeg har prøvekjørt er trim chipet og yter da 119hk og har et dreiemoment på 270Nm. Jeg ble faktisk positivt overasket etter prøveturen. Dette kan nok være fordi jeg ikke hadde så store forventninger til bilen.
Når "kremt" sier at motoren yter "DÅRLIG" synst jeg det blir litt feil, jeg synst den yter helt greit, men ikke noe mere. Det kommer jo selvfølgelig ann på hva du er vant med.
Så, hvorfor diesel framfor bensin. Svaret er vel enkelt, det var det jeg kom over
Samtidig så er det billig forsikring i forhold til hva en større bensin motor ville ha kostet. -
Jeg får vel sitere meg selv Kremt.
"Jeg vet at det ikke er rare motoren i den bilen, men som kjent så blir forsikringen skyhøy for en 18 åring dersom en velger en BMW med større motor."
Med denne setningen viser jeg at jeg vet at det er liten motor i bilen, jeg begrunner også hvorfor jeg ikke ser etter en BMW med større motor.
Synst derfor at innlegget ditt er unødvendig og meningsløst.
-
Nå er jeg drit lei min Peugeot 106 1.0 som skulle være en midlertidig bil til jeg fant meg noe bedre.
Jeg vurderer derfor å kjøpe meg en BMW 318 TDS, bilen er en 96-modell og har kjørt 140000km. Bilen har også bare vært voksent kjørt. Bilen ligger til 50k, med forbehold om lavere ved rask avgjørelse.
Jeg vet at det ikke er rare motoren i den bilen, men som kjent så blir forsikringen skyhøy for en 18 åring dersom en velger en BMW med større motor.
Er det noen som vet noe spesielt negativt om denne bilen, tenker da for eksempel på deler som pleier å ryke eller spesielle plasser jeg bør se etter rust?
Håper noen kan komme med råd og erfaringer. Har ikke den store peiling på Bil
-Enya
-
Det er mulig combofix fjernet den. Kjører en ny scan med AVG nå for å ser hva den finner.
Burde jo selvfølgelig scannet med AVG etter at jeg gikk gjennom den lille guiden her, før jeg postet en tråd.
Edit: Da var AVG scannen ferdig, og den fant ingenting nå.
Takk for rask hjelp norbat.
Enya
-
Den sier at den ligger i c:\windows\system32\sysrest.sys
-
Var merkelig.
Før jeg begynte med mine ferdigheter var symptomet att den kom opp noe som lignet på en "falsk" bluescreen med nedtelling fra 30sec til maskinen restartet. Trykte jeg enter gikk maskinen tilbake til normalt igjen. Denne "bluescreenen" poppet opp regelmissig.
Jeg prøvde å kjøre en scan med AVG free for å løse problemet. Den fant noen trojaner som jeg slettet. (Husker ikke hva de heter). Etter dette sluttet bluscreenen å komme opp.
Jeg trodde jeg hadde fått fjernet alt snusk, men maskinen kjører tregt med tanke på hva hardwaren i den er. Så jeg kjørte en scan til med AVG, da finner den denne trojaneren som den ikke får til å slette "Trojan horse KillAV.IL"
Det popper også regelmessig opp vindu fra AVG med beskjed om at den er infisert av en trojaner som den ikke får til å fikse.
Enya
-
Ja, jeg har sagt meg villig til å hjelpe naboen med den ene maskinen hans. Mitt førsteinntrykk er at den er full av snusk.
Jeg har bra greie på data, men er ikke en ekspert på dette emnet da jeg sjelden har hatt probelemer med virus, trojaner etc.
Så her er loggene mine fra MBAM, Combofix og HijackThis.
MBAM
Klikk for å se/fjerne innholdet nedenforMalwarebytes' Anti-Malware 1.30
Database versjon: 1310
Windows 5.1.2600 Service Pack 2
23.10.2008 20:18:06
mbam-log-2008-10-23 (20-18-06).txt
Skanntype: Rask Skann
Objekter skannet: 43510
Tid tilbakelagt: 4 minute(s), 9 second(s)
Minneprosesser infisert: 0
Minnemoduler infisert: 0
Registernøkler infisert: 1
Registerverdier infisert: 4
Registerfiler infisert: 2
Mapper infisert: 0
Filer infisert: 0
Minneprosesser infisert:
(Ingen mistenkelige filer funnet)
Minnemoduler infisert:
(Ingen mistenkelige filer funnet)
Registernøkler infisert:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
Registerverdier infisert:
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.
Registerfiler infisert:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Mapper infisert:
(Ingen mistenkelige filer funnet)
Filer infisert:
(Ingen mistenkelige filer funnet)
Combofix
Klikk for å se/fjerne innholdet nedenforComboFix 08-10-23.01 - Olav 2008-10-23 20:26:13.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.259 [GMT 2:00]
Running from: E:\Documents and Settings\Olav\Skrivebord\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SYSREST.SYS
-------\Service_sysrest.sys
((((((((((((((((((((((((( Files Created from 2008-09-23 to 2008-10-23 )))))))))))))))))))))))))))))))
.
2008-10-23 20:12 . 2008-10-23 20:12 <DIR> d-------- E:\Programfiler\Malwarebytes' Anti-Malware
2008-10-23 20:12 . 2008-10-23 20:12 <DIR> d-------- E:\Documents and Settings\Olav\Programdata\Malwarebytes
2008-10-23 20:12 . 2008-10-23 20:12 <DIR> d-------- E:\Documents and Settings\All Users\Programdata\Malwarebytes
2008-10-23 20:12 . 2008-10-22 16:10 38,496 --a------ E:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-23 20:12 . 2008-10-22 16:10 15,504 --a------ E:\WINDOWS\system32\drivers\mbam.sys
2008-10-23 20:06 . 2008-10-23 20:18 <DIR> dr-h----- E:\Documents and Settings\Olav\Siste
2008-10-23 20:03 . 2008-10-23 20:03 <DIR> d-------- E:\Programfiler\CCleaner
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-02 19:43 97,928 ----a-w E:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-19 19:23 10,520 ----a-w E:\WINDOWS\system32\avgrsstx.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="E:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPDJ Taskbar Utility"="E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-08 176128]
"HPHUPD05"="E:\Programfiler\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2005-07-08 49152]
"HP Component Manager"="E:\Programfiler\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HP Software Update"="E:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 49152]
"HPHmon05"="E:\WINDOWS\system32\hphmon05.exe" [2005-07-08 491520]
"DAEMON Tools-1033"="E:\Programfiler\D-Tools\daemon.exe" [2004-08-22 81920]
"Adobe Reader Speed Launcher"="E:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="E:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"AVG8_TRAY"="E:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-30 1234712]
"SoundMan"="SOUNDMAN.EXE" [2002-10-16 E:\WINDOWS\SOUNDMAN.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="E:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]
E:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\
AutoCAD Startup Accelerator.lnk - E:\Programfiler\Fellesfiler\Autodesk Shared\acstart16.exe [2004-02-25 10872]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"E:\\Programfiler\\Messenger\\msmsgs.exe"=
"E:\\Programfiler\\AVG\\AVG8\\avgemc.exe"=
"E:\\Programfiler\\AVG\\AVG8\\avgupd.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 AvgLdx86;AVG Free AVI Loader Driver x86;E:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-02 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;E:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-02 875288]
R2 avg8wd;AVG Free8 WatchDog;E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-02 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;E:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-19 76040]
.
Contents of the 'Scheduled Tasks' folder
2008-10-12 E:\WINDOWS\Tasks\HP Usg Daily.job
- E:\Programfiler\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2005-07-08 06:55]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - E:\Documents and Settings\Olav\Programdata\Mozilla\Firefox\Profiles\wc5npi0g.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - startsiden.no
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-23 20:30:33
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
E:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE
E:\Programfiler\AVG\AVG8\avgrsx.exe
E:\Programfiler\AVG\AVG8\avgtray.exe
E:\WINDOWS\system32\HPZipm12.exe
E:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-10-23 20:31:58 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-23 18:31:46
Pre-Run: 244 450 398 208 byte ledig
Post-Run: 244,490,002,432 byte ledig
99
HijackThis
Klikk for å se/fjerne innholdet nedenforLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:36:43, on 23.10.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
E:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE
E:\PROGRA~1\AVG\AVG8\avgrsx.exe
E:\PROGRA~1\AVG\AVG8\avgemc.exe
E:\WINDOWS\system32\wuauclt.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
E:\Programfiler\HP\hpcoretech\hpcmpmgr.exe
E:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
E:\WINDOWS\system32\hphmon05.exe
E:\Programfiler\D-Tools\daemon.exe
E:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe
E:\PROGRA~1\AVG\AVG8\avgtray.exe
E:\WINDOWS\system32\ctfmon.exe
E:\WINDOWS\system32\HPZipm12.exe
E:\WINDOWS\explorer.exe
E:\WINDOWS\system32\wscntfy.exe
E:\Programfiler\internet explorer\iexplore.exe
E:\Programfiler\Java\jre1.6.0_03\bin\jucheck.exe
E:\Programfiler\Trend Micro\HijackThis\test.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\Programfiler\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] E:\Programfiler\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "E:\Programfiler\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "E:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] E:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "E:\Programfiler\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "E:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] E:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = E:\Programfiler\Fellesfiler\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programfiler\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Programfiler\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - E:\Programfiler\Fellesfiler\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - E:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\system32\HPZipm12.exe
--
End of file - 4835 bytes
Jeg vet at det kan ta tid å analysere logger, men håper at noen har lyst til å bruke tiden sin til å hjelpe meg
Enya
-
Battlefield 2 har en lei tendens til å ikke like dobbelkjerne prosessorer. Løsningen på dette er å bare bruke én kjerne når du spiller.
Dette gjøres slik:
1. Start oppgavebehandlingen (Ctrl + Alt + Del).
2. Finn fram fil BF2.exe.
3. Høyre klikk og trykk på "angi affinitet".
4. I vinduet som åpnes skal kun én kjerne være avhuket. Det er samme hvilken.
Dette pleier å løse problemet for meg vertfall
-
Hva tipper folket på i dag?
Jeg har pekt meg ut følgende aktuelle kamper, (laget som er skrevet er det jeg satser på).
Real Madrid (Juventus er i dritt form, og Real har vel ikke tapt siden sesong åpningen). Odds: 2,45
Villareal -1 U (Villarreal har en fin tendens til å vinne med ett mål, satser på at de ikke overkjører AaB). Odds: 3,75
Manchester United -1. Odds: 1,66
Rooney scorer, Ja odds: 2,10
Manchester United - Celtic over 2,5 mål. Odds: 1,68
Fenerbache - Arsenal over 2,5 mål. Odds: 1,85
-
^ Liker å være lenge oppe
< Jobber med 3FY oppgaver
v Går på ungdomsskolen
-
Hehe, takker...
Deilig med litt penger på en lørdagskveld
-
Hehe, likte den dommeren jeg
Valg av speilrefleks til nybegynner
i Fotokamera, objektiv og utstyr
Skrevet · Endret av Enya
Takker for svar. Jeg vurderer også å kjøpe et makro objektiv nå når jeg først handler. Anbefalinger?