Sliter med treig åpning av min datamaskin, mapper etc.

Aafloey · 27. mars 2008

Noen som vet hvordan det har seg at når jeg klikker inn på min datamaskin, så kommer den lommelykten opp og det tar kanskje 1 min eller mer før innholdet der vises, har hardisken min tatt kvelden? Har prøvd masse scandisk, spyware programmer osv men det er ingenting som fikser dette problemet...?

fredrick4 · 27. mars 2008

veit ikke koffor nei. men hvis jeg har vært deg har jeg restarta hele p-c`n

snippsat · 27. mars 2008

Hd Tune

Sjekk ytlesen,scan for error.

Kan se om du har noe grums.

Last ned HijackThis legg i egen mappe på skrivebordet.

Start programmet og velg "Trykk scan og save log" .

Loggfilen kopierer du og limer inn i posten din.

Helst med skjult tekst [1skjul] logg her [1/skjul] fjern 1 for skjult tekst.

Test.

Boot tapp f8,velg sikkerhetmodus det samme her?

har vært deg har jeg restarta hele p-c`n

He for håpe han har restartet pcen,eller var det reinnstall du mente.

Endret 27. mars 2008 av SNIPPSAT

fenderebest · 27. mars 2008

Du kan også bruke et program som heter Process Explorer for å feilsøke ytelsesporblemer. Guide for hvordan du bruker det finner du i guiden min over.

Sjekk foreksempel at det er nok RAM slik at man unngår eksessiv sideveksling.

Du kan evt bruke Diskmon for å se nærmere på hva harddisken din jobber med i all denne tiden.

Endret 27. mars 2008 av fenderebest

Aafloey · 27. mars 2008

Ok kjørte begge testene med HD Tune, den fant ingen problemer og jeg legger ved et screenshot av benchmark testen. Og PC-en oppfører seg helt frisk når jeg kjører sikker modus. Da funka den som den skal.

Her er loggen fra hijack this:

Klikk for å se/fjerne innholdet nedenfor

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:47:03, on 27.03.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe

C:\Programfiler\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Fellesfiler\Autodata Limited Shared\Service\ADCDLicSvc.exe

C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\Programfiler\Logitech\Easy Synchronization\servicestub.exe

C:\Programfiler\Logitech\Easy Synchronization\LogitechEasySync.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\TVersity\Media Server\MediaServer.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\TBPanel.exe

C:\WINDOWS\Logi_MwX.Exe

C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe

C:\Programfiler\ANI\ANIWZCS2 Service\WZCSLDR2.exe

C:\Programfiler\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe

C:\Programfiler\Logitech\Easy Synchronization\LogitechEasySync.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Programfiler\Razer\DeathAdder\razerhid.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\MSN Messenger\MsnMsgr.Exe

C:\Programfiler\Messenger\msmsgs.exe

C:\Programfiler\Razer\DeathAdder\razertra.exe

C:\Programfiler\Razer\DeathAdder\razerofa.exe

C:\Programfiler\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Programfiler\Logitech\SetPoint\SetPoint.exe

C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe

C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe

C:\Programfiler\Fellesfiler\Logitech\khalshared\KHALMNPR.EXE

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programfiler\MSN Messenger\usnsvc.exe

C:\Programfiler\Mozilla Firefox\firefox.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programfiler\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Programfiler\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {0A87E45F-537A-40B4-B812-E2544C21A09F} - (no file)

O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programfiler\Winamp Toolbar\winamptb.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programfiler\Winamp Toolbar\winamptb.dll

O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programfiler\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKLM\..\Run: [D-Link D-Link Wireless N DWA-140] C:\Programfiler\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [Easy Synchronization] C:\Programfiler\Logitech\Easy Synchronization\LogitechEasySync.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [bluetooth Connection Assistant] LBTWIZ.EXE -silent

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [DeathAdder] C:\Programfiler\Razer\DeathAdder\razerhid.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\RunOnce: [Easy Synchronization] C:\Programfiler\Logitech\Easy Synchronization\LogitechEasySync.exe --ports

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" clear

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - Global Startup: Logitech SetPoint.lnk = ?

O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

O8 - Extra context menu item: Send til &Bluetooth-enhet... - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: HP Utklippsbok - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Programfiler\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: HP Smart valgmetode - {700259D7-1666-479a-93B1-3250410481E8} - C:\Programfiler\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110fd.bay110.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab

O16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} (Microsoft Common Dialog Control, version 6.0) - file://C:\Programfiler\OpenCube\Visual Infinite Menus\comdlg32.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O20 - AppInit_DLLs: 6741f5de

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Programfiler\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Programfiler\Fellesfiler\Autodata Limited Shared\Service\ADCDLicSvc.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Programfiler\Logitech\Easy Synchronization\servicestub.exe

O23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Programfiler\Fellesfiler\SureThing Shared\stllssvr.exe

O23 - Service: TVersityMediaServer - Unknown owner - C:\Programfiler\TVersity\Media Server\MediaServer.exe

--

End of file - 10965 bytes

Endret 27. mars 2008 av Aafloey

fredrick4 · 27. mars 2008

Hd Tune
Sjekk ytlesen,scan for error.

Kan se om du har noe grums.

Last ned HijackThis legg i egen mappe på skrivebordet.

Start programmet og velg "Trykk scan og save log" .

Loggfilen kopierer du og limer inn i posten din.

Helst med skjult tekst [1skjul] logg her [1/skjul] fjern 1 for skjult tekst.

Test.

Boot tapp f8,velg sikkerhetmodus det samme her?

har vært deg har jeg restarta hele p-c`n

He for håpe han har restartet pcen,eller var det reinnstall du mente.

mente reinnstall ja xD

JKJK · 27. mars 2008

Har du nettverksstasjoner mounta? I såfall kan det være disse lager plagene.

snippsat · 27. mars 2008

Du har noe grums :sick:

Last ned oppdatere og kjør full scan SAS free

Post loggen fra SAS (preferences->statistics/logs)

Last Combofix ned ,legg på skrivebordet.

Ikke klikk på vindu mens programet kjører.

post logg C:\combofix.txt

Sewero · 27. mars 2008

Prøv å diskfragmentere og slikt.

Aafloey · 27. mars 2008

Har du nettverksstasjoner mounta? I såfall kan det være disse lager plagene.

Hva mener du med det?

Jeg har nylig defragmentert, igår faktisk. Det hjalp ikke.

Og den combofix linker ser ikke ut til å funke...

Endret 27. mars 2008 av Aafloey

snippsat · 27. mars 2008

Virker ikke linken for deg?

Eller får du ikke startet combofix?

Disbale antivirus.

Endret 27. mars 2008 av SNIPPSAT

Aafloey · 27. mars 2008

Klikker på den i firefox, men får aldri opp ja knappen for å lagre fila...

Fikk det til

Endret 27. mars 2008 av Aafloey

snippsat · 27. mars 2008

Kan du ta den med IE?

snippsat · 27. mars 2008

http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe

Aafloey · 27. mars 2008

Okey, her er log fra Combofix:

Klikk for å se/fjerne innholdet nedenfor

ComboFix 08-03-26.3 - Marius H.Aa 2008-03-27 23:37:54.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.2170 [GMT 1:00]

Running from: C:\Documents and Settings\Marius H.Aa\Skrivebord\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\system32\AutoRun.inf

.

((((((((((((((((((((((((( Files Created from 2008-02-27 to 2008-03-27 )))))))))))))))))))))))))))))))

.

2008-03-27 21:35 . 2008-03-27 21:35 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware

2008-03-27 21:35 . 2008-03-27 21:35 <DIR> d-------- C:\Documents and Settings\Marius H.Aa\Programdata\SUPERAntiSpyware.com

2008-03-27 21:35 . 2008-03-27 21:35 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2008-03-27 20:46 . 2008-03-27 20:46 <DIR> d-------- C:\Programfiler\Trend Micro

2008-03-27 17:26 . 2008-03-27 17:26 <DIR> d-------- C:\Programfiler\HD Tune

2008-03-27 14:12 . 2008-03-27 14:17 <DIR> d-------- C:\Programfiler\Wise Disk Cleaner

2008-03-27 14:06 . 2008-03-27 14:09 <DIR> d-------- C:\Programfiler\Wise Registry Cleaner 3

2008-03-25 16:07 . 2007-01-30 01:46 163,840 --a------ C:\WINDOWS\system32\kemutb.dll

2008-03-25 16:07 . 2007-01-30 01:46 135,168 --a------ C:\WINDOWS\system32\KemUtil.dll

2008-03-25 16:07 . 2007-01-30 01:46 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll

2008-03-25 16:07 . 2007-01-30 01:46 69,632 --a------ C:\WINDOWS\system32\KemXML.dll

2008-03-25 15:51 . 2008-03-25 15:51 127,034 -r------- C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe

2008-03-24 17:16 . 2001-01-09 19:09 12,285 --a------ C:\WINDOWS\Cadx3.ini

2008-03-24 17:16 . 2003-02-14 03:20 6,942 --a------ C:\WINDOWS\cadx2.ini

2008-03-24 17:10 . 2008-03-24 17:10 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

2008-03-16 14:55 . 2008-03-16 14:55 <DIR> d-------- C:\Programfiler\strings

2008-03-16 14:55 . 2007-06-28 13:54 192,512 --a------ C:\Programfiler\dict.exe

2008-03-16 14:54 . 2008-03-16 14:54 <DIR> d-------- C:\Programfiler\list

2008-03-16 14:54 . 2008-03-16 14:54 <DIR> d-------- C:\Programfiler\language

2008-03-16 14:54 . 2008-03-16 14:54 <DIR> d-------- C:\Programfiler\info

2008-03-16 14:54 . 2008-03-16 14:55 <DIR> d-------- C:\Programfiler\icons

2008-03-16 14:54 . 2008-03-16 14:54 <DIR> d-------- C:\Programfiler\charset

2008-03-10 16:30 . 2008-03-10 16:30 <DIR> d-------- C:\Documents and Settings\Marius H.Aa\Programdata\Hei!

2008-03-05 16:11 . 2008-03-27 20:50 <DIR> dr-h----- C:\Documents and Settings\Marius H.Aa\Siste

2008-02-28 21:34 . 2008-02-28 21:34 262,144 --a------ C:\WINDOWS\system32\wrap_oal.dll

2008-02-28 21:34 . 2008-02-28 21:34 86,016 --a------ C:\WINDOWS\system32\OpenAL32.dll

2008-02-28 21:33 . 1999-11-02 10:01 6,173 --a------ C:\WINDOWS\system32\drivers\Entech.vxd

2008-02-28 21:33 . 2004-06-22 15:44 5,632 --a------ C:\WINDOWS\system32\drivers\Entech64.sys

2008-02-28 21:33 . 2001-11-19 19:05 3,972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys

2008-02-28 21:32 . 2008-02-28 21:32 <DIR> d-------- C:\Programfiler\Futuremark

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-27 20:35 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-03-27 15:47 --------- d---a-w C:\Documents and Settings\All Users\Programdata\TEMP

2008-03-27 15:34 --------- d-----w C:\Documents and Settings\Marius H.Aa\Programdata\uTorrent

2008-03-27 13:17 --------- d-----w C:\Documents and Settings\Marius H.Aa\Programdata\Vso

2008-03-25 15:06 --------- d-----w C:\Programfiler\Fellesfiler\Logitech

2008-03-25 15:01 --------- d-----w C:\Programfiler\Fellesfiler\Logishrd

2008-03-25 14:54 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2008-03-25 14:51 --------- d-----w C:\Programfiler\Logitech

2008-03-24 11:18 --------- d-----w C:\Programfiler\Java

2008-03-22 21:16 --------- d-s---w C:\Programfiler\HLSW

2008-03-16 22:36 --------- d-----w C:\Documents and Settings\Marius H.Aa\Programdata\OpenOffice.org2

2008-03-16 13:55 237 ----a-w C:\Programfiler\dict.ini

2008-02-26 20:32 --------- d-----w C:\Programfiler\Fellesfiler\Futuremark Shared

2008-02-26 16:07 --------- d-----w C:\Programfiler\Rainlendar2

2008-02-26 15:51 --------- d-----w C:\Programfiler\muvee Technologies

2008-02-22 20:42 --------- d-----w C:\Documents and Settings\All Users\Programdata\DVD Shrink

2008-02-22 18:16 --------- d-----w C:\Programfiler\SmartFTP Client

2008-02-22 18:15 --------- d-----w C:\Programfiler\SmartFTP Client 2.5 Setup Files

2008-02-18 15:28 --------- d-----w C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy

2008-02-18 14:47 --------- d-----w C:\Programfiler\Spybot - Search & Destroy

2008-02-14 16:59 --------- d-----w C:\Programfiler\NVIDIA Corporation

2008-02-14 16:57 --------- d-----w C:\Programfiler\NVIDIA nTune Performance Application

2008-02-13 21:07 --------- d-----w C:\Programfiler\DivX

2008-02-13 16:01 --------- d-----w C:\Programfiler\Razer

2008-02-10 22:08 --------- d-----w C:\Documents and Settings\Marius H.Aa\Programdata\PE Explorer

2008-02-04 16:54 --------- d-----w C:\Programfiler\Teamspeak2_RC2

2008-02-04 16:54 --------- d-----w C:\Documents and Settings\Marius H.Aa\Programdata\teamspeak2

2008-01-31 20:46 --------- d-----w C:\Programfiler\ZD Soft

2008-01-29 23:51 --------- d-----w C:\Programfiler\SpywareBlaster

2008-01-29 23:50 --------- d-----w C:\Programfiler\Red Kawa

2008-01-29 23:45 --------- d-----w C:\Documents and Settings\Marius H.Aa\Programdata\Lavasoft

2008-01-29 23:37 --------- d-----w C:\Programfiler\Bonjour

2008-01-29 23:36 --------- d-----w C:\Programfiler\Fellesfiler\Adobe

2008-01-29 22:30 --------- d-----w C:\Programfiler\PowerISO

2008-01-29 03:20 2,177,576 ----a-w C:\WINDOWS\TBPanel.exe

2008-01-25 19:03 3 ----a-w C:\WINDOWS\Fonts\dxva_sig.txt

2008-01-09 02:11 360,448 ----a-w C:\WINDOWS\system32\NVUNINST.EXE

2008-01-09 00:53 360,448 ----a-w C:\WINDOWS\system32\nvudisp.exe

2008-01-01 13:49 151,478 ----a-w C:\Programfiler\dict.hlp

2007-11-19 22:25 22,328 -c--a-w C:\Documents and Settings\Marius H.Aa\Programdata\PnkBstrK.sys

2007-05-26 09:15 110,454 ----a-w C:\Programfiler\logo.bmp

2007-02-16 19:24 87,608 ----a-w C:\Documents and Settings\Marius H.Aa\Programdata\ezpinst.exe

2007-02-16 19:24 47,360 -c--a-w C:\Documents and Settings\Marius H.Aa\Programdata\pcouffin.sys

2001-10-28 14:27 182,784 ----a-w C:\Programfiler\dict.avi

2001-10-27 17:50 32 ----a-w C:\Programfiler\language.ini

1998-05-15 19:01 8,562 ----a-w C:\Programfiler\right.wav

1998-05-15 19:01 7,754 ----a-w C:\Programfiler\wrong.wav

1996-12-16 23:00 1,758 ----a-w C:\Programfiler\skipped.wav

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]

2007-10-04 21:06 1135968 --a------ C:\Programfiler\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Programfiler\Winamp Toolbar\winamptb.dll" [2007-10-04 21:06 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]

[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Programfiler\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]

[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:03 15360]

"MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]

"MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" [2004-08-04 01:15 1667584]

"NVIDIA nTune"="C:\Programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 19:25 81920]

"SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Gainward"="C:\WINDOWS\TBPanel.exe" [2008-01-29 04:20 2177576]

"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 10:50 19968 C:\WINDOWS\LOGI_MWX.EXE]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"ANIWZCS2Service"="C:\Programfiler\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 10:49 49152]

"D-Link D-Link Wireless N DWA-140"="C:\Programfiler\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe" [2007-03-14 17:29 1388544]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 02:17 55824 C:\WINDOWS\KHALMNPR.Exe]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 02:17 55824 C:\WINDOWS\KHALMNPR.Exe]

"Easy Synchronization"="C:\Programfiler\Logitech\Easy Synchronization\LogitechEasySync.exe" [2005-10-05 12:00 53248]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

"Bluetooth Connection Assistant"="LBTWIZ.exe" []

"RTHDCPL"="RTHDCPL.EXE" [2007-09-27 14:20 16844800 C:\WINDOWS\RTHDCPL.exe]

"DeathAdder"="C:\Programfiler\Razer\DeathAdder\razerhid.exe" [2007-09-07 15:54 159744]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]

"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Easy Synchronization"="C:\Programfiler\Logitech\Easy Synchronization\LogitechEasySync.exe" [2005-10-05 12:00 53248]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:03 15360]

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

BTTray.lnk - C:\Programfiler\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-29 22:37:20 561213]

Logitech Desktop Messenger.lnk - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-03-25 16:07:42 67128]

Logitech SetPoint.lnk - C:\Programfiler\Logitech\SetPoint\SetPoint.exe [2008-03-25 16:07:06 688128]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{FE24CD78-7C63-465D-8787-4EDF7FC79895}"= C:\Programfiler\Logitech\Easy Synchronization\shellexecutehook.dll [2005-10-05 12:00 69632]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="C:\\WINDOWS\\system32\\logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^HP Digital Imaging Monitor.lnk]

backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^HP Photosmart Premier Hurtigstart.lnk]

backup=C:\WINDOWS\pss\HP Photosmart Premier Hurtigstart.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Logitech SetPoint.lnk]

backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^SpyCatcher Protector.lnk]

backup=C:\WINDOWS\pss\SpyCatcher Protector.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]

--a------ 2007-07-12 12:23 6731312 C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a--c--- 2007-03-11 20:34 49152 C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\MSN Messenger\\livecall.exe"=

"C:\\Programfiler\\uTorrent\\utorrent.exe"=

"C:\\Programfiler\\Steam\\steamapps\\marius_2004\\half-life 2 deathmatch\\hl2.exe"=

"C:\\Programfiler\\Steam\\steamapps\\marius_2004\\counter-strike source\\hl2.exe"=

"C:\\StubInstaller.exe"=

"C:\\Programfiler\\LimeWire\\LimeWire.exe"=

"C:\\Programfiler\\Valve\\Steam\\SteamApps\\marius_2004\\half-life 2 deathmatch\\hl2.exe"=

"C:\\Programfiler\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat"=

"C:\\Programfiler\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.4\\cnc3game.dat"=

"C:\\Programfiler\\Bonjour\\mDNSResponder.exe"=

"C:\\Programfiler\\Opera\\Opera.exe"=

"C:\\Programfiler\\HLSW\\hlsw.exe"=

"C:\\Programfiler\\Java\\jre1.6.0_01\\launch4j-tmp\\RKMediaCenter.exe"=

"C:\\Programfiler\\Nero\\Nero 7\\Nero MediaHome\\NeroMediaHome.exe"=

"C:\\Programfiler\\Nero\\Nero 7\\Nero MediaHome\\NMMediaServer.exe"=

"C:\\Programfiler\\TVersity\\Media Server\\TVersity.exe"=

"C:\\Programfiler\\TVersity\\Media Server\\MediaServer.exe"=

"C:\\Programfiler\\Valve\\Steam\\steam.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"C:\\Programfiler\\Valve\\Steam\\SteamApps\\marius_2004\\team fortress 2\\hl2.exe"=

"C:\\Programfiler\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=

"C:\\WINDOWS\\system32\\PnkBstrA.exe"=

"C:\\WINDOWS\\system32\\PnkBstrB.exe"=

"C:\\Programfiler\\SmartFTP Client\\SmartFTP.exe"=

"C:\\Programfiler\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"17493:TCP"= 17493:TCP:BitComet 17493 TCP

"17493:UDP"= 17493:UDP:BitComet 17493 UDP

R2 SBKUPNT;SBKUPNT;C:\WINDOWS\system32\Drivers\SBKUPNT.SYS [2001-07-13 12:56]

R3 DAdderFltr;DeathAdder Mouse;C:\WINDOWS\system32\drivers\dadder.sys [2007-08-02 17:32]

R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\rt2870.sys [2007-03-13 11:35]

S3 A5AGU;D-Link USB Wireless Network Adapter Service;C:\WINDOWS\system32\DRIVERS\A5AGU.sys [2006-05-08 18:10]

S3 CyUsb;Cypress Generic USB Driver;C:\WINDOWS\system32\Drivers\CyUsb.sys [2005-03-03 19:47]

S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-27 23:42:58

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Programfiler\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe

C:\Programfiler\Alwil Software\Avast4\ashServ.exe

C:\Programfiler\Fellesfiler\Autodata Limited Shared\Service\ADCDLicSvc.exe

C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\Programfiler\Logitech\Easy Synchronization\servicestub.exe

C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Programfiler\TVersity\Media Server\MediaServer.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Programfiler\Razer\DeathAdder\razertra.exe

C:\Programfiler\Razer\DeathAdder\razerofa.exe

C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe

C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe

C:\Programfiler\Fellesfiler\Logitech\khalshared\KHALMNPR.EXE

C:\Programfiler\MSN Messenger\usnsvc.exe

.

**************************************************************************

.

Completion time: 2008-03-27 23:48:30 - machine was rebooted

ComboFix-quarantined-files.txt 2008-03-27 22:48:27

Pre-Run: 95,894,913,024 byte ledig

Post-Run: 95,794,982,912 byte ledig

Og her er fra spyware programmet:

Klikk for å se/fjerne innholdet nedenfor

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 03/27/2008 at 10:08 PM

Application Version : 4.0.1154

Core Rules Database Version : 3426

Trace Rules Database Version: 1418

Scan type : Complete Scan

Total Scan Time : 00:30:41

Memory items scanned : 606

Memory threats detected : 0

Registry items scanned : 5862

Registry threats detected : 0

File items scanned : 20670

File threats detected : 1

Adware.Tracking Cookie

C:\Documents and Settings\Marius H.Aa\Cookies\marius [email protected][1].txt

snippsat · 27. mars 2008

Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt.

Dra deretter fila over Combofix-iconet. Combofix vil starte igjen.

Post logg c:\combofix

File::

C:\Documents and Settings\Marius H.Aa\Programdata\ezpinst.exe

Registry::

[-HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]

[-HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]

[-HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]

[-HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

Last ned kjør CCleaner

Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t.

Kjør register-renser og"svar ja til og reparere"

Restart og en ny HijackThis logg.

Aafloey · 27. mars 2008

Dette er den nye loggen fra combofix:

Klikk for å se/fjerne innholdet nedenfor

ComboFix 08-03-26.3 - Marius H.Aa 2008-03-28 0:17:30.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.2433 [GMT 1:00]

Running from: C:\Documents and Settings\Marius H.Aa\Skrivebord\ComboFix.exe

Command switches used :: C:\Documents and Settings\Marius H.Aa\Skrivebord\CFScript.txt

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::

C:\Documents and Settings\Marius H.Aa\Programdata\ezpinst.exe

.

-- Script messages for sUBs --

Findstr -MIF:/ sursen

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\Marius H.Aa\Programdata\ezpinst.exe

.

((((((((((((((((((((((((( Files Created from 2008-02-27 to 2008-03-27 )))))))))))))))))))))))))))))))

.

2008-03-28 00:05 . 2007-11-15 10:06 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll

2008-03-27 21:35 . 2008-03-28 00:09 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware

2008-03-27 21:35 . 2008-03-27 21:35 <DIR> d-------- C:\Documents and Settings\Marius H.Aa\Programdata\SUPERAntiSpyware.com

2008-03-27 21:35 . 2008-03-27 21:35 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2008-03-27 20:46 . 2008-03-27 20:46 <DIR> d-------- C:\Programfiler\Trend Micro

2008-03-27 17:26 . 2008-03-27 17:26 <DIR> d-------- C:\Programfiler\HD Tune

2008-03-27 14:12 . 2008-03-27 14:17 <DIR> d-------- C:\Programfiler\Wise Disk Cleaner

2008-03-27 14:06 . 2008-03-27 14:09 <DIR> d-------- C:\Programfiler\Wise Registry Cleaner 3

2008-03-25 16:07 . 2007-11-15 10:07 170,512 --a------ C:\WINDOWS\system32\kemutb.dll

2008-03-25 16:07 . 2007-11-15 10:07 141,840 --a------ C:\WINDOWS\system32\KemUtil.dll

2008-03-25 16:07 . 2007-11-15 10:07 117,264 --a------ C:\WINDOWS\system32\KemWnd.dll

2008-03-25 16:07 . 2007-11-15 10:07 76,304 --a------ C:\WINDOWS\system32\KemXML.dll