ed9 Skrevet 16. mai 2008 Skrevet 16. mai 2008 (endret) Hei. En kompis lurte på om jeg kunne ta en titt på PC-en hans. Han klaget over at den gikk utrolig treigt og hang seg opp hele tiden. Viste seg at oppdateringene til både Norton og Windows var avslått, prosessorbruken føyk opp i 100 % bare jeg gikk inn på c:\. Dessuten så funket ikke cd-romen, satt i en Windows cd og restartet, leste fortsatt ikke under booting, tyder vel kanskje på at cd-romen har tatt kvelden? Kjørte først en SAS scan og fikk fjernet mengder med trojanere og annet grums. Idag tok jeg en ny titt og fulgte langversjonen her på forumet. Allerede nå ser det ut til at maskinen kjører bedre, men for å være på den sikre siden hadde det vært fint om noen kunne se gjennom loggene! SAS-logg: Klikk for å se/fjerne innholdet nedenfor <SUPERAntiSpyware Scan Loghttp://www.superantispyware.com Generated 05/16/2008 at 08:17 PM Application Version : 4.0.1154 Core Rules Database Version : 3462 Trace Rules Database Version: 1453 Scan type : Complete Scan Total Scan Time : 00:41:10 Memory items scanned : 560 Memory threats detected : 0 Registry items scanned : 5435 Registry threats detected : 0 File items scanned : 30016 File threats detected : 0 SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 04/28/2008 at 08:59 PM Application Version : 4.0.1154 Core Rules Database Version : 3449 Trace Rules Database Version: 1441 Scan type : Complete Scan Total Scan Time : 00:33:07 Memory items scanned : 512 Memory threats detected : 1 Registry items scanned : 5410 Registry threats detected : 62 File items scanned : 16339 File threats detected : 208 Adware.Vundo Variant/Resident C:\WINDOWS\SYSTEM32\MLJBRIBC.DLL C:\WINDOWS\SYSTEM32\MLJBRIBC.DLL Adware.180solutions/Seekmo HKLM\Software\Classes\CLSID\{53E0B6E8-A51D-448B-B692-40B67B285543} HKCR\CLSID\{53E0B6E8-A51D-448B-B692-40B67B285543} HKCR\CLSID\{53E0B6E8-A51D-448B-B692-40B67B285543} HKCR\CLSID\{53E0B6E8-A51D-448B-B692-40B67B285543}#AppID HKCR\CLSID\{53E0B6E8-A51D-448B-B692-40B67B285543}\InprocServer32 HKCR\CLSID\{53E0B6E8-A51D-448B-B692-40B67B285543}\InprocServer32#ThreadingModel HKCR\CLSID\{53E0B6E8-A51D-448B-B692-40B67B285543}\ProgID HKCR\CLSID\{53E0B6E8-A51D-448B-B692-40B67B285543}\Programmable HKCR\CLSID\{53E0B6E8-A51D-448B-B692-40B67B285543}\TypeLib HKCR\CLSID\{53E0B6E8-A51D-448B-B692-40B67B285543}\VersionIndependentProgID C:\PROGRAM FILES\SEEKMO PROGRAMS\SEEKMO TOOLBAR\SEEKMOTB.DLL HKLM\Software\Microsoft\Internet Explorer\Toolbar#{53E0B6E8-A51D-448B-B692-40B67B285543} HKCR\SeekmoToolbar.SeekmoToolband.1 HKCR\SeekmoToolbar.SeekmoToolband.1\CLSID HKCR\SeekmoToolbar.SeekmoToolband HKCR\SeekmoToolbar.SeekmoToolband\CLSID HKCR\SeekmoToolbar.SeekmoToolband\CurVer HKCR\TypeLib\{B3A2ECDA-1487-4E7B-815E-D91E43AC79DC} HKCR\TypeLib\{B3A2ECDA-1487-4E7B-815E-D91E43AC79DC}\1.0 HKCR\TypeLib\{B3A2ECDA-1487-4E7B-815E-D91E43AC79DC}\1.0 HKCR\TypeLib\{B3A2ECDA-1487-4E7B-815E-D91E43AC79DC}\1.0\win32 HKCR\TypeLib\{B3A2ECDA-1487-4E7B-815E-D91E43AC79DC}\1.0\FLAGS HKCR\TypeLib\{B3A2ECDA-1487-4E7B-815E-D91E43AC79DC}\1.0\HELPDIR HKCR\Interface\{AA06DE54-7B8A-4366-9209-D1FA2FD5E680} HKCR\Interface\{AA06DE54-7B8A-4366-9209-D1FA2FD5E680}\ProxyStubClsid HKCR\Interface\{AA06DE54-7B8A-4366-9209-D1FA2FD5E680}\ProxyStubClsid32 HKCR\Interface\{AA06DE54-7B8A-4366-9209-D1FA2FD5E680}\TypeLib HKCR\Interface\{AA06DE54-7B8A-4366-9209-D1FA2FD5E680}\TypeLib#Version HKCR\AppId\SeekmoTB.DLL HKCR\AppId\SeekmoTB.DLL#AppID HKCR\AppId\{21B8997E-251A-412C-A805-B0A4F791B03E} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Seekmo Toolbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Seekmo Toolbar#DisplayName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Seekmo Toolbar#UninstallString Unclassified.Unknown Origin HKLM\Software\Classes\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} HKCR\CLSID\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C} HKCR\CLSID\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}\InprocServer32 HKCR\CLSID\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}\InprocServer32#ThreadingModel C:\WINDOWS\SYSTEM32\TUVTJGVM.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} HKCR\CLSID\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C} Adware.Vundo-Variant HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42C5C39E-F896-439C-9BCF-FE8CFC27C520} HKCR\CLSID\{42C5C39E-F896-439C-9BCF-FE8CFC27C520} HKCR\CLSID\{42C5C39E-F896-439C-9BCF-FE8CFC27C520}\InprocServer32 HKCR\CLSID\{42C5C39E-F896-439C-9BCF-FE8CFC27C520}\InprocServer32#ThreadingModel HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E6E175F6-F6A7-49AC-B899-4F1FB89DEEAF} HKCR\CLSID\{E6E175F6-F6A7-49AC-B899-4F1FB89DEEAF} HKCR\CLSID\{E6E175F6-F6A7-49AC-B899-4F1FB89DEEAF}\InprocServer32 HKCR\CLSID\{E6E175F6-F6A7-49AC-B899-4F1FB89DEEAF}\InprocServer32#ThreadingModel C:\WINDOWS\SYSTEM32\YAYVSIHA.DLL C:\DOCUMENTS AND SETTINGS\GJEST\LOKALE INNSTILLINGER\TEMP\PMNKHAQH.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP273\A0103343.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP273\A0103344.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP273\A0103345.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP273\A0103346.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP273\A0103347.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP273\A0103348.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP273\A0103349.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP273\A0103350.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP273\A0104343.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP273\A0104344.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP273\A0104345.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP273\A0104346.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP273\A0104347.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP273\A0104348.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP273\A0104349.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP273\A0104350.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP273\A0104351.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP273\A0104352.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP273\A0104353.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP273\A0104354.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP273\A0104355.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP273\A0104356.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP273\A0104357.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP273\A0105343.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP273\A0105344.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP273\A0105345.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP273\A0105346.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP273\A0105347.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP273\A0105348.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP273\A0105349.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP273\A0105350.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP273\A0105351.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP280\A0134468.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP280\A0134469.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP280\A0134470.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP280\A0134471.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP282\A0144515.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP282\A0144516.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP282\A0145515.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP282\A0145516.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP282\A0145517.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP282\A0145518.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP282\A0145519.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP282\A0145520.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP282\A0145521.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP282\A0147544.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP282\A0147545.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP282\A0147546.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP282\A0147547.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP282\A0147548.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP282\A0147549.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP282\A0147550.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP282\A0149580.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP287\A0158925.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP287\A0158926.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP287\A0158927.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP287\A0158928.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP287\A0158929.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP287\A0158930.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP287\A0158932.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP287\A0158933.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP287\A0158935.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP287\A0158936.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP287\A0158937.DLL C:\WINDOWS\SYSTEM32\AWTQNKHE.DLL C:\WINDOWS\SYSTEM32\CBXQIHAP.DLL C:\WINDOWS\SYSTEM32\CBXRHXXP.DLL C:\WINDOWS\SYSTEM32\DDCBRKLI.DLL C:\WINDOWS\SYSTEM32\DDCBTLFC.DLL C:\WINDOWS\SYSTEM32\EFCASIFU.DLL C:\WINDOWS\SYSTEM32\EFCATJBU.DLL C:\WINDOWS\SYSTEM32\GEBTQKLC.DLL C:\WINDOWS\SYSTEM32\GEBTRLMK.DLL C:\WINDOWS\SYSTEM32\LJJCUUNL.DLL C:\WINDOWS\SYSTEM32\LJJCVVLE.DLL C:\WINDOWS\SYSTEM32\MLJYPMGE.DLL C:\WINDOWS\SYSTEM32\PMNKJBAS.DLL C:\WINDOWS\SYSTEM32\PMNLJKAA.DLL C:\WINDOWS\SYSTEM32\QOMCCBRP.DLL C:\WINDOWS\SYSTEM32\QOMDETJD.DLL C:\WINDOWS\SYSTEM32\QOMFCCRI.DLL C:\WINDOWS\SYSTEM32\SSQNGYOI.DLL C:\WINDOWS\SYSTEM32\SSQPGGXR.DLL C:\WINDOWS\SYSTEM32\SSQQHFFC.DLL C:\WINDOWS\SYSTEM32\URQRLBAB.DLL C:\WINDOWS\SYSTEM32\VTUONLIB.DLL C:\WINDOWS\SYSTEM32\WVUKIXQO.DLL C:\WINDOWS\SYSTEM32\WVULIFEU.DLL C:\WINDOWS\SYSTEM32\WVUMNKAW.DLL C:\WINDOWS\SYSTEM32\XXYVVVOH.DLL C:\WINDOWS\SYSTEM32\YAYAWMFD.DLL C:\WINDOWS\SYSTEM32\YAYXWWND.DLL Adware.Zango/ShoppingReport HKU\S-1-5-21-2449234327-715213787-2878241473-1008\Software\ShoppingReport HKLM\Software\ShoppingReport HKLM\Software\ShoppingReport#affid HKLM\Software\ShoppingReport#Version HKLM\Software\ShoppingReport#ProductName HKLM\Software\ShoppingReport#requestor HKLM\Software\ShoppingReport#SG_Not_Set HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport#DisplayIcon HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport#DisplayName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport#UninstallString HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport#DisplayVersion HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport#URLInfoAbout HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport#Publisher C:\Programfiler\ShoppingReport\Bin\2.0.26\ShoppingReport.dll C:\Programfiler\ShoppingReport\Bin\2.0.26 C:\Programfiler\ShoppingReport\Bin C:\Programfiler\ShoppingReport\Uninst.exe C:\Programfiler\ShoppingReport C:\Documents and settings\abcd\Programdata\ShoppingReport\cs\Config.xml C:\Documents and settings\abcd\Programdata\ShoppingReport\cs C:\Documents and settings\abcd\Programdata\ShoppingReport Adware.Tracking Cookie C:\Documents and settings\Gjest\Cookies\gjest@atdmt[2].txt C:\Documents and settings\Gjest\Cookies\[email protected][1].txt C:\Documents and settings\Gjest\Cookies\[email protected][1].txt C:\Documents and settings\Gjest\Cookies\[email protected][1].txt Adware.Vundo-Variant/Small-A C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP273\A0097332.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP273\A0100332.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP273\A0102343.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP273\A0107343.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP273\A0111343.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP274\A0115365.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP275\A0121398.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP275\A0122398.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP275\A0123398.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP276\A0126421.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP276\A0127421.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP277\A0127435.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP278\A0128444.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP280\A0129456.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP280\A0132468.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP280\A0134472.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP280\A0135468.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP281\A0137481.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP282\A0141504.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP282\A0146544.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP282\A0147551.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP282\A0148544.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP282\A0149567.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP283\A0153601.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP283\A0153613.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP283\A0153614.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP283\A0153638.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP287\A0159138.DLL C:\WINDOWS\SYSTEM32\BWNHPNHT.DLL C:\WINDOWS\SYSTEM32\CRFSGTNG.DLL C:\WINDOWS\SYSTEM32\DIDAVRMC.DLL C:\WINDOWS\SYSTEM32\EHSKYREU.DLL C:\WINDOWS\SYSTEM32\EQVQOUMB.DLL C:\WINDOWS\SYSTEM32\FBJKNISN.DLL C:\WINDOWS\SYSTEM32\GDXPQIIH.DLL C:\WINDOWS\SYSTEM32\HMSDSBML.DLL C:\WINDOWS\SYSTEM32\JORXHPAL.DLL C:\WINDOWS\SYSTEM32\KFWTHDQF.DLL C:\WINDOWS\SYSTEM32\KJEXFJLO.DLL C:\WINDOWS\SYSTEM32\LHTVKCAV.DLL C:\WINDOWS\SYSTEM32\NQRGXJAW.DLL C:\WINDOWS\SYSTEM32\ORIFDYSG.DLL C:\WINDOWS\SYSTEM32\OXANHLSQ.DLL C:\WINDOWS\SYSTEM32\RAHFASMC.DLL C:\WINDOWS\SYSTEM32\RHIBCJOK.DLL C:\WINDOWS\SYSTEM32\RSSOIFFS.DLL C:\WINDOWS\SYSTEM32\SPUUMRKG.DLL C:\WINDOWS\SYSTEM32\TUUXTBJL.DLL C:\WINDOWS\SYSTEM32\USHYURXS.DLL C:\WINDOWS\SYSTEM32\VOLGSFHA.DLL C:\WINDOWS\SYSTEM32\WQRSQHUP.DLL Adware.Vundo-Variant/E C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP274\A0115366.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP282\A0142506.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP283\A0153635.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP283\A0153636.DLL C:\WINDOWS\SYSTEM32\BTMICLBJ.DLL C:\WINDOWS\SYSTEM32\ESTRSDHR.DLL C:\WINDOWS\SYSTEM32\EXLDCTUW.DLL C:\WINDOWS\SYSTEM32\FEDOTWID.DLL C:\WINDOWS\SYSTEM32\FNSNSLUV.DLL C:\WINDOWS\SYSTEM32\RSYEIPJR.DLL Adware.180solutions/ZangoSearch C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP282\A0143525.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP287\A0159124.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP287\A0159115.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP287\A0159116.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP287\A0159117.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP287\A0159118.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP287\A0159119.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP287\A0159120.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP287\A0159122.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP287\A0159125.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP287\A0159126.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP287\A0159127.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP287\A0159129.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP287\A0159130.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP288\A0159142.DLL Trojan.Vundo-Variant/F C:\WINDOWS\SYSTEM32\AERTOJBS.DLL C:\WINDOWS\SYSTEM32\DOIURNWO.DLL C:\WINDOWS\SYSTEM32\JRCQNRQJ.DLL C:\WINDOWS\SYSTEM32\MAOWHBNX.DLL C:\WINDOWS\SYSTEM32\QBPNTAHD.DLL C:\WINDOWS\SYSTEM32\WVJEXWUH.DLL C:\WINDOWS\SYSTEM32\XSJOVBNB.DLL C:\WINDOWS\SYSTEM32\XYTWCLLW.DLL Adware.Vundo-Variant/M C:\WINDOWS\SYSTEM32\AEWRLKET.DLL C:\WINDOWS\SYSTEM32\EGXSGTLQ.DLL C:\WINDOWS\SYSTEM32\HHHEGSPS.DLL C:\WINDOWS\SYSTEM32\ICOAAEXI.DLL C:\WINDOWS\SYSTEM32\IFRGSBJI.DLL C:\WINDOWS\SYSTEM32\LLGNNECU.DLL C:\WINDOWS\SYSTEM32\XBBTMRMB.DLL Trojan.Unclassified/MRT-Fake C:\WINDOWS\SYSTEM32\HEGFCDBR.DLL C:\WINDOWS\SYSTEM32\JWXXLDBL.DLL C:\WINDOWS\SYSTEM32\LERDMVXR.DLL C:\WINDOWS\SYSTEM32\OICCCDYK.DLL C:\WINDOWS\SYSTEM32\UACLMGXW.DLL C:\WINDOWS\SYSTEM32\TYKTFVLN.DLL C:\WINDOWS\SYSTEM32\UVLPGXEX.DLL C:\WINDOWS\SYSTEM32\XARRUDXB.DLL > Combofix-logg: Klikk for å se/fjerne innholdet nedenfor <ComboFix 08-05-15.3 - abcd 2008-05-16 20:23:00.1 - NTFSx86Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.121 [GMT 2:00] Running from: C:\Documents and settings\abcd\Skrivebord\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\cookies.ini C:\WINDOWS\pskt.ini C:\WINDOWS\system32\aHiSvyay.ini C:\WINDOWS\system32\aHiSvyay.ini2 C:\WINDOWS\system32\babLRqru.ini C:\WINDOWS\system32\babLRqru.ini2 C:\WINDOWS\system32\BIlnoUtv.ini C:\WINDOWS\system32\BIlnoUtv.ini2 C:\WINDOWS\system32\bufxgoob.ini C:\WINDOWS\system32\CbIRBJlm.ini C:\WINDOWS\system32\CbIRBJlm.ini2 C:\WINDOWS\system32\CffhQqss.ini C:\WINDOWS\system32\CffhQqss.ini2 C:\WINDOWS\system32\cfLTBcdd.ini C:\WINDOWS\system32\cfLTBcdd.ini2 C:\WINDOWS\system32\CLkQtBeg.ini C:\WINDOWS\system32\CLkQtBeg.ini2 C:\WINDOWS\system32\dfMWayay.ini C:\WINDOWS\system32\dfMWayay.ini2 C:\WINDOWS\system32\dJTEdMoq.ini C:\WINDOWS\system32\dJTEdMoq.ini2 C:\WINDOWS\system32\dsrtphhb.ini C:\WINDOWS\system32\ebgapnrl.ini C:\WINDOWS\system32\EgMpYJlm.ini C:\WINDOWS\system32\EgMpYJlm.ini2 C:\WINDOWS\system32\ehknqtwa.ini C:\WINDOWS\system32\ehknqtwa.ini2 C:\WINDOWS\system32\ELVvCJjl.ini C:\WINDOWS\system32\ELVvCJjl.ini2 C:\WINDOWS\system32\erkecjgs.ini C:\WINDOWS\system32\fdcumyri.ini C:\WINDOWS\system32\flovlgeq.ini C:\WINDOWS\system32\gkneunga.ini C:\WINDOWS\system32\gwpqyqlg.ini C:\WINDOWS\system32\gywjsres.ini C:\WINDOWS\system32\hOVvvyxx.ini C:\WINDOWS\system32\hOVvvyxx.ini2 C:\WINDOWS\system32\IlkRBcdd.ini C:\WINDOWS\system32\IlkRBcdd.ini2 C:\WINDOWS\system32\IOYGNqss.ini C:\WINDOWS\system32\IOYGNqss.ini2 C:\WINDOWS\system32\iRCcfMoq.ini C:\WINDOWS\system32\iRCcfMoq.ini2 C:\WINDOWS\system32\kmlRtBeg.ini C:\WINDOWS\system32\kmlRtBeg.ini2 C:\WINDOWS\system32\lffevgyu.ini C:\WINDOWS\system32\LnUuCJjl.ini C:\WINDOWS\system32\LnUuCJjl.ini2 C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\ngqtybwn.ini C:\WINDOWS\system32\njtlqnhb.ini C:\WINDOWS\system32\NmVvCfhk.ini C:\WINDOWS\system32\NmVvCfhk.ini2 C:\WINDOWS\system32\oqXIkUvw.ini C:\WINDOWS\system32\oqXIkUvw.ini2 C:\WINDOWS\system32\pAHiQXbc.ini C:\WINDOWS\system32\pAHiQXbc.ini2 C:\WINDOWS\system32\pbkolmpp.ini C:\WINDOWS\system32\pcvuvphj.ini C:\WINDOWS\system32\prBccMoq.ini C:\WINDOWS\system32\prBccMoq.ini2 C:\WINDOWS\system32\pXxHRXbc.ini C:\WINDOWS\system32\pXxHRXbc.ini2 C:\WINDOWS\system32\qjyckxrn.ini C:\WINDOWS\system32\qvosubgd.ini C:\WINDOWS\system32\rxcqoiwi.ini C:\WINDOWS\system32\rXGgPqss.ini C:\WINDOWS\system32\rXGgPqss.ini2 C:\WINDOWS\system32\sAbJknmp.ini C:\WINDOWS\system32\sAbJknmp.ini2 C:\WINDOWS\system32\sxruyhsu.ini C:\WINDOWS\system32\ttnpdfvg.ini C:\WINDOWS\system32\UBJTAcfe.ini C:\WINDOWS\system32\UBJTAcfe.ini2 C:\WINDOWS\system32\uEfilUvw.ini C:\WINDOWS\system32\uEfilUvw.ini2 C:\WINDOWS\system32\UFiSAcfe.ini C:\WINDOWS\system32\UFiSAcfe.ini2 C:\WINDOWS\system32\ukjwuump.ini C:\WINDOWS\system32\vhhcmyrh.ini C:\WINDOWS\system32\viitsqeo.ini C:\WINDOWS\system32\waKnmUvw.ini C:\WINDOWS\system32\waKnmUvw.ini2 C:\WINDOWS\system32\wchledee.ini C:\WINDOWS\system32\whcblkep.ini C:\WINDOWS\system32\ygnggyec.ini C:\WINDOWS\system32\ysldqhgu.ini C:\WINDOWS\system32\aaKjlnmp.ini C:\WINDOWS\system32\aaKjlnmp.ini2 . ((((((((((((((((((((((((( Files Created from 2008-04-16 to 2008-05-16 ))))))))))))))))))))))))))))))) . 2008-05-16 19:28 . 2008-05-16 20:20 <DIR> dr-h----- C:\Documents and settings\abcd\Siste 2008-05-16 19:28 . 2008-05-16 20:20 <DIR> dr-h----- C:\Documents and settings\abcd\Siste 2008-05-16 19:07 . 2008-05-16 19:07 <DIR> d-------- C:\WINDOWS\LastGood 2008-05-16 18:39 . 2008-05-16 18:39 <DIR> d-------- C:\Documents and settings\LocalService\Start-meny 2008-05-15 21:27 . 2008-05-15 21:37 <DIR> d-------- C:\WINDOWS\LastGood.Tmp 2008-05-15 21:22 . 2004-08-04 10:03 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2008-05-15 21:20 . 2008-05-15 21:20 <DIR> d-------- C:\WINDOWS\provisioning 2008-05-15 21:20 . 2008-05-15 21:20 <DIR> d-------- C:\WINDOWS\peernet 2008-05-15 21:15 . 2008-05-15 21:15 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2008-05-15 20:59 . 2008-05-15 20:59 <DIR> d-------- C:\WINDOWS\EHome 2008-05-03 10:33 . 2008-05-03 11:52 6,955 --a------ C:\WINDOWS\system32\EPPICResdb0000 2008-05-03 10:33 . 2008-05-03 11:52 121 --a------ C:\WINDOWS\system32\EPPICResdb 2008-04-28 21:18 . 2008-04-28 21:18 0 --a------ C:\WINDOWS\nsreg.dat 2008-04-28 20:26 . 2008-04-28 20:26 67 --a------ C:\WINDOWS\system32\mmmfsxul.dll 2008-04-28 20:23 . 2008-04-28 20:23 <DIR> d-------- C:\Documents and settings\All Users\Programdata\SUPERAntiSpyware.com 2008-04-28 20:23 . 2008-04-28 20:23 67 --a------ C:\WINDOWS\system32\vnfhhyrn.dll 2008-04-28 20:22 . 2008-05-16 19:34 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-04-28 20:22 . 2008-04-28 20:22 <DIR> d-------- C:\Documents and settings\abcd\Programdata\SUPERAntiSpyware.com 2008-04-28 19:46 . 2008-04-28 19:46 <DIR> d-------- C:\Programfiler\CCleaner 2008-04-28 19:13 . 2008-04-28 19:13 67 --a------ C:\WINDOWS\system32\plkkirnu.dll 2008-04-28 19:11 . 2008-04-28 19:11 67 --a------ C:\WINDOWS\system32\kerytqol.dll 2008-04-28 19:04 . 2008-04-28 19:04 67 --a------ C:\WINDOWS\system32\tgywutis.dll 2008-04-28 19:01 . 2008-04-28 19:01 67 --a------ C:\WINDOWS\system32\ofobbnsn.dll 2008-04-28 17:32 . 2008-04-28 17:32 67 --a------ C:\WINDOWS\system32\bsqgmvyk.dll 2008-04-27 15:47 . 2008-04-27 15:47 67 --a------ C:\WINDOWS\system32\taaclpie.dll 2008-04-27 15:32 . 2008-04-27 15:32 <DIR> d-------- C:\Documents and settings\Gjest\Programdata\Symantec 2008-04-27 15:31 . 2004-10-01 12:37 <DIR> d---s---- C:\Documents and settings\Gjest\UserData 2008-04-27 15:31 . 2004-10-01 12:05 <DIR> dr------- C:\Documents and settings\Gjest\Start-meny 2008-04-27 15:31 . 2004-10-01 12:05 <DIR> d--h----- C:\Documents and settings\Gjest\Skrivere 2008-04-27 15:31 . 2008-04-27 15:31 <DIR> d-------- C:\Documents and settings\Gjest\Skrivebord 2008-04-27 15:31 . 2008-04-27 15:31 <DIR> dr-h----- C:\Documents and settings\Gjest\Siste 2008-04-27 15:31 . 2008-04-27 15:34 <DIR> dr-h----- C:\Documents and settings\Gjest\Programdata 2008-04-27 15:31 . 2008-04-27 15:31 <DIR> dr------- C:\Documents and settings\Gjest\Mine dokumenter 2008-04-27 15:31 . 2004-10-01 11:10 <DIR> d--h----- C:\Documents and settings\Gjest\Maler 2008-04-27 15:31 . 2008-05-16 20:25 <DIR> d--h----- C:\Documents and settings\Gjest\Lokale innstillinger 2008-04-27 15:31 . 2008-04-27 15:31 <DIR> dr------- C:\Documents and settings\Gjest\Favoritter 2008-04-27 15:31 . 2004-10-01 12:05 <DIR> d--h----- C:\Documents and settings\Gjest\AndrMask 2008-04-27 15:31 . 2008-04-27 15:31 <DIR> d-------- C:\Documents and settings\Gjest 2008-04-27 15:31 . 2008-05-16 20:22 1,024 --ah----- C:\Documents and settings\Gjest\ntuser.dat.LOG 2008-04-27 12:09 . 2008-04-27 12:09 67 --a------ C:\WINDOWS\system32\ollklaoy.dll 2008-04-27 10:57 . 2008-04-27 10:57 67 --a------ C:\WINDOWS\system32\qejlddte.dll 2008-04-26 19:32 . 2008-04-26 19:32 67 --a------ C:\WINDOWS\system32\owflawjh.dll 2008-04-26 19:30 . 2008-04-26 19:30 67 --a------ C:\WINDOWS\system32\fgbsaein.dll 2008-04-26 18:07 . 2008-04-26 18:07 67 --a------ C:\WINDOWS\system32\ivkcnrju.dll 2008-04-25 18:20 . 2008-04-25 18:20 67 --a------ C:\WINDOWS\system32\ucbmodvr.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-16 17:34 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared 2008-05-15 20:02 9,004 ----a-w C:\Documents and settings\abcd\Programdata\wklnhst.dat 2008-04-28 18:20 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-04-28 16:42 --------- d-----w C:\Programfiler\Norton Internet Security 2008-04-28 16:26 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF 2008-04-28 16:26 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL 2008-04-28 16:26 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2008-04-28 16:26 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2008-04-28 16:26 --------- d-----w C:\Programfiler\Symantec 2007-01-22 19:50 71,360 ----a-w C:\Documents and settings\abcd\Programdata\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4DA3FD30-AA3B-47EF-8270-163605FBFBA3}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:03 15360] "MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" [2004-08-04 10:03 1667584] "swg"="C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-02-03 22:30 171448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2004-02-26 16:53 65024 C:\WINDOWS\SOUNDMAN.EXE] "SynTPLpr"="C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe" [2003-07-25 14:49 110592] "SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2003-07-25 14:47 618496] "ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-07-17 21:10 339968] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "LaunchAp"="C:\Programfiler\Launch Manager\LaunchAp.exe" [2004-08-06 14:04 32768] "HotkeyApp"="C:\Programfiler\Launch Manager\HotkeyApp.exe" [2004-07-26 15:39 49152] "CtrlVol"="C:\Programfiler\Launch Manager\CtrlVol.exe" [2003-09-16 14:28 20480] "LMgrOSD"="C:\Programfiler\Launch Manager\OSD.exe" [2004-07-26 14:52 204800] "Wbutton"="C:\Programfiler\Launch Manager\Wbutton.exe" [2004-08-06 14:49 73728] "DAEMON Tools-1033"="C:\Programfiler\D-Tools\daemon.exe" [2003-12-27 21:43 81920] "EPSON Stylus Photo R240 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.exe" [2005-04-25 06:00 98304] "ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2007-03-01 12:18 52840] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2006-10-25 19:58 282624] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2006-10-30 10:36 256576] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 16:07 49263] "Microsoft Works Update Detection"="C:\Programfiler\Fellesfiler\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-10 02:11 50688] "Telenor Online Start"="C:\Programfiler\Telenor\Online Start\Telenor.exe" [2006-11-30 14:51 178312] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "DJSNetCN"="C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe" [2005-11-01 10:33 54928] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 10:03 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvTjGVm] tuvTjGVm.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\Messenger\\msmsgs.exe"= R0 d344bus;d344bus;C:\WINDOWS\system32\DRIVERS\d344bus.sys [2003-12-27 21:42] R0 d344prt;d344prt;C:\WINDOWS\system32\Drivers\d344prt.sys [2003-12-27 03:38] R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 11:27] R2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;"C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-08-03 19:08] R2 LogWatch;Event Log Watch;C:\Programfiler\CA\SharedComponents\CA_LIC\LogWatNT.exe [2002-09-20 18:29] S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys [] S3 CA_LIC_CLNT;CA License Client;C:\Programfiler\CA\SharedComponents\CA_LIC\lic98rmt.exe [2002-09-20 18:27] S3 CA_LIC_SRVR;CA License Server;C:\Programfiler\CA\SharedComponents\CA_LIC\lic98rmtd.exe [2002-09-20 18:41] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4626ec0-22ad-11dd-b83a-000e3551512c}] \Shell\AutoRun\command - F:\LaunchU3.exe -a *Newly Created Service* - CATCHME *Newly Created Service* - COMHOST *Newly Created Service* - DCOMLAUNCH *Newly Created Service* - FLTMGR *Newly Created Service* - HTTP *Newly Created Service* - WSCSVC . Contents of the 'Scheduled Tasks' folder "2008-05-16 18:01:30 C:\WINDOWS\Tasks\Norton AntiVirus - Kjør fullstendig systemsøk - abcd.job" - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exec/TASK: "2008-05-16 18:04:10 C:\WINDOWS\Tasks\Se etter oppdateringer for Windows Live Toolbar.job" - C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-16 20:26:11 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-05-16 20:27:55 ComboFix-quarantined-files.txt 2008-05-16 18:27:47 Pre-Run: 16,536,354,816 byte ledig Post-Run: 16,499,630,080 byte ledig 247 --- E O F --- 2008-05-15 20:30:47 > HiJackThis-logg: Klikk for å se/fjerne innholdet nedenfor <Logfile of Trend Micro HijackThis v2.0.2Scan saved at 20:35:33, on 16.05.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe C:\Programfiler\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programfiler\Launch Manager\LaunchAp.exe C:\Programfiler\Launch Manager\HotkeyApp.exe C:\Programfiler\Launch Manager\OSD.exe C:\Programfiler\Launch Manager\Wbutton.exe C:\Programfiler\D-Tools\daemon.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe C:\Programfiler\QuickTime\qttask.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\Java\jre1.5.0_10\bin\jusched.exe C:\Programfiler\Fellesfiler\Microsoft Shared\Works Shared\WkUFind.exe C:\Programfiler\Telenor\Online Start\Telenor.exe C:\WINDOWS\System32\ctfmon.exe C:\Programfiler\Messenger\msmsgs.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Programfiler\Fellesfiler\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\explorer.exe C:\Programfiler\internet explorer\iexplore.exe C:\Documents and settings\abcd\Skrivebord\testing\Testing.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.online.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {4DA3FD30-AA3B-47EF-8270-163605FBFBA3} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar3.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programfiler\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programfiler\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar3.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [LaunchAp] C:\Programfiler\Launch Manager\LaunchAp.exe O4 - HKLM\..\Run: [HotkeyApp] C:\Programfiler\Launch Manager\HotkeyApp.exe O4 - HKLM\..\Run: [CtrlVol] C:\Programfiler\Launch Manager\CtrlVol.exe O4 - HKLM\..\Run: [LMgrOSD] C:\Programfiler\Launch Manager\OSD.exe O4 - HKLM\..\Run: [Wbutton] "C:\Programfiler\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programfiler\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P30 "EPSON Stylus Photo R240 Series" /O6 "USB001" /M "Stylus Photo R240" O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programfiler\Fellesfiler\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [Telenor Online Start] "C:\Programfiler\Telenor\Online Start\Telenor.exe" O4 - HKLM\..\RunServices: [DJSNetCN] C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Åpne i ny bakgrunnsflik - res://C:\Programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/229?1a576e7e8eff4fa2a808dc80d04afc4c O8 - Extra context menu item: Åpne i ny forgrunnsflik - res://C:\Programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/230?1a576e7e8eff4fa2a808dc80d04afc4c O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1096627073104 O16 - DPF: {B69B0694-EB7C-4468-B572-B781062A1EF2} (KooPlayer Control) - http://static.mediazone.com/player/1.0.0.67/MZPlayer.CAB O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: tuvTjGVm - tuvTjGVm.dll (file missing) O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Programfiler\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Programfiler\CA\SharedComponents\CA_LIC\lic98rmtd.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Norton Internet Security\comHost.exe O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Programfiler\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 11587 bytes > Mvh ed9 Endret 18. mai 2008 av ed9
norbat Skrevet 16. mai 2008 Skrevet 16. mai 2008 Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. File:: C:\WINDOWS\system32\mmmfsxul.dll C:\WINDOWS\system32\vnfhhyrn.dll C:\WINDOWS\system32\plkkirnu.dll C:\WINDOWS\system32\kerytqol.dll C:\WINDOWS\system32\tgywutis.dll C:\WINDOWS\system32\ofobbnsn.dll C:\WINDOWS\system32\bsqgmvyk.dll C:\WINDOWS\system32\taaclpie.dll C:\WINDOWS\system32\ollklaoy.dll C:\WINDOWS\system32\qejlddte.dll C:\WINDOWS\system32\owflawjh.dll C:\WINDOWS\system32\fgbsaein.dll C:\WINDOWS\system32\ivkcnrju.dll C:\WINDOWS\system32\ucbmodvr.dll Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4DA3FD30-AA3B-47EF-8270-163605FBFBA3}] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvTjGVm] Post ny hjt-logg, så ser vi om det er noe mer å gjøre.
ed9 Skrevet 16. mai 2008 Forfatter Skrevet 16. mai 2008 Det var kjapt Får ikke gjort det ikveld, men skal prøve å få gjort det iløpet av helgen!
ed9 Skrevet 18. mai 2008 Forfatter Skrevet 18. mai 2008 Her er logger etter å ha kjørt CFScriptet: Combofix-logg Klikk for å se/fjerne innholdet nedenfor <ComboFix 08-05-15.3 - abcd 2008-05-18 17:00:45.2 - NTFSx86Running from: C:\Documents and settings\abcd\Skrivebord\ComboFix.exe Command switches used :: C:\Documents and settings\abcd\Skrivebord\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\WINDOWS\system32\bsqgmvyk.dll C:\WINDOWS\system32\fgbsaein.dll C:\WINDOWS\system32\ivkcnrju.dll C:\WINDOWS\system32\kerytqol.dll C:\WINDOWS\system32\mmmfsxul.dll C:\WINDOWS\system32\ofobbnsn.dll C:\WINDOWS\system32\ollklaoy.dll C:\WINDOWS\system32\owflawjh.dll C:\WINDOWS\system32\plkkirnu.dll C:\WINDOWS\system32\qejlddte.dll C:\WINDOWS\system32\tgywutis.dll C:\WINDOWS\system32\taaclpie.dll C:\WINDOWS\system32\ucbmodvr.dll C:\WINDOWS\system32\vnfhhyrn.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\bsqgmvyk.dll C:\WINDOWS\system32\fgbsaein.dll C:\WINDOWS\system32\ivkcnrju.dll C:\WINDOWS\system32\kerytqol.dll C:\WINDOWS\system32\mmmfsxul.dll C:\WINDOWS\system32\ofobbnsn.dll C:\WINDOWS\system32\ollklaoy.dll C:\WINDOWS\system32\owflawjh.dll C:\WINDOWS\system32\plkkirnu.dll C:\WINDOWS\system32\qejlddte.dll C:\WINDOWS\system32\tgywutis.dll C:\WINDOWS\system32\taaclpie.dll C:\WINDOWS\system32\ucbmodvr.dll C:\WINDOWS\system32\vnfhhyrn.dll . ((((((((((((((((((((((((( Files Created from 2008-04-18 to 2008-05-18 ))))))))))))))))))))))))))))))) . 2008-05-18 01:35 . 2008-05-18 01:35 <DIR> d-------- C:\Documents and settings\abcd\Programdata\U3 2008-05-16 21:04 . 2008-05-16 21:04 <DIR> d-------- C:\Programfiler\MSXML 4.0 2008-05-16 21:01 . 2008-05-16 21:17 1,374 --a------ C:\WINDOWS\imsins.BAK 2008-05-16 20:45 . 2008-05-16 20:46 <DIR> d-------- C:\Documents and settings\abcd\Programdata\Media Player Classic 2008-05-16 19:28 . 2008-05-18 16:57 <DIR> dr-h----- C:\Documents and settings\abcd\Siste 2008-05-16 19:28 . 2008-05-18 16:57 <DIR> dr-h----- C:\Documents and settings\abcd\Siste 2008-05-16 19:21 . 2007-07-09 15:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll 2008-05-16 18:39 . 2008-05-16 18:39 <DIR> d-------- C:\Documents and settings\LocalService\Start-meny 2008-05-15 21:22 . 2004-08-04 10:03 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2008-05-15 21:20 . 2008-05-15 21:20 <DIR> d-------- C:\WINDOWS\provisioning 2008-05-15 21:20 . 2008-05-15 21:20 <DIR> d-------- C:\WINDOWS\peernet 2008-05-15 21:15 . 2008-05-15 21:15 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2008-05-15 20:59 . 2008-05-15 20:59 <DIR> d-------- C:\WINDOWS\EHome 2008-05-03 10:33 . 2008-05-03 11:52 6,955 --a------ C:\WINDOWS\system32\EPPICResdb0000 2008-05-03 10:33 . 2008-05-03 11:52 121 --a------ C:\WINDOWS\system32\EPPICResdb 2008-04-28 21:18 . 2008-04-28 21:18 0 --a------ C:\WINDOWS\nsreg.dat 2008-04-28 20:23 . 2008-04-28 20:23 <DIR> d-------- C:\Documents and settings\All Users\Programdata\SUPERAntiSpyware.com 2008-04-28 20:22 . 2008-05-16 19:34 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-04-28 20:22 . 2008-04-28 20:22 <DIR> d-------- C:\Documents and settings\abcd\Programdata\SUPERAntiSpyware.com 2008-04-28 19:46 . 2008-04-28 19:46 <DIR> d-------- C:\Programfiler\CCleaner 2008-04-27 15:32 . 2008-04-27 15:32 <DIR> d-------- C:\Documents and settings\Gjest\Programdata\Symantec 2008-04-27 15:31 . 2004-10-01 12:37 <DIR> d---s---- C:\Documents and settings\Gjest\UserData 2008-04-27 15:31 . 2004-10-01 12:05 <DIR> dr------- C:\Documents and settings\Gjest\Start-meny 2008-04-27 15:31 . 2004-10-01 12:05 <DIR> d--h----- C:\Documents and settings\Gjest\Skrivere 2008-04-27 15:31 . 2008-04-27 15:31 <DIR> d-------- C:\Documents and settings\Gjest\Skrivebord 2008-04-27 15:31 . 2008-04-27 15:31 <DIR> dr-h----- C:\Documents and settings\Gjest\Siste 2008-04-27 15:31 . 2008-04-27 15:34 <DIR> dr-h----- C:\Documents and settings\Gjest\Programdata 2008-04-27 15:31 . 2008-04-27 15:31 <DIR> dr------- C:\Documents and settings\Gjest\Mine dokumenter 2008-04-27 15:31 . 2004-10-01 11:10 <DIR> d--h----- C:\Documents and settings\Gjest\Maler 2008-04-27 15:31 . 2008-05-18 17:05 <DIR> d--h----- C:\Documents and settings\Gjest\Lokale innstillinger 2008-04-27 15:31 . 2008-04-27 15:31 <DIR> dr------- C:\Documents and settings\Gjest\Favoritter 2008-04-27 15:31 . 2004-10-01 12:05 <DIR> d--h----- C:\Documents and settings\Gjest\AndrMask 2008-04-27 15:31 . 2008-04-27 15:31 <DIR> d-------- C:\Documents and settings\Gjest 2008-04-27 15:31 . 2008-05-17 23:28 1,024 --ah----- C:\Documents and settings\Gjest\ntuser.dat.LOG . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-18 15:06 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared 2008-05-15 20:02 9,004 ----a-w C:\Documents and settings\abcd\Programdata\wklnhst.dat 2008-04-28 18:20 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-04-28 16:42 --------- d-----w C:\Programfiler\Norton Internet Security 2008-04-28 16:26 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF 2008-04-28 16:26 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL 2008-04-28 16:26 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2008-04-28 16:26 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2008-04-28 16:26 --------- d-----w C:\Programfiler\Symantec 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-20 08:11 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys 2008-02-20 06:52 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 05:39 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2007-01-22 19:50 71,360 ----a-w C:\Documents and settings\abcd\Programdata\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((( snapshot@2008-05-16_20.27.25,76 ))))))))))))))))))))))))))))))))))))))))) . - 2007-01-20 09:04:39 1,200,128 ----a-w C:\WINDOWS\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll + 2008-05-16 20:40:07 1,200,128 ----a-w C:\WINDOWS\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll - 2007-01-20 08:33:29 1,257,472 ----a-w C:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll + 2008-05-16 19:11:25 1,265,664 ----a-w C:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll - 2004-10-01 15:34:57 1,224,704 ----a-w C:\WINDOWS\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll + 2008-05-16 19:11:26 1,232,896 ----a-w C:\WINDOWS\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll + 2008-05-16 21:16:06 61,440 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.0.3705\CustomMarshalers\1.0.3300.0__b03f5f7f11d50a3a_59d8716d\CustomMarshalers.dll + 2008-05-16 20:40:19 3,301,376 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.0.3705\mscorlib\1.0.3300.0__b77a5c561934e089_1e2dc234\mscorlib.dll + 2008-05-16 21:15:33 1,454,080 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.0.3705\System.Design\1.0.3300.0__b03f5f7f11d50a3a_bd6cf6ef\System.Design.dll + 2008-05-16 21:16:04 90,112 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.0.3705\System.Drawing.Design\1.0.3300.0__b03f5f7f11d50a3a_57cef002\System.Drawing.Design.dll + 2008-05-16 21:15:15 847,872 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.0.3705\System.Drawing\1.0.3300.0__b03f5f7f11d50a3a_afd4a924\System.Drawing.dll + 2008-05-16 21:15:58 2,953,216 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.0.3705\System.Windows.Forms\1.0.3300.0__b77a5c561934e089_c5bda493\System.Windows.Forms.dll + 2008-05-16 21:15:44 2,027,520 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.0.3705\System.Xml\1.0.3300.0__b77a5c561934e089_064cf421\System.Xml.dll + 2008-05-16 20:40:39 1,855,488 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.0.3705\System\1.0.3300.0__b77a5c561934e089_49db112a\System.dll + 2008-05-16 19:11:47 61,440 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_e4ec1498\CustomMarshalers.dll + 2008-05-16 19:12:15 3,391,488 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_1296505b\mscorlib.dll + 2008-05-16 19:12:09 1,466,368 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_bf43031a\System.Design.dll + 2008-05-16 19:11:50 90,112 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_b356a3a9\System.Drawing.Design.dll + 2008-05-16 19:12:11 835,584 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_60e3b334\System.Drawing.dll + 2008-05-16 19:11:57 3,018,752 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_a7be098a\System.Windows.Forms.dll + 2008-05-16 19:12:03 2,088,960 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_2dda2196\System.Xml.dll + 2008-05-16 19:11:45 1,966,080 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_a58a102f\System.dll - 2008-05-16 16:37:02 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-05-18 14:53:41 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2006-02-15 00:22:26 142,464 ------w C:\WINDOWS\Driver Cache\i386\aec.sys + 2006-03-17 00:33:10 262,784 ------w C:\WINDOWS\Driver Cache\i386\http.sys + 2006-06-14 08:47:45 172,416 ------w C:\WINDOWS\Driver Cache\i386\kmixer.sys - 2005-03-02 18:09:56 2,137,600 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe + 2007-02-28 16:05:16 2,138,112 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe - 2005-03-02 18:09:56 2,058,624 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe + 2007-02-28 16:05:26 2,059,392 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe - 2005-03-02 18:09:59 2,017,280 ------w C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe + 2007-02-28 16:05:16 2,017,792 ------w C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe - 2005-03-02 18:10:04 2,181,120 ------w C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe + 2007-02-28 16:05:27 2,182,144 ------w C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe + 2006-06-14 08:47:46 6,400 ------w C:\WINDOWS\Driver Cache\i386\splitter.sys + 2006-06-14 09:00:45 82,944 ------w C:\WINDOWS\Driver Cache\i386\wdmaud.sys - 2004-08-04 08:03:30 1,032,192 ----a-w C:\WINDOWS\explorer.exe + 2007-06-13 13:24:02 1,033,216 ----a-w C:\WINDOWS\explorer.exe - 2005-05-04 14:33:52 1,077,312 ----a-w C:\WINDOWS\Help\SBSI\Training\orun32.exe + 2006-08-21 13:57:14 1,077,321 ----a-w C:\WINDOWS\Help\SBSI\Training\orun32.exe + 2008-05-16 19:04:31 32,768 ----a-r C:\WINDOWS\Installer\{C04E32E0-0416-434D-AFB9-6969D703A9EF}\icon.exe - 2004-07-14 21:36:08 200,704 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll + 2007-01-02 14:34:04 200,704 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll - 2004-07-14 21:36:10 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe + 2007-01-02 14:34:04 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe - 2004-07-15 15:38:34 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\IEExec.exe + 2007-01-02 14:29:28 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\IEExec.exe - 2004-07-14 20:50:30 73,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorie.dll + 2007-01-02 14:29:12 73,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorie.dll - 2004-07-14 20:50:30 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorld.dll + 2007-01-02 14:29:12 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorld.dll - 2004-07-15 15:36:46 1,998,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorlib.dll + 2007-01-02 14:21:20 1,998,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorlib.dll - 2004-07-14 20:49:06 2,265,088 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorsvr.dll + 2007-01-02 14:28:28 2,273,280 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorsvr.dll - 2004-07-14 20:49:54 2,269,184 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll + 2007-01-02 14:28:46 2,281,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll - 2004-08-10 14:20:00 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\netfxupdate.exe + 2007-01-15 14:11:26 73,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\netfxupdate.exe + 2004-07-14 21:36:08 200,704 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\SHADOW1024\_aspnet_isapi.dll + 2004-07-14 20:50:22 69,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\SHADOW1024\_CORPerfMonExt.dll + 2004-07-14 20:48:20 233,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\SHADOW1024\_fusion.dll + 2004-07-14 20:48:28 303,104 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\SHADOW1024\_mscorjit.dll + 2004-07-15 15:36:46 1,998,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\SHADOW1024\_mscorlib.dll + 2004-07-14 20:50:34 69,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\SHADOW1024\_mscorsn.dll + 2004-07-14 20:49:06 2,265,088 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\SHADOW1024\_mscorsvr.dll + 2004-07-14 20:49:54 2,269,184 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\SHADOW1024\_mscorwks.dll + 2002-01-05 10:37:28 344,064 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\SHADOW1024\_msvcr70.dll + 2004-07-14 21:33:30 20,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\SHADOW1024\_PerfCounter.dll + 2004-07-14 21:36:08 200,704 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\SHADOW3116\_aspnet_isapi.dll + 2004-07-14 20:50:22 69,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\SHADOW3116\_CORPerfMonExt.dll + 2004-07-14 20:48:20 233,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\SHADOW3116\_fusion.dll + 2004-07-14 20:48:28 303,104 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\SHADOW3116\_mscorjit.dll + 2004-07-15 15:36:46 1,998,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\SHADOW3116\_mscorlib.dll + 2004-07-14 20:50:34 69,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\SHADOW3116\_mscorsn.dll + 2004-07-14 20:49:06 2,265,088 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\SHADOW3116\_mscorsvr.dll + 2004-07-14 20:49:54 2,269,184 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\SHADOW3116\_mscorwks.dll + 2002-01-05 10:37:28 344,064 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\SHADOW3116\_msvcr70.dll + 2004-07-14 21:33:30 20,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\SHADOW3116\_PerfCounter.dll - 2004-10-07 12:28:36 1,200,128 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Web.dll + 2007-01-02 14:40:24 1,200,128 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Web.dll - 2004-07-14 23:49:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll + 2007-04-13 19:30:52 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll - 2004-07-14 23:49:22 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe + 2007-04-13 19:30:52 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe - 2004-07-14 22:32:22 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll + 2007-04-13 18:57:52 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll - 2003-02-20 18:09:14 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorie.dll + 2007-04-13 18:57:58 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorie.dll - 2004-07-14 22:25:06 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll + 2007-04-13 18:56:30 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll - 2004-07-14 22:33:04 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll + 2007-04-13 18:58:00 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll - 2004-07-15 12:29:02 2,138,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll + 2007-04-13 18:50:46 2,142,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll - 2003-02-20 18:09:18 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll + 2007-04-13 18:58:02 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll - 2004-07-14 22:26:52 2,510,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll + 2007-04-13 18:57:00 2,523,136 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll - 2004-07-14 22:28:34 2,502,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll + 2007-04-13 18:57:28 2,514,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll - 2004-08-10 14:20:00 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe + 2007-01-15 14:11:26 73,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe + 2004-07-14 23:49:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3020\_aspnet_isapi.dll + 2004-07-14 22:32:22 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3020\_CORPerfMonExt.dll + 2004-07-14 22:24:30 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3020\_fusion.dll + 2004-07-14 22:25:06 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3020\_mscorjit.dll + 2004-07-15 12:29:02 2,138,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3020\_mscorlib.dll + 2003-02-20 18:09:18 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3020\_mscorsn.dll + 2004-07-14 22:26:52 2,510,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3020\_mscorsvr.dll + 2004-07-14 22:28:34 2,502,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3020\_mscorwks.dll + 2003-02-21 03:42:22 348,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3020\_msvcr71.dll + 2004-07-14 22:34:50 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3020\_PerfCounter.dll - 2004-07-15 12:31:16 1,224,704 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.dll + 2007-04-13 19:35:38 1,232,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.dll - 2004-10-08 05:20:12 1,257,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.dll + 2007-04-13 19:35:46 1,265,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.dll - 2004-08-04 08:03:06 41,984 ----a-w C:\WINDOWS\msagent\agentdp2.dll + 2006-10-12 14:05:19 42,496 ----a-w C:\WINDOWS\msagent\agentdp2.dll - 2005-04-22 05:09:23 57,344 ----a-w C:\WINDOWS\msagent\agentdpv.dll + 2007-03-09 13:48:18 57,344 ----a-w C:\WINDOWS\msagent\agentdpv.dll - 2004-08-04 08:03:27 256,512 ----a-w C:\WINDOWS\msagent\agentsvr.exe + 2006-10-12 11:09:53 256,512 ----a-w C:\WINDOWS\msagent\agentsvr.exe - 2004-08-04 08:03:06 1,016,832 ----a-w C:\WINDOWS\system32\browseui.dll + 2008-02-16 09:05:40 1,023,488 ----a-w C:\WINDOWS\system32\browseui.dll - 2004-08-04 08:03:07 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll + 2008-02-16 09:05:40 151,552 ----a-w C:\WINDOWS\system32\cdfview.dll - 2005-10-20 19:10:14 986,624 ----a-w C:\WINDOWS\system32\DANIM.DLL + 2008-02-16 09:05:41 1,054,720 ----a-w C:\WINDOWS\system32\danim.dll + 2006-10-12 14:05:19 42,496 -c----w C:\WINDOWS\system32\dllcache\agentdp2.dll - 2005-04-22 05:09:23 57,344 -c--a-w C:\WINDOWS\system32\dllcache\agentdpv.dll + 2007-03-09 13:48:18 57,344 -c--a-w C:\WINDOWS\system32\dllcache\agentdpv.dll + 2006-10-12 11:09:53 256,512 -c----w C:\WINDOWS\system32\dllcache\agentsvr.exe + 2008-02-16 09:05:40 1,023,488 -c----w C:\WINDOWS\system32\dllcache\browseui.dll + 2008-02-16 09:05:40 151,552 -c----w C:\WINDOWS\system32\dllcache\cdfview.dll - 2005-10-20 19:10:14 986,624 -c--a-w C:\WINDOWS\system32\dllcache\DANIM.DLL + 2008-02-16 09:05:41 1,054,720 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll + 2008-03-25 04:50:25 554,008 -c----w C:\WINDOWS\system32\dllcache\dao360.dll + 2007-05-16 15:19:42 86,528 -c----w C:\WINDOWS\system32\dllcache\directdb.dll - 2006-06-26 17:45:59 148,480 -c----w C:\WINDOWS\system32\dllcache\dnsapi.dll + 2008-02-20 05:39:05 148,992 -c----w C:\WINDOWS\system32\dllcache\dnsapi.dll + 2008-02-20 05:39:06 45,568 -c----w C:\WINDOWS\system32\dllcache\dnsrslvr.dll + 2006-08-24 11:18:20 498,742 -c----w C:\WINDOWS\system32\dllcache\dxmasf.dll + 2008-02-16 09:05:42 357,888 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll + 2008-02-16 09:05:42 205,312 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll + 2007-06-13 13:24:02 1,033,216 -c----w C:\WINDOWS\system32\dllcache\explorer.exe + 2008-02-16 09:05:42 55,808 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll + 2006-08-21 12:28:02 16,896 -c----w C:\WINDOWS\system32\dllcache\fltlib.dll + 2006-08-21 09:14:58 23,040 -c----w C:\WINDOWS\system32\dllcache\fltmc.exe + 2006-08-21 09:14:58 128,896 -c----w C:\WINDOWS\system32\dllcache\fltmgr.sys + 2008-02-20 06:52:04 282,624 -c----w C:\WINDOWS\system32\dllcache\gdi32.dll + 2008-02-15 09:23:37 18,432 -c----w C:\WINDOWS\system32\dllcache\iedw.exe + 2008-02-16 09:05:42 251,392 -c----w C:\WINDOWS\system32\dllcache\iepeers.dll + 2007-08-21 06:18:26 683,520 -c----w C:\WINDOWS\system32\dllcache\inetcomm.dll + 2008-02-16 09:05:42 96,768 -c----w C:\WINDOWS\system32\dllcache\inseng.dll - 2006-05-18 05:45:05 450,560 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll + 2007-12-18 14:43:09 450,560 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll + 2008-02-16 09:05:42 16,384 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll - 2006-07-05 10:57:15 985,088 -c----w C:\WINDOWS\system32\dllcache\kernel32.dll + 2007-04-16 15:54:45 985,600 -c----w C:\WINDOWS\system32\dllcache\kernel32.dll + 2006-06-14 08:47:45 172,416 -c----w C:\WINDOWS\system32\dllcache\kmixer.sys + 2007-11-07 09:30:24 721,920 -c----w C:\WINDOWS\system32\dllcache\lsasrv.dll + 2007-03-08 15:39:11 40,960 -c----w C:\WINDOWS\system32\dllcache\mf3216.dll - 2002-09-16 12:00:00 924,432 -c--a-w C:\WINDOWS\system32\dllcache\mfc40u.dll + 2006-11-01 19:19:13 927,504 -c--a-w C:\WINDOWS\system32\dllcache\mfc40u.dll + 2006-10-14 08:13:25 981,760 -c----w C:\WINDOWS\system32\dllcache\mfc42u.dll + 2007-12-18 09:51:35 179,584 -c----w C:\WINDOWS\system32\dllcache\mrxdav.sys + 2006-12-26 13:09:26 536,576 -c----w C:\WINDOWS\system32\dllcache\msado15.dll + 2006-12-26 13:09:26 180,224 -c----w C:\WINDOWS\system32\dllcache\msadomd.dll + 2006-12-26 13:09:26 200,704 -c----w C:\WINDOWS\system32\dllcache\msadox.dll + 2008-03-25 04:50:28 518,944 -c----w C:\WINDOWS\system32\dllcache\msexch40.dll + 2008-03-25 04:50:30 326,432 -c----w C:\WINDOWS\system32\dllcache\msexcl40.dll + 2006-11-27 14:55:50 539,136 -c----w C:\WINDOWS\system32\dllcache\msftedit.dll + 2008-02-16 22:35:48 3,080,704 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll + 2008-02-16 09:05:48 449,024 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll - 2005-05-03 11:58:36 2,890,240 -c--a-w C:\WINDOWS\system32\dllcache\msi.dll + 2007-04-18 16:15:14 2,854,400 -c--a-w C:\WINDOWS\system32\dllcache\msi.dll + 2008-03-25 04:50:34 1,516,568 -c----w C:\WINDOWS\system32\dllcache\msjet40.dll - 2004-03-01 18:52:15 358,976 -c--a-w C:\WINDOWS\system32\dllcache\msjetol1.dll + 2008-03-25 04:50:40 355,112 -c--a-w C:\WINDOWS\system32\dllcache\msjetol1.dll + 2008-03-25 04:51:59 166,688 -c----w C:\WINDOWS\system32\dllcache\msjint40.dll + 2006-12-26 13:09:26 102,400 -c----w C:\WINDOWS\system32\dllcache\msjro.dll + 2008-03-25 04:50:42 60,192 -c----w C:\WINDOWS\system32\dllcache\msjter40.dll + 2008-03-25 04:50:42 248,608 -c----w C:\WINDOWS\system32\dllcache\msjtes40.dll + 2008-03-25 04:50:44 219,936 -c----w C:\WINDOWS\system32\dllcache\msltus40.dll + 2007-05-16 15:19:43 1,314,816 -c----w C:\WINDOWS\system32\dllcache\msoe.dll + 2008-03-25 04:50:45 355,104 -c----w C:\WINDOWS\system32\dllcache\mspbde40.dll + 2008-02-16 09:05:48 146,432 -c----w C:\WINDOWS\system32\dllcache\msrating.dll + 2008-03-25 04:50:47 432,928 -c----w C:\WINDOWS\system32\dllcache\msrd2x40.dll + 2008-03-25 04:50:49 322,336 -c----w C:\WINDOWS\system32\dllcache\msrd3x40.dll + 2008-03-25 04:50:52 559,904 -c----w C:\WINDOWS\system32\dllcache\msrepl40.dll + 2008-03-25 04:50:55 264,992 -c----w C:\WINDOWS\system32\dllcache\mstext40.dll + 2008-02-16 09:05:48 532,480 -c----w C:\WINDOWS\system32\dllcache\mstime.dll + 2008-03-25 04:50:57 838,432 -c----w C:\WINDOWS\system32\dllcache\mswdat10.dll + 2008-03-25 04:51:59 621,344 -c----w C:\WINDOWS\system32\dllcache\mswstr10.dll + 2008-03-25 04:50:58 355,104 -c----w C:\WINDOWS\system32\dllcache\msxbde40.dll - 2006-09-13 05:07:08 1,084,416 -c--a-w C:\WINDOWS\system32\dllcache\msxml3.dll + 2007-06-26 06:10:37 1,104,896 -c--a-w C:\WINDOWS\system32\dllcache\msxml3.dll - 2006-07-14 15:41:10 332,288 -c----w C:\WINDOWS\system32\dllcache\netapi32.dll + 2006-08-17 12:30:01 332,288 -c----w C:\WINDOWS\system32\dllcache\netapi32.dll + 2007-02-09 11:10:35 574,464 -c----w C:\WINDOWS\system32\dllcache\ntfs.sys + 2007-02-28 16:05:16 2,138,112 -c----w C:\WINDOWS\system32\dllcache\ntkrnlmp.exe + 2007-02-28 16:05:26 2,059,392 -c----w C:\WINDOWS\system32\dllcache\ntkrnlpa.exe + 2007-02-28 16:05:16 2,017,792 -c----w C:\WINDOWS\system32\dllcache\ntkrpamp.exe + 2007-02-28 16:05:27 2,182,144 -c----w C:\WINDOWS\system32\dllcache\ntoskrnl.exe + 2006-10-13 12:41:29 141,824 -c----w C:\WINDOWS\system32\dllcache\nwprovau.dll + 2007-12-04 18:42:25 550,912 -c----w C:\WINDOWS\system32\dllcache\oleaut32.dll - 2002-09-16 12:00:00 117,760 -c--a-w C:\WINDOWS\system32\dllcache\oledlg.dll + 2006-10-16 16:16:24 122,880 -c--a-w C:\WINDOWS\system32\dllcache\oledlg.dll + 2008-02-16 09:05:49 39,424 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll + 2007-10-29 22:45:19 1,290,752 -c----w C:\WINDOWS\system32\dllcache\quartz.dll + 2006-11-27 14:55:50 433,152 -c----w C:\WINDOWS\system32\dllcache\riched20.dll + 2007-04-25 14:23:31 144,896 -c----w C:\WINDOWS\system32\dllcache\schannel.dll - 2006-09-04 06:13:54 1,494,016 -c----w C:\WINDOWS\system32\dllcache\shdocvw.dll + 2008-02-16 09:05:52 1,494,528 -c----w C:\WINDOWS\system32\dllcache\shdocvw.dll - 2006-07-13 13:36:23 8,459,776 -c----w C:\WINDOWS\system32\dllcache\shell32.dll + 2007-10-25 16:57:36 8,460,800 -c----w C:\WINDOWS\system32\dllcache\shell32.dll + 2008-02-16 09:05:52 474,112 -c----w C:\WINDOWS\system32\dllcache\shlwapi.dll + 2006-12-19 21:51:45 134,656 -c----w C:\WINDOWS\system32\dllcache\shsvcs.dll + 2006-06-14 08:47:46 6,400 -c----w C:\WINDOWS\system32\dllcache\splitter.sys + 2006-08-24 11:19:52 246,814 -c----w C:\WINDOWS\system32\dllcache\strmdll.dll + 2006-10-20 01:39:57 713,728 -c----w C:\WINDOWS\system32\dllcache\sxs.dll - 2006-04-20 11:51:50 359,808 -c----w C:\WINDOWS\system32\dllcache\tcpip.sys + 2007-10-30 17:20:55 360,064 -c----w C:\WINDOWS\system32\dllcache\tcpip.sys + 2007-04-23 10:32:54 364,160 -c----w C:\WINDOWS\system32\dllcache\update.sys + 2007-02-05 20:19:38 185,344 -c----w C:\WINDOWS\system32\dllcache\upnphost.dll + 2008-02-16 09:05:53 615,936 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll + 2007-03-08 15:39:11 577,536 -c----w C:\WINDOWS\system32\dllcache\user32.dll + 2007-12-18 14:43:09 417,792 -c----w C:\WINDOWS\system32\dllcache\vbscript.dll + 2007-06-26 13:57:31 851,968 -c----w C:\WINDOWS\system32\dllcache\vgx.dll + 2007-05-16 15:19:48 510,976 -c----w C:\WINDOWS\system32\dllcache\wab32.dll + 2007-05-16 15:19:50 85,504 -c----w C:\WINDOWS\system32\dllcache\wabimp.dll + 2006-06-14 09:00:45 82,944 -c----w C:\WINDOWS\system32\dllcache\wdmaud.sys + 2006-12-19 18:18:33 333,824 -c----w C:\WINDOWS\system32\dllcache\wiaservc.dll + 2008-03-20 08:11:33 1,845,248 -c----w C:\WINDOWS\system32\dllcache\win32k.sys + 2008-02-16 09:05:54 658,944 -c----w C:\WINDOWS\system32\dllcache\wininet.dll + 2007-03-17 13:45:38 292,864 -c----w C:\WINDOWS\system32\dllcache\winsrv.dll + 2006-08-17 12:30:01 132,096 -c----w C:\WINDOWS\system32\dllcache\wkssvc.dll + 2007-10-25 08:00:50 230,912 -c----w C:\WINDOWS\system32\dllcache\wmasf.dll - 2006-04-24 14:40:00 4,730,880 -c--a-w C:\WINDOWS\system32\dllcache\wmp.dll + 2007-04-30 00:22:16 4,734,976 -c--a-w C:\WINDOWS\system32\dllcache\wmp.dll + 2007-10-25 08:01:10 2,109,440 -c----w C:\WINDOWS\system32\dllcache\wmvcore.dll - 2006-06-26 17:45:59 148,480 ----a-w C:\WINDOWS\system32\dnsapi.dll + 2008-02-20 05:39:05 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll - 2004-08-04 05:39:36 142,464 ----a-w C:\WINDOWS\system32\drivers\aec.sys + 2006-02-15 00:22:26 142,464 ----a-w C:\WINDOWS\system32\drivers\aec.sys - 2004-08-04 06:01:19 124,800 ------w C:\WINDOWS\system32\drivers\fltmgr.sys + 2006-08-21 09:14:58 128,896 ------w C:\WINDOWS\system32\drivers\fltmgr.sys - 2004-08-04 06:00:13 263,040 ------w C:\WINDOWS\system32\drivers\http.sys + 2006-03-17 00:33:10 262,784 ------w C:\WINDOWS\system32\drivers\http.sys - 2004-08-04 06:04:50 134,912 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys + 2004-09-29 22:28:37 134,912 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys - 2004-08-04 06:07:48 171,776 ----a-w C:\WINDOWS\system32\drivers\kmixer.sys + 2006-06-14 08:47:45 172,416 ----a-w C:\WINDOWS\system32\drivers\kmixer.sys - 2004-08-04 06:00:56 181,248 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys + 2007-12-18 09:51:35 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys - 2004-08-04 06:15:09 574,592 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys + 2007-02-09 11:10:35 574,464 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys - 2002-09-16 12:00:00 27,440 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys + 2007-11-13 10:25:55 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys - 2004-08-04 06:07:47 6,400 ----a-w C:\WINDOWS\system32\drivers\splitter.sys + 2006-06-14 08:47:46 6,400 ----a-w C:\WINDOWS\system32\drivers\splitter.sys - 2006-04-20 11:51:50 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys + 2007-10-30 17:20:55 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys - 2004-08-04 05:58:32 209,408 ----a-w C:\WINDOWS\system32\drivers\update.sys + 2007-04-23 10:32:54 364,160 ----a-w C:\WINDOWS\system32\drivers\update.sys - 2004-08-04 06:15:04 82,944 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys + 2006-06-14 09:00:45 82,944 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys - 2004-08-04 08:03:09 497,693 ----a-w C:\WINDOWS\system32\dxmasf.dll + 2006-08-24 11:18:20 498,742 ----a-w C:\WINDOWS\system32\dxmasf.dll - 2004-08-04 08:03:09 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll + 2008-02-16 09:05:42 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll - 2004-08-04 08:03:09 201,728 ----a-w C:\WINDOWS\system32\dxtrans.dll + 2008-02-16 09:05:42 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll - 2004-08-04 08:03:10 55,808 ------w C:\WINDOWS\system32\extmgr.dll + 2008-02-16 09:05:42 55,808 ------w C:\WINDOWS\system32\extmgr.dll - 2004-08-04 08:03:10 16,896 ------w C:\WINDOWS\system32\fltlib.dll + 2006-08-21 12:28:02 16,896 ----a-w C:\WINDOWS\system32\fltlib.dll - 2004-08-04 08:03:30 22,528 ------w C:\WINDOWS\system32\fltmc.exe + 2006-08-21 09:14:58 23,040 ----a-w C:\WINDOWS\system32\fltmc.exe - 2008-05-16 16:36:48 250,288 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT + 2008-05-16 19:19:44 250,288 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT - 2004-08-04 08:03:12 249,344 ----a-w C:\WINDOWS\system32\iepeers.dll + 2008-02-16 09:05:42 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll - 2004-08-04 08:03:12 678,400 ----a-w C:\WINDOWS\system32\inetcomm.dll + 2007-08-21 06:18:26 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll - 2004-08-04 08:03:13 96,768 ----a-w C:\WINDOWS\system32\inseng.dll + 2008-02-16 09:05:42 96,768 ----a-w C:\WINDOWS\system32\inseng.dll - 2006-05-18 05:45:05 450,560 ----a-w C:\WINDOWS\system32\jscript.dll + 2007-12-18 14:43:09 450,560 ----a-w C:\WINDOWS\system32\jscript.dll - 2004-08-04 08:03:13 15,872 ----a-w C:\WINDOWS\system32\jsproxy.dll + 2008-02-16 09:05:42 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll - 2006-07-05 10:57:15 985,088 ----a-w C:\WINDOWS\system32\kernel32.dll + 2007-04-16 15:54:45 985,600 ----a-w C:\WINDOWS\system32\kernel32.dll - 2004-10-28 01:29:00 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll + 2007-11-07 09:30:24 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll - 2004-08-04 08:03:14 39,936 ----a-w C:\WINDOWS\system32\mf3216.dll + 2007-03-08 15:39:11 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll - 2002-09-16 12:00:00 924,432 ----a-w C:\WINDOWS\system32\mfc40u.dll + 2006-11-01 19:19:13 927,504 ----a-w C:\WINDOWS\system32\mfc40u.dll - 2004-08-04 08:03:14 1,024,000 ----a-w C:\WINDOWS\system32\mfc42u.dll + 2006-10-14 08:13:25 981,760 ----a-w C:\WINDOWS\system32\mfc42u.dll - 2008-04-06 05:56:20 19,836,024 ----a-w C:\WINDOWS\system32\MRT.exe + 2008-05-09 21:35:04 16,863,864 ----a-w C:\WINDOWS\system32\MRT.exe - 2004-07-14 22:24:50 155,648 ----a-w C:\WINDOWS\system32\mscoree.dll + 2006-12-22 10:28:14 271,360 ----a-w C:\WINDOWS\system32\mscoree.dll - 2004-08-04 08:03:16 512,029 ----a-w C:\WINDOWS\system32\msexch40.dll + 2008-03-25 04:50:28 518,944 ----a-w C:\WINDOWS\system32\msexch40.dll - 2004-08-04 08:03:16 319,517 ----a-w C:\WINDOWS\system32\msexcl40.dll + 2008-03-25 04:50:30 326,432 ----a-w C:\WINDOWS\system32\msexcl40.dll - 2004-08-04 08:03:16 537,088 ----a-w C:\WINDOWS\system32\msftedit.dll + 2006-11-27 14:55:50 539,136 ----a-w C:\WINDOWS\system32\msftedit.dll - 2004-08-04 08:03:16 3,003,392 ----a-w C:\WINDOWS\system32\mshtml.dll + 2008-02-16 22:35:48 3,080,704 ----a-w C:\WINDOWS\system32\mshtml.dll - 2004-08-04 08:03:16 448,512 ----a-w C:\WINDOWS\system32\mshtmled.dll + 2008-02-16 09:05:48 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll - 2005-05-03 11:58:36 2,890,240 ----a-w C:\WINDOWS\system32\msi.dll + 2007-04-18 16:15:14 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll - 2004-08-04 08:03:16 1,507,356 ----a-w C:\WINDOWS\system32\msjet40.dll + 2008-03-25 04:50:34 1,516,568 ----a-w C:\WINDOWS\system32\msjet40.dll - 2004-03-01 18:52:15 358,976 ----a-w C:\WINDOWS\system32\msjetoledb40.dll + 2008-03-25 04:50:40 355,112 ----a-w C:\WINDOWS\system32\msjetoledb40.dll - 2004-08-04 08:03:16 53,279 ----a-w C:\WINDOWS\system32\msjter40.dll + 2008-03-25 04:50:42 60,192 ----a-w C:\WINDOWS\system32\msjter40.dll - 2004-08-04 08:03:16 241,693 ----a-w C:\WINDOWS\system32\msjtes40.dll + 2008-03-25 04:50:42 248,608 ----a-w C:\WINDOWS\system32\msjtes40.dll - 2004-08-04 08:03:17 213,023 ----a-w C:\WINDOWS\system32\msltus40.dll + 2008-03-25 04:50:44 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll - 2004-08-04 08:03:17 348,189 ----a-w C:\WINDOWS\system32\mspbde40.dll + 2008-03-25 04:50:45 355,104 ----a-w C:\WINDOWS\system32\mspbde40.dll - 2004-08-04 08:03:17 146,432 ----a-w C:\WINDOWS\system32\msrating.dll + 2008-02-16 09:05:48 146,432 ----a-w C:\WINDOWS\system32\msrating.dll - 2004-08-04 08:03:17 421,919 ----a-w C:\WINDOWS\system32\msrd2x40.dll + 2008-03-25 04:50:47 432,928 ----a-w C:\WINDOWS\system32\msrd2x40.dll - 2004-08-04 08:03:17 315,423 ----a-w C:\WINDOWS\system32\msrd3x40.dll + 2008-03-25 04:50:49 322,336 ----a-w C:\WINDOWS\system32\msrd3x40.dll - 2004-08-04 08:03:17 552,989 ----a-w C:\WINDOWS\system32\msrepl40.dll + 2008-03-25 04:50:52 559,904 ----a-w C:\WINDOWS\system32\msrepl40.dll - 2004-08-04 08:03:17 258,077 ----a-w C:\WINDOWS\system32\mstext40.dll + 2008-03-25 04:50:55 264,992 ----a-w C:\WINDOWS\system32\mstext40.dll - 2004-08-04 08:03:17 530,432 ----a-w C:\WINDOWS\system32\mstime.dll + 2008-02-16 09:05:48 532,480 ----a-w C:\WINDOWS\system32\mstime.dll - 2004-08-04 08:03:17 831,519 ----a-w C:\WINDOWS\system32\mswdat10.dll + 2008-03-25 04:50:57 838,432 ----a-w C:\WINDOWS\system32\mswdat10.dll - 2004-08-04 08:03:18 348,189 ----a-w C:\WINDOWS\system32\msxbde40.dll + 2008-03-25 04:50:58 355,104 ----a-w C:\WINDOWS\system32\msxbde40.dll - 2006-09-13 05:07:08 1,084,416 ----a-w C:\WINDOWS\system32\msxml3.dll + 2007-06-26 06:10:37 1,104,896 ----a-w C:\WINDOWS\system32\msxml3.dll - 2002-02-04 03:52:54 1,230,336 ----a-w C:\WINDOWS\system32\msxml4.dll + 2007-05-08 13:03:04 1,275,392 ----a-w C:\WINDOWS\system32\msxml4.dll + 2006-12-22 11:02:36 6,144 ----a-w C:\WINDOWS\system32\mui\0409\mscorees.dll - 2006-07-14 15:41:10 332,288 ----a-w C:\WINDOWS\system32\netapi32.dll + 2006-08-17 12:30:01 332,288 ----a-w C:\WINDOWS\system32\netapi32.dll - 2005-03-02 18:09:56 2,058,624 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe + 2007-02-28 16:05:26 2,059,392 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe - 2005-03-02 18:10:04 2,181,120 ----a-w C:\WINDOWS\system32\ntoskrnl.exe + 2007-02-28 16:05:27 2,182,144 ----a-w C:\WINDOWS\system32\ntoskrnl.exe - 2004-08-04 08:03:19 143,872 ----a-w C:\WINDOWS\system32\nwprovau.dll + 2006-10-13 12:41:29 141,824 ----a-w C:\WINDOWS\system32\nwprovau.dll - 2004-08-04 08:03:19 553,472 ----a-w C:\WINDOWS\system32\oleaut32.dll + 2007-12-04 18:42:25 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll - 2002-09-16 12:00:00 117,760 ----a-w C:\WINDOWS\system32\oledlg.dll + 2006-10-16 16:16:24 122,880 ----a-w C:\WINDOWS\system32\oledlg.dll - 2008-05-16 16:40:14 52,148 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-05-16 19:22:54 52,148 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-05-16 16:40:14 59,668 ----a-w C:\WINDOWS\system32\perfc014.dat + 2008-05-16 19:22:54 59,668 ----a-w C:\WINDOWS\system32\perfc014.dat - 2008-05-16 16:40:14 376,350 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-05-16 19:22:54 376,350 ----a-w C:\WINDOWS\system32\perfh009.dat - 2008-05-16 16:40:14 381,504 ----a-w C:\WINDOWS\system32\perfh014.dat + 2008-05-16 19:22:55 381,504 ----a-w C:\WINDOWS\system32\perfh014.dat - 2004-08-04 08:03:20 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll + 2008-02-16 09:05:49 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll - 2004-08-04 08:03:20 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll + 2007-10-29 22:45:19 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll - 2004-08-04 08:03:20 431,616 ----a-w C:\WINDOWS\system32\riched20.dll + 2006-11-27 14:55:50 433,152 ----a-w C:\WINDOWS\system32\riched20.dll - 2004-08-04 08:03:20 581,120 ----a-w C:\WINDOWS\system32\rpcrt4.dll + 2007-07-09 13:11:54 584,192 ----a-w C:\WINDOWS\system32\rpcrt4.dll - 2004-08-04 08:03:21 144,896 ----a-w C:\WINDOWS\system32\schannel.dll + 2007-04-25 14:23:31 144,896 ----a-w C:\WINDOWS\system32\schannel.dll - 2006-09-04 06:13:54 1,494,016 ----a-w C:\WINDOWS\system32\shdocvw.dll + 2008-02-16 09:05:52 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll - 2006-07-13 13:36:23 8,459,776 ----a-w C:\WINDOWS\system32\shell32.dll + 2007-10-25 16:57:36 8,460,800 ----a-w C:\WINDOWS\system32\shell32.dll - 2005-09-02 23:55:06 473,600 ----a-w C:\WINDOWS\system32\shlwapi.dll + 2008-02-16 09:05:52 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll - 2004-08-04 08:03:22 134,656 ----a-w C:\WINDOWS\system32\shsvcs.dll + 2006-12-19 21:51:45 134,656 ----a-w C:\WINDOWS\system32\shsvcs.dll - 2005-10-12 23:20:56 14,560 ------w C:\WINDOWS\system32\spmsg.dll + 2006-01-19 19:29:41 14,560 ------w C:\WINDOWS\system32\spmsg.dll - 2005-06-28 09:21:34 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe + 2005-06-28 08:21:34 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe - 2004-08-04 08:03:23 246,302 ----a-w C:\WINDOWS\system32\strmdll.dll + 2006-08-24 11:19:52 246,814 ----a-w C:\WINDOWS\system32\strmdll.dll - 2004-08-04 08:03:23 713,728 ----a-w C:\WINDOWS\system32\sxs.dll + 2006-10-20 01:39:57 713,728 ----a-w C:\WINDOWS\system32\sxs.dll + 2007-11-13 11:31:11 60,416 ------w C:\WINDOWS\system32\tzchange.exe - 2004-08-04 08:03:24 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll + 2007-02-05 20:19:38 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll - 2004-08-04 08:03:24 601,088 ----a-w C:\WINDOWS\system32\urlmon.dll + 2008-02-16 09:05:53 615,936 ----a-w C:\WINDOWS\system32\urlmon.dll - 2005-03-02 18:19:19 577,024 ----a-w C:\WINDOWS\system32\user32.dll + 2007-03-08 15:39:11 577,536 ----a-w C:\WINDOWS\system32\user32.dll - 2004-08-04 08:03:24 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll + 2007-12-18 14:43:09 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll - 2004-08-04 08:03:25 333,312 ----a-w C:\WINDOWS\system32\wiaservc.dll + 2006-12-19 18:18:33 333,824 ----a-w C:\WINDOWS\system32\wiaservc.dll - 2004-08-04 08:03:25 655,872 ----a-w C:\WINDOWS\system32\wininet.dll + 2008-02-16 09:05:54 658,944 ----a-w C:\WINDOWS\system32\wininet.dll - 2005-09-01 02:28:08 291,840 ----a-w C:\WINDOWS\system32\winsrv.dll + 2007-03-17 13:45:38 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll - 2004-08-04 08:03:25 132,096 ----a-w C:\WINDOWS\system32\wkssvc.dll + 2006-08-17 12:30:01 132,096 ----a-w C:\WINDOWS\system32\wkssvc.dll - 2004-08-04 08:03:25 230,400 ----a-w C:\WINDOWS\system32\wmasf.dll + 2007-10-25 08:00:50 230,912 ----a-w C:\WINDOWS\system32\wmasf.dll - 2006-04-24 14:40:00 4,730,880 ----a-w C:\WINDOWS\system32\wmp.dll + 2007-04-30 00:22:16 4,734,976 ----a-w C:\WINDOWS\system32\wmp.dll - 2004-08-04 08:03:43 2,105,344 ----a-w C:\WINDOWS\system32\wmvcore.dll + 2007-10-25 08:01:10 2,109,440 ----a-w C:\WINDOWS\system32\wmvcore.dll - 2005-05-17 00:42:28 15,360 ----a-w C:\WINDOWS\system32\xpsp3res.dll + 2008-02-15 23:03:24 354,304 ----a-w C:\WINDOWS\system32\xpsp3res.dll + 2007-05-08 13:06:44 1,275,392 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9848.0_x-ww_1b897e9a\msxml4.dll + 2007-04-18 08:36:40 82,432 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll + 2007-01-19 12:52:09 74,802 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\atl.dll + 2007-01-19 12:52:09 995,383 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\mfc42.dll + 2007-01-19 12:52:09 1,011,774 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\mfc42u.dll + 2007-01-19 12:52:09 401,462 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\msvcp60.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:03 15360] "MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208] "swg"="C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-02-03 22:30 171448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2004-02-26 16:53 65024 C:\WINDOWS\SOUNDMAN.EXE] "SynTPLpr"="C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe" [2003-07-25 14:49 110592] "SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2003-07-25 14:47 618496] "ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-07-17 21:10 339968] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "LaunchAp"="C:\Programfiler\Launch Manager\LaunchAp.exe" [2004-08-06 14:04 32768] "HotkeyApp"="C:\Programfiler\Launch Manager\HotkeyApp.exe" [2004-07-26 15:39 49152] "CtrlVol"="C:\Programfiler\Launch Manager\CtrlVol.exe" [2003-09-16 14:28 20480] "LMgrOSD"="C:\Programfiler\Launch Manager\OSD.exe" [2004-07-26 14:52 204800] "Wbutton"="C:\Programfiler\Launch Manager\Wbutton.exe" [2004-08-06 14:49 73728] "DAEMON Tools-1033"="C:\Programfiler\D-Tools\daemon.exe" [2003-12-27 21:43 81920] "EPSON Stylus Photo R240 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.exe" [2005-04-25 06:00 98304] "ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2007-03-01 12:18 52840] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2006-10-25 19:58 282624] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2006-10-30 10:36 256576] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 16:07 49263] "Microsoft Works Update Detection"="C:\Programfiler\Fellesfiler\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-10 02:11 50688] "Telenor Online Start"="C:\Programfiler\Telenor\Online Start\Telenor.exe" [2006-11-30 14:51 178312] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "DJSNetCN"="C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe" [2005-11-01 10:33 54928] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 10:03 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\Messenger\\msmsgs.exe"= R0 d344bus;d344bus;C:\WINDOWS\system32\DRIVERS\d344bus.sys [2003-12-27 21:42] R0 d344prt;d344prt;C:\WINDOWS\system32\Drivers\d344prt.sys [2003-12-27 03:38] R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 11:27] S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys [] *Newly Created Service* - COMHOST . Contents of the 'Scheduled Tasks' folder "2008-05-16 18:01:30 C:\WINDOWS\Tasks\Norton AntiVirus - Kjør fullstendig systemsøk - abcd.job" - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe "2008-05-18 15:04:12 C:\WINDOWS\Tasks\Se etter oppdateringer for Windows Live Toolbar.job" - C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-18 17:06:46 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-05-18 17:10:05 ComboFix-quarantined-files.txt 2008-05-18 15:09:57 ComboFix2.txt 2008-05-16 18:27:56 Pre-Run: 16,544,727,040 byte ledig Post-Run: 16,536,748,032 byte ledig 602 --- E O F --- 2008-05-16 20:40:16 > HiJackThis-logg Klikk for å se/fjerne innholdet nedenfor <Logfile of Trend Micro HijackThis v2.0.2Scan saved at 17:13:28, on 18.05.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe C:\Programfiler\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programfiler\Launch Manager\LaunchAp.exe C:\Programfiler\Launch Manager\HotkeyApp.exe C:\Programfiler\Launch Manager\OSD.exe C:\Programfiler\Launch Manager\Wbutton.exe C:\Programfiler\D-Tools\daemon.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe C:\Programfiler\QuickTime\qttask.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\Java\jre1.5.0_10\bin\jusched.exe C:\Programfiler\Fellesfiler\Microsoft Shared\Works Shared\WkUFind.exe C:\Programfiler\Telenor\Online Start\Telenor.exe C:\Programfiler\iPod\bin\iPodService.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Messenger\msmsgs.exe C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Programfiler\Fellesfiler\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Programfiler\Java\jre1.5.0_10\bin\jucheck.exe C:\WINDOWS\explorer.exe C:\Documents and settings\abcd\Skrivebord\testing\Testing.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.online.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar3.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programfiler\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programfiler\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar3.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [LaunchAp] C:\Programfiler\Launch Manager\LaunchAp.exe O4 - HKLM\..\Run: [HotkeyApp] C:\Programfiler\Launch Manager\HotkeyApp.exe O4 - HKLM\..\Run: [CtrlVol] C:\Programfiler\Launch Manager\CtrlVol.exe O4 - HKLM\..\Run: [LMgrOSD] C:\Programfiler\Launch Manager\OSD.exe O4 - HKLM\..\Run: [Wbutton] "C:\Programfiler\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programfiler\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P30 "EPSON Stylus Photo R240 Series" /O6 "USB001" /M "Stylus Photo R240" O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programfiler\Fellesfiler\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [Telenor Online Start] "C:\Programfiler\Telenor\Online Start\Telenor.exe" O4 - HKLM\..\RunServices: [DJSNetCN] C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Åpne i ny bakgrunnsflik - res://C:\Programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/229?1a576e7e8eff4fa2a808dc80d04afc4c O8 - Extra context menu item: Åpne i ny forgrunnsflik - res://C:\Programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/230?1a576e7e8eff4fa2a808dc80d04afc4c O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1096627073104 O16 - DPF: {B69B0694-EB7C-4468-B572-B781062A1EF2} (KooPlayer Control) - http://static.mediazone.com/player/1.0.0.67/MZPlayer.CAB O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Programfiler\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Programfiler\CA\SharedComponents\CA_LIC\lic98rmtd.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Norton Internet Security\comHost.exe O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Programfiler\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 11376 bytes >
norbat Skrevet 18. mai 2008 Skrevet 18. mai 2008 Ser greit ut dette Bruk utforsker til å slette følgende fil: C:\WINDOWS\imsins.BAK Oppdater java: http://java.com/en/download/index.jsp Gå til windowds update (start->Alle programmer->windows update) og sjekk om det ligger noen oppdateringer der (bla. IE 7,....)
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå