eUnaas Skrevet 17. desember 2008 Forfatter Del Skrevet 17. desember 2008 (endret) http://www.hardware.no/artikler/hasteoppda...ng_for_ie/66608 kanskje dette kan bli redningen min? Endret 17. desember 2008 av eunaas Lenke til kommentar
norbat Skrevet 17. desember 2008 Del Skrevet 17. desember 2008 Jeg trenger en ny combofix-logg Lenke til kommentar
eUnaas Skrevet 17. desember 2008 Forfatter Del Skrevet 17. desember 2008 Klikk for å se/fjerne spoilerteksten nedenfor ComboFix 08-12-14.04 - eUnaas 2008-12-17 11:11:42.9 - NTFSx86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.2814.1998 [GMT 1:00] Kjører fra: c:\documents and settings\eUnaas\Skrivebord\ComboFix.exe . ((((((((((((((((((((((((((( Filer Opprettet Fra 2008-11-17 til 2008-12-17 ))))))))))))))))))))))))))))))))) . 2008-12-17 07:54 . 2008-12-17 07:54 244 --ah----- C:\sqmnoopt04.sqm 2008-12-17 07:54 . 2008-12-17 07:54 232 --ah----- C:\sqmdata04.sqm 2008-12-17 03:25 . 2008-12-17 03:25 29,388 --a------ c:\windows\system32\msmp3.exe 2008-12-17 03:24 . 2008-12-17 03:24 30,392 --a------ c:\windows\system32\avcenter.exe 2008-12-17 03:24 . 2008-12-17 03:24 25,402 --a------ c:\windows\system32\naxmgr.exe 2008-12-17 00:54 . 2008-12-17 00:54 <DIR> d-------- c:\programfiler\Unlocker 2008-12-13 03:04 . 2008-12-13 03:04 118 --a------ c:\windows\system32\MRT.INI 2008-12-10 21:04 . 2008-12-10 21:04 <DIR> d-------- c:\documents and settings\eUnaas\Programdata\PC Suite 2008-12-10 21:04 . 2008-12-10 21:04 <DIR> d-------- c:\documents and settings\eUnaas\Programdata\Nokia 2008-12-10 21:04 . 2008-12-10 21:04 <DIR> d-------- c:\documents and settings\All Users\Programdata\PC Suite 2008-12-10 21:03 . 2008-12-10 21:03 <DIR> d-------- c:\programfiler\Fellesfiler\PCSuite 2008-12-10 21:03 . 2008-12-10 21:03 <DIR> d-------- c:\programfiler\Fellesfiler\Nokia 2008-12-10 21:03 . 2008-12-10 21:03 <DIR> d-------- c:\programfiler\DIFX 2008-12-10 21:03 . 2007-09-17 15:53 21,632 --a------ c:\windows\system32\drivers\pccsmcfd.sys 2008-12-10 21:02 . 2008-12-10 21:02 <DIR> d-------- c:\programfiler\PC Connectivity Solution 2008-12-10 21:02 . 2008-12-10 21:03 <DIR> d-------- c:\programfiler\Nokia 2008-12-10 21:02 . 2008-12-10 21:02 <DIR> d-------- c:\documents and settings\All Users\Programdata\Installations 2008-12-10 21:02 . 2008-05-07 07:38 90,624 --a------ c:\windows\system32\nmwcdcls.dll 2008-12-07 20:14 . 2008-12-07 20:13 410,984 --a------ c:\windows\system32\deploytk.dll 2008-12-06 16:10 . 2008-12-06 17:00 <DIR> d-------- c:\documents and settings\eUnaas\DoctorWeb 2008-12-06 15:10 . 2008-12-06 15:10 <DIR> d-------- C:\Program Files 2008-12-04 13:11 . 2008-04-07 05:38 45,392 -ra------ c:\windows\system32\AdobePDF.dll 2008-12-04 13:11 . 2008-04-07 05:38 22,872 -ra------ c:\windows\system32\AdobePDFUI.dll 2008-12-02 23:29 . 2008-12-02 23:29 7,680 --ahs---- c:\windows\Thumbs.db 2008-12-02 22:53 . 2008-12-02 22:53 <DIR> d-------- c:\documents and settings\All Users\Programdata\SUPERAntiSpyware.com 2008-12-02 22:52 . 2008-12-09 15:01 <DIR> d-------- c:\programfiler\SUPERAntiSpyware 2008-12-02 22:52 . 2008-12-02 22:52 <DIR> d-------- c:\documents and settings\eUnaas\Programdata\SUPERAntiSpyware.com 2008-11-25 13:15 . 2008-11-25 13:15 <DIR> d-------- c:\programfiler\iPod 2008-11-25 13:15 . 2008-11-25 13:15 <DIR> d-------- c:\documents and settings\All Users\Programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-11-24 19:20 . 2008-08-14 14:27 2,190,976 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe 2008-11-24 19:20 . 2008-08-14 14:27 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe 2008-11-24 19:20 . 2008-08-14 14:27 2,067,840 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe 2008-11-24 19:20 . 2008-08-14 14:27 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe 2008-11-24 19:20 . 2008-09-15 16:29 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys 2008-11-24 19:20 . 2008-09-08 11:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys 2008-11-24 19:20 . 2008-08-14 11:04 138,496 -----c--- c:\windows\system32\dllcache\afd.sys 2008-11-24 19:17 . 2008-04-11 20:06 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll 2008-11-24 19:17 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys 2008-11-24 19:17 . 2008-05-01 15:38 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll 2008-11-24 19:16 . 2008-09-04 18:17 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll 2008-11-24 19:15 . 2008-10-15 17:38 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll 2008-11-24 18:54 . 2008-12-15 12:19 <DIR> d-------- c:\programfiler\Malwarebytes' Anti-Malware 2008-11-24 18:54 . 2008-11-24 18:54 <DIR> d-------- c:\documents and settings\eUnaas\Programdata\Malwarebytes 2008-11-24 18:54 . 2008-11-24 18:54 <DIR> d-------- c:\documents and settings\All Users\Programdata\Malwarebytes 2008-11-24 18:54 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-11-24 18:54 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-11-23 17:16 . 2008-11-23 17:17 <DIR> d-------- c:\programfiler\Bongo 1.0 2008-11-23 02:41 . 2008-11-23 02:41 <DIR> d-------- c:\programfiler\WIBU-SYSTEMS 2008-11-23 02:41 . 2008-11-23 02:41 <DIR> d-------- c:\programfiler\Fellesfiler\ChaosGroup 2008-11-23 02:41 . 2008-11-23 02:41 <DIR> d-------- c:\programfiler\Chaos Group 2008-11-17 01:35 . 2008-11-20 23:21 16,827 --a------ c:\windows\system32\drivers\hosts . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-17 00:24 --------- d-----w c:\documents and settings\eUnaas\Programdata\CoreFTP 2008-12-13 02:05 --------- d-----w c:\documents and settings\All Users\Programdata\Microsoft Help 2008-12-11 13:11 --------- d-----w c:\programfiler\T-Splines for Rhino 2008-12-09 16:19 --------- d-----w c:\programfiler\Free MOV 2 AVI 2008-12-09 16:19 --------- d-----w c:\programfiler\Autodesk 2008-12-09 16:15 --------- d-----w c:\programfiler\Fellesfiler\Apple 2008-12-09 16:09 --------- d-----w c:\programfiler\Fellesfiler\Wise Installation Wizard 2008-12-07 19:13 --------- d-----w c:\programfiler\Java 2008-12-05 08:50 --------- d-----w c:\programfiler\Fellesfiler\Adobe 2008-12-04 22:11 --------- d-----w c:\documents and settings\eUnaas\Programdata\uTorrent 2008-12-02 22:29 --------- d-----w c:\programfiler\AV Vcs 6.0 DIAMOND 2008-12-02 22:29 --------- d-----w c:\programfiler\AndreaMosaic Beta 2008-12-02 21:30 --------- d-----w c:\programfiler\Bonjour 2008-11-30 23:34 --------- d-----w c:\documents and settings\All Users\Programdata\FLEXnet 2008-11-25 23:52 --------- d-----w c:\programfiler\QuickTime 2008-11-25 12:15 --------- d-----w c:\programfiler\iTunes 2008-11-23 17:21 --------- d-----w c:\documents and settings\eUnaas\Programdata\dvdcss 2008-11-12 20:43 --------- d-----w c:\programfiler\Fellesfiler\BinarySense 2008-11-12 20:43 --------- d-----w c:\programfiler\BinarySense 2008-11-12 08:56 --------- d-----w c:\documents and settings\All Users\Programdata\Autodesk 2008-11-07 23:11 --------- d-----w c:\documents and settings\All Users\Programdata\ALM 2008-11-07 23:05 --------- d-----w c:\programfiler\Fellesfiler\Adobe AIR 2008-11-06 22:09 --------- d-----w c:\documents and settings\eUnaas\Programdata\Autodesk 2008-11-06 22:05 --------- d-----w c:\documents and settings\All Users\Programdata\WinZip 2008-11-06 22:00 --------- d-----w c:\programfiler\turbo squid tentacles 2008-11-06 21:58 --------- d-----w c:\programfiler\Fellesfiler\Autodesk Shared 2008-11-05 04:32 2,048 ----a-w c:\windows\system32\sysprs7.dll 2008-11-05 04:32 --------- d-----w c:\documents and settings\All Users\Programdata\Minnetonka Audio Software 2008-11-05 03:51 --------- d-----w c:\documents and settings\eUnaas\Programdata\vlc 2008-11-05 03:45 --------- d-----w c:\programfiler\K-Lite Codec Pack 2008-11-03 12:10 --------- d-----w c:\documents and settings\All Users\Programdata\McNeel 2008-11-03 00:23 --------- d-----w c:\documents and settings\All Users\Programdata\TSplines 2008-11-03 00:17 --------- d--h--w c:\programfiler\InstallShield Installation Information 2008-11-03 00:17 --------- d-----w c:\documents and settings\All Users\Programdata\ASGvis 2008-11-03 00:16 --------- d-----w c:\documents and settings\All Users\Programdata\InstallShield 2008-11-03 00:15 --------- d-----w c:\programfiler\Fellesfiler\InstallShield 2008-11-02 20:59 --------- d-----w c:\programfiler\Rhinoceros 4.0 2008-11-02 20:50 --------- d-----w c:\programfiler\Flamingo 1.1 2008-11-02 20:31 --------- d-----w c:\programfiler\Rhinoceros 3.0 2008-11-02 20:28 --------- d-----w c:\programfiler\Common Files 2008-11-01 00:34 --------- d-----w c:\programfiler\MagicDisc 2008-11-01 00:15 --------- d-----w c:\programfiler\ISOpen 2008-10-31 13:22 --------- d-----w c:\programfiler\Audacity 2008-10-29 15:06 --------- d-----w c:\programfiler\Google 2008-10-25 23:40 --------- d-----w c:\programfiler\Sony Ericsson 2008-10-25 23:29 --------- d-----w c:\programfiler\Symbian 2008-10-25 23:29 --------- d-----w c:\programfiler\Fellesfiler\Teleca Shared 2008-10-25 23:29 --------- d-----w c:\programfiler\Fellesfiler\Sony Ericsson Shared 2008-10-25 23:27 --------- d-----w c:\documents and settings\All Users\Programdata\Teleca 2008-10-25 23:27 --------- d-----w c:\documents and settings\All Users\Programdata\Sony Ericsson 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-23 12:43 286,720 ----a-w c:\windows\system32\gdi32.dll 2008-10-22 00:46 400 ----a-w c:\windows\system32\drivers\egxkxz_445.set.bak 2008-10-22 00:46 400 ----a-w c:\windows\system32\drivers\biusvhm144.dat.bak 2008-10-21 22:16 --------- d-----w c:\programfiler\CES EduPack 2008 2008-10-18 10:06 --------- d-----w c:\programfiler\HD Tune Pro 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll 2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll 2008-10-16 01:02 665,600 ----a-w c:\windows\system32\wininet.dll 2008-10-03 10:04 247,326 ----a-w c:\windows\system32\strmdll.dll 2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll 2007-03-13 22:20 35,979 ----a-w c:\programfiler\Photoshop CS3 Read Me.html . ((((((((((((((((((((((((((((( snapshot_2008-12-15_12.57.58.29 ))))))))))))))))))))))))))))))))))))))))) . + 2008-12-17 06:56:57 16,384 ----atw c:\windows\temp\Perflib_Perfdata_630.dat . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HDDtemp4"="c:\programfiler\BinarySense\HDDTemp4\\hddtemp4" [X] "MsnMsgr"="c:\programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "mRouterConfig"="c:\programfiler\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe" [2006-03-02 290816] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programfiler\Fellesfiler\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136] "SUPERAntiSpyware"="c:\programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-09 1809648] "Nokia.PCSync"="c:\programfiler\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280] "PC Suite Tray"="c:\programfiler\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-10-02 1124352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\System32\igfxtray.exe" [2005-04-05 94208] "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2005-04-05 77824] "Persistence"="c:\windows\System32\igfxpers.exe" [2005-04-05 114688] "GrooveMonitor"="c:\programfiler\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2008-12-07 136600] "Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "Adobe Photo Downloader"="c:\programfiler\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe" [2008-04-01 61440] "NeroFilterCheck"="c:\programfiler\Fellesfiler\Nero\Lib\NeroCheck.exe" [2008-02-28 570664] "NBKeyScan"="c:\programfiler\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "Jet Detection"="c:\programfiler\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-20 8429568] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-20 81920] "PC Suite for Smartphones"="c:\programfiler\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" [2007-12-25 548864] "AdobeCS4ServiceManager"="c:\programfiler\Fellesfiler\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "QuickTime Task"="c:\programfiler\QuickTime\QTTask.exe" [2008-11-04 413696] "iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe" [2008-11-20 290088] "Adobe Acrobat Speed Launcher"="c:\programfiler\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232] "Acrobat Assistant 8.0"="c:\programfiler\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376] "avcenter"="c:\windows\system32\avcenter.exe" [2008-12-17 30392] "naxmgr"="c:\windows\system32\naxmgr.exe" [2008-12-17 25402] "msmp3"="c:\windows\system32\msmp3.exe" [2008-12-17 29388] "WINDVDPatch"="CTHELPER.EXE" [2002-07-02 c:\windows\system32\CTHELPER.EXE] "nwiz"="nwiz.exe" [2007-04-20 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\eUnaas\Start-meny\Programmer\Oppstart\ MagicDisc.lnk - c:\programfiler\MagicDisc\MagicDisc.exe [2008-11-01 575488] OneNote 2007 Screen Clipper og Launcher.lnk - c:\programfiler\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ PC-s›k i Windows.lnk - c:\programfiler\Windows Desktop Search\WindowsSearch.exe [2007-02-05 118784] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programfiler\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-09 15:01 352256 c:\programfiler\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3fhg"= mp3fhg.acm "msacm.divxa32"= divxa32.acm "VIDC.X264"= x264vfw.dll "VIDC.HFYU"= huffyuv.dll "vidc.i263"= i263_32.drv [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "c:\\Programfiler\\uTorrent\\uTorrent.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Programfiler\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Programfiler\\Intuwave\\Shared\\mRouterRuntime\\mRouterRuntime.exe"= "c:\\Programfiler\\LimeWire\\LimeWire.exe"= "c:\\Programfiler\\Sony Ericsson\\Mobile4\\Sync Manager\\DXP SyncML.exe"= "c:\\Programfiler\\AVG\\AVG8\\avgupd.exe"= "c:\\Programfiler\\Sony Ericsson\\Update Service\\Update Service.exe"= "c:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "c:\\Programfiler\\Rhinoceros 4.0\\System\\Rhino4.exe"= "c:\\Programfiler\\Autodesk\\3ds Max 2008\\3dsmax.exe"= "c:\\Programfiler\\Fellesfiler\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\Programfiler\\iTunes\\iTunes.exe"= "skp66.exe"= skp66.exe:BNDMSS "cleannt.exe"= cleannt.exe:BNDMSS [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:TCP"= 5353:TCP:Adobe CSI CS4 R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-07-06 97928] R1 SASDIFSV;SASDIFSV;\??\c:\programfiler\SUPERAntiSpyware\SASDIFSV.SYS [2008-11-17 8944] R1 SASKUTIL;SASKUTIL;\??\c:\programfiler\SUPERAntiSpyware\SASKUTIL.sys [2008-11-17 55024] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-06 231704] R2 HDD & SSD access service;HDD & SSD access service;c:\programfiler\Fellesfiler\BinarySense\disksvc.exe [2008-11-06 174848] R3 SASENUM;SASENUM;\??\c:\programfiler\SUPERAntiSpyware\SASENUM.SYS [2008-11-17 7408] R3 zebrceb;Sony Ericsson Cable Emulation Bus (WDM);c:\windows\system32\DRIVERS\zebrceb.sys [2008-06-23 63360] S3 UltraMonMirror;UltraMonMirror;c:\windows\system32\DRIVERS\UltraMonMirror.sys [] S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl.sys [] S3 zebrbus;Sony Ericsson Composite Device driver;c:\windows\system32\DRIVERS\zebrbus.sys [2008-06-23 83200] S3 zebrmdfl;Sony Ericsson Modem Filter;c:\windows\system32\DRIVERS\zebrmdfl.sys [2008-06-23 14848] S3 zebrmdm;Sony Ericsson Port (WDM);c:\windows\system32\DRIVERS\zebrmdm.sys [2008-06-23 109568] S3 zebrmdmc;Sony Ericsson mRouter Port (WDM);c:\windows\system32\DRIVERS\zebrmdmc.sys [2008-06-23 109568] S3 zebrsce;Sony Ericsson PC-Connect Port;c:\windows\system32\DRIVERS\zebrsce.sys [2008-06-23 91264] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2008-12-16 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.google.no/ uInternet Settings,ProxyOverride = *.local IE: Append Link Target to Existing PDF - c:\programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\programfiler\CoreFTP\pftpns.dll c:\windows\Downloaded Program Files\WCAFLauncher.ocx - O16 -: {8AC7E0D3-34B8-11D5-A617-00D0B7838ECB} hxxps://rootxtra01.hafslund.no/include/launcher/WCAFLauncher.CAB c:\windows\Downloaded Program Files\WCAFLauncher.INF FF - ProfilePath - c:\documents and settings\eUnaas\Programdata\Mozilla\Firefox\Profiles\4a4w5d3l.default\ FF - plugin: c:\documents and settings\eUnaas\Lokale innstillinger\Programdata\myVRnpapi\npmyvr.dll FF - plugin: c:\programfiler\iTunes\Mozilla Plugins\npitunes.dll FF - plugin: c:\programfiler\Java\jre6\bin\new_plugin\npdeploytk.dll FF - plugin: c:\programfiler\Java\jre6\bin\new_plugin\npjp2.dll FF - plugin: c:\programfiler\Mozilla Firefox\plugins\npdeploytk.dll FF - plugin: c:\programfiler\Mozilla Firefox\plugins\npOGAPlugin.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-17 11:14:21 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(656) c:\windows\system32\avgrsstx.dll c:\programfiler\SUPERAntiSpyware\SASWINLO.DLL c:\programfiler\Fellesfiler\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll - - - - - - - > 'lsass.exe'(720) c:\windows\system32\avgrsstx.dll . Tidspunkt ferdig: 2008-12-17 11:16:12 ComboFix-quarantined-files.txt 2008-12-17 10:16:04 ComboFix2.txt 2008-12-15 23:32:09 ComboFix3.txt 2008-12-15 17:59:23 ComboFix4.txt 2008-12-15 11:58:30 ComboFix5.txt 2008-12-17 10:11:26 Pre-Run: 13 758 586 880 byte ledig Post-Run: 13,752,410,112 byte ledig 293 --- E O F --- 2008-12-13 02:06:07 [spoiler/] Lenke til kommentar
eUnaas Skrevet 19. desember 2008 Forfatter Del Skrevet 19. desember 2008 (endret) Jeg sliter fremdeles med noe. Jeg forstår ikke dette helt. Har jeg en eller annen fil som ingen finner, men som driver og smitter resten av pcen? Om dere ser på bildet jeg legger ved. Så, når jeg starter pcen, får jeg spørsmål om en eller annen key. Aner ikke hva dette er. Jeg får også stadig script feil fra Iexplorer. Morro, for jeg bruker aldri Iexplorer, har heller aldri spilt partypoker. Og i oppgavebehandling, så ser dere et par av disse jævelprogrammene som tydligvis kjører og lager faen for meg. Combo Klikk for å se/fjerne spoilerteksten nedenfor ComboFix 08-12-14.04 - eUnaas 2008-12-19 10:29:11.10 - NTFSx86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.2814.1885 [GMT 1:00] Kjører fra: c:\documents and settings\eUnaas\Skrivebord\ComboFix.exe . ((((((((((((((((((((((((((( Filer Opprettet Fra 2008-11-19 til 2008-12-19 ))))))))))))))))))))))))))))))))) . 2008-12-17 07:54 . 2008-12-17 07:54 244 --ah----- C:\sqmnoopt04.sqm 2008-12-17 07:54 . 2008-12-17 07:54 232 --ah----- C:\sqmdata04.sqm 2008-12-17 03:25 . 2008-12-17 03:25 29,388 --a------ c:\windows\system32\msmp3.exe 2008-12-17 03:24 . 2008-12-17 03:24 30,392 --a------ c:\windows\system32\avcenter.exe 2008-12-17 03:24 . 2008-12-17 03:24 25,402 --a------ c:\windows\system32\naxmgr.exe 2008-12-17 00:54 . 2008-12-17 00:54 <DIR> d-------- c:\programfiler\Unlocker 2008-12-13 03:04 . 2008-12-13 03:04 118 --a------ c:\windows\system32\MRT.INI 2008-12-10 21:04 . 2008-12-10 21:04 <DIR> d-------- c:\documents and settings\eUnaas\Programdata\PC Suite 2008-12-10 21:04 . 2008-12-10 21:04 <DIR> d-------- c:\documents and settings\eUnaas\Programdata\Nokia 2008-12-10 21:04 . 2008-12-10 21:04 <DIR> d-------- c:\documents and settings\All Users\Programdata\PC Suite 2008-12-10 21:03 . 2008-12-10 21:03 <DIR> d-------- c:\programfiler\Fellesfiler\PCSuite 2008-12-10 21:03 . 2008-12-10 21:03 <DIR> d-------- c:\programfiler\Fellesfiler\Nokia 2008-12-10 21:03 . 2008-12-10 21:03 <DIR> d-------- c:\programfiler\DIFX 2008-12-10 21:03 . 2007-09-17 15:53 21,632 --a------ c:\windows\system32\drivers\pccsmcfd.sys 2008-12-10 21:02 . 2008-12-10 21:02 <DIR> d-------- c:\programfiler\PC Connectivity Solution 2008-12-10 21:02 . 2008-12-10 21:03 <DIR> d-------- c:\programfiler\Nokia 2008-12-10 21:02 . 2008-12-10 21:02 <DIR> d-------- c:\documents and settings\All Users\Programdata\Installations 2008-12-10 21:02 . 2008-05-07 07:38 90,624 --a------ c:\windows\system32\nmwcdcls.dll 2008-12-07 20:14 . 2008-12-07 20:13 410,984 --a------ c:\windows\system32\deploytk.dll 2008-12-06 16:10 . 2008-12-06 17:00 <DIR> d-------- c:\documents and settings\eUnaas\DoctorWeb 2008-12-06 15:10 . 2008-12-06 15:10 <DIR> d-------- C:\Program Files 2008-12-04 13:11 . 2008-04-07 05:38 45,392 -ra------ c:\windows\system32\AdobePDF.dll 2008-12-04 13:11 . 2008-04-07 05:38 22,872 -ra------ c:\windows\system32\AdobePDFUI.dll 2008-12-02 23:29 . 2008-12-02 23:29 7,680 --ahs---- c:\windows\Thumbs.db 2008-12-02 22:53 . 2008-12-02 22:53 <DIR> d-------- c:\documents and settings\All Users\Programdata\SUPERAntiSpyware.com 2008-12-02 22:52 . 2008-12-09 15:01 <DIR> d-------- c:\programfiler\SUPERAntiSpyware 2008-12-02 22:52 . 2008-12-02 22:52 <DIR> d-------- c:\documents and settings\eUnaas\Programdata\SUPERAntiSpyware.com 2008-11-25 13:15 . 2008-11-25 13:15 <DIR> d-------- c:\programfiler\iPod 2008-11-25 13:15 . 2008-11-25 13:15 <DIR> d-------- c:\documents and settings\All Users\Programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-11-24 19:20 . 2008-08-14 14:27 2,190,976 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe 2008-11-24 19:20 . 2008-08-14 14:27 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe 2008-11-24 19:20 . 2008-08-14 14:27 2,067,840 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe 2008-11-24 19:20 . 2008-08-14 14:27 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe 2008-11-24 19:20 . 2008-09-15 16:29 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys 2008-11-24 19:20 . 2008-09-08 11:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys 2008-11-24 19:20 . 2008-08-14 11:04 138,496 -----c--- c:\windows\system32\dllcache\afd.sys 2008-11-24 19:17 . 2008-04-11 20:06 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll 2008-11-24 19:17 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys 2008-11-24 19:17 . 2008-05-01 15:38 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll 2008-11-24 19:16 . 2008-09-04 18:17 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll 2008-11-24 19:15 . 2008-10-15 17:38 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll 2008-11-24 18:54 . 2008-12-15 12:19 <DIR> d-------- c:\programfiler\Malwarebytes' Anti-Malware 2008-11-24 18:54 . 2008-11-24 18:54 <DIR> d-------- c:\documents and settings\eUnaas\Programdata\Malwarebytes 2008-11-24 18:54 . 2008-11-24 18:54 <DIR> d-------- c:\documents and settings\All Users\Programdata\Malwarebytes 2008-11-24 18:54 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-11-24 18:54 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-11-23 17:16 . 2008-11-23 17:17 <DIR> d-------- c:\programfiler\Bongo 1.0 2008-11-23 02:41 . 2008-11-23 02:41 <DIR> d-------- c:\programfiler\WIBU-SYSTEMS 2008-11-23 02:41 . 2008-11-23 02:41 <DIR> d-------- c:\programfiler\Fellesfiler\ChaosGroup 2008-11-23 02:41 . 2008-11-23 02:41 <DIR> d-------- c:\programfiler\Chaos Group . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-18 09:48 --------- d-----w c:\documents and settings\eUnaas\Programdata\CoreFTP 2008-12-13 02:05 --------- d-----w c:\documents and settings\All Users\Programdata\Microsoft Help 2008-12-11 13:11 --------- d-----w c:\programfiler\T-Splines for Rhino 2008-12-09 16:19 --------- d-----w c:\programfiler\Free MOV 2 AVI 2008-12-09 16:19 --------- d-----w c:\programfiler\Autodesk 2008-12-09 16:15 --------- d-----w c:\programfiler\Fellesfiler\Apple 2008-12-09 16:09 --------- d-----w c:\programfiler\Fellesfiler\Wise Installation Wizard 2008-12-07 19:13 --------- d-----w c:\programfiler\Java 2008-12-05 08:50 --------- d-----w c:\programfiler\Fellesfiler\Adobe 2008-12-04 22:11 --------- d-----w c:\documents and settings\eUnaas\Programdata\uTorrent 2008-12-02 22:29 --------- d-----w c:\programfiler\AV Vcs 6.0 DIAMOND 2008-12-02 22:29 --------- d-----w c:\programfiler\AndreaMosaic Beta 2008-12-02 21:30 --------- d-----w c:\programfiler\Bonjour 2008-11-30 23:34 --------- d-----w c:\documents and settings\All Users\Programdata\FLEXnet 2008-11-25 23:52 --------- d-----w c:\programfiler\QuickTime 2008-11-25 12:15 --------- d-----w c:\programfiler\iTunes 2008-11-23 17:21 --------- d-----w c:\documents and settings\eUnaas\Programdata\dvdcss 2008-11-20 22:21 16,827 ----a-w c:\windows\system32\drivers\hosts 2008-11-12 20:43 --------- d-----w c:\programfiler\Fellesfiler\BinarySense 2008-11-12 20:43 --------- d-----w c:\programfiler\BinarySense 2008-11-12 08:56 --------- d-----w c:\documents and settings\All Users\Programdata\Autodesk 2008-11-07 23:11 --------- d-----w c:\documents and settings\All Users\Programdata\ALM 2008-11-07 23:05 --------- d-----w c:\programfiler\Fellesfiler\Adobe AIR 2008-11-06 22:09 --------- d-----w c:\documents and settings\eUnaas\Programdata\Autodesk 2008-11-06 22:05 --------- d-----w c:\documents and settings\All Users\Programdata\WinZip 2008-11-06 22:00 --------- d-----w c:\programfiler\turbo squid tentacles 2008-11-06 21:58 --------- d-----w c:\programfiler\Fellesfiler\Autodesk Shared 2008-11-05 04:32 2,048 ----a-w c:\windows\system32\sysprs7.dll 2008-11-05 04:32 --------- d-----w c:\documents and settings\All Users\Programdata\Minnetonka Audio Software 2008-11-05 03:51 --------- d-----w c:\documents and settings\eUnaas\Programdata\vlc 2008-11-05 03:45 --------- d-----w c:\programfiler\K-Lite Codec Pack 2008-11-03 12:10 --------- d-----w c:\documents and settings\All Users\Programdata\McNeel 2008-11-03 00:23 --------- d-----w c:\documents and settings\All Users\Programdata\TSplines 2008-11-03 00:17 --------- d--h--w c:\programfiler\InstallShield Installation Information 2008-11-03 00:17 --------- d-----w c:\documents and settings\All Users\Programdata\ASGvis 2008-11-03 00:16 --------- d-----w c:\documents and settings\All Users\Programdata\InstallShield 2008-11-03 00:15 --------- d-----w c:\programfiler\Fellesfiler\InstallShield 2008-11-02 20:59 --------- d-----w c:\programfiler\Rhinoceros 4.0 2008-11-02 20:50 --------- d-----w c:\programfiler\Flamingo 1.1 2008-11-02 20:31 --------- d-----w c:\programfiler\Rhinoceros 3.0 2008-11-02 20:28 --------- d-----w c:\programfiler\Common Files 2008-11-01 00:34 --------- d-----w c:\programfiler\MagicDisc 2008-11-01 00:15 --------- d-----w c:\programfiler\ISOpen 2008-10-31 13:22 --------- d-----w c:\programfiler\Audacity 2008-10-29 15:06 --------- d-----w c:\programfiler\Google 2008-10-25 23:40 --------- d-----w c:\programfiler\Sony Ericsson 2008-10-25 23:29 --------- d-----w c:\programfiler\Symbian 2008-10-25 23:29 --------- d-----w c:\programfiler\Fellesfiler\Teleca Shared 2008-10-25 23:29 --------- d-----w c:\programfiler\Fellesfiler\Sony Ericsson Shared 2008-10-25 23:27 --------- d-----w c:\documents and settings\All Users\Programdata\Teleca 2008-10-25 23:27 --------- d-----w c:\documents and settings\All Users\Programdata\Sony Ericsson 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-23 12:43 286,720 ----a-w c:\windows\system32\gdi32.dll 2008-10-22 00:46 400 ----a-w c:\windows\system32\drivers\egxkxz_445.set.bak 2008-10-22 00:46 400 ----a-w c:\windows\system32\drivers\biusvhm144.dat.bak 2008-10-21 22:16 --------- d-----w c:\programfiler\CES EduPack 2008 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll 2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll 2008-10-16 01:02 665,600 ----a-w c:\windows\system32\wininet.dll 2008-10-03 10:04 247,326 ----a-w c:\windows\system32\strmdll.dll 2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll 2007-03-13 22:20 35,979 ----a-w c:\programfiler\Photoshop CS3 Read Me.html . ((((((((((((((((((((((((((((( snapshot_2008-12-15_12.57.58.29 ))))))))))))))))))))))))))))))))))))))))) . - 2008-10-16 01:02:36 3,088,896 -c----w c:\windows\system32\dllcache\mshtml.dll + 2008-12-12 17:04:27 3,088,896 -c----w c:\windows\system32\dllcache\mshtml.dll - 2008-10-16 01:02:36 3,088,896 ----a-w c:\windows\system32\mshtml.dll + 2008-12-12 17:04:27 3,088,896 ----a-w c:\windows\system32\mshtml.dll + 2008-12-19 02:07:25 16,384 ----atw c:\windows\temp\Perflib_Perfdata_6a0.dat . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HDDtemp4"="c:\programfiler\BinarySense\HDDTemp4\\hddtemp4" [X] "MsnMsgr"="c:\programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "mRouterConfig"="c:\programfiler\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe" [2006-03-02 290816] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programfiler\Fellesfiler\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136] "SUPERAntiSpyware"="c:\programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-09 1809648] "Nokia.PCSync"="c:\programfiler\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280] "PC Suite Tray"="c:\programfiler\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-10-02 1124352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\System32\igfxtray.exe" [2005-04-05 94208] "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2005-04-05 77824] "Persistence"="c:\windows\System32\igfxpers.exe" [2005-04-05 114688] "GrooveMonitor"="c:\programfiler\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2008-12-07 136600] "Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "Adobe Photo Downloader"="c:\programfiler\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe" [2008-04-01 61440] "NeroFilterCheck"="c:\programfiler\Fellesfiler\Nero\Lib\NeroCheck.exe" [2008-02-28 570664] "NBKeyScan"="c:\programfiler\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "Jet Detection"="c:\programfiler\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-20 8429568] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-20 81920] "PC Suite for Smartphones"="c:\programfiler\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" [2007-12-25 548864] "AdobeCS4ServiceManager"="c:\programfiler\Fellesfiler\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "QuickTime Task"="c:\programfiler\QuickTime\QTTask.exe" [2008-11-04 413696] "iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe" [2008-11-20 290088] "Adobe Acrobat Speed Launcher"="c:\programfiler\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232] "Acrobat Assistant 8.0"="c:\programfiler\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376] "avcenter"="c:\windows\system32\avcenter.exe" [2008-12-17 30392] "naxmgr"="c:\windows\system32\naxmgr.exe" [2008-12-17 25402] "msmp3"="c:\windows\system32\msmp3.exe" [2008-12-17 29388] "WINDVDPatch"="CTHELPER.EXE" [2002-07-02 c:\windows\system32\CTHELPER.EXE] "nwiz"="nwiz.exe" [2007-04-20 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\eUnaas\Start-meny\Programmer\Oppstart\ MagicDisc.lnk - c:\programfiler\MagicDisc\MagicDisc.exe [2008-11-01 575488] OneNote 2007 Screen Clipper og Launcher.lnk - c:\programfiler\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ PC-s›k i Windows.lnk - c:\programfiler\Windows Desktop Search\WindowsSearch.exe [2007-02-05 118784] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programfiler\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-09 15:01 352256 c:\programfiler\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3fhg"= mp3fhg.acm "msacm.divxa32"= divxa32.acm "VIDC.X264"= x264vfw.dll "VIDC.HFYU"= huffyuv.dll "vidc.i263"= i263_32.drv [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "c:\\Programfiler\\uTorrent\\uTorrent.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Programfiler\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Programfiler\\Intuwave\\Shared\\mRouterRuntime\\mRouterRuntime.exe"= "c:\\Programfiler\\LimeWire\\LimeWire.exe"= "c:\\Programfiler\\Sony Ericsson\\Mobile4\\Sync Manager\\DXP SyncML.exe"= "c:\\Programfiler\\AVG\\AVG8\\avgupd.exe"= "c:\\Programfiler\\Sony Ericsson\\Update Service\\Update Service.exe"= "c:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "c:\\Programfiler\\Rhinoceros 4.0\\System\\Rhino4.exe"= "c:\\Programfiler\\Autodesk\\3ds Max 2008\\3dsmax.exe"= "c:\\Programfiler\\Fellesfiler\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\Programfiler\\iTunes\\iTunes.exe"= "skp66.exe"= skp66.exe:BNDMSS "cleannt.exe"= cleannt.exe:BNDMSS [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:TCP"= 5353:TCP:Adobe CSI CS4 R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-07-06 97928] R1 SASDIFSV;SASDIFSV;\??\c:\programfiler\SUPERAntiSpyware\SASDIFSV.SYS [2008-11-17 8944] R1 SASKUTIL;SASKUTIL;\??\c:\programfiler\SUPERAntiSpyware\SASKUTIL.sys [2008-11-17 55024] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-06 231704] R2 HDD & SSD access service;HDD & SSD access service;c:\programfiler\Fellesfiler\BinarySense\disksvc.exe [2008-11-06 174848] R3 SASENUM;SASENUM;\??\c:\programfiler\SUPERAntiSpyware\SASENUM.SYS [2008-11-17 7408] R3 zebrceb;Sony Ericsson Cable Emulation Bus (WDM);c:\windows\system32\DRIVERS\zebrceb.sys [2008-06-23 63360] S3 UltraMonMirror;UltraMonMirror;c:\windows\system32\DRIVERS\UltraMonMirror.sys [] S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl.sys [] S3 zebrbus;Sony Ericsson Composite Device driver;c:\windows\system32\DRIVERS\zebrbus.sys [2008-06-23 83200] S3 zebrmdfl;Sony Ericsson Modem Filter;c:\windows\system32\DRIVERS\zebrmdfl.sys [2008-06-23 14848] S3 zebrmdm;Sony Ericsson Port (WDM);c:\windows\system32\DRIVERS\zebrmdm.sys [2008-06-23 109568] S3 zebrmdmc;Sony Ericsson mRouter Port (WDM);c:\windows\system32\DRIVERS\zebrmdmc.sys [2008-06-23 109568] S3 zebrsce;Sony Ericsson PC-Connect Port;c:\windows\system32\DRIVERS\zebrsce.sys [2008-06-23 91264] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2008-12-16 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.google.no/ uInternet Settings,ProxyOverride = *.local IE: Append Link Target to Existing PDF - c:\programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\programfiler\CoreFTP\pftpns.dll c:\windows\Downloaded Program Files\WCAFLauncher.ocx - O16 -: {8AC7E0D3-34B8-11D5-A617-00D0B7838ECB} hxxps://rootxtra01.hafslund.no/include/launcher/WCAFLauncher.CAB c:\windows\Downloaded Program Files\WCAFLauncher.INF FF - ProfilePath - c:\documents and settings\eUnaas\Programdata\Mozilla\Firefox\Profiles\4a4w5d3l.default\ FF - plugin: c:\documents and settings\eUnaas\Lokale innstillinger\Programdata\myVRnpapi\npmyvr.dll FF - plugin: c:\programfiler\iTunes\Mozilla Plugins\npitunes.dll FF - plugin: c:\programfiler\Java\jre6\bin\new_plugin\npdeploytk.dll FF - plugin: c:\programfiler\Java\jre6\bin\new_plugin\npjp2.dll FF - plugin: c:\programfiler\Mozilla Firefox\plugins\npdeploytk.dll FF - plugin: c:\programfiler\Mozilla Firefox\plugins\npOGAPlugin.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-19 10:32:45 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(660) c:\windows\system32\avgrsstx.dll c:\programfiler\SUPERAntiSpyware\SASWINLO.DLL c:\programfiler\Fellesfiler\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll c:\windows\system32\MSVCP60.dll - - - - - - - > 'lsass.exe'(772) c:\windows\system32\avgrsstx.dll . Tidspunkt ferdig: 2008-12-19 10:34:07 ComboFix-quarantined-files.txt 2008-12-19 09:33:48 ComboFix2.txt 2008-12-17 10:16:13 ComboFix3.txt 2008-12-15 23:32:09 ComboFix4.txt 2008-12-15 17:59:23 ComboFix5.txt 2008-12-19 09:28:58 Pre-Run: 12 859 772 928 byte ledig Post-Run: 13,145,235,456 byte ledig 297 --- E O F --- 2008-12-19 02:00:34 [spoiler/] Endret 19. desember 2008 av eunaas Lenke til kommentar
raWrz Skrevet 19. desember 2008 Del Skrevet 19. desember 2008 Trykk Start - Alle Programmer - Tilbehør - Notisblokk Kopier og Lim inn teksten i kodeboksen nedenfor, inn i Notisblokken: File:: c:\windows\system32\msmp3.exe c:\windows\system32\avcenter.exe c:\windows\system32\naxmgr.exe c:\windows\system32\sysprs7.dll Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avcenter"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "naxmgr"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msmp3"=- Lagre det som CFScript på Skrivebordet Dra CFScript over ComboFix.exe som ligger på Skrivebordet, slik animasjonen nedenfor viser. Dette vil starte ComboFix igjen. Hvis maskinen ber om en omstart, lar du den gjøre det med én gang. Post innholdet til ComboFix.txt inn i ditt neste svar på forumet. Lenke til kommentar
eUnaas Skrevet 19. desember 2008 Forfatter Del Skrevet 19. desember 2008 ComboFix 08-12-14.04 - eUnaas 2008-12-19 15:37:29.11 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.2814.2039 [GMT 1:00] Kjører fra: c:\documents and settings\eUnaas\Skrivebord\ComboFix.exe Command switches brukt :: c:\documents and settings\eUnaas\Skrivebord\CFScript.txt * Opprettet nytt gjenopprettingspunkt FILE :: c:\windows\system32\avcenter.exe c:\windows\system32\msmp3.exe c:\windows\system32\naxmgr.exe c:\windows\system32\sysprs7.dll . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\avcenter.exe c:\windows\system32\msmp3.exe c:\windows\system32\naxmgr.exe c:\windows\system32\sysprs7.dll . ((((((((((((((((((((((((((( Filer Opprettet Fra 2008-11-19 til 2008-12-19 ))))))))))))))))))))))))))))))))) . 2008-12-17 07:54 . 2008-12-17 07:54 244 --ah----- C:\sqmnoopt04.sqm 2008-12-17 07:54 . 2008-12-17 07:54 232 --ah----- C:\sqmdata04.sqm 2008-12-17 00:54 . 2008-12-17 00:54 <DIR> d-------- c:\programfiler\Unlocker 2008-12-13 03:04 . 2008-12-13 03:04 118 --a------ c:\windows\system32\MRT.INI 2008-12-10 21:04 . 2008-12-10 21:04 <DIR> d-------- c:\documents and settings\eUnaas\Programdata\PC Suite 2008-12-10 21:04 . 2008-12-10 21:04 <DIR> d-------- c:\documents and settings\eUnaas\Programdata\Nokia 2008-12-10 21:04 . 2008-12-10 21:04 <DIR> d-------- c:\documents and settings\All Users\Programdata\PC Suite 2008-12-10 21:03 . 2008-12-10 21:03 <DIR> d-------- c:\programfiler\Fellesfiler\PCSuite 2008-12-10 21:03 . 2008-12-10 21:03 <DIR> d-------- c:\programfiler\Fellesfiler\Nokia 2008-12-10 21:03 . 2008-12-10 21:03 <DIR> d-------- c:\programfiler\DIFX 2008-12-10 21:03 . 2007-09-17 15:53 21,632 --a------ c:\windows\system32\drivers\pccsmcfd.sys 2008-12-10 21:02 . 2008-12-10 21:02 <DIR> d-------- c:\programfiler\PC Connectivity Solution 2008-12-10 21:02 . 2008-12-10 21:03 <DIR> d-------- c:\programfiler\Nokia 2008-12-10 21:02 . 2008-12-10 21:02 <DIR> d-------- c:\documents and settings\All Users\Programdata\Installations 2008-12-10 21:02 . 2008-05-07 07:38 90,624 --a------ c:\windows\system32\nmwcdcls.dll 2008-12-07 20:14 . 2008-12-07 20:13 410,984 --a------ c:\windows\system32\deploytk.dll 2008-12-06 16:10 . 2008-12-06 17:00 <DIR> d-------- c:\documents and settings\eUnaas\DoctorWeb 2008-12-06 15:10 . 2008-12-06 15:10 <DIR> d-------- C:\Program Files 2008-12-04 13:11 . 2008-04-07 05:38 45,392 -ra------ c:\windows\system32\AdobePDF.dll 2008-12-04 13:11 . 2008-04-07 05:38 22,872 -ra------ c:\windows\system32\AdobePDFUI.dll 2008-12-02 23:29 . 2008-12-02 23:29 7,680 --ahs---- c:\windows\Thumbs.db 2008-12-02 22:53 . 2008-12-02 22:53 <DIR> d-------- c:\documents and settings\All Users\Programdata\SUPERAntiSpyware.com 2008-12-02 22:52 . 2008-12-09 15:01 <DIR> d-------- c:\programfiler\SUPERAntiSpyware 2008-12-02 22:52 . 2008-12-02 22:52 <DIR> d-------- c:\documents and settings\eUnaas\Programdata\SUPERAntiSpyware.com 2008-11-25 13:15 . 2008-11-25 13:15 <DIR> d-------- c:\programfiler\iPod 2008-11-25 13:15 . 2008-11-25 13:15 <DIR> d-------- c:\documents and settings\All Users\Programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-11-24 19:20 . 2008-08-14 14:27 2,190,976 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe 2008-11-24 19:20 . 2008-08-14 14:27 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe 2008-11-24 19:20 . 2008-08-14 14:27 2,067,840 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe 2008-11-24 19:20 . 2008-08-14 14:27 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe 2008-11-24 19:20 . 2008-09-15 16:29 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys 2008-11-24 19:20 . 2008-09-08 11:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys 2008-11-24 19:20 . 2008-08-14 11:04 138,496 -----c--- c:\windows\system32\dllcache\afd.sys 2008-11-24 19:17 . 2008-04-11 20:06 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll 2008-11-24 19:17 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys 2008-11-24 19:17 . 2008-05-01 15:38 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll 2008-11-24 19:16 . 2008-09-04 18:17 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll 2008-11-24 19:15 . 2008-10-15 17:38 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll 2008-11-24 18:54 . 2008-12-15 12:19 <DIR> d-------- c:\programfiler\Malwarebytes' Anti-Malware 2008-11-24 18:54 . 2008-11-24 18:54 <DIR> d-------- c:\documents and settings\eUnaas\Programdata\Malwarebytes 2008-11-24 18:54 . 2008-11-24 18:54 <DIR> d-------- c:\documents and settings\All Users\Programdata\Malwarebytes 2008-11-24 18:54 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-11-24 18:54 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-11-23 17:16 . 2008-11-23 17:17 <DIR> d-------- c:\programfiler\Bongo 1.0 2008-11-23 02:41 . 2008-11-23 02:41 <DIR> d-------- c:\programfiler\WIBU-SYSTEMS 2008-11-23 02:41 . 2008-11-23 02:41 <DIR> d-------- c:\programfiler\Fellesfiler\ChaosGroup 2008-11-23 02:41 . 2008-11-23 02:41 <DIR> d-------- c:\programfiler\Chaos Group 2008-11-21 22:46 . 2008-11-21 22:46 1,044,480 --a------ c:\windows\system32\libdivx.dll 2008-11-21 22:46 . 2008-11-21 22:46 200,704 --a------ c:\windows\system32\ssldivx.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-19 10:03 --------- d-----w c:\programfiler\DivX 2008-12-18 09:48 --------- d-----w c:\documents and settings\eUnaas\Programdata\CoreFTP 2008-12-13 02:05 --------- d-----w c:\documents and settings\All Users\Programdata\Microsoft Help 2008-12-11 13:11 --------- d-----w c:\programfiler\T-Splines for Rhino 2008-12-09 16:19 --------- d-----w c:\programfiler\Free MOV 2 AVI 2008-12-09 16:19 --------- d-----w c:\programfiler\Autodesk 2008-12-09 16:15 --------- d-----w c:\programfiler\Fellesfiler\Apple 2008-12-09 16:09 --------- d-----w c:\programfiler\Fellesfiler\Wise Installation Wizard 2008-12-07 19:13 --------- d-----w c:\programfiler\Java 2008-12-05 08:50 --------- d-----w c:\programfiler\Fellesfiler\Adobe 2008-12-04 22:11 --------- d-----w c:\documents and settings\eUnaas\Programdata\uTorrent 2008-12-02 22:29 --------- d-----w c:\programfiler\AV Vcs 6.0 DIAMOND 2008-12-02 22:29 --------- d-----w c:\programfiler\AndreaMosaic Beta 2008-12-02 21:30 --------- d-----w c:\programfiler\Bonjour 2008-11-30 23:34 --------- d-----w c:\documents and settings\All Users\Programdata\FLEXnet 2008-11-25 23:52 --------- d-----w c:\programfiler\QuickTime 2008-11-25 12:15 --------- d-----w c:\programfiler\iTunes 2008-11-23 17:21 --------- d-----w c:\documents and settings\eUnaas\Programdata\dvdcss 2008-11-20 22:21 16,827 ----a-w c:\windows\system32\drivers\hosts 2008-11-12 20:43 --------- d-----w c:\programfiler\Fellesfiler\BinarySense 2008-11-12 20:43 --------- d-----w c:\programfiler\BinarySense 2008-11-12 08:56 --------- d-----w c:\documents and settings\All Users\Programdata\Autodesk 2008-11-07 23:11 --------- d-----w c:\documents and settings\All Users\Programdata\ALM 2008-11-07 23:05 --------- d-----w c:\programfiler\Fellesfiler\Adobe AIR 2008-11-06 22:09 --------- d-----w c:\documents and settings\eUnaas\Programdata\Autodesk 2008-11-06 22:05 --------- d-----w c:\documents and settings\All Users\Programdata\WinZip 2008-11-06 22:00 --------- d-----w c:\programfiler\turbo squid tentacles 2008-11-06 21:58 --------- d-----w c:\programfiler\Fellesfiler\Autodesk Shared 2008-11-05 04:32 --------- d-----w c:\documents and settings\All Users\Programdata\Minnetonka Audio Software 2008-11-05 03:51 --------- d-----w c:\documents and settings\eUnaas\Programdata\vlc 2008-11-05 03:45 --------- d-----w c:\programfiler\K-Lite Codec Pack 2008-11-03 12:10 --------- d-----w c:\documents and settings\All Users\Programdata\McNeel 2008-11-03 00:23 --------- d-----w c:\documents and settings\All Users\Programdata\TSplines 2008-11-03 00:17 --------- d--h--w c:\programfiler\InstallShield Installation Information 2008-11-03 00:17 --------- d-----w c:\documents and settings\All Users\Programdata\ASGvis 2008-11-03 00:16 --------- d-----w c:\documents and settings\All Users\Programdata\InstallShield 2008-11-03 00:15 --------- d-----w c:\programfiler\Fellesfiler\InstallShield 2008-11-02 20:59 --------- d-----w c:\programfiler\Rhinoceros 4.0 2008-11-02 20:50 --------- d-----w c:\programfiler\Flamingo 1.1 2008-11-02 20:31 --------- d-----w c:\programfiler\Rhinoceros 3.0 2008-11-02 20:28 --------- d-----w c:\programfiler\Common Files 2008-11-01 00:34 --------- d-----w c:\programfiler\MagicDisc 2008-11-01 00:15 --------- d-----w c:\programfiler\ISOpen 2008-10-31 13:22 --------- d-----w c:\programfiler\Audacity 2008-10-29 15:06 --------- d-----w c:\programfiler\Google 2008-10-25 23:40 --------- d-----w c:\programfiler\Sony Ericsson 2008-10-25 23:29 --------- d-----w c:\programfiler\Symbian 2008-10-25 23:29 --------- d-----w c:\programfiler\Fellesfiler\Teleca Shared 2008-10-25 23:29 --------- d-----w c:\programfiler\Fellesfiler\Sony Ericsson Shared 2008-10-25 23:27 --------- d-----w c:\documents and settings\All Users\Programdata\Teleca 2008-10-25 23:27 --------- d-----w c:\documents and settings\All Users\Programdata\Sony Ericsson 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-23 12:43 286,720 ----a-w c:\windows\system32\gdi32.dll 2008-10-22 00:46 400 ----a-w c:\windows\system32\drivers\egxkxz_445.set.bak 2008-10-22 00:46 400 ----a-w c:\windows\system32\drivers\biusvhm144.dat.bak 2008-10-21 22:16 --------- d-----w c:\programfiler\CES EduPack 2008 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll 2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll 2008-10-16 01:02 665,600 ----a-w c:\windows\system32\wininet.dll 2008-10-03 10:04 247,326 ----a-w c:\windows\system32\strmdll.dll 2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll 2007-03-13 22:20 35,979 ----a-w c:\programfiler\Photoshop CS3 Read Me.html . ((((((((((((((((((((((((((((( snapshot_2008-12-15_12.57.58.29 ))))))))))))))))))))))))))))))))))))))))) . - 2008-10-16 01:02:36 3,088,896 -c----w c:\windows\system32\dllcache\mshtml.dll + 2008-12-12 17:04:27 3,088,896 -c----w c:\windows\system32\dllcache\mshtml.dll - 2008-10-16 01:02:36 3,088,896 ----a-w c:\windows\system32\mshtml.dll + 2008-12-12 17:04:27 3,088,896 ----a-w c:\windows\system32\mshtml.dll + 2008-12-19 02:07:25 16,384 ----atw c:\windows\temp\Perflib_Perfdata_6a0.dat . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HDDtemp4"="c:\programfiler\BinarySense\HDDTemp4\\hddtemp4" [X] "MsnMsgr"="c:\programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "mRouterConfig"="c:\programfiler\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe" [2006-03-02 290816] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programfiler\Fellesfiler\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136] "SUPERAntiSpyware"="c:\programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-09 1809648] "Nokia.PCSync"="c:\programfiler\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280] "PC Suite Tray"="c:\programfiler\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-10-02 1124352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\System32\igfxtray.exe" [2005-04-05 94208] "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2005-04-05 77824] "Persistence"="c:\windows\System32\igfxpers.exe" [2005-04-05 114688] "GrooveMonitor"="c:\programfiler\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2008-12-07 136600] "Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "Adobe Photo Downloader"="c:\programfiler\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe" [2008-04-01 61440] "NeroFilterCheck"="c:\programfiler\Fellesfiler\Nero\Lib\NeroCheck.exe" [2008-02-28 570664] "NBKeyScan"="c:\programfiler\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "Jet Detection"="c:\programfiler\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-20 8429568] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-20 81920] "PC Suite for Smartphones"="c:\programfiler\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" [2007-12-25 548864] "AdobeCS4ServiceManager"="c:\programfiler\Fellesfiler\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "QuickTime Task"="c:\programfiler\QuickTime\QTTask.exe" [2008-11-04 413696] "iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe" [2008-11-20 290088] "Adobe Acrobat Speed Launcher"="c:\programfiler\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232] "Acrobat Assistant 8.0"="c:\programfiler\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376] "WINDVDPatch"="CTHELPER.EXE" [2002-07-02 c:\windows\system32\CTHELPER.EXE] "nwiz"="nwiz.exe" [2007-04-20 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\eUnaas\Start-meny\Programmer\Oppstart\ MagicDisc.lnk - c:\programfiler\MagicDisc\MagicDisc.exe [2008-11-01 575488] OneNote 2007 Screen Clipper og Launcher.lnk - c:\programfiler\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ PC-s›k i Windows.lnk - c:\programfiler\Windows Desktop Search\WindowsSearch.exe [2007-02-05 118784] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programfiler\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-09 15:01 352256 c:\programfiler\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3fhg"= mp3fhg.acm "msacm.divxa32"= divxa32.acm "VIDC.X264"= x264vfw.dll "VIDC.HFYU"= huffyuv.dll "vidc.i263"= i263_32.drv [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "c:\\Programfiler\\uTorrent\\uTorrent.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Programfiler\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Programfiler\\Intuwave\\Shared\\mRouterRuntime\\mRouterRuntime.exe"= "c:\\Programfiler\\LimeWire\\LimeWire.exe"= "c:\\Programfiler\\Sony Ericsson\\Mobile4\\Sync Manager\\DXP SyncML.exe"= "c:\\Programfiler\\AVG\\AVG8\\avgupd.exe"= "c:\\Programfiler\\Sony Ericsson\\Update Service\\Update Service.exe"= "c:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "c:\\Programfiler\\Rhinoceros 4.0\\System\\Rhino4.exe"= "c:\\Programfiler\\Autodesk\\3ds Max 2008\\3dsmax.exe"= "c:\\Programfiler\\Fellesfiler\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\Programfiler\\iTunes\\iTunes.exe"= "skp66.exe"= skp66.exe:BNDMSS "cleannt.exe"= cleannt.exe:BNDMSS [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:TCP"= 5353:TCP:Adobe CSI CS4 R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-07-06 97928] R1 SASDIFSV;SASDIFSV;\??\c:\programfiler\SUPERAntiSpyware\SASDIFSV.SYS [2008-11-17 8944] R1 SASKUTIL;SASKUTIL;\??\c:\programfiler\SUPERAntiSpyware\SASKUTIL.sys [2008-11-17 55024] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-06 231704] R2 HDD & SSD access service;HDD & SSD access service;c:\programfiler\Fellesfiler\BinarySense\disksvc.exe [2008-11-06 174848] R3 SASENUM;SASENUM;\??\c:\programfiler\SUPERAntiSpyware\SASENUM.SYS [2008-11-17 7408] R3 zebrceb;Sony Ericsson Cable Emulation Bus (WDM);c:\windows\system32\DRIVERS\zebrceb.sys [2008-06-23 63360] S3 UltraMonMirror;UltraMonMirror;c:\windows\system32\DRIVERS\UltraMonMirror.sys [] S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl.sys [] S3 zebrbus;Sony Ericsson Composite Device driver;c:\windows\system32\DRIVERS\zebrbus.sys [2008-06-23 83200] S3 zebrmdfl;Sony Ericsson Modem Filter;c:\windows\system32\DRIVERS\zebrmdfl.sys [2008-06-23 14848] S3 zebrmdm;Sony Ericsson Port (WDM);c:\windows\system32\DRIVERS\zebrmdm.sys [2008-06-23 109568] S3 zebrmdmc;Sony Ericsson mRouter Port (WDM);c:\windows\system32\DRIVERS\zebrmdmc.sys [2008-06-23 109568] S3 zebrsce;Sony Ericsson PC-Connect Port;c:\windows\system32\DRIVERS\zebrsce.sys [2008-06-23 91264] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2008-12-16 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.google.no/ uInternet Settings,ProxyOverride = *.local IE: Append Link Target to Existing PDF - c:\programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\programfiler\CoreFTP\pftpns.dll c:\windows\Downloaded Program Files\WCAFLauncher.ocx - O16 -: {8AC7E0D3-34B8-11D5-A617-00D0B7838ECB} hxxps://rootxtra01.hafslund.no/include/launcher/WCAFLauncher.CAB c:\windows\Downloaded Program Files\WCAFLauncher.INF FF - ProfilePath - c:\documents and settings\eUnaas\Programdata\Mozilla\Firefox\Profiles\4a4w5d3l.default\ FF - plugin: c:\documents and settings\eUnaas\Lokale innstillinger\Programdata\myVRnpapi\npmyvr.dll FF - plugin: c:\programfiler\iTunes\Mozilla Plugins\npitunes.dll FF - plugin: c:\programfiler\Java\jre6\bin\new_plugin\npdeploytk.dll FF - plugin: c:\programfiler\Java\jre6\bin\new_plugin\npjp2.dll FF - plugin: c:\programfiler\Mozilla Firefox\plugins\npdeploytk.dll FF - plugin: c:\programfiler\Mozilla Firefox\plugins\npOGAPlugin.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-19 15:38:30 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(660) c:\windows\system32\avgrsstx.dll c:\programfiler\SUPERAntiSpyware\SASWINLO.DLL c:\programfiler\Fellesfiler\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll c:\windows\system32\MSVCP60.dll - - - - - - - > 'lsass.exe'(772) c:\windows\system32\avgrsstx.dll . Tidspunkt ferdig: 2008-12-19 15:39:30 ComboFix-quarantined-files.txt 2008-12-19 14:39:15 ComboFix2.txt 2008-12-19 09:34:08 ComboFix3.txt 2008-12-17 10:16:13 ComboFix4.txt 2008-12-15 23:32:09 ComboFix5.txt 2008-12-19 14:36:58 Pre-Run: 13 188 030 464 byte ledig Post-Run: 13,181,308,928 byte ledig 307 --- E O F --- 2008-12-19 02:00:34 Lenke til kommentar
norbat Skrevet 19. desember 2008 Del Skrevet 19. desember 2008 Avinstaller combofix ved å skrive combofix /u i kjør-feltet (start->kjør) Last ned CCleaner. Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer......." Klikk på 'Renser' og deretter 'Kjør CCleaner'. Restart pc og sjekk om det fortsatt er noen problemer. Lenke til kommentar
eUnaas Skrevet 26. desember 2008 Forfatter Del Skrevet 26. desember 2008 Det virket som CCleaner gjorde en god jobb, og jeg var faktisk uplaget i mange dager. Men nå er hælvette tilbake igjen. Hmm, kanskje jeg har noen smittede minnebrikker eller minnepinner som smitter pcen min? Nå er alt tilbake til samme hælvette. Selv om jeg prøver, så virker det liksom ikke som jeg kommer noen vei?! Jeg la f.eks merke til at brannmuren pluttselig var slått av, og det er ikke så lett å slå den på igjen heller.. Noen tips? Lenke til kommentar
raWrz Skrevet 26. desember 2008 Del Skrevet 26. desember 2008 da får du kjøre igjennom veiledningen igjen som er linket øverst i signaturen :-/ Lenke til kommentar
eUnaas Skrevet 26. desember 2008 Forfatter Del Skrevet 26. desember 2008 Malwarebytes' Anti-Malware 1.31 Databaseversjon: 1551 Windows 5.1.2600 Service Pack 3 26.12.2008 21:43:07 mbam-log-2008-12-26 (21-43-07).txt Skanntype: Rask Skann Objekter skannet: 58340 Tid tilbakelagt: 4 minute(s), 24 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 1 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{28abc5c0-4fcb-11cf-aax5-81cx1c635612} (Trojan.Agent) -> Quarantined and deleted successfully. Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet) Lenke til kommentar
eUnaas Skrevet 26. desember 2008 Forfatter Del Skrevet 26. desember 2008 ComboFix 08-12-26.02 - eUnaas 2008-12-26 21:45:21.12 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.2814.2006 [GMT 1:00] Kjører fra: c:\documents and settings\eUnaas\Skrivebord\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\naxmgr.exe . ((((((((((((((((((((((((((( Filer Opprettet Fra 2008-11-26 til 2008-12-26 ))))))))))))))))))))))))))))))))) . 2008-12-26 21:45 . 2008-12-26 21:45 232 --a------ c:\documents and settings\eUnaas\avcenter.bat 2008-12-26 21:43 . 2008-12-26 21:43 33,844 --a------ c:\documents and settings\eUnaas\fns.exe 2008-12-26 21:43 . 2008-12-26 21:43 224 --a------ c:\documents and settings\eUnaas\svnmgr.bat 2008-12-26 19:41 . 2008-12-26 19:41 29,502 --a------ c:\windows\system32\msmp3.exe 2008-12-26 19:41 . 2008-12-26 21:43 25,402 --a------ c:\windows\system32\svnmgr.exe 2008-12-26 19:41 . 2008-12-26 21:43 25,402 --a------ c:\documents and settings\eUnaas\svnmgr.exe 2008-12-26 14:47 . 2008-12-26 21:45 30,392 --a------ c:\documents and settings\eUnaas\avcenter.exe 2008-12-26 14:46 . 2008-12-26 19:41 10,694 --a------ c:\documents and settings\eUnaas\cle1.exe 2008-12-22 17:31 . 2008-12-22 17:31 25,402 --a------ c:\windows\system32\fns.exe 2008-12-19 18:21 . 2008-12-26 21:31 3,374,296 --a------ c:\windows\{0000000A-00000000-0000000A-00001102-00000002-80651102}.BAK 2008-12-19 18:18 . 2008-12-26 20:05 <DIR> dr-h----- c:\documents and settings\eUnaas\Siste 2008-12-19 18:17 . 2008-12-19 18:17 <DIR> d-------- c:\programfiler\CCleaner 2008-12-17 07:54 . 2008-12-17 07:54 244 --ah----- C:\sqmnoopt04.sqm 2008-12-17 07:54 . 2008-12-17 07:54 232 --ah----- C:\sqmdata04.sqm 2008-12-17 00:54 . 2008-12-17 00:54 <DIR> d-------- c:\programfiler\Unlocker 2008-12-13 03:04 . 2008-12-13 03:04 118 --a------ c:\windows\system32\MRT.INI 2008-12-10 21:04 . 2008-12-10 21:04 <DIR> d-------- c:\documents and settings\eUnaas\Programdata\PC Suite 2008-12-10 21:04 . 2008-12-10 21:04 <DIR> d-------- c:\documents and settings\eUnaas\Programdata\Nokia 2008-12-10 21:04 . 2008-12-10 21:04 <DIR> d-------- c:\documents and settings\All Users\Programdata\PC Suite 2008-12-10 21:03 . 2008-12-10 21:03 <DIR> d-------- c:\programfiler\Fellesfiler\PCSuite 2008-12-10 21:03 . 2008-12-10 21:03 <DIR> d-------- c:\programfiler\Fellesfiler\Nokia 2008-12-10 21:03 . 2008-12-10 21:03 <DIR> d-------- c:\programfiler\DIFX 2008-12-10 21:03 . 2007-09-17 15:53 21,632 --a------ c:\windows\system32\drivers\pccsmcfd.sys 2008-12-10 21:02 . 2008-12-10 21:02 <DIR> d-------- c:\programfiler\PC Connectivity Solution 2008-12-10 21:02 . 2008-12-10 21:03 <DIR> d-------- c:\programfiler\Nokia 2008-12-10 21:02 . 2008-12-10 21:02 <DIR> d-------- c:\documents and settings\All Users\Programdata\Installations 2008-12-10 21:02 . 2008-05-07 07:38 90,624 --a------ c:\windows\system32\nmwcdcls.dll 2008-12-07 20:14 . 2008-12-07 20:13 410,984 --a------ c:\windows\system32\deploytk.dll 2008-12-06 16:10 . 2008-12-06 17:00 <DIR> d-------- c:\documents and settings\eUnaas\DoctorWeb 2008-12-06 15:10 . 2008-12-06 15:10 <DIR> d-------- C:\Program Files 2008-12-04 13:11 . 2008-04-07 05:38 45,392 -ra------ c:\windows\system32\AdobePDF.dll 2008-12-04 13:11 . 2008-04-07 05:38 22,872 -ra------ c:\windows\system32\AdobePDFUI.dll 2008-12-02 23:29 . 2008-12-02 23:29 7,680 --ahs---- c:\windows\Thumbs.db 2008-12-02 22:53 . 2008-12-02 22:53 <DIR> d-------- c:\documents and settings\All Users\Programdata\SUPERAntiSpyware.com 2008-12-02 22:52 . 2008-12-09 15:01 <DIR> d-------- c:\programfiler\SUPERAntiSpyware 2008-12-02 22:52 . 2008-12-02 22:52 <DIR> d-------- c:\documents and settings\eUnaas\Programdata\SUPERAntiSpyware.com . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-22 18:30 --------- d-----w c:\documents and settings\eUnaas\Programdata\CoreFTP 2008-12-20 23:56 --------- d-----w c:\documents and settings\eUnaas\Programdata\uTorrent 2008-12-19 10:03 --------- d-----w c:\programfiler\DivX 2008-12-15 11:19 --------- d-----w c:\programfiler\Malwarebytes' Anti-Malware 2008-12-13 02:05 --------- d-----w c:\documents and settings\All Users\Programdata\Microsoft Help 2008-12-11 13:11 --------- d-----w c:\programfiler\T-Splines for Rhino 2008-12-09 16:19 --------- d-----w c:\programfiler\Free MOV 2 AVI 2008-12-09 16:19 --------- d-----w c:\programfiler\Autodesk 2008-12-09 16:15 --------- d-----w c:\programfiler\Fellesfiler\Apple 2008-12-09 16:09 --------- d-----w c:\programfiler\Fellesfiler\Wise Installation Wizard 2008-12-07 19:13 --------- d-----w c:\programfiler\Java 2008-12-05 08:50 --------- d-----w c:\programfiler\Fellesfiler\Adobe 2008-12-03 18:52 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2008-12-03 18:52 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2008-12-02 22:29 --------- d-----w c:\programfiler\AV Vcs 6.0 DIAMOND 2008-12-02 22:29 --------- d-----w c:\programfiler\AndreaMosaic Beta 2008-12-02 21:30 --------- d-----w c:\programfiler\Bonjour 2008-11-30 23:34 --------- d-----w c:\documents and settings\All Users\Programdata\FLEXnet 2008-11-25 23:52 --------- d-----w c:\programfiler\QuickTime 2008-11-25 12:15 --------- d-----w c:\programfiler\iTunes 2008-11-25 12:15 --------- d-----w c:\programfiler\iPod 2008-11-25 12:15 --------- d-----w c:\documents and settings\All Users\Programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-11-24 17:54 --------- d-----w c:\documents and settings\eUnaas\Programdata\Malwarebytes 2008-11-24 17:54 --------- d-----w c:\documents and settings\All Users\Programdata\Malwarebytes 2008-11-23 17:21 --------- d-----w c:\documents and settings\eUnaas\Programdata\dvdcss 2008-11-23 16:17 --------- d-----w c:\programfiler\Bongo 1.0 2008-11-23 01:41 --------- d-----w c:\programfiler\WIBU-SYSTEMS 2008-11-23 01:41 --------- d-----w c:\programfiler\Fellesfiler\ChaosGroup 2008-11-23 01:41 --------- d-----w c:\programfiler\Chaos Group 2008-11-21 21:46 200,704 ----a-w c:\windows\system32\ssldivx.dll 2008-11-21 21:46 1,044,480 ----a-w c:\windows\system32\libdivx.dll 2008-11-20 22:21 16,827 ----a-w c:\windows\system32\drivers\hosts 2008-11-12 20:43 --------- d-----w c:\programfiler\Fellesfiler\BinarySense 2008-11-12 20:43 --------- d-----w c:\programfiler\BinarySense 2008-11-12 08:56 --------- d-----w c:\documents and settings\All Users\Programdata\Autodesk 2008-11-07 23:11 --------- d-----w c:\documents and settings\All Users\Programdata\ALM 2008-11-07 23:05 --------- d-----w c:\programfiler\Fellesfiler\Adobe AIR 2008-11-06 22:09 --------- d-----w c:\documents and settings\eUnaas\Programdata\Autodesk 2008-11-06 22:05 --------- d-----w c:\documents and settings\All Users\Programdata\WinZip 2008-11-06 22:00 --------- d-----w c:\programfiler\turbo squid tentacles 2008-11-06 21:58 --------- d-----w c:\programfiler\Fellesfiler\Autodesk Shared 2008-11-05 04:32 --------- d-----w c:\documents and settings\All Users\Programdata\Minnetonka Audio Software 2008-11-05 03:51 --------- d-----w c:\documents and settings\eUnaas\Programdata\vlc 2008-11-05 03:45 --------- d-----w c:\programfiler\K-Lite Codec Pack 2008-11-03 12:10 --------- d-----w c:\documents and settings\All Users\Programdata\McNeel 2008-11-03 00:23 --------- d-----w c:\documents and settings\All Users\Programdata\TSplines 2008-11-03 00:17 --------- d--h--w c:\programfiler\InstallShield Installation Information 2008-11-03 00:17 --------- d-----w c:\documents and settings\All Users\Programdata\ASGvis 2008-11-03 00:16 --------- d-----w c:\documents and settings\All Users\Programdata\InstallShield 2008-11-03 00:15 --------- d-----w c:\programfiler\Fellesfiler\InstallShield 2008-11-02 20:59 --------- d-----w c:\programfiler\Rhinoceros 4.0 2008-11-02 20:50 --------- d-----w c:\programfiler\Flamingo 1.1 2008-11-02 20:31 --------- d-----w c:\programfiler\Rhinoceros 3.0 2008-11-02 20:28 --------- d-----w c:\programfiler\Common Files 2008-11-01 00:34 --------- d-----w c:\programfiler\MagicDisc 2008-11-01 00:15 --------- d-----w c:\programfiler\ISOpen 2008-10-31 13:22 --------- d-----w c:\programfiler\Audacity 2008-10-29 15:06 --------- d-----w c:\programfiler\Google 2008-10-23 12:43 286,720 ----a-w c:\windows\system32\gdi32.dll 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll 2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll 2008-10-16 01:02 665,600 ----a-w c:\windows\system32\wininet.dll 2008-10-03 10:04 247,326 ----a-w c:\windows\system32\strmdll.dll 2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll 2007-03-13 22:20 35,979 ----a-w c:\programfiler\Photoshop CS3 Read Me.html . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HDDtemp4"="c:\programfiler\BinarySense\HDDTemp4\\hddtemp4" [X] "MsnMsgr"="c:\programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "mRouterConfig"="c:\programfiler\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe" [2006-03-02 290816] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programfiler\Fellesfiler\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136] "SUPERAntiSpyware"="c:\programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-09 1809648] "Nokia.PCSync"="c:\programfiler\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280] "PC Suite Tray"="c:\programfiler\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-10-02 1124352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\System32\igfxtray.exe" [2005-04-05 94208] "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2005-04-05 77824] "Persistence"="c:\windows\System32\igfxpers.exe" [2005-04-05 114688] "GrooveMonitor"="c:\programfiler\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2008-12-07 136600] "Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "Adobe Photo Downloader"="c:\programfiler\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe" [2008-04-01 61440] "NeroFilterCheck"="c:\programfiler\Fellesfiler\Nero\Lib\NeroCheck.exe" [2008-02-28 570664] "NBKeyScan"="c:\programfiler\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "Jet Detection"="c:\programfiler\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-20 8429568] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-20 81920] "PC Suite for Smartphones"="c:\programfiler\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" [2007-12-25 548864] "AdobeCS4ServiceManager"="c:\programfiler\Fellesfiler\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "QuickTime Task"="c:\programfiler\QuickTime\QTTask.exe" [2008-11-04 413696] "iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe" [2008-11-20 290088] "Adobe Acrobat Speed Launcher"="c:\programfiler\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232] "Acrobat Assistant 8.0"="c:\programfiler\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376] "fns"="c:\windows\system32\fns.exe" [2008-12-22 25402] "svnmgr"="c:\windows\system32\svnmgr.exe" [2008-12-26 25402] "msmp3"="c:\windows\system32\msmp3.exe" [2008-12-26 29502] "WINDVDPatch"="CTHELPER.EXE" [2002-07-02 c:\windows\system32\CTHELPER.EXE] "nwiz"="nwiz.exe" [2007-04-20 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\eUnaas\Start-meny\Programmer\Oppstart\ MagicDisc.lnk - c:\programfiler\MagicDisc\MagicDisc.exe [2008-11-01 575488] OneNote 2007 Screen Clipper og Launcher.lnk - c:\programfiler\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ PC-s›k i Windows.lnk - c:\programfiler\Windows Desktop Search\WindowsSearch.exe [2007-02-05 118784] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programfiler\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-09 15:01 352256 c:\programfiler\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3fhg"= mp3fhg.acm "msacm.divxa32"= divxa32.acm "VIDC.X264"= x264vfw.dll "VIDC.HFYU"= huffyuv.dll "vidc.i263"= i263_32.drv [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "c:\\Programfiler\\uTorrent\\uTorrent.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Programfiler\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Programfiler\\Intuwave\\Shared\\mRouterRuntime\\mRouterRuntime.exe"= "c:\\Programfiler\\LimeWire\\LimeWire.exe"= "c:\\Programfiler\\Sony Ericsson\\Mobile4\\Sync Manager\\DXP SyncML.exe"= "c:\\Programfiler\\AVG\\AVG8\\avgupd.exe"= "c:\\Programfiler\\Sony Ericsson\\Update Service\\Update Service.exe"= "c:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "c:\\Programfiler\\Rhinoceros 4.0\\System\\Rhino4.exe"= "c:\\Programfiler\\Autodesk\\3ds Max 2008\\3dsmax.exe"= "c:\\Programfiler\\Fellesfiler\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\Programfiler\\iTunes\\iTunes.exe"= "skp66.exe"= skp66.exe:BNDMSS "cleannt.exe"= cleannt.exe:BNDMSS [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:TCP"= 5353:TCP:Adobe CSI CS4 R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-07-06 97928] R1 SASDIFSV;SASDIFSV;\??\c:\programfiler\SUPERAntiSpyware\SASDIFSV.SYS [2008-11-17 8944] R1 SASKUTIL;SASKUTIL;\??\c:\programfiler\SUPERAntiSpyware\SASKUTIL.sys [2008-11-17 55024] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-06 231704] R2 HDD & SSD access service;HDD & SSD access service;c:\programfiler\Fellesfiler\BinarySense\disksvc.exe [2008-11-06 174848] R3 SASENUM;SASENUM;\??\c:\programfiler\SUPERAntiSpyware\SASENUM.SYS [2008-11-17 7408] R3 zebrceb;Sony Ericsson Cable Emulation Bus (WDM);c:\windows\system32\DRIVERS\zebrceb.sys [2008-06-23 63360] S3 UltraMonMirror;UltraMonMirror;c:\windows\system32\DRIVERS\UltraMonMirror.sys [] S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl.sys [] S3 zebrbus;Sony Ericsson Composite Device driver;c:\windows\system32\DRIVERS\zebrbus.sys [2008-06-23 83200] S3 zebrmdfl;Sony Ericsson Modem Filter;c:\windows\system32\DRIVERS\zebrmdfl.sys [2008-06-23 14848] S3 zebrmdm;Sony Ericsson Port (WDM);c:\windows\system32\DRIVERS\zebrmdm.sys [2008-06-23 109568] S3 zebrmdmc;Sony Ericsson mRouter Port (WDM);c:\windows\system32\DRIVERS\zebrmdmc.sys [2008-06-23 109568] S3 zebrsce;Sony Ericsson PC-Connect Port;c:\windows\system32\DRIVERS\zebrsce.sys [2008-06-23 91264] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2008-12-23 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . - - - - TOMME PEKERE FJERNET - - - - HKLM-Run-avcenter - c:\windows\system32\avcenter.exe HKLM-Run-naxmgr - c:\windows\system32\naxmgr.exe . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.google.no/ uInternet Settings,ProxyOverride = *.local IE: Append Link Target to Existing PDF - c:\programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\programfiler\CoreFTP\pftpns.dll c:\windows\Downloaded Program Files\WCAFLauncher.ocx - O16 -: {8AC7E0D3-34B8-11D5-A617-00D0B7838ECB} hxxps://rootxtra01.hafslund.no/include/launcher/WCAFLauncher.CAB c:\windows\Downloaded Program Files\WCAFLauncher.INF FF - ProfilePath - c:\documents and settings\eUnaas\Programdata\Mozilla\Firefox\Profiles\4a4w5d3l.default\ FF - component: c:\documents and settings\eUnaas\Programdata\Mozilla\Firefox\Profiles\4a4w5d3l.default\extensions\[email protected]\components\BkMrkExt.dll FF - plugin: c:\documents and settings\eUnaas\Lokale innstillinger\Programdata\myVRnpapi\npmyvr.dll FF - plugin: c:\programfiler\Mozilla Firefox\plugins\npOGAPlugin.dll ATTENTION: FIREFOX POLICES IS IN FORCE c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-26 21:47:46 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(652) c:\windows\system32\avgrsstx.dll c:\programfiler\SUPERAntiSpyware\SASWINLO.DLL c:\programfiler\Fellesfiler\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll - - - - - - - > 'lsass.exe'(740) c:\windows\system32\avgrsstx.dll . Tidspunkt ferdig: 2008-12-26 21:49:33 ComboFix-quarantined-files.txt 2008-12-26 20:49:31 ComboFix2.txt 2008-12-19 14:39:31 Pre-Run: 15 732 408 320 byte ledig Post-Run: 15,860,576,256 byte ledig 281 --- E O F --- 2008-12-19 02:00:34 Lenke til kommentar
eUnaas Skrevet 26. desember 2008 Forfatter Del Skrevet 26. desember 2008 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:56:47, on 26.12.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe C:\Programfiler\Java\jre6\bin\jusched.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Programfiler\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe C:\Programfiler\Fellesfiler\Autodesk Shared\Service\AdskScSrv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\Fellesfiler\BinarySense\disksvc.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe C:\Programfiler\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexStoreSvr.exe C:\Programfiler\Java\jre6\bin\jqs.exe C:\Programfiler\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\Nokia\Nokia PC Suite 7\PCSync2.exe C:\Programfiler\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Programfiler\Windows Desktop Search\WindowsSearch.exe C:\Programfiler\MagicDisc\MagicDisc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\IoctlSvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\SearchIndexer.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Programfiler\Fellesfiler\Teleca Shared\Generic.exe C:\Programfiler\Fellesfiler\Teleca Shared\logger.exe C:\PROGRA~1\Symbian\Shared\SYMBIA~1\SYMBIA~1.EXE C:\PROGRA~1\Symbian\Shared\SYMBIA~1\SCBAL.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexingService.exe C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe C:\Programfiler\Fellesfiler\Nokia\MPAPI\MPAPI3s.exe C:\Programfiler\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Programfiler\PC Connectivity Solution\Transports\NclRSSrv.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\eUnaas\svnmgr.exe C:\Documents and Settings\eUnaas\avcenter.exe C:\WINDOWS\explorer.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Programfiler\iTunes\iTunes.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Programfiler\Trend Micro\Hibackdenne\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programfiler\AVG\AVG8\avgssie.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre6\bin\ssv.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programfiler\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programfiler\Fellesfiler\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Programfiler\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Jet Detection] C:\Programfiler\Creative\SBLive\PROGRAM\ADGJDet.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [PC Suite for Smartphones] "C:\Programfiler\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Programfiler\Fellesfiler\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Programfiler\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programfiler\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [fns] C:\WINDOWS\system32\fns.exe O4 - HKLM\..\Run: [svnmgr] C:\WINDOWS\system32\svnmgr.exe O4 - HKLM\..\Run: [msmp3] C:\WINDOWS\system32\msmp3.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [mRouterConfig] "C:\Programfiler\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe" O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [HDDtemp4] C:\Programfiler\BinarySense\HDDTemp4\\hddtemp4 /minimized O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Programfiler\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programfiler\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: MagicDisc.lnk = C:\Programfiler\MagicDisc\MagicDisc.exe O4 - Startup: OneNote 2007 Screen Clipper og Launcher.lnk = C:\Programfiler\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: PC-søk i Windows.lnk = C:\Programfiler\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Append to Existing PDF - res://C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1211386472320 O16 - DPF: {8AC7E0D3-34B8-11D5-A617-00D0B7838ECB} (WCAFLauncher.Launcher) - https://rootxtra01.hafslund.no/include/laun...CAFLauncher.CAB O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programfiler\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programfiler\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programfiler\Fellesfiler\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HDD & SSD access service - BinarySense Ltd. - C:\Programfiler\Fellesfiler\BinarySense\disksvc.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2008 32-bit 32-bit (mi-raysat_3dsMax2008_32) - Unknown owner - C:\Programfiler\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Programfiler\Fellesfiler\SureThing Shared\stllssvr.exe O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/eUnaas/LOKALE~1/Temp/msohtmlclip1/01/clip_image001.jpg -- End of file - 12025 bytes Offtopic: Whooohoo! Min offesielle post nr2000 Lenke til kommentar
raWrz Skrevet 26. desember 2008 Del Skrevet 26. desember 2008 gratulerer Gå til http://virusscan.jotti.org , trykk på Browse, og last opp følgende fil til analyse: c:\windows\system32\fns.exe c:\windows\system32\msmp3.exe c:\documents and settings\eUnaas\svnmgr.exe c:\documents and settings\eUnaas\avcenter.exe Deretter trykker du på Submit. Godta at filen blir scannet. Til slutt kopierer du resultatet, og limer det inn i din neste post, så jeg kan se på den, og vurdere hva som må gjøres videre. Lenke til kommentar
eUnaas Skrevet 26. desember 2008 Forfatter Del Skrevet 26. desember 2008 File: fns.exe Status: INFECTED/MALWARE MD5: 8f4c3a714073d1e78a82a06c28e03a01 Packers detected: - File: msmp3.exe Status: INFECTED/MALWARE MD5: 5a0f519ffc179e2319676e40ddb462d4 Packers detected: - File: svnmgr.exe Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) MD5: 8f4c3a714073d1e78a82a06c28e03a01 Packers detected: - File: avcenter.exe Status: INFECTED/MALWARE MD5: b99673f9cf926c0a387e751ff2619e0f Packers detected: - Lenke til kommentar
raWrz Skrevet 26. desember 2008 Del Skrevet 26. desember 2008 Trykk Start - Alle Programmer - Tilbehør - Notisblokk Kopier og Lim inn teksten i kodeboksen nedenfor, inn i Notisblokken: File:: c:\documents and settings\eUnaas\svnmgr.exe c:\documents and settings\eUnaas\avcenter.exe c:\documents and settings\eUnaas\cle1.exe c:\windows\system32\fns.exe c:\windows\system32\msmp3.exe c:\documents and settings\eUnaas\svnmgr.bat c:\documents and settings\eUnaas\avcenter.bat Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msmp3"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "svnmgr"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "fns"=- Lagre det som CFScript på Skrivebordet Dra CFScript over ComboFix.exe som ligger på Skrivebordet, slik animasjonen nedenfor viser. Dette vil starte ComboFix igjen. Hvis maskinen ber om en omstart, lar du den gjøre det med én gang. Post innholdet til ComboFix.txt inn i ditt neste svar på forumet. Lenke til kommentar
eUnaas Skrevet 27. desember 2008 Forfatter Del Skrevet 27. desember 2008 ComboFix 08-12-26.03 - eUnaas 2008-12-27 5:05:09.13 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.2814.1784 [GMT 1:00] Kjører fra: c:\documents and settings\eUnaas\Skrivebord\ComboFix.exe Command switches brukt :: c:\documents and settings\eUnaas\Skrivebord\ComboFix.exe c:\documents and settings\eUnaas\Skrivebord\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) * Opprettet nytt gjenopprettingspunkt . ((((((((((((((((((((((((((( Filer Opprettet Fra 2008-11-27 til 2008-12-27 ))))))))))))))))))))))))))))))))) . 2008-12-26 21:56 . 2008-12-26 21:56 <DIR> d-------- c:\programfiler\Trend Micro 2008-12-26 21:45 . 2008-12-26 21:45 232 --a------ c:\documents and settings\eUnaas\avcenter.bat 2008-12-26 21:43 . 2008-12-26 21:43 33,844 --a------ c:\documents and settings\eUnaas\fns.exe 2008-12-26 21:43 . 2008-12-26 21:43 224 --a------ c:\documents and settings\eUnaas\svnmgr.bat 2008-12-26 19:41 . 2008-12-26 19:41 29,502 --a------ c:\windows\system32\msmp3.exe 2008-12-26 19:41 . 2008-12-26 21:43 25,402 --a------ c:\windows\system32\svnmgr.exe 2008-12-22 17:31 . 2008-12-22 17:31 25,402 --a------ c:\windows\system32\fns.exe 2008-12-19 18:21 . 2008-12-26 21:31 3,374,296 --a------ c:\windows\{0000000A-00000000-0000000A-00001102-00000002-80651102}.BAK 2008-12-19 18:18 . 2008-12-27 05:03 <DIR> dr-h----- c:\documents and settings\eUnaas\Siste 2008-12-19 18:17 . 2008-12-19 18:17 <DIR> d-------- c:\programfiler\CCleaner 2008-12-17 07:54 . 2008-12-17 07:54 244 --ah----- C:\sqmnoopt04.sqm 2008-12-17 07:54 . 2008-12-17 07:54 232 --ah----- C:\sqmdata04.sqm 2008-12-17 00:54 . 2008-12-17 00:54 <DIR> d-------- c:\programfiler\Unlocker 2008-12-13 03:04 . 2008-12-13 03:04 118 --a------ c:\windows\system32\MRT.INI 2008-12-10 21:04 . 2008-12-10 21:04 <DIR> d-------- c:\documents and settings\eUnaas\Programdata\PC Suite 2008-12-10 21:04 . 2008-12-10 21:04 <DIR> d-------- c:\documents and settings\eUnaas\Programdata\Nokia 2008-12-10 21:04 . 2008-12-10 21:04 <DIR> d-------- c:\documents and settings\All Users\Programdata\PC Suite 2008-12-10 21:03 . 2008-12-10 21:03 <DIR> d-------- c:\programfiler\Fellesfiler\PCSuite 2008-12-10 21:03 . 2008-12-10 21:03 <DIR> d-------- c:\programfiler\Fellesfiler\Nokia 2008-12-10 21:03 . 2008-12-10 21:03 <DIR> d-------- c:\programfiler\DIFX 2008-12-10 21:03 . 2007-09-17 15:53 21,632 --a------ c:\windows\system32\drivers\pccsmcfd.sys 2008-12-10 21:02 . 2008-12-10 21:02 <DIR> d-------- c:\programfiler\PC Connectivity Solution 2008-12-10 21:02 . 2008-12-10 21:03 <DIR> d-------- c:\programfiler\Nokia 2008-12-10 21:02 . 2008-12-10 21:02 <DIR> d-------- c:\documents and settings\All Users\Programdata\Installations 2008-12-10 21:02 . 2008-05-07 07:38 90,624 --a------ c:\windows\system32\nmwcdcls.dll 2008-12-07 20:14 . 2008-12-07 20:13 410,984 --a------ c:\windows\system32\deploytk.dll 2008-12-06 16:10 . 2008-12-06 17:00 <DIR> d-------- c:\documents and settings\eUnaas\DoctorWeb 2008-12-06 15:10 . 2008-12-06 15:10 <DIR> d-------- C:\Program Files 2008-12-04 13:11 . 2008-04-07 05:38 45,392 -ra------ c:\windows\system32\AdobePDF.dll 2008-12-04 13:11 . 2008-04-07 05:38 22,872 -ra------ c:\windows\system32\AdobePDFUI.dll 2008-12-02 23:29 . 2008-12-02 23:29 7,680 --ahs---- c:\windows\Thumbs.db 2008-12-02 22:53 . 2008-12-02 22:53 <DIR> d-------- c:\documents and settings\All Users\Programdata\SUPERAntiSpyware.com 2008-12-02 22:52 . 2008-12-09 15:01 <DIR> d-------- c:\programfiler\SUPERAntiSpyware 2008-12-02 22:52 . 2008-12-02 22:52 <DIR> d-------- c:\documents and settings\eUnaas\Programdata\SUPERAntiSpyware.com . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-27 03:46 --------- d-----w c:\documents and settings\eUnaas\Programdata\CoreFTP 2008-12-20 23:56 --------- d-----w c:\documents and settings\eUnaas\Programdata\uTorrent 2008-12-19 10:03 --------- d-----w c:\programfiler\DivX 2008-12-15 11:19 --------- d-----w c:\programfiler\Malwarebytes' Anti-Malware 2008-12-13 02:05 --------- d-----w c:\documents and settings\All Users\Programdata\Microsoft Help 2008-12-11 13:11 --------- d-----w c:\programfiler\T-Splines for Rhino 2008-12-09 16:19 --------- d-----w c:\programfiler\Free MOV 2 AVI 2008-12-09 16:19 --------- d-----w c:\programfiler\Autodesk 2008-12-09 16:15 --------- d-----w c:\programfiler\Fellesfiler\Apple 2008-12-09 16:09 --------- d-----w c:\programfiler\Fellesfiler\Wise Installation Wizard 2008-12-07 19:13 --------- d-----w c:\programfiler\Java 2008-12-05 08:50 --------- d-----w c:\programfiler\Fellesfiler\Adobe 2008-12-03 18:52 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2008-12-03 18:52 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2008-12-02 22:29 --------- d-----w c:\programfiler\AV Vcs 6.0 DIAMOND 2008-12-02 22:29 --------- d-----w c:\programfiler\AndreaMosaic Beta 2008-12-02 21:30 --------- d-----w c:\programfiler\Bonjour 2008-11-30 23:34 --------- d-----w c:\documents and settings\All Users\Programdata\FLEXnet 2008-11-25 23:52 --------- d-----w c:\programfiler\QuickTime 2008-11-25 12:15 --------- d-----w c:\programfiler\iTunes 2008-11-25 12:15 --------- d-----w c:\programfiler\iPod 2008-11-25 12:15 --------- d-----w c:\documents and settings\All Users\Programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-11-24 17:54 --------- d-----w c:\documents and settings\eUnaas\Programdata\Malwarebytes 2008-11-24 17:54 --------- d-----w c:\documents and settings\All Users\Programdata\Malwarebytes 2008-11-23 17:21 --------- d-----w c:\documents and settings\eUnaas\Programdata\dvdcss 2008-11-23 16:17 --------- d-----w c:\programfiler\Bongo 1.0 2008-11-23 01:41 --------- d-----w c:\programfiler\WIBU-SYSTEMS 2008-11-23 01:41 --------- d-----w c:\programfiler\Fellesfiler\ChaosGroup 2008-11-23 01:41 --------- d-----w c:\programfiler\Chaos Group 2008-11-21 21:46 200,704 ----a-w c:\windows\system32\ssldivx.dll 2008-11-21 21:46 1,044,480 ----a-w c:\windows\system32\libdivx.dll 2008-11-20 22:21 16,827 ----a-w c:\windows\system32\drivers\hosts 2008-11-12 20:43 --------- d-----w c:\programfiler\Fellesfiler\BinarySense 2008-11-12 20:43 --------- d-----w c:\programfiler\BinarySense 2008-11-12 08:56 --------- d-----w c:\documents and settings\All Users\Programdata\Autodesk 2008-11-07 23:11 --------- d-----w c:\documents and settings\All Users\Programdata\ALM 2008-11-07 23:05 --------- d-----w c:\programfiler\Fellesfiler\Adobe AIR 2008-11-06 22:09 --------- d-----w c:\documents and settings\eUnaas\Programdata\Autodesk 2008-11-06 22:05 --------- d-----w c:\documents and settings\All Users\Programdata\WinZip 2008-11-06 22:00 --------- d-----w c:\programfiler\turbo squid tentacles 2008-11-06 21:58 --------- d-----w c:\programfiler\Fellesfiler\Autodesk Shared 2008-11-05 04:32 --------- d-----w c:\documents and settings\All Users\Programdata\Minnetonka Audio Software 2008-11-05 03:51 --------- d-----w c:\documents and settings\eUnaas\Programdata\vlc 2008-11-05 03:45 --------- d-----w c:\programfiler\K-Lite Codec Pack 2008-11-03 12:10 --------- d-----w c:\documents and settings\All Users\Programdata\McNeel 2008-11-03 00:23 --------- d-----w c:\documents and settings\All Users\Programdata\TSplines 2008-11-03 00:17 --------- d--h--w c:\programfiler\InstallShield Installation Information 2008-11-03 00:17 --------- d-----w c:\documents and settings\All Users\Programdata\ASGvis 2008-11-03 00:16 --------- d-----w c:\documents and settings\All Users\Programdata\InstallShield 2008-11-03 00:15 --------- d-----w c:\programfiler\Fellesfiler\InstallShield 2008-11-02 20:59 --------- d-----w c:\programfiler\Rhinoceros 4.0 2008-11-02 20:50 --------- d-----w c:\programfiler\Flamingo 1.1 2008-11-02 20:31 --------- d-----w c:\programfiler\Rhinoceros 3.0 2008-11-02 20:28 --------- d-----w c:\programfiler\Common Files 2008-11-01 00:34 --------- d-----w c:\programfiler\MagicDisc 2008-11-01 00:15 --------- d-----w c:\programfiler\ISOpen 2008-10-31 13:22 --------- d-----w c:\programfiler\Audacity 2008-10-29 15:06 --------- d-----w c:\programfiler\Google 2008-10-23 12:43 286,720 ----a-w c:\windows\system32\gdi32.dll 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll 2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll 2008-10-16 01:02 665,600 ----a-w c:\windows\system32\wininet.dll 2008-10-03 10:04 247,326 ----a-w c:\windows\system32\strmdll.dll 2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll 2007-03-13 22:20 35,979 ----a-w c:\programfiler\Photoshop CS3 Read Me.html . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HDDtemp4"="c:\programfiler\BinarySense\HDDTemp4\\hddtemp4" [X] "MsnMsgr"="c:\programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "mRouterConfig"="c:\programfiler\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe" [2006-03-02 290816] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programfiler\Fellesfiler\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136] "SUPERAntiSpyware"="c:\programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-09 1809648] "Nokia.PCSync"="c:\programfiler\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280] "PC Suite Tray"="c:\programfiler\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-10-02 1124352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\System32\igfxtray.exe" [2005-04-05 94208] "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2005-04-05 77824] "Persistence"="c:\windows\System32\igfxpers.exe" [2005-04-05 114688] "GrooveMonitor"="c:\programfiler\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2008-12-07 136600] "Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "Adobe Photo Downloader"="c:\programfiler\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe" [2008-04-01 61440] "NeroFilterCheck"="c:\programfiler\Fellesfiler\Nero\Lib\NeroCheck.exe" [2008-02-28 570664] "NBKeyScan"="c:\programfiler\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "Jet Detection"="c:\programfiler\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-20 8429568] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-20 81920] "PC Suite for Smartphones"="c:\programfiler\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" [2007-12-25 548864] "AdobeCS4ServiceManager"="c:\programfiler\Fellesfiler\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "QuickTime Task"="c:\programfiler\QuickTime\QTTask.exe" [2008-11-04 413696] "iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe" [2008-11-20 290088] "Adobe Acrobat Speed Launcher"="c:\programfiler\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232] "Acrobat Assistant 8.0"="c:\programfiler\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376] "fns"="c:\windows\system32\fns.exe" [2008-12-22 25402] "svnmgr"="c:\windows\system32\svnmgr.exe" [2008-12-26 25402] "msmp3"="c:\windows\system32\msmp3.exe" [2008-12-26 29502] "WINDVDPatch"="CTHELPER.EXE" [2002-07-02 c:\windows\system32\CTHELPER.EXE] "nwiz"="nwiz.exe" [2007-04-20 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\eUnaas\Start-meny\Programmer\Oppstart\ MagicDisc.lnk - c:\programfiler\MagicDisc\MagicDisc.exe [2008-11-01 575488] OneNote 2007 Screen Clipper og Launcher.lnk - c:\programfiler\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ PC-s›k i Windows.lnk - c:\programfiler\Windows Desktop Search\WindowsSearch.exe [2007-02-05 118784] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programfiler\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-09 15:01 352256 c:\programfiler\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3fhg"= mp3fhg.acm "msacm.divxa32"= divxa32.acm "VIDC.X264"= x264vfw.dll "VIDC.HFYU"= huffyuv.dll "vidc.i263"= i263_32.drv [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "c:\\Programfiler\\uTorrent\\uTorrent.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Programfiler\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Programfiler\\Intuwave\\Shared\\mRouterRuntime\\mRouterRuntime.exe"= "c:\\Programfiler\\LimeWire\\LimeWire.exe"= "c:\\Programfiler\\Sony Ericsson\\Mobile4\\Sync Manager\\DXP SyncML.exe"= "c:\\Programfiler\\AVG\\AVG8\\avgupd.exe"= "c:\\Programfiler\\Sony Ericsson\\Update Service\\Update Service.exe"= "c:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "c:\\Programfiler\\Rhinoceros 4.0\\System\\Rhino4.exe"= "c:\\Programfiler\\Autodesk\\3ds Max 2008\\3dsmax.exe"= "c:\\Programfiler\\Fellesfiler\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\Programfiler\\iTunes\\iTunes.exe"= "skp66.exe"= skp66.exe:BNDMSS "cleannt.exe"= cleannt.exe:BNDMSS [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:TCP"= 5353:TCP:Adobe CSI CS4 R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-07-06 97928] R1 SASDIFSV;SASDIFSV;\??\c:\programfiler\SUPERAntiSpyware\SASDIFSV.SYS [2008-11-17 8944] R1 SASKUTIL;SASKUTIL;\??\c:\programfiler\SUPERAntiSpyware\SASKUTIL.sys [2008-11-17 55024] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-06 231704] R2 HDD & SSD access service;HDD & SSD access service;c:\programfiler\Fellesfiler\BinarySense\disksvc.exe [2008-11-06 174848] R3 SASENUM;SASENUM;\??\c:\programfiler\SUPERAntiSpyware\SASENUM.SYS [2008-11-17 7408] R3 zebrceb;Sony Ericsson Cable Emulation Bus (WDM);c:\windows\system32\DRIVERS\zebrceb.sys [2008-06-23 63360] S3 UltraMonMirror;UltraMonMirror;c:\windows\system32\DRIVERS\UltraMonMirror.sys [] S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl.sys [] S3 zebrbus;Sony Ericsson Composite Device driver;c:\windows\system32\DRIVERS\zebrbus.sys [2008-06-23 83200] S3 zebrmdfl;Sony Ericsson Modem Filter;c:\windows\system32\DRIVERS\zebrmdfl.sys [2008-06-23 14848] S3 zebrmdm;Sony Ericsson Port (WDM);c:\windows\system32\DRIVERS\zebrmdm.sys [2008-06-23 109568] S3 zebrmdmc;Sony Ericsson mRouter Port (WDM);c:\windows\system32\DRIVERS\zebrmdmc.sys [2008-06-23 109568] S3 zebrsce;Sony Ericsson PC-Connect Port;c:\windows\system32\DRIVERS\zebrsce.sys [2008-06-23 91264] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 *Newly Created Service* - CATCHME . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2008-12-23 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.google.no/ uInternet Settings,ProxyOverride = *.local IE: Append Link Target to Existing PDF - c:\programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\programfiler\CoreFTP\pftpns.dll c:\windows\Downloaded Program Files\WCAFLauncher.ocx - O16 -: {8AC7E0D3-34B8-11D5-A617-00D0B7838ECB} hxxps://rootxtra01.hafslund.no/include/launcher/WCAFLauncher.CAB c:\windows\Downloaded Program Files\WCAFLauncher.INF FF - ProfilePath - c:\documents and settings\eUnaas\Programdata\Mozilla\Firefox\Profiles\4a4w5d3l.default\ FF - component: c:\documents and settings\eUnaas\Programdata\Mozilla\Firefox\Profiles\4a4w5d3l.default\extensions\[email protected]\components\BkMrkExt.dll FF - plugin: c:\documents and settings\eUnaas\Lokale innstillinger\Programdata\myVRnpapi\npmyvr.dll FF - plugin: c:\programfiler\Mozilla Firefox\plugins\npOGAPlugin.dll ATTENTION: FIREFOX POLICES IS IN FORCE c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-27 05:08:44 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(652) c:\windows\system32\avgrsstx.dll c:\programfiler\SUPERAntiSpyware\SASWINLO.DLL c:\programfiler\Fellesfiler\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll - - - - - - - > 'lsass.exe'(740) c:\windows\system32\avgrsstx.dll . Tidspunkt ferdig: 2008-12-27 5:09:44 ComboFix-quarantined-files.txt 2008-12-27 04:09:34 ComboFix2.txt 2008-12-26 20:49:34 ComboFix3.txt 2008-12-19 14:39:31 Pre-Run: 15 747 481 600 byte ledig Post-Run: 15,798,370,304 byte ledig 276 --- E O F --- 2008-12-19 02:00:34 Lenke til kommentar
norbat Skrevet 27. desember 2008 Del Skrevet 27. desember 2008 Hent Dr.Web, lagre det på skrivebordet. Kjør drweb-cureit.exe og klikk Start. Det kjøres nå en ekspresskann. Når dette er ferdig klikker du på Innstillinger -> Endre innstillinger Under fanearket Skann, fjerner du haken ved Heuristic analysis. Under fanearket Actions/Avgjørelser, skal alle punkt under Malware settes til Endre. Klikk OK Sett deretter merke framfor Full skann. Du starter skanningne ved å klikke på den 'grønne pila'. Velg "yes to all" når det finner noe for første gang. Når scanningen er ferdig, gå til "file" – Trykk på- "Save Report list". En fil med navn "drweb.csv" vil da ligge på skrivebordet. Den poster du sammen med en ny Combofix-logg (kjør altså combofix på nytt etter DrWeb) Lenke til kommentar
eUnaas Skrevet 27. desember 2008 Forfatter Del Skrevet 27. desember 2008 (endret) DrWeb fns.exe c:\windows\system32 Trojan.DownLoad.3694 Slettet. msmp3.exe c:\windows\system32 Trojan.DownLoad.3694 Slettet. svnmgr.exe c:\windows\system32 Trojan.DownLoad.3694 Slettet. fns.exe C:\Documents and Settings\eUnaas Sannsynligvis Trojan.Packed.Gen G6FTPSrv.exe.bac_a02780 C:\Documents and Settings\eUnaas\.housecall6.6\Quarantine Program.BpFTP.origin Endret. G6Service.exe.bac_a02780 C:\Documents and Settings\eUnaas\.housecall6.6\Quarantine Trojan.Runas Slettet. Keymaker.exe.bac_a02560 C:\Documents and Settings\eUnaas\.housecall6.6\Quarantine Win32.HLLW.Kramkan.6 Slettet. Combofix ComboFix 08-12-26.03 - eUnaas 2008-12-27 13:29:25.14 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.2814.2092 [GMT 1:00] Kjører fra: c:\documents and settings\eUnaas\Skrivebord\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) . ((((((((((((((((((((((((((( Filer Opprettet Fra 2008-11-27 til 2008-12-27 ))))))))))))))))))))))))))))))))) . 2008-12-27 13:24 . 2008-12-27 13:24 <DIR> dr-h----- c:\documents and settings\eUnaas\Siste 2008-12-27 13:24 . 2008-12-27 13:24 3,374,296 --a------ c:\windows\{0000000A-00000000-0000000A-00001102-00000002-80651102}.BAK 2008-12-26 21:56 . 2008-12-26 21:56 <DIR> d-------- c:\programfiler\Trend Micro 2008-12-26 21:45 . 2008-12-26 21:45 232 --a------ c:\documents and settings\eUnaas\avcenter.bat 2008-12-26 21:43 . 2008-12-26 21:43 224 --a------ c:\documents and settings\eUnaas\svnmgr.bat 2008-12-19 18:17 . 2008-12-19 18:17 <DIR> d-------- c:\programfiler\CCleaner 2008-12-17 07:54 . 2008-12-17 07:54 244 --ah----- C:\sqmnoopt04.sqm 2008-12-17 07:54 . 2008-12-17 07:54 232 --ah----- C:\sqmdata04.sqm 2008-12-17 00:54 . 2008-12-17 00:54 <DIR> d-------- c:\programfiler\Unlocker 2008-12-13 03:04 . 2008-12-13 03:04 118 --a------ c:\windows\system32\MRT.INI 2008-12-10 21:04 . 2008-12-10 21:04 <DIR> d-------- c:\documents and settings\eUnaas\Programdata\PC Suite 2008-12-10 21:04 . 2008-12-10 21:04 <DIR> d-------- c:\documents and settings\eUnaas\Programdata\Nokia 2008-12-10 21:04 . 2008-12-10 21:04 <DIR> d-------- c:\documents and settings\All Users\Programdata\PC Suite 2008-12-10 21:03 . 2008-12-10 21:03 <DIR> d-------- c:\programfiler\Fellesfiler\PCSuite 2008-12-10 21:03 . 2008-12-10 21:03 <DIR> d-------- c:\programfiler\Fellesfiler\Nokia 2008-12-10 21:03 . 2008-12-10 21:03 <DIR> d-------- c:\programfiler\DIFX 2008-12-10 21:03 . 2007-09-17 15:53 21,632 --a------ c:\windows\system32\drivers\pccsmcfd.sys 2008-12-10 21:02 . 2008-12-10 21:02 <DIR> d-------- c:\programfiler\PC Connectivity Solution 2008-12-10 21:02 . 2008-12-10 21:03 <DIR> d-------- c:\programfiler\Nokia 2008-12-10 21:02 . 2008-12-10 21:02 <DIR> d-------- c:\documents and settings\All Users\Programdata\Installations 2008-12-10 21:02 . 2008-05-07 07:38 90,624 --a------ c:\windows\system32\nmwcdcls.dll 2008-12-07 20:14 . 2008-12-07 20:13 410,984 --a------ c:\windows\system32\deploytk.dll 2008-12-06 16:10 . 2008-12-06 17:00 <DIR> d-------- c:\documents and settings\eUnaas\DoctorWeb 2008-12-06 15:10 . 2008-12-06 15:10 <DIR> d-------- C:\Program Files 2008-12-04 13:11 . 2008-04-07 05:38 45,392 -ra------ c:\windows\system32\AdobePDF.dll 2008-12-04 13:11 . 2008-04-07 05:38 22,872 -ra------ c:\windows\system32\AdobePDFUI.dll 2008-12-02 23:29 . 2008-12-02 23:29 7,680 --ahs---- c:\windows\Thumbs.db 2008-12-02 22:53 . 2008-12-02 22:53 <DIR> d-------- c:\documents and settings\All Users\Programdata\SUPERAntiSpyware.com 2008-12-02 22:52 . 2008-12-09 15:01 <DIR> d-------- c:\programfiler\SUPERAntiSpyware 2008-12-02 22:52 . 2008-12-02 22:52 <DIR> d-------- c:\documents and settings\eUnaas\Programdata\SUPERAntiSpyware.com . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-27 03:46 --------- d-----w c:\documents and settings\eUnaas\Programdata\CoreFTP 2008-12-20 23:56 --------- d-----w c:\documents and settings\eUnaas\Programdata\uTorrent 2008-12-19 10:03 --------- d-----w c:\programfiler\DivX 2008-12-15 11:19 --------- d-----w c:\programfiler\Malwarebytes' Anti-Malware 2008-12-13 02:05 --------- d-----w c:\documents and settings\All Users\Programdata\Microsoft Help 2008-12-11 13:11 --------- d-----w c:\programfiler\T-Splines for Rhino 2008-12-09 16:19 --------- d-----w c:\programfiler\Free MOV 2 AVI 2008-12-09 16:19 --------- d-----w c:\programfiler\Autodesk 2008-12-09 16:15 --------- d-----w c:\programfiler\Fellesfiler\Apple 2008-12-09 16:09 --------- d-----w c:\programfiler\Fellesfiler\Wise Installation Wizard 2008-12-07 19:13 --------- d-----w c:\programfiler\Java 2008-12-05 08:50 --------- d-----w c:\programfiler\Fellesfiler\Adobe 2008-12-03 18:52 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2008-12-03 18:52 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2008-12-02 22:29 --------- d-----w c:\programfiler\AV Vcs 6.0 DIAMOND 2008-12-02 22:29 --------- d-----w c:\programfiler\AndreaMosaic Beta 2008-12-02 21:30 --------- d-----w c:\programfiler\Bonjour 2008-11-30 23:34 --------- d-----w c:\documents and settings\All Users\Programdata\FLEXnet 2008-11-25 23:52 --------- d-----w c:\programfiler\QuickTime 2008-11-25 12:15 --------- d-----w c:\programfiler\iTunes 2008-11-25 12:15 --------- d-----w c:\programfiler\iPod 2008-11-25 12:15 --------- d-----w c:\documents and settings\All Users\Programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-11-24 17:54 --------- d-----w c:\documents and settings\eUnaas\Programdata\Malwarebytes 2008-11-24 17:54 --------- d-----w c:\documents and settings\All Users\Programdata\Malwarebytes 2008-11-23 17:21 --------- d-----w c:\documents and settings\eUnaas\Programdata\dvdcss 2008-11-23 16:17 --------- d-----w c:\programfiler\Bongo 1.0 2008-11-23 01:41 --------- d-----w c:\programfiler\WIBU-SYSTEMS 2008-11-23 01:41 --------- d-----w c:\programfiler\Fellesfiler\ChaosGroup 2008-11-23 01:41 --------- d-----w c:\programfiler\Chaos Group 2008-11-21 21:46 200,704 ----a-w c:\windows\system32\ssldivx.dll 2008-11-21 21:46 1,044,480 ----a-w c:\windows\system32\libdivx.dll 2008-11-20 22:21 16,827 ----a-w c:\windows\system32\drivers\hosts 2008-11-12 20:43 --------- d-----w c:\programfiler\Fellesfiler\BinarySense 2008-11-12 20:43 --------- d-----w c:\programfiler\BinarySense 2008-11-12 08:56 --------- d-----w c:\documents and settings\All Users\Programdata\Autodesk 2008-11-07 23:11 --------- d-----w c:\documents and settings\All Users\Programdata\ALM 2008-11-07 23:05 --------- d-----w c:\programfiler\Fellesfiler\Adobe AIR 2008-11-06 22:09 --------- d-----w c:\documents and settings\eUnaas\Programdata\Autodesk 2008-11-06 22:05 --------- d-----w c:\documents and settings\All Users\Programdata\WinZip 2008-11-06 22:00 --------- d-----w c:\programfiler\turbo squid tentacles 2008-11-06 21:58 --------- d-----w c:\programfiler\Fellesfiler\Autodesk Shared 2008-11-05 04:32 --------- d-----w c:\documents and settings\All Users\Programdata\Minnetonka Audio Software 2008-11-05 03:51 --------- d-----w c:\documents and settings\eUnaas\Programdata\vlc 2008-11-05 03:45 --------- d-----w c:\programfiler\K-Lite Codec Pack 2008-11-03 12:10 --------- d-----w c:\documents and settings\All Users\Programdata\McNeel 2008-11-03 00:23 --------- d-----w c:\documents and settings\All Users\Programdata\TSplines 2008-11-03 00:17 --------- d--h--w c:\programfiler\InstallShield Installation Information 2008-11-03 00:17 --------- d-----w c:\documents and settings\All Users\Programdata\ASGvis 2008-11-03 00:16 --------- d-----w c:\documents and settings\All Users\Programdata\InstallShield 2008-11-03 00:15 --------- d-----w c:\programfiler\Fellesfiler\InstallShield 2008-11-02 20:59 --------- d-----w c:\programfiler\Rhinoceros 4.0 2008-11-02 20:50 --------- d-----w c:\programfiler\Flamingo 1.1 2008-11-02 20:31 --------- d-----w c:\programfiler\Rhinoceros 3.0 2008-11-02 20:28 --------- d-----w c:\programfiler\Common Files 2008-11-01 00:34 --------- d-----w c:\programfiler\MagicDisc 2008-11-01 00:15 --------- d-----w c:\programfiler\ISOpen 2008-10-31 13:22 --------- d-----w c:\programfiler\Audacity 2008-10-29 15:06 --------- d-----w c:\programfiler\Google 2008-10-23 12:43 286,720 ----a-w c:\windows\system32\gdi32.dll 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll 2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll 2008-10-16 01:02 665,600 ----a-w c:\windows\system32\wininet.dll 2008-10-03 10:04 247,326 ----a-w c:\windows\system32\strmdll.dll 2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll 2007-03-13 22:20 35,979 ----a-w c:\programfiler\Photoshop CS3 Read Me.html . ((((((((((((((((((((((((((((( snapshot@2008-12-26_21.49.15,23 ))))))))))))))))))))))))))))))))))))))))) . - 2008-11-06 21:53:39 68,608 ----a-w c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll + 2008-12-27 04:17:28 69,120 ----a-w c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll - 2008-11-06 21:53:47 72,192 ----a-w c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll + 2008-12-27 04:17:36 72,192 ----a-w c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll - 2008-11-06 21:53:47 4,308,992 ----a-w c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll + 2008-12-27 04:17:13 4,444,160 ----a-w c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll - 2008-11-06 21:53:48 482,304 ----a-w c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll + 2008-12-27 04:17:38 483,840 ----a-w c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll - 2008-11-06 21:53:44 2,902,016 ----a-w c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll + 2008-12-27 04:17:21 3,036,160 ----a-w c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll - 2008-11-06 21:53:35 258,048 ----a-w c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll + 2008-12-27 04:17:41 258,048 ----a-w c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll - 2008-11-06 21:53:35 114,176 ----a-w c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll + 2008-12-27 04:17:41 113,664 ----a-w c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll - 2008-11-06 21:53:52 260,096 ----a-w c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll + 2008-12-27 04:17:36 261,120 ----a-w c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll - 2008-11-06 21:53:42 5,156,864 ----a-w c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll + 2008-12-27 04:17:19 5,431,296 ----a-w c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll - 2008-11-06 21:53:39 10,752 ----a-w c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll + 2008-12-27 04:17:25 10,752 ----a-w c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll - 2008-11-06 21:53:35 507,904 ----a-w c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll + 2008-12-27 04:17:20 507,904 ----a-w c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll - 2008-11-06 21:53:36 13,312 ----a-w c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll + 2008-12-27 04:17:28 13,312 ----a-w c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll - 2008-11-06 21:53:46 8,192 ----a-w c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll + 2008-12-27 04:17:30 8,192 ----a-w c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll - 2008-11-06 21:53:46 36,864 ----a-w c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll + 2008-12-27 04:17:31 77,824 ----a-w c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll - 2008-11-06 21:53:47 5,632 ----a-w c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll + 2008-12-27 04:17:32 6,656 ----a-w c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll - 2008-11-06 21:53:37 413,696 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll + 2008-12-27 04:17:41 348,160 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll - 2008-11-06 21:53:38 36,864 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll + 2008-12-27 04:17:42 36,864 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll - 2008-11-06 21:53:38 647,168 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll + 2008-12-27 04:17:43 655,360 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll - 2008-11-06 21:53:38 73,728 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll + 2008-12-27 04:17:43 77,824 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll - 2008-11-06 21:53:37 749,568 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll + 2008-12-27 04:17:33 749,568 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll - 2008-11-06 21:53:54 110,592 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll + 2008-12-27 04:17:31 110,592 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll - 2008-11-06 21:53:53 372,736 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll + 2008-12-27 04:17:30 372,736 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll - 2008-11-06 21:53:34 28,672 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll + 2008-12-27 04:17:38 28,672 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll - 2008-11-06 21:53:53 667,648 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll + 2008-12-27 04:17:30 671,744 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll - 2008-11-06 21:53:54 5,632 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll + 2008-12-27 04:17:17 5,632 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll - 2008-11-06 21:53:35 12,800 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll + 2008-12-27 04:17:40 12,800 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll - 2008-11-06 21:53:34 32,768 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll + 2008-12-27 04:17:29 32,768 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll - 2008-11-06 21:53:34 7,168 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll + 2008-12-27 04:17:29 7,168 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll - 2008-11-06 21:53:50 110,592 ----a-w c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll + 2008-12-27 04:17:33 110,592 ----a-w c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll - 2008-11-06 21:53:40 81,920 ----a-w c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll + 2008-12-27 04:17:34 81,920 ----a-w c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll - 2008-11-06 21:53:50 413,696 ----a-w c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll + 2008-12-27 04:17:21 425,984 ----a-w c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll - 2008-11-06 21:53:48 716,800 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll + 2008-12-27 04:17:22 741,376 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll - 2008-11-06 21:53:36 888,832 ----a-w c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll + 2008-12-27 04:17:23 933,888 ----a-w c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll - 2008-11-06 21:53:45 5,001,216 ----a-w c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll + 2008-12-27 04:17:44 5,070,848 ----a-w c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll - 2008-11-06 21:53:41 188,416 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll + 2008-12-27 04:17:42 188,416 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll - 2008-11-06 21:53:40 397,312 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll + 2008-12-27 04:17:26 401,408 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll - 2008-11-06 21:53:41 81,920 ----a-w c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll + 2008-12-27 04:17:39 81,920 ----a-w c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll - 2008-11-06 21:53:51 577,536 ----a-w c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll + 2008-12-27 04:17:17 630,784 ----a-w c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll - 2008-11-06 21:53:49 372,736 ----a-w c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll + 2008-12-27 04:17:40 372,736 ----a-w c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll - 2008-11-06 21:53:52 258,048 ----a-w c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll + 2008-12-27 04:17:39 258,048 ----a-w c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll - 2008-11-06 21:53:49 299,008 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll + 2008-12-27 04:17:37 299,008 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll - 2008-11-06 21:53:50 131,072 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll + 2008-12-27 04:17:37 131,072 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll - 2008-11-06 21:53:39 258,048 ----a-w c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll + 2008-12-27 04:17:17 258,048 ----a-w c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll - 2008-11-06 21:53:41 114,688 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll + 2008-12-27 04:17:18 114,688 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll - 2008-11-06 21:53:53 835,584 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll + 2008-12-27 04:17:25 884,736 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll - 2008-11-06 21:53:42 86,016 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll + 2008-12-27 04:17:25 90,112 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll - 2008-11-06 21:53:42 823,296 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll + 2008-12-27 04:17:24 839,680 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll - 2008-11-06 21:53:43 5,152,768 ----a-w c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll + 2008-12-27 04:17:27 5,013,504 ----a-w c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll - 2008-11-06 21:53:44 2,027,520 ----a-w c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll + 2008-12-27 04:17:19 2,068,480 ----a-w c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll - 2008-11-06 21:53:51 2,940,928 ----a-w c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll + 2008-12-27 04:17:23 3,076,096 ----a-w c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll + 2008-12-27 04:24:17 27,136 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\c6772fd12a581ad3be49e3f2a80b5622\Accessibility.ni.dll + 2008-12-27 04:24:20 884,736 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\a1d353edc300e3aff0784202f68a657b\AspNetMMCExt.ni.dll + 2008-12-27 04:24:21 237,568 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\c10ec9b4de2b366236ec83237dc31281\CustomMarshalers.ni.dll + 2008-12-27 04:24:20 15,360 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\837fe02bdcf637d5bf1e5ffb935ebb80\dfsvc.ni.exe + 2008-12-27 04:24:23 876,544 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\9710a3c0d11dd264c3a6b88977699e9b\Microsoft.Build.Engine.ni.dll + 2008-12-27 04:24:24 81,920 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e2858a45971fb30b0c0523dbb52c1d4e\Microsoft.Build.Framework.ni.dll + 2008-12-27 04:24:27 1,695,744 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\63d69ffdf3c640d2d104a4b74e8115f8\Microsoft.Build.Tasks.ni.dll + 2008-12-27 04:24:28 167,936 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\11cb5418c06e30100616fbf205588489\Microsoft.Build.Utilities.ni.dll + 2008-12-27 04:24:32 1,740,800 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\923bd55258380eae77353d36a5a1b08f\Microsoft.VisualBasic.ni.dll + 2008-12-27 04:20:24 11,722,752 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\32e6f703c114f3a971cbe706586e3655\mscorlib.ni.dll + 2008-12-27 04:24:34 1,011,712 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\eee9b48577689e92db5a7b5c5de98d9b\System.Configuration.ni.dll + 2008-12-27 04:21:02 7,049,216 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\5f669e819da7010c1dca347a25597c42\System.Data.ni.dll + 2008-12-27 04:24:37 1,798,144 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\c7dea4895e1fa33d65e448c03de48d26\System.Deployment.ni.dll + 2008-12-27 04:21:27 10,969,088 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\c1e16b40e30a05c39be8aee46311841c\System.Design.ni.dll + 2008-12-27 04:24:40 1,224,704 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\914668b240550f529e54bb772c6fc881\System.DirectoryServices.ni.dll + 2008-12-27 04:24:42 512,000 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f11bc82c09955cb8438d3885a99c297d\System.DirectoryServices.Protocols.ni.dll + 2008-12-27 04:21:31 229,376 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\b974f6c17d17a533adf6e7710c5a62fa\System.Drawing.Design.ni.dll + 2008-12-27 04:21:30 1,667,072 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e83aac37b2623f1a24c70979f31dd56\System.Drawing.ni.dll + 2008-12-27 04:24:44 659,456 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\646131eda5f21f4e6216733d49c22c56\System.EnterpriseServices.ni.dll + 2008-12-27 04:24:44 294,912 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\646131eda5f21f4e6216733d49c22c56\System.EnterpriseServices.Wrapper.dll + 2008-12-27 04:24:46 733,184 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\2b5994269cc5b996231c9b21afea9a91\System.Security.ni.dll + 2008-12-27 04:24:47 233,472 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\193ac978af569ad9ee45110b359961b9\System.ServiceProcess.ni.dll + 2008-12-27 04:24:48 679,936 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\12e0aa1030badf4524f897e3f57b037a\System.Transactions.ni.dll + 2008-12-27 04:25:15 2,342,912 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\37d87b3cab1c66ec4430ebb2abeaa570\System.Web.Mobile.ni.dll + 2008-12-27 04:25:17 237,568 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\b5b81faf46fc63c20d5339b36edd02fa\System.Web.RegularExpressions.ni.dll + 2008-12-27 04:25:20 1,986,560 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\38991368499e2109ea4099a0fe29c5a3\System.Web.Services.ni.dll + 2008-12-27 04:25:10 12,509,184 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\67cfb70213562afe2ca9b9066764af3a\System.Web.ni.dll + 2008-12-27 04:21:51 13,193,216 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3d8c79c45aa674e43f075e2e66b8caf5\System.Windows.Forms.ni.dll + 2008-12-27 04:22:01 5,771,264 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c98cb65a79cfccb44ea727ebe4593ede\System.Xml.ni.dll + 2008-12-27 04:20:46 8,265,728 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System\ba0e3a22211ba7343e0116b051f2965a\System.ni.dll - 2005-09-23 05:28:52 72,704 ----a-w c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe + 2007-10-24 00:47:38 82,944 ----a-w c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe - 2005-09-23 05:28:52 7,680 ----a-w c:\windows\Microsoft.NET\Framework\sbscmp10.dll + 2007-10-24 00:47:38 16,896 ----a-w c:\windows\Microsoft.NET\Framework\sbscmp10.dll - 2005-09-23 05:28:56 7,680 ----a-w c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll + 2007-10-24 00:47:40 16,896 ----a-w c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll - 2005-09-23 05:28:58 7,680 ----a-w c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll + 2007-10-24 00:47:42 16,896 ----a-w c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll - 2005-09-23 05:28:56 7,680 ----a-w c:\windows\Microsoft.NET\Framework\SharedReg12.dll + 2007-10-24 00:47:40 16,896 ----a-w c:\windows\Microsoft.NET\Framework\SharedReg12.dll - 2005-09-23 05:28:52 86,528 ----a-w c:\windows\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll + 2007-10-24 00:47:38 97,280 ----a-w c:\windows\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll - 2005-09-23 05:28:36 18,944 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll + 2007-10-24 00:47:26 28,672 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll - 2005-09-23 05:28:42 136,192 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll + 2007-10-24 00:47:30 145,408 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll - 2005-09-23 05:28:44 4,608 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll + 2007-10-24 00:47:32 13,824 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll - 2005-09-23 05:29:04 183,808 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll + 2007-10-24 00:47:48 193,016 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll - 2005-09-23 05:28:28 208,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll + 2007-10-24 00:47:20 218,112 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll - 2005-09-23 05:28:56 10,752 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll + 2007-10-24 00:47:40 10,752 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll - 2005-09-23 05:28:58 138,240 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll + 2007-10-24 00:47:42 147,968 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll - 2005-09-23 05:28:36 87,552 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\alink.dll + 2007-10-24 00:47:26 99,320 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\alink.dll - 2007-04-13 01:21:18 58,712 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe + 2007-10-24 00:47:42 59,392 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe - 2005-09-23 05:28:32 36,864 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe + 2007-10-24 00:47:22 36,864 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe - 2007-04-13 01:20:52 10,752 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll + 2007-10-24 00:47:22 22,024 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll - 2007-04-13 01:20:52 8,192 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll + 2007-10-24 00:47:22 17,928 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll - 2007-04-13 01:20:52 23,552 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll + 2007-10-24 00:47:22 33,288 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll - 2007-04-13 01:20:50 75,264 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll + 2007-10-24 00:47:22 84,480 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll - 2005-09-23 05:28:32 13,824 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe + 2007-10-24 00:47:22 24,576 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe - 2007-04-13 01:20:52 32,608 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe + 2007-10-24 00:47:22 32,776 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe - 2005-09-23 05:28:32 106,496 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe + 2007-10-24 00:47:22 106,496 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe - 2007-04-13 01:20:52 33,632 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe + 2007-10-24 00:47:22 33,800 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe - 2007-04-13 01:20:52 32,600 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe + 2007-10-24 00:47:22 33,280 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe - 2007-04-13 01:20:52 507,904 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll + 2007-10-24 00:47:22 507,904 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll - 2005-09-23 05:28:56 106,496 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe + 2007-10-24 00:47:40 106,496 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe - 2007-04-13 01:21:16 88,576 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll + 2007-10-24 00:47:40 101,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll - 2005-09-23 05:28:42 76,984 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\csc.exe + 2007-10-24 00:47:30 80,376 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\csc.exe - 2005-09-23 05:28:42 1,144,832 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\cscomp.dll + 2007-10-24 00:47:30 1,162,744 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\cscomp.dll - 2005-09-23 05:28:42 13,312 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll + 2007-10-24 00:47:30 13,312 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll - 2005-09-23 05:28:58 17,920 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll + 2007-10-24 00:47:42 27,136 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll - 2005-09-23 05:28:56 68,608 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll + 2007-10-24 00:47:40 69,120 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll - 2005-09-23 05:28:44 31,936 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe + 2007-10-24 00:47:30 35,320 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe - 2005-09-23 05:28:38 52,736 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\dfdll.dll + 2007-10-24 00:47:28 66,552 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\dfdll.dll - 2007-04-13 01:20:58 5,120 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe + 2007-10-24 00:47:28 5,120 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe - 2005-09-23 05:29:12 547,840 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll + 2007-10-24 00:47:54 572,936 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll - 2005-09-23 05:28:56 788,992 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll + 2007-10-24 00:47:40 798,224 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll - 2005-09-23 05:28:50 9,216 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll + 2007-10-24 00:47:36 18,936 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll - 2007-04-13 01:21:16 9,728 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe + 2007-10-24 00:47:40 9,728 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe - 2005-09-23 05:28:56 8,192 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll + 2007-10-24 00:47:40 8,192 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll - 2005-09-23 05:28:56 36,864 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\IEHost.dll + 2007-10-24 00:47:40 77,824 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\IEHost.dll - 2005-09-23 05:28:56 5,632 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll + 2007-10-24 00:47:40 6,656 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll - 2007-04-13 01:21:16 228,688 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe + 2007-10-24 00:47:40 230,904 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe - 2007-04-13 01:21:16 28,672 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe + 2007-10-24 00:47:40 28,672 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe - 2005-09-23 05:28:56 55,296 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll + 2007-10-24 00:47:40 65,032 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll - 2005-09-23 05:28:56 72,192 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll + 2007-10-24 00:47:40 72,192 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll - 2005-09-23 05:28:48 40,960 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe + 2007-10-24 00:47:34 40,960 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe - 2007-04-13 01:21:10 413,696 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll + 2007-10-24 00:47:36 348,160 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll - 2005-09-23 05:28:48 36,864 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll + 2007-10-24 00:47:36 36,864 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll - 2007-04-13 01:21:10 647,168 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll + 2007-10-24 00:47:36 655,360 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll - 2005-09-23 05:28:48 73,728 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll + 2007-10-24 00:47:36 77,824 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll - 2007-04-13 01:21:08 749,568 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll + 2007-10-24 00:47:34 749,568 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll - 2005-09-23 05:29:10 110,592 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll + 2007-10-24 00:47:52 110,592 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll - 2005-09-23 05:29:10 372,736 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll + 2007-10-24 00:47:52 372,736 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll - 2005-09-23 05:29:08 667,648 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll + 2007-10-24 00:47:50 671,744 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll - 2005-09-23 05:28:30 28,672 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll + 2007-10-24 00:47:20 28,672 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll - 2005-09-23 05:29:10 5,632 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll + 2007-10-24 00:47:52 5,632 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll - 2005-09-23 05:28:30 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll + 2007-10-24 00:47:20 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll - 2005-09-23 05:28:30 12,800 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll + 2007-10-24 00:47:20 12,800 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll - 2005-09-23 05:28:30 7,168 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll + 2007-10-24 00:47:20 7,168 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll - 2007-04-13 01:20:52 87,040 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll + 2007-10-24 00:47:22 97,792 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll - 2005-09-23 05:28:48 69,632 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe + 2007-10-24 00:47:36 69,632 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe - 2007-04-13 01:21:18 802,304 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll + 2007-10-24 00:47:40 822,280 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll - 2005-09-23 05:28:56 73,216 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll + 2007-10-24 00:47:40 83,456 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll - 2005-09-23 05:28:56 288,768 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll + 2007-10-24 00:47:40 308,224 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll - 2007-04-13 01:21:16 36,864 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorie.dll + 2007-10-24 00:47:40 47,104 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorie.dll - 2007-04-13 01:21:16 326,656 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll + 2007-10-24 00:47:40 348,672 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll - 2005-09-23 05:28:56 81,408 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorld.dll + 2007-10-24 00:47:40 94,208 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorld.dll - 2007-04-13 01:21:16 4,308,992 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll + 2007-10-24 00:47:40 4,444,160 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll - 2007-04-13 01:21:16 102,912 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll + 2007-10-24 00:47:40 114,688 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll - 2005-09-23 05:29:00 330,752 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll + 2007-10-24 00:47:44 340,992 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll - 2005-09-23 05:28:56 67,072 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll + 2007-10-24 00:47:40 77,312 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll - 2005-09-23 05:28:50 9,216 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll + 2007-10-24 00:47:36 18,944 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll - 2007-04-13 01:21:18 227,328 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll + 2007-10-24 00:47:40 242,688 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll - 2007-04-13 01:21:18 68,952 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe + 2007-10-24 00:47:40 70,144 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe - 2005-09-23 05:28:56 10,240 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscortim.dll + 2007-10-24 00:47:40 19,456 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscortim.dll - 2007-04-13 01:21:12 5,634,048 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll + 2007-10-24 00:47:36 5,814,784 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll - 2005-09-23 05:29:00 22,528 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll + 2007-10-24 00:47:44 31,744 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll - 2007-04-13 01:21:16 99,152 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe + 2007-10-24 00:47:40 101,880 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe - 2007-04-13 01:21:18 15,360 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\normalization.dll + 2007-10-24 00:47:40 24,584 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\normalization.dll - 2005-09-23 05:28:56 78,336 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll + 2007-10-24 00:47:40 89,096 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll - 2007-04-13 01:21:12 136,192 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\peverify.dll + 2007-10-24 00:47:36 144,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\peverify.dll - 2005-09-23 05:28:56 53,248 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe + 2007-10-24 00:47:40 53,248 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe - 2005-09-23 05:28:56 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe + 2007-10-24 00:47:40 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe - 2005-09-23 05:29:02 59,072 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe + 2007-10-24 00:47:46 61,952 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe - 2005-09-23 05:28:58 7,680 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll + 2007-10-24 00:47:42 16,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll - 2005-09-23 05:28:56 107,520 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\shfusion.dll + 2007-10-24 00:47:40 119,296 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\shfusion.dll - 2005-09-23 05:29:00 85,504 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll + 2007-10-24 00:47:44 95,232 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll - 2007-04-13 01:21:18 382,464 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll + 2007-10-24 00:47:40 392,696 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll - 2007-04-13 01:21:18 110,592 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll + 2007-10-24 00:47:40 110,592 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll - 2007-04-13 01:21:18 413,696 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll + 2007-10-24 00:47:42 425,984 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll - 2005-09-23 05:28:56 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll + 2007-10-24 00:47:40 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll - 2007-04-13 01:21:16 2,902,016 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.dll + 2007-10-24 00:47:40 3,036,160 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.dll - 2007-04-13 01:21:18 482,304 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll + 2007-10-24 00:47:40 483,840 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll - 2007-04-13 01:21:18 716,800 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll + 2007-10-24 00:47:40 741,376 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll - 2007-04-13 01:20:58 888,832 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll + 2007-10-24 00:47:28 933,888 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll - 2007-04-13 01:21:16 5,001,216 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll + 2007-10-24 00:47:40 5,070,848 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll - 2005-09-23 05:28:56 397,312 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll + 2007-10-24 00:47:40 401,408 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll - 2007-04-13 01:21:18 188,416 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll + 2007-10-24 00:47:40 188,416 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll - 2007-04-13 01:21:16 2,940,928 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll + 2007-10-24 00:47:40 3,076,096 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll - 2005-09-23 05:28:56 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll + 2007-10-24 00:47:40 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll - 2007-04-13 01:21:16 577,536 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll + 2007-10-24 00:47:40 630,784 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll - 2007-04-13 01:21:16 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll + 2007-10-24 00:47:40 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll - 2007-04-13 01:21:18 47,616 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll + 2007-10-24 00:47:40 57,392 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll - 2007-04-13 01:21:18 114,176 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll + 2007-10-24 00:47:40 113,664 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll - 2007-04-13 01:21:16 372,736 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Management.dll + 2007-10-24 00:47:40 372,736 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Management.dll - 2005-09-23 05:28:56 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll + 2007-10-24 00:47:40 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll - 2007-04-13 01:21:16 299,008 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll + 2007-10-24 00:47:40 299,008 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll - 2005-09-23 05:28:56 131,072 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll + 2007-10-24 00:47:40 131,072 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll - 2005-09-23 05:28:56 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll + 2007-10-24 00:47:40 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll - 2005-09-23 05:28:56 114,688 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll + 2007-10-24 00:47:40 114,688 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll - 2007-04-13 01:21:18 260,096 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll + 2007-10-24 00:47:40 261,120 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll - 2007-04-13 01:21:16 5,156,864 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll + 2007-10-24 00:47:40 5,431,296 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll - 2005-09-23 05:28:56 835,584 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll + 2007-10-24 00:47:40 884,736 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll - 2005-09-23 05:28:56 86,016 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll + 2007-10-24 00:47:40 90,112 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll - 2005-09-23 05:28:56 823,296 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll + 2007-10-24 00:47:40 839,680 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll - 2007-04-13 01:21:16 5,152,768 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll + 2007-10-24 00:47:40 5,013,504 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll - 2007-04-13 01:21:16 2,027,520 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.XML.dll + 2007-10-24 00:47:40 2,068,480 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.XML.dll - 2005-09-23 05:28:56 71,680 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL + 2007-10-24 00:47:40 81,400 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL - 2007-04-13 01:21:28 1,166,672 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe + 2007-10-24 00:47:48 1,172,472 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe - 2007-04-13 01:20:50 1,330,688 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll + 2007-10-24 00:47:20 1,344,000 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll - 2007-04-13 01:20:52 406,016 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll + 2007-10-24 00:47:22 434,688 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll - 2005-09-23 05:28:56 28,160 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll + 2007-10-24 00:47:40 37,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll - 2005-09-23 05:28:38 83,456 ----a-w c:\windows\system32\dfshim.dll + 2007-10-24 00:47:28 96,760 ----a-w c:\windows\system32\dfshim.dll - 2007-04-13 01:21:14 271,360 ----a-w c:\windows\system32\mscoree.dll + 2007-10-24 00:47:38 282,112 ----a-w c:\windows\system32\mscoree.dll - 2005-09-23 05:28:52 150,016 ----a-w c:\windows\system32\mscorier.dll + 2007-10-24 00:47:38 158,720 ----a-w c:\windows\system32\mscorier.dll - 2005-09-23 05:28:52 74,240 ----a-w c:\windows\system32\mscories.dll + 2007-10-24 00:47:38 84,480 ----a-w c:\windows\system32\mscories.dll - 2005-09-23 05:29:00 6,144 ----a-w c:\windows\system32\mui\0409\mscorees.dll + 2007-10-24 00:47:44 15,360 ----a-w c:\windows\system32\mui\0409\mscorees.dll - 2008-11-06 21:54:08 59,440 ----a-w c:\windows\system32\perfc009.dat + 2008-12-27 04:17:55 60,624 ----a-w c:\windows\system32\perfc009.dat - 2008-11-06 21:54:08 76,126 ----a-w c:\windows\system32\perfc014.dat + 2008-12-27 04:17:55 77,514 ----a-w c:\windows\system32\perfc014.dat - 2008-11-06 21:54:08 395,200 ----a-w c:\windows\system32\perfh009.dat + 2008-12-27 04:17:55 400,464 ----a-w c:\windows\system32\perfh009.dat - 2008-11-06 21:54:08 419,984 ----a-w c:\windows\system32\perfh014.dat + 2008-12-27 04:17:55 425,176 ----a-w c:\windows\system32\perfh014.dat + 2008-12-27 12:24:41 16,384 ----atw c:\windows\temp\Perflib_Perfdata_5f8.dat + 2008-12-27 04:17:30 8,192 ----a-w c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll + 2007-10-24 00:47:56 479,232 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcm80.dll + 2007-10-24 00:47:56 558,080 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcp80.dll + 2007-10-24 00:47:56 635,904 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcr80.dll - 2008-11-06 21:53:35 258,048 ----a-w c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll + 2008-12-27 04:17:41 258,048 ----a-w c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll - 2008-11-06 21:53:35 114,176 ----a-w c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll + 2008-12-27 04:17:41 113,664 ----a-w c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll . -- Snapshot resatt til dagens dato -- . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HDDtemp4"="c:\programfiler\BinarySense\HDDTemp4\\hddtemp4" [X] "MsnMsgr"="c:\programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "mRouterConfig"="c:\programfiler\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe" [2006-03-02 290816] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programfiler\Fellesfiler\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136] "SUPERAntiSpyware"="c:\programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-09 1809648] "Nokia.PCSync"="c:\programfiler\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280] "PC Suite Tray"="c:\programfiler\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-10-02 1124352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\System32\igfxtray.exe" [2005-04-05 94208] "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2005-04-05 77824] "Persistence"="c:\windows\System32\igfxpers.exe" [2005-04-05 114688] "GrooveMonitor"="c:\programfiler\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2008-12-07 136600] "Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "Adobe Photo Downloader"="c:\programfiler\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe" [2008-04-01 61440] "NeroFilterCheck"="c:\programfiler\Fellesfiler\Nero\Lib\NeroCheck.exe" [2008-02-28 570664] "NBKeyScan"="c:\programfiler\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "Jet Detection"="c:\programfiler\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-20 8429568] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-20 81920] "PC Suite for Smartphones"="c:\programfiler\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" [2007-12-25 548864] "AdobeCS4ServiceManager"="c:\programfiler\Fellesfiler\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "QuickTime Task"="c:\programfiler\QuickTime\QTTask.exe" [2008-11-04 413696] "iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe" [2008-11-20 290088] "Adobe Acrobat Speed Launcher"="c:\programfiler\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232] "Acrobat Assistant 8.0"="c:\programfiler\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376] "WINDVDPatch"="CTHELPER.EXE" [2002-07-02 c:\windows\system32\CTHELPER.EXE] "nwiz"="nwiz.exe" [2007-04-20 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\eUnaas\Start-meny\Programmer\Oppstart\ MagicDisc.lnk - c:\programfiler\MagicDisc\MagicDisc.exe [2008-11-01 575488] OneNote 2007 Screen Clipper og Launcher.lnk - c:\programfiler\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ PC-s›k i Windows.lnk - c:\programfiler\Windows Desktop Search\WindowsSearch.exe [2007-02-05 118784] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programfiler\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-09 15:01 352256 c:\programfiler\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3fhg"= mp3fhg.acm "msacm.divxa32"= divxa32.acm "VIDC.X264"= x264vfw.dll "VIDC.HFYU"= huffyuv.dll "vidc.i263"= i263_32.drv [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "c:\\Programfiler\\uTorrent\\uTorrent.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Programfiler\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Programfiler\\Intuwave\\Shared\\mRouterRuntime\\mRouterRuntime.exe"= "c:\\Programfiler\\LimeWire\\LimeWire.exe"= "c:\\Programfiler\\Sony Ericsson\\Mobile4\\Sync Manager\\DXP SyncML.exe"= "c:\\Programfiler\\AVG\\AVG8\\avgupd.exe"= "c:\\Programfiler\\Sony Ericsson\\Update Service\\Update Service.exe"= "c:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "c:\\Programfiler\\Rhinoceros 4.0\\System\\Rhino4.exe"= "c:\\Programfiler\\Autodesk\\3ds Max 2008\\3dsmax.exe"= "c:\\Programfiler\\Fellesfiler\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\Programfiler\\iTunes\\iTunes.exe"= "skp66.exe"= skp66.exe:BNDMSS "cleannt.exe"= cleannt.exe:BNDMSS [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:TCP"= 5353:TCP:Adobe CSI CS4 R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-07-06 97928] R1 SASDIFSV;SASDIFSV;\??\c:\programfiler\SUPERAntiSpyware\SASDIFSV.SYS [2008-11-17 8944] R1 SASKUTIL;SASKUTIL;\??\c:\programfiler\SUPERAntiSpyware\SASKUTIL.sys [2008-11-17 55024] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-06 231704] R2 HDD & SSD access service;HDD & SSD access service;c:\programfiler\Fellesfiler\BinarySense\disksvc.exe [2008-11-06 174848] R3 SASENUM;SASENUM;\??\c:\programfiler\SUPERAntiSpyware\SASENUM.SYS [2008-11-17 7408] R3 zebrceb;Sony Ericsson Cable Emulation Bus (WDM);c:\windows\system32\DRIVERS\zebrceb.sys [2008-06-23 63360] S3 UltraMonMirror;UltraMonMirror;c:\windows\system32\DRIVERS\UltraMonMirror.sys [] S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl.sys [] S3 zebrbus;Sony Ericsson Composite Device driver;c:\windows\system32\DRIVERS\zebrbus.sys [2008-06-23 83200] S3 zebrmdfl;Sony Ericsson Modem Filter;c:\windows\system32\DRIVERS\zebrmdfl.sys [2008-06-23 14848] S3 zebrmdm;Sony Ericsson Port (WDM);c:\windows\system32\DRIVERS\zebrmdm.sys [2008-06-23 109568] S3 zebrmdmc;Sony Ericsson mRouter Port (WDM);c:\windows\system32\DRIVERS\zebrmdmc.sys [2008-06-23 109568] S3 zebrsce;Sony Ericsson PC-Connect Port;c:\windows\system32\DRIVERS\zebrsce.sys [2008-06-23 91264] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2008-12-23 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.google.no/ uInternet Settings,ProxyOverride = *.local IE: Append Link Target to Existing PDF - c:\programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\programfiler\CoreFTP\pftpns.dll c:\windows\Downloaded Program Files\WCAFLauncher.ocx - O16 -: {8AC7E0D3-34B8-11D5-A617-00D0B7838ECB} hxxps://rootxtra01.hafslund.no/include/launcher/WCAFLauncher.CAB c:\windows\Downloaded Program Files\WCAFLauncher.INF FF - ProfilePath - c:\documents and settings\eUnaas\Programdata\Mozilla\Firefox\Profiles\4a4w5d3l.default\ FF - component: c:\documents and settings\eUnaas\Programdata\Mozilla\Firefox\Profiles\4a4w5d3l.default\extensions\[email protected]\components\BkMrkExt.dll FF - plugin: c:\documents and settings\eUnaas\Lokale innstillinger\Programdata\myVRnpapi\npmyvr.dll FF - plugin: c:\programfiler\Mozilla Firefox\plugins\npOGAPlugin.dll ATTENTION: FIREFOX POLICES IS IN FORCE c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-27 13:33:28 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(652) c:\windows\system32\avgrsstx.dll c:\programfiler\SUPERAntiSpyware\SASWINLO.DLL c:\programfiler\Fellesfiler\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll - - - - - - - > 'lsass.exe'(720) c:\windows\system32\avgrsstx.dll . Tidspunkt ferdig: 2008-12-27 13:34:24 ComboFix-quarantined-files.txt 2008-12-27 12:34:15 ComboFix2.txt 2008-12-27 04:09:46 ComboFix3.txt 2008-12-26 20:49:34 ComboFix4.txt 2008-12-19 14:39:31 Pre-Run: 15 769 116 672 byte ledig Post-Run: 15,770,714,112 byte ledig 677 --- E O F --- 2008-12-19 02:00:34 Endret 27. desember 2008 av eunaas Lenke til kommentar
eUnaas Skrevet 27. desember 2008 Forfatter Del Skrevet 27. desember 2008 Foreløbig er pcen strålende fornøyd. Ingen har plaget meg ennå. Jeg har nå fått mulighet til å skru på firewall og automatiske oppdateringer igjen. Jeg ser at antall prosesser som kjører (uten at noen programmer er åpne) er redusert fra 75 til 60. Er 60 mye, når jeg ikke har noen åpne programmer? Lenke til kommentar
norbat Skrevet 27. desember 2008 Del Skrevet 27. desember 2008 Bruk utforsker til å slette følgende to filer: c:\documents and settings\eUnaas\avcenter.bat c:\documents and settings\eUnaas\svnmgr.bat Kjør deretter en full skann med antivirusprogrammet ditt (avg). Deretter fjerner du combofix (skriv combofix /u i kjør-feltet). Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå