tauromachine Skrevet 13. januar 2008 Del Skrevet 13. januar 2008 F-secure: Results Boot Sectors Scanned: 1 Infected: 0 Suspected: 0 Disinfected: 0 Files Scanned: 169549 Infected: 3 Suspected: 0 Disinfected: 0 Renamed: 0 Deleted: 0 Quarantined: 0 Report C:\WINDOWS\images.0ip Infection: Backdoor.Win32.IRCBot.bau C:\WINDOWS\LSSAS.0XE Infection: Backdoor.Win32.IRCBot.bau C:\WINDOWS\images.0ip\IMG34814.pif Infection: Backdoor.Win32.IRCBot.bau Lenke til kommentar
norbat Skrevet 13. januar 2008 Del Skrevet 13. januar 2008 (endret) Han jeg fikk den hos, fikk fjerna med Norton. Er det sannsynlig at F-secure kommer med oppdatering som tar den i morra feks? Det vil jeg neste tro, om de ikke allerede har en oppdatering klar for manuell nedlasting. Du kunne postet en Combofix-logg. Den kan fortelle om det er opprettet noen filer nylig som tilhører msn-plagen: Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix (c:\combofix.txt) Edit: Så ikke sisteposten din, men tydeligvis så har F-secure kontroll på dette. Nå er det også noen andre filer som er knyttet til denne infeksjonen. Jeg har ikke sett den hos alle, og om F-secure er oppdatert på disse filene vet jeg ikke. En Combofix vil uansett avsløre dem om de finnes. Endret 13. januar 2008 av norbat Lenke til kommentar
tauromachine Skrevet 13. januar 2008 Del Skrevet 13. januar 2008 ComboFix 08-01-13.1 - Morten 2008-01-13 20:55:34.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1415 [GMT 1:00] Running from: C:\Documents and Settings\Morten\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2007-12-13 to 2008-01-13 ))))))))))))))))))))))))))))))) . 2008-01-13 20:53 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-12 20:46 . 2008-01-12 20:47 21,588 --a------ C:\WINDOWS\rawr6.rar 2008-01-12 20:41 . 2008-01-13 17:40 45,690 --a------ C:\WINDOWS\images.0ip 2008-01-12 20:41 . 2008-01-12 20:41 45,568 --------- C:\WINDOWS\LSSAS.0XE 2008-01-10 22:20 . 2008-01-10 22:20 <DIR> d-------- C:\Documents and Settings\Cathrine\Application Data\vlc 2008-01-10 22:15 . 2008-01-13 01:08 <DIR> d-------- C:\morten 2007-12-15 19:02 . 2007-10-11 00:55 6,065,664 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll 2007-12-15 19:02 . 2007-07-01 04:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2007-12-15 19:02 . 2007-07-01 04:36 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2007-12-15 19:02 . 2007-10-11 00:55 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-12-15 19:02 . 2007-10-11 00:55 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-12-15 19:02 . 2007-10-11 00:55 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll 2007-12-15 19:02 . 2007-10-11 00:55 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll 2007-12-15 19:02 . 2007-10-11 00:55 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-12-15 19:02 . 2007-10-10 11:59 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-12-15 19:00 . 2007-12-15 19:00 <DIR> d-------- C:\downloads 2007-12-15 19:00 . 2007-12-15 19:06 <DIR> d-------- C:\Documents and Settings\Morten\Application Data\FMZilla 2007-12-15 18:56 . 2007-12-15 19:10 <DIR> d-------- C:\Program Files\Free Music Zilla . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-13 02:11 --------- d-----w C:\Program Files\Soulseek 2008-01-13 02:11 --------- d-----w C:\Documents and Settings\Morten\Application Data\uTorrent 2007-12-19 20:27 --------- d-----w C:\Documents and Settings\Morten\Application Data\FileZilla 2007-12-18 20:52 --------- d-----w C:\Program Files\Last.fm 2007-11-22 18:13 --------- d-----w C:\Program Files\FileZilla Client 2007-11-14 21:16 --------- d-----w C:\Program Files\Common Files\Adobe 2007-11-14 21:15 --------- d-----w C:\Program Files\Java 2007-11-14 21:14 --------- d-----w C:\Program Files\Common Files\Java 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-11-06 21:08 21,393 ----a-w C:\WINDOWS\AegisP.sys 2007-11-06 20:35 81,920 ------r C:\WINDOWS\bwUnin-6.1.4.58-7681197L.exe 2007-10-29 22:35 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-27 16:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-23 16:49 586,240 ----a-w C:\WINDOWS\WLXPGSS.SCR 2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 12:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:56 64512] "PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2006-08-22 15:32 184320] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 12:56 761947] "Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2007-03-16 18:10 1392640] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 14:43 45056] "SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 15:35 397312 C:\WINDOWS\stsystra.exe] "F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.exe" [2005-09-19 09:30 106571] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 16:32 823296] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 16:30 974848] "Telenor Online Start"="C:\Program Files\Telenor\Online Start\Telenor.exe" [2006-11-30 14:51 178312] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 20:16 286720] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36 267048] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 06:28 36352] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 12:00 15360] C:\Documents and Settings\Morten\Start Menu\Programs\Startup\ Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-11-07 19:14:22] Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-07-20 18:57:16] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme R2 BackWeb Client - 7681197;F-Secure BackWeb;C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE [2007-11-06 21:35] R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2003-11-14 17:52] R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSgk.sys [2005-09-23 09:23] R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys [2003-02-06 12:32] R2 FSpm;F-Secure Policy Manager;C:\Program Files\F-Secure\Common\FSPM.SYS [2005-09-19 09:30] R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2007-10-12 08:34] *Newly Created Service* - PROCEXP90 . Contents of the 'Scheduled Tasks' folder "2008-01-11 21:34:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-13 20:57:19 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-13 20:57:49 . 2008-01-09 22:46:14 --- E O F --- Lenke til kommentar
tauromachine Skrevet 13. januar 2008 Del Skrevet 13. januar 2008 Tror ikke F-secure har kontroll. Jeg får beskjed om at det ikke kan fjernes, og når jeg scanner på nytt finner den fortsatt tre infiserte filer. Lenke til kommentar
norbat Skrevet 13. januar 2008 Del Skrevet 13. januar 2008 F-sercure har renamet filene. Du kan slette dem via utforsker: C:\WINDOWS\images.0ip C:\WINDOWS\LSSAS.0XE Kunne du også ha sjekket følgende fil: C:\WINDOWS\rawr6.rar ved å laste den opp på: http://virusscan.jotti.org/. (Alt. http://www.virustotal.com/). gi tilbakemelding på om det ble funnet noe. Lenke til kommentar
tauromachine Skrevet 13. januar 2008 Del Skrevet 13. januar 2008 Tusen takk! Tomlene opp til deg, norbat! Scanninga fant ingenting på rawr6.rar, og F-secure melder ikke om funn lenger. Om du har lyst til å hjelpe mer, kjører jeg Spybot-search and destroy og der får jeg hver gang beskjed om jeg har to ptoblemer med "Ad Revolver". Spybot sier det fikser problemet, men neste gang jeg kjører Spybot dukker det samme opp igjen. Lenke til kommentar
bjoffe Skrevet 13. januar 2008 Del Skrevet 13. januar 2008 Hei, Jeg fikk også denne linken pr MSN idag, og i et svakt øyeblikk trykket jeg på kjør. Jeg skønte med en gang hva det var, og kasta meg over restart-knappen. Jeg tror jeg rakk det i tide, men er jo langt fra sikker. Legger ved Hijack-logg, skrik hvis noen ser faretegn...: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:35:49, on 13.01.2008 Platform: Windows 2003 SP2 (WinNT 5.02.3790) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: E:\PROGRA~2\Grisoft\AVG7\avgrssvc.exe E:\Program Files (x86)\Lavasoft\Ad-Aware 2007\aawservice.exe E:\WINDOWS\SOUNDMAN.EXE E:\Program Files (x86)\DAEMON Tools\daemon.exe E:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe E:\WINDOWS\SysWOW64\ctfmon.exe E:\Program Files (x86)\MagicTune Premium\GammaTray.exe E:\Program Files (x86)\SEC\Natural Color Pro\NCProTray.exe E:\PROGRA~2\Grisoft\AVG7\avgcc.exe E:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe E:\WINDOWS\system32\CTHELPER.EXE E:\WINDOWS\system32\CTXFIHLP.EXE E:\PROGRA~2\Grisoft\AVG7\avgamsvr.exe E:\Program Files (x86)\SanDisk\Sansa Updater\SansaDispatch.exe E:\WINDOWS\SysWOW64\CTXFISPI.EXE E:\PROGRA~2\Grisoft\AVG7\avgupsvc.exe E:\PROGRA~2\Grisoft\AVG7\avgrssvc.exe E:\PROGRA~2\Grisoft\AVG7\avgemc.exe E:\Program Files (x86)\MagicTune Premium\MagicTuneEngine.exe E:\WINDOWS\SysWOW64\PnkBstrA.exe E:\Program Files (x86)\MSN Messenger\usnsvc.exe E:\Program Files (x86)\Xfire\xfire.exe E:\Program Files (x86)\EA GAMES\Battlefield 2\BF2.exe E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~e5.0001 E:\Documents and Settings\Administrator\Desktop\WidescreenFixer.exe E:\Program Files (x86)\Opera\Opera.exe E:\PROGRA~2\Grisoft\AVG7\avgwb.dat E:\Program Files (x86)\WinRAR\WinRAR.exe E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.718\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 F2 - REG:system.ini: UserInit=userinit O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~2\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\PROGRA~2\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~2\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [GrooveMonitor] "E:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "E:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [sansaDispatch] "E:\Program Files (x86)\SanDisk\Sansa Updater\SansaDispatch.exe" O4 - HKCU\..\Run: [DAEMON Tools] "E:\Program Files (x86)\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files (x86)\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [iSUSPM] "E:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] E:\PROGRA~2\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user') O4 - Startup: Adobe Gamma.lnk = E:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: GammaTray.lnk = ? O4 - Global Startup: NCProTray.lnk = ? O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://E:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Program Files (x86)\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Program Files (x86)\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O15 - ESC Trusted Zone: http://runonce.msn.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\PROGRA~2\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - E:\Program Files (x86)\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~2\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~2\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - E:\PROGRA~2\Grisoft\AVG7\avgrssvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - E:\PROGRA~2\Grisoft\AVG7\avgemc.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - E:\WINDOWS\System32\dmadmin.exe (file missing) O23 - Service: Event Log (Eventlog) - Unknown owner - E:\WINDOWS\system32\services.exe (file missing) O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - E:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - E:\WINDOWS\system32\imapi.exe (file missing) O23 - Service: MagicTuneEngine - Unknown owner - E:\Program Files (x86)\MagicTune Premium\MagicTuneEngine.exe O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - E:\WINDOWS\system32\msdtc.exe (file missing) O23 - Service: Net Logon (Netlogon) - Unknown owner - E:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - E:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - E:\WINDOWS\system32\nvsvc64.exe (file missing) O23 - Service: Plug and Play (PlugPlay) - Unknown owner - E:\WINDOWS\system32\services.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - E:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - E:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - E:\WINDOWS\system32\sessmgr.exe (file missing) O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - E:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Virtual Disk Service (vds) - Unknown owner - E:\WINDOWS\System32\vds.exe (file missing) O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - E:\WINDOWS\System32\vssvc.exe (file missing) O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - E:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing) -- End of file - 9169 bytes Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:35:49, on 13.01.2008 Platform: Windows 2003 SP2 (WinNT 5.02.3790) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: E:\PROGRA~2\Grisoft\AVG7\avgrssvc.exe E:\Program Files (x86)\Lavasoft\Ad-Aware 2007\aawservice.exe E:\WINDOWS\SOUNDMAN.EXE E:\Program Files (x86)\DAEMON Tools\daemon.exe E:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe E:\WINDOWS\SysWOW64\ctfmon.exe E:\Program Files (x86)\MagicTune Premium\GammaTray.exe E:\Program Files (x86)\SEC\Natural Color Pro\NCProTray.exe E:\PROGRA~2\Grisoft\AVG7\avgcc.exe E:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe E:\WINDOWS\system32\CTHELPER.EXE E:\WINDOWS\system32\CTXFIHLP.EXE E:\PROGRA~2\Grisoft\AVG7\avgamsvr.exe E:\Program Files (x86)\SanDisk\Sansa Updater\SansaDispatch.exe E:\WINDOWS\SysWOW64\CTXFISPI.EXE E:\PROGRA~2\Grisoft\AVG7\avgupsvc.exe E:\PROGRA~2\Grisoft\AVG7\avgrssvc.exe E:\PROGRA~2\Grisoft\AVG7\avgemc.exe E:\Program Files (x86)\MagicTune Premium\MagicTuneEngine.exe E:\WINDOWS\SysWOW64\PnkBstrA.exe E:\Program Files (x86)\MSN Messenger\usnsvc.exe E:\Program Files (x86)\Xfire\xfire.exe E:\Program Files (x86)\EA GAMES\Battlefield 2\BF2.exe E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~e5.0001 E:\Documents and Settings\Administrator\Desktop\WidescreenFixer.exe E:\Program Files (x86)\Opera\Opera.exe E:\PROGRA~2\Grisoft\AVG7\avgwb.dat E:\Program Files (x86)\WinRAR\WinRAR.exe E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.718\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 F2 - REG:system.ini: UserInit=userinit O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~2\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\PROGRA~2\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~2\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [GrooveMonitor] "E:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "E:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [sansaDispatch] "E:\Program Files (x86)\SanDisk\Sansa Updater\SansaDispatch.exe" O4 - HKCU\..\Run: [DAEMON Tools] "E:\Program Files (x86)\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files (x86)\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [iSUSPM] "E:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] E:\PROGRA~2\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user') O4 - Startup: Adobe Gamma.lnk = E:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: GammaTray.lnk = ? O4 - Global Startup: NCProTray.lnk = ? O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://E:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Program Files (x86)\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Program Files (x86)\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O15 - ESC Trusted Zone: http://runonce.msn.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\PROGRA~2\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - E:\Program Files (x86)\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~2\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~2\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - E:\PROGRA~2\Grisoft\AVG7\avgrssvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - E:\PROGRA~2\Grisoft\AVG7\avgemc.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - E:\WINDOWS\System32\dmadmin.exe (file missing) O23 - Service: Event Log (Eventlog) - Unknown owner - E:\WINDOWS\system32\services.exe (file missing) O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - E:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - E:\WINDOWS\system32\imapi.exe (file missing) O23 - Service: MagicTuneEngine - Unknown owner - E:\Program Files (x86)\MagicTune Premium\MagicTuneEngine.exe O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - E:\WINDOWS\system32\msdtc.exe (file missing) O23 - Service: Net Logon (Netlogon) - Unknown owner - E:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - E:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - E:\WINDOWS\system32\nvsvc64.exe (file missing) O23 - Service: Plug and Play (PlugPlay) - Unknown owner - E:\WINDOWS\system32\services.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - E:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - E:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - E:\WINDOWS\system32\sessmgr.exe (file missing) O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - E:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Virtual Disk Service (vds) - Unknown owner - E:\WINDOWS\System32\vds.exe (file missing) O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - E:\WINDOWS\System32\vssvc.exe (file missing) O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - E:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing) -- End of file - 9169 bytes Lenke til kommentar
norbat Skrevet 13. januar 2008 Del Skrevet 13. januar 2008 (endret) tauromachine: Og hvor skulle disse filene ligge? Snakker vi om noen form for Tracking Cookies? Endret 13. januar 2008 av norbat Lenke til kommentar
norbat Skrevet 13. januar 2008 Del Skrevet 13. januar 2008 bjoffe: Din raske reaksjon berget deg Vi kunne ha sjekke en logg som sier litt mer, hvis du ønsker: Last ned DSS (Deckard's System Scanner) til skrivebordet. Kjør programmet. Følge veiledningen. Post loggen (main.txt) Lenke til kommentar
Etern1tyy Skrevet 13. januar 2008 Del Skrevet 13. januar 2008 http://itpro.no/art/12038.html kan ikke gjør mer enn det Lenke til kommentar
norbat Skrevet 13. januar 2008 Del Skrevet 13. januar 2008 (endret) http://itpro.no/art/12038.html kan ikke gjør mer enn det itpro bommer nok dessverre litt med den der. De henviser til noe som florerte for noen mnd siden. Disse MSN-variantene likner dog på hverandre og bruker mye av de samme elementene. I denne sammenhengen er det helt andre filer som kjører. Kort oppsummering: I de fleste tilfellene har det vært filene <b>ntmngr.exe</b> og <b>lssas.exe</b>, som har skapt problemer. Dette er forholdsvis ny sak - Sophos registrerte ntmngr.exe-fila den 12.jan, om jeg huser riktig. F-secure har nylig oppdatert slik at de kan ta lssas.exe Filer som kan være virksomme er: C:\WINDOWS\ntmngr.exe C:\WINDOWS\lssas.exe C:\445930.exe C:\WINDOWS\images.zip En HJT-logg kan vise følgende linje (registeroppføring): O4 - HKLM\..\Run: [MSN] lssas.exe mvh n Endret 13. januar 2008 av norbat Lenke til kommentar
StormEagle Skrevet 14. januar 2008 Del Skrevet 14. januar 2008 (endret) har kjørt combofix og msnfix nå. her er rapportene: WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\screensavers.com C:\Program Files\screensavers.com\SSSInst\bin\SSSUninst.exe C:\Program Files\screensavers.com\Wallpaper\Fantasy Christmas.jpg C:\Program Files\screensavers.com\Wallpaper\swpstart.exe C:\WINDOWS\images.zip C:\WINDOWS\system32\Cfx32.lic C:\WINDOWS\system32\cfx32.ocx D:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2007-12-13 to 2008-01-13 ))))))))))))))))))))))))))))))) . 2008-01-13 18:46 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-13 18:45 . 2008-01-13 18:45 <DIR> d-------- C:\Program Files\MSNFix[1] 2008-01-12 18:17 . 2008-01-12 18:17 45,568 -r-hs---- C:\WINDOWS\lssas.exe 2008-01-12 00:37 . 2008-01-12 00:37 <DIR> d-------- C:\Program Files\USB-grafisk-demo 2008-01-12 00:35 . 2008-01-12 00:35 286,720 --------- C:\WINDOWS\Setup1.exe 2008-01-12 00:35 . 2008-01-12 00:35 73,216 --a------ C:\WINDOWS\ST6UNST.EXE 2008-01-12 00:15 . 2008-01-12 00:15 <DIR> d-------- C:\Program Files\Velleman 2008-01-12 00:15 . 2003-06-29 20:10 345,600 --a------ C:\WINDOWS\system32\K8055D.dll 2008-01-12 00:14 . 1996-07-18 13:06 297,472 --a------ C:\WINDOWS\uninst.exe 2008-01-02 21:58 . 2008-01-02 21:58 <DIR> d-------- C:\Program Files\QuickTime 2008-01-02 21:57 . 2008-01-02 21:57 <DIR> d-------- C:\Program Files\Apple Software Update 2008-01-02 21:57 . 2008-01-02 21:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple 2007-12-25 18:30 . 2007-12-25 18:30 268 --ah----- C:\sqmdata11.sqm 2007-12-25 18:30 . 2007-12-25 18:30 244 --ah----- C:\sqmnoopt11.sqm 2007-12-24 21:03 . 2007-12-24 21:03 268 --ah----- C:\sqmdata10.sqm 2007-12-24 21:03 . 2007-12-24 21:03 244 --ah----- C:\sqmnoopt10.sqm 2007-12-23 18:33 . 2007-12-23 18:33 268 --ah----- C:\sqmdata09.sqm 2007-12-23 18:33 . 2007-12-23 18:33 244 --ah----- C:\sqmnoopt09.sqm 2007-12-22 22:06 . 2007-12-22 22:06 268 --ah----- C:\sqmdata08.sqm 2007-12-22 22:06 . 2007-12-22 22:06 244 --ah----- C:\sqmnoopt08.sqm 2007-12-22 20:51 . 2007-12-22 20:51 268 --ah----- C:\sqmdata07.sqm 2007-12-22 20:51 . 2007-12-22 20:51 244 --ah----- C:\sqmnoopt07.sqm 2007-12-22 17:01 . 2007-12-22 17:01 268 --ah----- C:\sqmdata06.sqm 2007-12-22 17:01 . 2007-12-22 17:01 244 --ah----- C:\sqmnoopt06.sqm 2007-12-17 14:44 . 2007-12-17 14:44 <DIR> d-------- C:\Documents and Settings\Joakim Rygg Flesvik\Programdata\DassaultSystemes 2007-12-17 14:44 . 2007-12-17 14:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DassaultSystemes 2007-12-17 14:43 . 2007-12-17 14:43 <DIR> d-------- C:\Program Files\Dassault Systemes . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-13 15:03 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF 2008-01-13 15:03 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL 2008-01-13 15:03 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2008-01-13 15:03 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2008-01-13 15:03 --------- d-----w C:\Program Files\Symantec 2008-01-13 15:03 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-01-02 21:17 --------- d-----w C:\Documents and Settings\Joakim Rygg Flesvik\Programdata\uTorrent 2008-01-02 20:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2007-12-10 12:18 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-11-29 22:16 --------- d-----w C:\Program Files\HyperLobbyPro3 2007-11-18 19:41 --------- d-----w C:\Program Files\KiteFlight 2007-11-15 16:01 --------- d-----w C:\Program Files\Norton Security Scan 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-11-07 09:26 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll 2007-10-30 23:42 3,590,656 ------w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-10-30 17:20 360,064 ------w C:\WINDOWS\system32\dllcache\tcpip.sys 2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll 2007-10-27 16:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-27 16:40 222,720 ------w C:\WINDOWS\system32\dllcache\wmasf.dll 2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll 2007-09-05 10:38 413,696 ----a-w C:\Program Files\Downloader_for_Visual_C++_2005_Express_Edition.exe 2007-05-19 23:51 52,440 ----a-w C:\Documents and Settings\Joakim Rygg Flesvik\Programdata\GDIPFONTCACHEV1.DAT 2007-04-28 03:19 9,193,176 ----a-w C:\Program Files\Mach3VersionR1.84.002.exe 2007-02-12 20:28 273,312,423 ----a-w C:\Program Files\myp_maya701ple_en_win.exe 2007-01-31 13:10 9,340,443 ----a-w C:\Program Files\win2k_xp142550.exe 2007-01-24 12:43 33,318,216 ----a-w C:\Program Files\GoogleSketchUpWEN.exe 2007-01-16 14:36 25,745,992 ----a-w C:\Program Files\wmp11-windowsxp-x86-NB-NO.exe 2007-01-03 19:11 15,001,752 ----a-w C:\Program Files\GoogleEarthWin.exe 2005-09-24 06:49 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll 2007-01-29 16:43 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-16 05:00 15360] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352] "EPSON Stylus COLOR 580"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_AICN03.exe" [2001-09-13 13:53 220672] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-15 10:46 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 20:56 64512] "hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 21:58 458752] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496] "MsmqIntCert"="regsvr32 /s mqrt.dll" [] "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 16:02 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 06:22 794713] "QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-07-19 14:14 102400] "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 22:11 49152] "QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 10:33 163840] "Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 09:50 40960] "RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 09:23 1187840] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-03-01 11:18 52840] "NAV CfgWiz"="C:\Program Files\Norton AntiVirus\CfgWiz.exe" [2006-02-01 23:10 120512] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-01-13 09:47 131072] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-01-13 09:47 163840] "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-01-13 09:46 135168] "Share-to-Web Namespace Daemon"="C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 09:42 69632] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22 517768] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2005-10-28 19:08 335872] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-16 05:00 15360] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-12-13 18:35:48] HP Photosmart Premier Hurtigstart.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 08:39:30] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "AllowLegacyWebView"= 1 (0x1) "AllowUnhashedWebView"= 1 (0x1) R2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-08-03 18:08] R2 mple7docserver;Maya 7 PLE Documentation Server;"C:\Program Files\Alias\Maya 7.0 Personal Learning Edition\docs\wrapper.exe" [2004-07-16 22:26] R3 Mach3;Mach3 Pulseing Service;C:\WINDOWS\system32\Drivers\Mach3.sys [2006-01-23 23:11] S4 viaagp;VIA AGP Bus Filter;C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-04 06:07] *Newly Created Service* - PROCEXP90 . . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-13 18:53:39 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????????L?@? ????\??????`?@?????L?@ scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-13 18:54:46 ComboFix-quarantined-files.txt 2008-01-13 17:54:35 . 2008-01-09 01:29:46 --- E O F --- 1995-12-22 09:16 432 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\cfx32.lic.vir 1996-06-10 13:24 307200 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\cfx32.ocx.vir 2004-03-12 20:35 142336 --a------ C:\Qoobox\Quarantine\C\Program Files\Screensavers.com\Wallpaper\swpstart.exe.vir 2004-04-30 05:01 53 --a------ C:\Qoobox\Quarantine\D\Autorun.inf.vir 2006-12-13 17:46 153974 --a------ C:\Qoobox\Quarantine\C\Program Files\Screensavers.com\Wallpaper\Fantasy Christmas.jpg.vir 2006-12-13 17:46 32566 --a------ C:\Qoobox\Quarantine\C\Program Files\Screensavers.com\SSSInst\bin\SSSUninst.exe.vir 2008-01-12 18:17 45690 --a------ C:\Qoobox\Quarantine\C\WINDOWS\images.zip.vir MSNFix 1.626 C:\Program Files\MSNFix[1]\MSNFix Scan done at 13.01.2008 - 19:00:43,75 By normal mode ************************ Checking Files No files found ************************ Checking Folders ... C:\Temp\ ************************ Deleting malware Files ************************ Deleting malware Folders .. OK ... C:\Temp\ ************************ Registry Cleaning ************************ Suspect Files /!\ The detected files must be reviewed by a forum Helper before changes can be made [C:\PROGRA~1\Downloader_for_Visual_C++_2005_Express_Edition.exe] 0549DDB26526C9B0CD6F1FEAC4736FA1 [C:\PROGRA~1\GoogleEarthWin.exe] 990983B96C98187C9107D042DA61D2D5 [C:\PROGRA~1\GoogleSketchUpWEN.exe] 5474EF5DC2844B2945911AB1354FDE65 [C:\PROGRA~1\Mach3VersionR1.84.002.exe] C082E78B794B500C1F457FE02D277DCA [C:\PROGRA~1\myp_maya701ple_en_win.exe] 00F788E498AA96D2242ECFE3AF2035F6 [C:\PROGRA~1\win2k_xp142550.exe] C8459929F2252B96F4F3E034F17C766B [C:\PROGRA~1\wmp11-windowsxp-x86-NB-NO.exe] 61DB050369E0923E1811B5262565B76E ==> Please upload the file C:\DOCUME~1\JOAKIM~1\SKRIVE~1\Upload_Me.zip to http://upload.changelog.fr The File and Registry deletions have been saved in 13.01.2008_19104084.zip ------------------------------------------------------------------------ Author : !aur3n7 Contact: http://changelog.fr ------------------------------------------------------------------------ --------------------------------------------- END --------------------------------------------- Kan du se på disse loggene norbat? Har problemet mitt blitt fikset? Jeg ser fila lssas.exe under windows på den første loggen. Har den gjordt noe med denne? Endret 14. januar 2008 av flesvik Lenke til kommentar
mariustu Skrevet 14. januar 2008 Del Skrevet 14. januar 2008 http://itpro.no/art/12038.html kan ikke gjør mer enn det itpro bommer nok dessverre litt med den der. De henviser til noe som florerte for noen mnd siden. Disse MSN-variantene likner dog på hverandre og bruker mye av de samme elementene. I denne sammenhengen er det helt andre filer som kjører. Kort oppsummering: I de fleste tilfellene har det vært filene <b>ntmngr.exe</b> og <b>lssas.exe</b>, som har skapt problemer. Dette er forholdsvis ny sak - Sophos registrerte ntmngr.exe-fila den 12.jan, om jeg huser riktig. F-secure har nylig oppdatert slik at de kan ta lssas.exe Filer som kan være virksomme er: C:\WINDOWS\ntmngr.exe C:\WINDOWS\lssas.exe C:\445930.exe C:\WINDOWS\images.zip En HJT-logg kan vise følgende linje (registeroppføring): O4 - HKLM\..\Run: [MSN] lssas.exe mvh n Hei norbat, Som resten har jeg samme problemet. Har vedlagt log fila her, kan du se om alt er i orden? log.txt Lenke til kommentar
norbat Skrevet 14. januar 2008 Del Skrevet 14. januar 2008 (endret) har kjørt combofix og msnfix nå. her er rapportene: WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\screensavers.com C:\Program Files\screensavers.com\SSSInst\bin\SSSUninst.exe C:\Program Files\screensavers.com\Wallpaper\Fantasy Christmas.jpg C:\Program Files\screensavers.com\Wallpaper\swpstart.exe C:\WINDOWS\images.zip C:\WINDOWS\system32\Cfx32.lic C:\WINDOWS\system32\cfx32.ocx D:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2007-12-13 to 2008-01-13 ))))))))))))))))))))))))))))))) . 2008-01-13 18:46 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-13 18:45 . 2008-01-13 18:45 <DIR> d-------- C:\Program Files\MSNFix[1] 2008-01-12 18:17 . 2008-01-12 18:17 45,568 -r-hs---- C:\WINDOWS\lssas.exe 2008-01-12 00:37 . 2008-01-12 00:37 <DIR> d-------- C:\Program Files\USB-grafisk-demo 2008-01-12 00:35 . 2008-01-12 00:35 286,720 --------- C:\WINDOWS\Setup1.exe 2008-01-12 00:35 . 2008-01-12 00:35 73,216 --a------ C:\WINDOWS\ST6UNST.EXE 2008-01-12 00:15 . 2008-01-12 00:15 <DIR> d-------- C:\Program Files\Velleman 2008-01-12 00:15 . 2003-06-29 20:10 345,600 --a------ C:\WINDOWS\system32\K8055D.dll 2008-01-12 00:14 . 1996-07-18 13:06 297,472 --a------ C:\WINDOWS\uninst.exe 2008-01-02 21:58 . 2008-01-02 21:58 <DIR> d-------- C:\Program Files\QuickTime 2008-01-02 21:57 . 2008-01-02 21:57 <DIR> d-------- C:\Program Files\Apple Software Update 2008-01-02 21:57 . 2008-01-02 21:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple 2007-12-25 18:30 . 2007-12-25 18:30 268 --ah----- C:\sqmdata11.sqm 2007-12-25 18:30 . 2007-12-25 18:30 244 --ah----- C:\sqmnoopt11.sqm 2007-12-24 21:03 . 2007-12-24 21:03 268 --ah----- C:\sqmdata10.sqm 2007-12-24 21:03 . 2007-12-24 21:03 244 --ah----- C:\sqmnoopt10.sqm 2007-12-23 18:33 . 2007-12-23 18:33 268 --ah----- C:\sqmdata09.sqm 2007-12-23 18:33 . 2007-12-23 18:33 244 --ah----- C:\sqmnoopt09.sqm 2007-12-22 22:06 . 2007-12-22 22:06 268 --ah----- C:\sqmdata08.sqm 2007-12-22 22:06 . 2007-12-22 22:06 244 --ah----- C:\sqmnoopt08.sqm 2007-12-22 20:51 . 2007-12-22 20:51 268 --ah----- C:\sqmdata07.sqm 2007-12-22 20:51 . 2007-12-22 20:51 244 --ah----- C:\sqmnoopt07.sqm 2007-12-22 17:01 . 2007-12-22 17:01 268 --ah----- C:\sqmdata06.sqm 2007-12-22 17:01 . 2007-12-22 17:01 244 --ah----- C:\sqmnoopt06.sqm 2007-12-17 14:44 . 2007-12-17 14:44 <DIR> d-------- C:\Documents and Settings\Joakim Rygg Flesvik\Programdata\DassaultSystemes 2007-12-17 14:44 . 2007-12-17 14:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DassaultSystemes 2007-12-17 14:43 . 2007-12-17 14:43 <DIR> d-------- C:\Program Files\Dassault Systemes . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-13 15:03 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF 2008-01-13 15:03 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL 2008-01-13 15:03 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2008-01-13 15:03 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2008-01-13 15:03 --------- d-----w C:\Program Files\Symantec 2008-01-13 15:03 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-01-02 21:17 --------- d-----w C:\Documents and Settings\Joakim Rygg Flesvik\Programdata\uTorrent 2008-01-02 20:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2007-12-10 12:18 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-11-29 22:16 --------- d-----w C:\Program Files\HyperLobbyPro3 2007-11-18 19:41 --------- d-----w C:\Program Files\KiteFlight 2007-11-15 16:01 --------- d-----w C:\Program Files\Norton Security Scan 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-11-07 09:26 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll 2007-10-30 23:42 3,590,656 ------w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-10-30 17:20 360,064 ------w C:\WINDOWS\system32\dllcache\tcpip.sys 2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll 2007-10-27 16:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-27 16:40 222,720 ------w C:\WINDOWS\system32\dllcache\wmasf.dll 2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll 2007-09-05 10:38 413,696 ----a-w C:\Program Files\Downloader_for_Visual_C++_2005_Express_Edition.exe 2007-05-19 23:51 52,440 ----a-w C:\Documents and Settings\Joakim Rygg Flesvik\Programdata\GDIPFONTCACHEV1.DAT 2007-04-28 03:19 9,193,176 ----a-w C:\Program Files\Mach3VersionR1.84.002.exe 2007-02-12 20:28 273,312,423 ----a-w C:\Program Files\myp_maya701ple_en_win.exe 2007-01-31 13:10 9,340,443 ----a-w C:\Program Files\win2k_xp142550.exe 2007-01-24 12:43 33,318,216 ----a-w C:\Program Files\GoogleSketchUpWEN.exe 2007-01-16 14:36 25,745,992 ----a-w C:\Program Files\wmp11-windowsxp-x86-NB-NO.exe 2007-01-03 19:11 15,001,752 ----a-w C:\Program Files\GoogleEarthWin.exe 2005-09-24 06:49 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll 2007-01-29 16:43 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-16 05:00 15360] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352] "EPSON Stylus COLOR 580"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_AICN03.exe" [2001-09-13 13:53 220672] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-15 10:46 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 20:56 64512] "hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 21:58 458752] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496] "MsmqIntCert"="regsvr32 /s mqrt.dll" [] "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 16:02 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 06:22 794713] "QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-07-19 14:14 102400] "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 22:11 49152] "QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 10:33 163840] "Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 09:50 40960] "RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 09:23 1187840] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-03-01 11:18 52840] "NAV CfgWiz"="C:\Program Files\Norton AntiVirus\CfgWiz.exe" [2006-02-01 23:10 120512] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-01-13 09:47 131072] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-01-13 09:47 163840] "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-01-13 09:46 135168] "Share-to-Web Namespace Daemon"="C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 09:42 69632] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22 517768] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2005-10-28 19:08 335872] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-16 05:00 15360] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-12-13 18:35:48] HP Photosmart Premier Hurtigstart.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 08:39:30] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "AllowLegacyWebView"= 1 (0x1) "AllowUnhashedWebView"= 1 (0x1) R2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-08-03 18:08] R2 mple7docserver;Maya 7 PLE Documentation Server;"C:\Program Files\Alias\Maya 7.0 Personal Learning Edition\docs\wrapper.exe" [2004-07-16 22:26] R3 Mach3;Mach3 Pulseing Service;C:\WINDOWS\system32\Drivers\Mach3.sys [2006-01-23 23:11] S4 viaagp;VIA AGP Bus Filter;C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-04 06:07] *Newly Created Service* - PROCEXP90 . . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, <a href="http://www.gmer.net" target="_blank">http://www.gmer.net</a> Rootkit scan 2008-01-13 18:53:39 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????????L?@? ????\??????`?@?????L?@ scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-13 18:54:46 ComboFix-quarantined-files.txt 2008-01-13 17:54:35 . 2008-01-09 01:29:46 --- E O F --- 1995-12-22 09:16 432 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\cfx32.lic.vir 1996-06-10 13:24 307200 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\cfx32.ocx.vir 2004-03-12 20:35 142336 --a------ C:\Qoobox\Quarantine\C\Program Files\Screensavers.com\Wallpaper\swpstart.exe.vir 2004-04-30 05:01 53 --a------ C:\Qoobox\Quarantine\D\Autorun.inf.vir 2006-12-13 17:46 153974 --a------ C:\Qoobox\Quarantine\C\Program Files\Screensavers.com\Wallpaper\Fantasy Christmas.jpg.vir 2006-12-13 17:46 32566 --a------ C:\Qoobox\Quarantine\C\Program Files\Screensavers.com\SSSInst\bin\SSSUninst.exe.vir 2008-01-12 18:17 45690 --a------ C:\Qoobox\Quarantine\C\WINDOWS\images.zip.vir MSNFix 1.626 C:\Program Files\MSNFix[1]\MSNFix Scan done at 13.01.2008 - 19:00:43,75 By normal mode ************************ Checking Files No files found ************************ Checking Folders ... C:\Temp\ ************************ Deleting malware Files ************************ Deleting malware Folders .. OK ... C:\Temp\ ************************ Registry Cleaning ************************ Suspect Files /!\ The detected files must be reviewed by a forum Helper before changes can be made [C:\PROGRA~1\Downloader_for_Visual_C++_2005_Express_Edition.exe] 0549DDB26526C9B0CD6F1FEAC4736FA1 [C:\PROGRA~1\GoogleEarthWin.exe] 990983B96C98187C9107D042DA61D2D5 [C:\PROGRA~1\GoogleSketchUpWEN.exe] 5474EF5DC2844B2945911AB1354FDE65 [C:\PROGRA~1\Mach3VersionR1.84.002.exe] C082E78B794B500C1F457FE02D277DCA [C:\PROGRA~1\myp_maya701ple_en_win.exe] 00F788E498AA96D2242ECFE3AF2035F6 [C:\PROGRA~1\win2k_xp142550.exe] C8459929F2252B96F4F3E034F17C766B [C:\PROGRA~1\wmp11-windowsxp-x86-NB-NO.exe] 61DB050369E0923E1811B5262565B76E ==> Please upload the file C:\DOCUME~1\JOAKIM~1\SKRIVE~1\Upload_Me.zip to <a href="http://upload.changelog.fr" target="_blank">http://upload.changelog.fr</a> The File and Registry deletions have been saved in 13.01.2008_19104084.zip ------------------------------------------------------------------------ Author : !aur3n7 Contact: <a href="http://changelog.fr" target="_blank">http://changelog.fr</a> ------------------------------------------------------------------------ --------------------------------------------- END --------------------------------------------- Kan du se på disse loggene norbat? Har problemet mitt blitt fikset? Jeg ser fila lssas.exe under windows på den første loggen. Har den gjordt noe med denne? C:\WINDOWS\lssas.exe sletter du. Bruk utforsker. <a href="http://itpro.no/art/12038.html" target="_blank">http://itpro.no/art/12038.html</a> kan ikke gjør mer enn det itpro bommer nok dessverre litt med den der. De henviser til noe som florerte for noen mnd siden. Disse MSN-variantene likner dog på hverandre og bruker mye av de samme elementene. I denne sammenhengen er det helt andre filer som kjører. Kort oppsummering: I de fleste tilfellene har det vært filene <b>ntmngr.exe</b> og <b>lssas.exe</b>, som har skapt problemer. Dette er forholdsvis ny sak - Sophos registrerte ntmngr.exe-fila den 12.jan, om jeg huser riktig. F-secure har nylig oppdatert slik at de kan ta lssas.exe Filer som kan være virksomme er: C:\WINDOWS\ntmngr.exe C:\WINDOWS\lssas.exe C:\445930.exe C:\WINDOWS\images.zip En HJT-logg kan vise følgende linje (registeroppføring): O4 - HKLM\..\Run: [MSN] lssas.exe mvh n Hei norbat, Som resten har jeg samme problemet. Har vedlagt log fila her, kan du se om alt er i orden? Bruk utforsker til å finne og slette: C:\WINDOWS\ntmngr.exe Mulig du må slå på "Vis skjulte filer og mapper" (kontrollpanel->mappealt.->vis) for å se filen. Endret 14. januar 2008 av norbat Lenke til kommentar
tauromachine Skrevet 14. januar 2008 Del Skrevet 14. januar 2008 tauromachine:Og hvor skulle disse filene ligge? Snakker vi om noen form for Tracking Cookies? Ja. Tracking cookies i Opera Lenke til kommentar
mona14 Skrevet 14. januar 2008 Del Skrevet 14. januar 2008 (endret) Combofix logg; ComboFix 08-01-14.4 - monapona 2008-01-14 20:10:20.4 - NTFSx86 Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1044.18.145 [GMT 1:00] Running from: C:\Users\monapona\Desktop\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-12-14 to 2008-01-14 ))))))))))))))))))))))))))))))) . 2008-01-14 20:03 . 2000-08-31 08:00 51,200 --a------ C:\Windows\NirCmd.exe 2008-01-14 18:58 . 2008-01-14 18:58 <DIR> dr------- C:\Windows\System32\config\systemprofile\Music 2008-01-13 20:52 . 2008-01-13 20:52 <DIR> d--hs---- C:\found.000 2008-01-12 13:00 . 2008-01-12 13:00 <DIR> d-------- C:\Users\All Users\OrbNetworks 2008-01-12 13:00 . 2008-01-12 13:00 <DIR> d-------- C:\ProgramData\OrbNetworks 2008-01-12 13:00 . 2008-01-12 13:00 <DIR> d-------- C:\Program Files\Winamp Remote 2008-01-12 12:58 . 2008-01-12 13:01 <DIR> d-------- C:\Users\monapona\AppData\Roaming\Winamp 2008-01-12 12:58 . 2008-01-14 19:59 <DIR> d-------- C:\Program Files\Winamp 2008-01-11 11:36 . 2008-01-13 21:30 <DIR> d-------- C:\Users\monapona\AppData\Roaming\FrostWire 2008-01-11 11:36 . 2008-01-11 11:36 <DIR> d-------- C:\Program Files\FrostWire 2008-01-11 11:36 . 2008-01-11 11:36 <DIR> d-------- C:\Program Files\AskSBar 2008-01-11 03:05 . 2008-01-11 03:05 802,816 --a------ C:\Windows\System32\drivers\tcpip.sys 2008-01-11 03:05 . 2008-01-11 03:05 216,760 --a------ C:\Windows\System32\drivers\netio.sys 2008-01-11 03:05 . 2008-01-11 03:05 167,424 --a------ C:\Windows\System32\tcpipcfg.dll 2008-01-11 03:05 . 2008-01-11 03:05 24,064 --a------ C:\Windows\System32\netcfg.exe 2008-01-11 03:05 . 2008-01-11 03:05 22,016 --a------ C:\Windows\System32\netiougc.exe 2008-01-11 03:02 . 2008-01-11 03:02 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll 2008-01-11 03:02 . 2008-01-11 03:02 1,686,016 --a------ C:\Windows\System32\gameux.dll 2008-01-11 03:02 . 2008-01-11 03:02 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys 2008-01-11 03:02 . 2008-01-11 03:02 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys 2008-01-11 03:02 . 2008-01-11 03:02 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys 2008-01-11 03:02 . 2008-01-11 03:02 109,624 --a------ C:\Windows\System32\drivers\ataport.sys 2008-01-11 03:02 . 2008-01-11 03:02 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys 2008-01-11 03:02 . 2008-01-11 03:02 21,560 --a------ C:\Windows\System32\drivers\atapi.sys 2008-01-11 03:02 . 2008-01-11 03:02 15,928 --a------ C:\Windows\System32\drivers\pciide.sys 2008-01-11 03:01 . 2008-01-11 03:01 11,776 --a------ C:\Windows\System32\sbunattend.exe 2007-12-27 23:17 . 2007-12-27 23:17 <DIR> d-------- C:\Users\monapona\AppData\Roaming\SUPERAntiSpyware.com 2007-12-27 23:17 . 2007-12-27 23:17 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com 2007-12-27 23:17 . 2007-12-27 23:17 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com 2007-12-27 23:17 . 2007-12-27 23:20 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2007-12-27 23:17 . 2007-12-27 23:17 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-12-16 03:05 . 2007-12-16 03:05 1,327,104 --a------ C:\Windows\System32\quartz.dll 2007-12-16 03:05 . 2007-12-16 03:05 223,232 --a------ C:\Windows\System32\WMASF.DLL 2007-12-16 03:05 . 2007-12-16 03:05 9,728 --a------ C:\Windows\System32\LAPRXY.DLL 2007-12-16 03:05 . 2007-12-16 03:05 2,048 --a------ C:\Windows\System32\asferror.dll 2007-12-16 03:03 . 2007-12-16 03:03 1,830,912 --a------ C:\Windows\System32\inetcpl.cpl 2007-12-16 03:01 . 2007-12-16 03:01 3,504,824 --a------ C:\Windows\System32\ntkrnlpa.exe 2007-12-16 03:01 . 2007-12-16 03:01 3,470,520 --a------ C:\Windows\System32\ntoskrnl.exe 2007-12-16 03:01 . 2007-12-16 03:01 2,048 --a------ C:\Windows\System32\tzres.dll 2007-12-15 20:06 . 2007-12-15 20:06 <DIR> d-------- C:\Program Files\Trend Micro 2007-12-15 19:08 . 2007-12-15 19:08 244 --ah----- C:\sqmnoopt00.sqm 2007-12-15 19:08 . 2007-12-15 19:08 232 --ah----- C:\sqmdata00.sqm . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-13 19:56 --------- d-----w C:\Users\monapona\AppData\Roaming\OpenOffice.org2 2008-01-11 10:16 --------- d-----w C:\Program Files\LimeWire 2008-01-11 09:34 --------- d-----w C:\Users\monapona\AppData\Roaming\LimeWire 2008-01-11 02:11 --------- d-----w C:\Program Files\Windows Sidebar 2008-01-11 02:11 --------- d-----w C:\Program Files\Windows Mail 2008-01-11 02:03 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-01-11 02:02 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-01-11 02:02 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-01-11 02:02 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2007-12-16 02:06 --------- d-----w C:\ProgramData\Microsoft Help 2007-12-16 02:04 824,832 ----a-w C:\Windows\System32\wininet.dll 2007-12-16 02:04 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2007-12-16 02:03 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys 2007-12-16 02:03 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys 2007-12-16 02:03 56,320 ----a-w C:\Windows\System32\iesetup.dll 2007-12-16 02:03 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2007-12-16 02:03 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys 2007-12-16 02:03 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys 2007-12-10 09:55 --------- d-----w C:\ProgramData\WLInstaller 2007-12-03 21:28 --------- d-----w C:\ProgramData\WEBREG 2007-12-03 21:28 --------- d-----w C:\ProgramData\HP 2007-12-03 21:20 --------- d-----w C:\Users\monapona\AppData\Roaming\HPAppData 2007-12-03 21:20 --------- d-----w C:\ProgramData\HPSSUPPLY 2007-12-03 21:20 --------- d-----w C:\Program Files\Hp 2007-12-03 21:20 --------- d-----w C:\Program Files\Hewlett-Packard 2007-12-03 21:17 --------- d-----w C:\ProgramData\HP Product Assistant 2007-12-03 21:16 --------- d-----w C:\Program Files\Common Files\HP 2007-12-03 21:15 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard 2007-12-03 21:08 --------- d-----w C:\ProgramData\Hewlett-Packard 2007-11-30 17:52 --------- d-----w C:\Program Files\BearShare Applications 2007-11-30 15:41 --------- d-----w C:\Program Files\Windows Live 2007-11-30 15:39 --------- d-----w C:\Program Files\Windows Live Toolbar 2007-11-30 15:32 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2007-11-30 11:53 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr 2007-11-30 11:52 28,344 ----a-w C:\Windows\system32\drivers\battc.sys 2007-11-30 11:52 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys 2007-11-30 11:52 24,064 ----a-w C:\Windows\System32\wtsapi32.dll 2007-11-30 11:52 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys 2007-11-30 11:52 2,923,520 ----a-w C:\Windows\explorer.exe 2007-11-30 11:52 2,027,008 ----a-w C:\Windows\System32\win32k.sys 2007-11-30 11:52 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys 2007-11-30 11:52 11,264 ----a-w C:\Windows\system32\drivers\wmiacpi.sys 2007-11-30 11:34 --------- d-----w C:\Program Files\Microsoft SQL Server 2007-11-30 11:32 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2 2007-11-30 07:33 542,720 ----a-w C:\Windows\System32\sysmain.dll 2007-11-30 07:32 67,584 ----a-w C:\Windows\System32\wlanhlp.dll 2007-11-30 07:32 502,784 ----a-w C:\Windows\System32\wlansvc.dll 2007-11-30 07:32 47,104 ----a-w C:\Windows\System32\wlanapi.dll 2007-11-30 07:32 297,984 ----a-w C:\Windows\System32\wlansec.dll 2007-11-30 07:32 290,816 ----a-w C:\Windows\System32\wlanmsm.dll 2007-11-29 13:19 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL 2007-11-29 13:19 7,680 ----a-w C:\Windows\System32\spwmp.dll 2007-11-29 13:19 4,096 ----a-w C:\Windows\System32\dxmasf.dll 2007-11-29 13:18 8,704 ----a-w C:\Windows\System32\hcrstco.dll 2007-11-29 13:18 8,704 ----a-w C:\Windows\System32\hccoin.dll 2007-11-29 13:18 73,216 ----a-w C:\Windows\system32\drivers\usbccgp.sys 2007-11-29 13:18 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys 2007-11-29 13:18 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys 2007-11-29 13:18 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll 2007-11-29 13:18 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys 2007-11-29 13:18 193,536 ----a-w C:\Windows\system32\drivers\usbhub.sys 2007-11-29 13:18 19,456 ----a-w C:\Windows\system32\drivers\usbohci.sys 2007-11-29 13:15 84,480 ----a-w C:\Windows\System32\INETRES.dll 2007-11-29 13:15 788,992 ----a-w C:\Windows\System32\rpcrt4.dll 2007-11-29 13:15 737,792 ----a-w C:\Windows\System32\inetcomm.dll 2007-11-29 10:23 --------- d-----w C:\Users\monapona\AppData\Roaming\ATI 2007-11-29 10:17 --------- d-----w C:\Users\monapona\AppData\Roaming\Hewlett-Packard 2007-10-18 10:31 51,224 ----a-w C:\Windows\System32\sirenacm.dll 2007-09-11 01:25 174 --sha-w C:\Program Files\desktop.ini . ((((((((((((((((((((((((((((( snapshot@2007-12-28_14.33.53.56 ))))))))))))))))))))))))))))))))))))))))) . - 2007-12-28 10:32:58 67,584 --s-a-w C:\Windows\bootstat.dat + 2008-01-14 17:41:44 67,584 --s-a-w C:\Windows\bootstat.dat + 2000-08-31 07:00:00 163,328 ----a-w C:\Windows\erdnt\Hiv-backup\ERDNT.EXE + 2008-01-14 19:06:58 204,800 ----a-w C:\Windows\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT + 2008-01-14 19:06:58 204,800 ----a-w C:\Windows\erdnt\Hiv-backup\Users\00000002\NTUSER.DAT + 2008-01-14 19:06:58 1,540,096 ----a-w C:\Windows\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT + 2008-01-14 19:06:59 729,088 ----a-w C:\Windows\erdnt\Hiv-backup\Users\00000004\UsrClass.dat - 2007-11-30 11:56:54 665,600 ----a-w C:\Windows\inf\drvindex.dat + 2008-01-11 02:11:02 665,600 ----a-w C:\Windows\inf\drvindex.dat - 2007-12-03 21:13:35 51,200 ----a-w C:\Windows\inf\infpub.dat + 2008-01-11 02:11:10 51,200 ----a-w C:\Windows\inf\infpub.dat - 2007-12-03 21:13:19 86,016 ----a-w C:\Windows\inf\infstor.dat + 2008-01-11 02:11:01 86,016 ----a-w C:\Windows\inf\infstor.dat - 2007-12-03 21:13:35 86,016 ----a-w C:\Windows\inf\infstrng.dat + 2008-01-11 02:11:01 86,016 ----a-w C:\Windows\inf\infstrng.dat - 2007-12-28 12:33:05 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat + 2008-01-14 18:42:18 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat - 2007-12-27 23:45:29 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-01-13 19:54:52 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-01-13 19:54:52 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 - 2007-12-28 10:57:03 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat + 2008-01-13 20:34:30 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat - 2007-12-27 23:45:55 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-01-13 19:54:47 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-01-13 19:54:47 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 - 2007-07-14 03:20:21 13,403 ----a-w C:\Windows\System32\config\systemprofile\AppData\Local\ATI\ACE\Manifest.Bin + 2008-01-11 07:23:45 13,403 ----a-w C:\Windows\System32\config\systemprofile\AppData\Local\ATI\ACE\Manifest.Bin - 2007-12-28 13:27:36 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-01-14 18:32:23 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2007-12-28 13:27:36 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-01-14 18:32:23 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2007-12-28 13:27:36 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-01-14 18:32:23 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2007-12-28 13:29:04 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat + 2008-01-14 19:10:13 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat + 2008-01-14 19:10:13 262,144 ---ha-w C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1 - 2006-07-24 01:00:00 36,528 ----a-w C:\Windows\System32\drivers\pxhelp20.sys + 2007-03-07 23:51:00 43,528 ------w C:\Windows\System32\drivers\pxhelp20.sys + 2008-01-11 02:02:33 17,464 ----a-w C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_ecc53ff9\aliide.sys + 2008-01-11 02:02:33 17,976 ----a-w C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_ecc53ff9\amdide.sys + 2008-01-11 02:02:33 21,560 ----a-w C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_ecc53ff9\atapi.sys + 2008-01-11 02:02:33 109,624 ----a-w C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_ecc53ff9\ataport.sys + 2008-01-11 02:02:33 19,000 ----a-w C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_ecc53ff9\cmdide.sys + 2008-01-11 02:02:33 17,464 ----a-w C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_ecc53ff9\intelide.sys + 2008-01-11 02:02:33 25,656 ----a-w C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_ecc53ff9\msahci.sys + 2008-01-11 02:02:33 15,928 ----a-w C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_ecc53ff9\pciide.sys + 2008-01-11 02:02:33 45,112 ----a-w C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_ecc53ff9\pciidex.sys + 2008-01-11 02:02:33 20,024 ----a-w C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_ecc53ff9\viaide.sys + 2008-01-11 02:02:32 211,000 ----a-w C:\Windows\System32\DriverStore\FileRepository\volume.inf_f47b2c78\volsnap.sys + 2007-08-07 12:37:56 53,248 ----a-w C:\Windows\System32\Macromed\Common\SwSupport.dll + 2007-08-07 16:20:44 182,248 ----a-w C:\Windows\System32\Macromed\Director\swdir.dll + 2007-08-07 16:21:02 55,272 ----a-w C:\Windows\System32\Macromed\Director\SwDnld.exe + 2007-11-21 00:52:38 2,884,992 ----a-w C:\Windows\System32\Macromed\Flash\NPSWF32.dll + 2007-11-21 00:52:40 218,496 ----a-w C:\Windows\System32\Macromed\Flash\NPSWF32_FlashUtil.exe + 2008-01-12 11:57:59 70,264 ----a-w C:\Windows\System32\Macromed\Flash\uninstall_plugin.exe + 2007-08-07 12:35:56 585,728 ----a-w C:\Windows\System32\Macromed\Shockwave 10\Control.dll + 2007-08-07 12:19:40 1,490,944 ----a-w C:\Windows\System32\Macromed\Shockwave 10\dirapi.dll + 2007-08-07 12:36:32 24,576 ----a-w C:\Windows\System32\Macromed\Shockwave 10\DynaPlayer.dll + 2007-08-07 15:52:32 1,113,600 ----a-w C:\Windows\System32\Macromed\Shockwave 10\gi.dll + 2007-08-07 12:08:48 52,288 ----a-w C:\Windows\System32\Macromed\Shockwave 10\gtapi.dll + 2007-08-07 12:17:24 606,208 ----a-w C:\Windows\System32\Macromed\Shockwave 10\iml32.dll + 2007-08-07 12:35:22 339,968 ----a-w C:\Windows\System32\Macromed\Shockwave 10\Plugin.dll + 2007-08-07 12:35:32 483,328 ----a-w C:\Windows\System32\Macromed\Shockwave 10\PluginPing.dll + 2007-08-07 12:28:38 180,224 ----a-w C:\Windows\System32\Macromed\Shockwave 10\Proj.dll + 2007-08-07 16:20:28 391,144 ----a-w C:\Windows\System32\Macromed\Shockwave 10\SwHelper_1020023.exe + 2007-08-07 12:37:56 77,824 ----a-w C:\Windows\System32\Macromed\Shockwave 10\SwInit.exe + 2007-08-07 12:35:18 86,016 ----a-w C:\Windows\System32\Macromed\Shockwave 10\SwMenu.dll + 2007-08-07 12:37:58 98,304 ----a-w C:\Windows\System32\Macromed\Shockwave 10\SwOnce.dll + 2007-08-07 12:08:46 50,808 ----a-w C:\Windows\System32\Macromed\Shockwave 10\SYMCCHECKER.DLL + 1999-06-25 09:55:30 149,504 ----a-w C:\Windows\System32\Macromed\Shockwave 10\UNWISE.EXE - 2006-11-02 09:46:11 49,152 ----a-w C:\Windows\System32\migration\netiomig.dll + 2008-01-11 02:05:06 49,152 ----a-w C:\Windows\System32\migration\netiomig.dll - 2007-12-02 23:00:05 18,684,536 ----a-w C:\Windows\System32\mrt.exe + 2008-01-02 18:21:36 17,642,616 ----a-w C:\Windows\System32\mrt.exe - 2006-09-21 12:28:26 523,000 ----a-w C:\Windows\System32\Px.dll + 2007-03-07 23:51:00 547,576 ------w C:\Windows\System32\Px.dll - 2006-09-21 12:28:26 129,784 ----a-w C:\Windows\System32\PxAFS.DLL + 2007-03-07 23:51:00 129,784 ------w C:\Windows\System32\PxAFS.DLL + 2007-03-07 23:51:00 64,760 ------w C:\Windows\System32\pxcpya64.exe - 2006-09-18 23:01:00 486,136 ----a-w C:\Windows\System32\pxdrv.dll + 2007-03-07 23:51:00 510,712 ------w C:\Windows\System32\pxdrv.dll + 2007-03-07 23:51:00 72,440 ------w C:\Windows\System32\pxhpinst.exe + 2007-03-07 23:51:00 64,760 ------w C:\Windows\System32\pxinsa64.exe - 2006-09-21 12:28:28 183,032 ----a-w C:\Windows\System32\PxMas.dll + 2007-03-07 23:51:00 187,128 ------w C:\Windows\System32\PxMas.dll - 2006-09-21 12:28:28 1,329,912 ----a-w C:\Windows\System32\PxSFS.DLL + 2007-03-07 23:51:00 1,628,920 ------w C:\Windows\System32\PxSFS.DLL - 2006-09-21 12:28:30 379,640 ----a-w C:\Windows\System32\PxWave.dll + 2007-03-07 23:51:00 379,640 ------w C:\Windows\System32\PxWave.dll - 2007-12-16 02:14:49 6,029,312 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT + 2008-01-11 02:14:27 6,029,312 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT - 2007-12-13 20:26:50 156,160 ----a-w C:\Windows\System32\swreg.exe + 2000-08-31 07:00:00 156,160 ----a-w C:\Windows\System32\swreg.exe - 2006-08-20 23:00:00 39,672 ----a-w C:\Windows\System32\VXBLOCK.dll + 2007-03-07 23:51:00 39,672 ------w C:\Windows\System32\VXBLOCK.dll - 2007-12-27 23:46:25 4,318 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2824029198-3598538209-984558974-1010_UserData.bin + 2008-01-13 19:55:38 5,796 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2824029198-3598538209-984558974-1010_UserData.bin - 2007-12-27 23:46:24 75,560 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2008-01-13 19:55:35 76,920 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2007-12-27 23:46:22 38,652 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2008-01-11 07:25:19 40,884 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin - 2007-12-28 10:33:02 253,856 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin + 2008-01-14 17:42:13 267,860 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin - 2007-12-12 09:59:55 66,054 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin + 2008-01-14 07:34:08 108,228 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin + 2008-01-11 02:03:00 2,143,744 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.16581_none_09e8791bf5640942\AcGenral.dll + 2008-01-11 02:02:59 2,144,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.20704_none_0acb980b0e3e12b0\AcGenral.dll + 2008-01-11 02:02:59 449,024 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.16581_none_09e97965f5632299\AcSpecfc.dll + 2008-01-11 02:02:59 450,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.20704_none_0acc98550e3d2c07\AcSpecfc.dll + 2008-01-11 02:02:58 537,600 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16581_none_09ea79aff5623bf0\AcLayers.dll + 2008-01-11 02:02:58 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16581_none_09ea79aff5623bf0\AcXtrnal.dll + 2008-01-11 02:02:58 537,600 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.20704_none_0acd989f0e3c455e\AcLayers.dll + 2008-01-11 02:02:58 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.20704_none_0acd989f0e3c455e\AcXtrnal.dll + 2008-01-11 02:02:51 1,686,016 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16581_none_3fc48f6cc4566c42\gameux.dll + 2008-01-11 02:02:55 4,247,552 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16581_none_3fc48f6cc4566c42\GameUXLegacyGDFs.dll + 2008-01-11 02:02:44 1,686,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.20704_none_40a7ae5bdd3075b0\gameux.dll + 2008-01-11 02:02:48 4,247,552 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.20704_none_40a7ae5bdd3075b0\GameUXLegacyGDFs.dll + 2008-01-11 02:02:31 154,624 ----a-w C:\Windows\winsxs\x86_microsoft-windows-native-80211_31bf3856ad364e35_6.0.6000.16588_none_4cd3eb749205a268\nwifi.sys + 2008-01-11 02:02:31 154,624 ----a-w C:\Windows\winsxs\x86_microsoft-windows-native-80211_31bf3856ad364e35_6.0.6000.20711_none_4da23793aaf0ca61\nwifi.sys + 2008-01-11 02:05:06 24,064 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netcfg_31bf3856ad364e35_6.0.6000.16615_none_0e42ce98545690c8\netcfg.exe + 2008-01-11 02:05:06 24,064 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netcfg_31bf3856ad364e35_6.0.6000.20739_none_0ebaccb36d80cdd0\netcfg.exe + 2008-01-11 02:05:06 216,760 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6000.16567_none_547b4ec7b851524e\netio.sys + 2008-01-11 02:05:06 217,272 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6000.20689_none_54f14c4ed17d5ca8\netio.sys + 2008-01-11 02:02:34 1,060,920 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6000.16586_none_a43a6b8d2000830d\ntfs.sys + 2008-01-11 02:02:33 1,061,432 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6000.20709_none_a51d8a7c38da8c7b\ntfs.sys + 2008-01-11 02:05:14 2,414,088 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16618_none_f09f0de26e54a8df\OESpamFilter.dat + 2008-01-11 02:05:14 2,414,088 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.20743_none_f1033977878f1dc9\OESpamFilter.dat + 2008-01-11 02:01:54 66,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-sidebar_31bf3856ad364e35_6.0.6000.16615_none_ccf09e9d29852489\sbdrop.dll + 2008-01-11 02:01:52 11,776 ----a-w C:\Windows\winsxs\x86_microsoft-windows-sidebar_31bf3856ad364e35_6.0.6000.16615_none_ccf09e9d29852489\sbunattend.exe + 2008-01-11 02:01:54 1,232,896 ----a-w C:\Windows\winsxs\x86_microsoft-windows-sidebar_31bf3856ad364e35_6.0.6000.16615_none_ccf09e9d29852489\sidebar.exe + 2008-01-11 02:01:52 66,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-sidebar_31bf3856ad364e35_6.0.6000.20740_none_cd54ca3242bf9973\sbdrop.dll + 2008-01-11 02:01:47 11,776 ----a-w C:\Windows\winsxs\x86_microsoft-windows-sidebar_31bf3856ad364e35_6.0.6000.20740_none_cd54ca3242bf9973\sbunattend.exe + 2008-01-11 02:01:50 1,232,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-sidebar_31bf3856ad364e35_6.0.6000.20740_none_cd54ca3242bf9973\sidebar.exe + 2008-01-11 02:05:06 49,152 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16567_none_5f6577ce925d75a7\netiomig.dll + 2008-01-11 02:05:06 22,016 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16567_none_5f6577ce925d75a7\netiougc.exe + 2008-01-11 02:05:06 802,816 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16567_none_5f6577ce925d75a7\tcpip.sys + 2008-01-11 02:05:06 167,424 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16567_none_5f6577ce925d75a7\tcpipcfg.dll + 2008-01-11 02:05:05 49,152 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20689_none_5fdb7555ab898001\netiomig.dll + 2008-01-11 02:05:05 22,016 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20689_none_5fdb7555ab898001\netiougc.exe + 2008-01-11 02:05:05 804,352 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20689_none_5fdb7555ab898001\tcpip.sys + 2008-01-11 02:05:05 167,424 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20689_none_5fdb7555ab898001\tcpipcfg.dll + 2008-01-11 02:02:33 17,464 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16584_none_daff695624a08568\aliide.sys + 2008-01-11 02:02:33 17,976 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16584_none_daff695624a08568\amdide.sys + 2008-01-11 02:02:33 21,560 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16584_none_daff695624a08568\atapi.sys + 2008-01-11 02:02:33 109,624 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16584_none_daff695624a08568\ataport.sys + 2008-01-11 02:02:33 19,000 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16584_none_daff695624a08568\cmdide.sys + 2008-01-11 02:02:33 17,464 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16584_none_daff695624a08568\intelide.sys + 2008-01-11 02:02:33 25,656 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16584_none_daff695624a08568\msahci.sys + 2008-01-11 02:02:33 15,928 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16584_none_daff695624a08568\pciide.sys + 2008-01-11 02:02:33 45,112 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16584_none_daff695624a08568\pciidex.sys + 2008-01-11 02:02:33 20,024 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16584_none_daff695624a08568\viaide.sys + 2008-01-11 02:02:32 17,464 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20707_none_dbe288453d7a8ed6\aliide.sys + 2008-01-11 02:02:33 17,976 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20707_none_dbe288453d7a8ed6\amdide.sys + 2008-01-11 02:02:32 21,560 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20707_none_dbe288453d7a8ed6\atapi.sys + 2008-01-11 02:02:32 110,136 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20707_none_dbe288453d7a8ed6\ataport.sys + 2008-01-11 02:02:32 19,000 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20707_none_dbe288453d7a8ed6\cmdide.sys + 2008-01-11 02:02:32 17,976 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20707_none_dbe288453d7a8ed6\intelide.sys + 2008-01-11 02:02:32 28,216 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20707_none_dbe288453d7a8ed6\msahci.sys + 2008-01-11 02:02:32 15,928 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20707_none_dbe288453d7a8ed6\pciide.sys + 2008-01-11 02:02:32 45,112 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20707_none_dbe288453d7a8ed6\pciidex.sys + 2008-01-11 02:02:32 20,024 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20707_none_dbe288453d7a8ed6\viaide.sys + 2008-01-11 02:02:32 211,000 ----a-w C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6000.16586_none_137ff950ff29e447\volsnap.sys + 2008-01-11 02:02:31 211,000 ----a-w C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6000.20709_none_146318401803edb5\volsnap.sys . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}] 2007-03-02 16:52 177768 -ra------ C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_framework.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}] 2008-01-11 11:36 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}] 2007-11-05 11:51 402872 --a------ C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}] 2008-01-11 11:36 267592 --a------ C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} [HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-01-11 11:36 267592] [HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-11 03:01 1232896] "WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 13:34 2159104 C:\Windows\System32\oobefldr.dll] "StartCCC"="c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112] "LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 12:26 484904] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912] "Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-01-07 21:02 495616] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:34 201728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-07-14 03:03 1006264] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-15 12:08 1097728] "PDF Complete"="C:\Program Files\PDF Complete\pdfsty.exe" [2007-05-08 07:38 331552] "PTHOSTTR"="C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.exe" [2007-01-09 14:52 145184] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 14:36 827392] "hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 12:18 472776] "WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 15:12 317128] "HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 10:54 50696] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00 132496] "QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-05-02 15:17 163840] "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152] "WatchDog"="C:\Program Files\InterVideo\DVD Check\DVDCheck.exe" [2007-05-23 10:00 192512] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47 31016] "F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.exe" [2007-08-27 14:28 182952] "F-Secure TNB"="C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" [2007-08-27 14:27 895600] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 03:31 36352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "ST Recovery Launcher"="%WINDIR%\SMINST\launcher.exe" [ ] C:\Users\monapona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper og Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 19:24:54] OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-09-11 04:43:54] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-03-29 12:11:50] DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2007-09-10 08:17:10] HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] @="IEEE 1394 Bus host controllers" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] @="SBP2 IEEE 1394 Devices" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] @="SecurityDevices" R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 12:23] R0 CLFS;Common Log (CLFS);C:\Windows\system32\CLFS.sys [2006-11-02 10:51] R0 crcdisk;Crcdisk Filter Driver;C:\Windows\system32\drivers\crcdisk.sys [2006-11-02 10:49] R0 Ecache;ReadyBoost Caching Driver;C:\Windows\system32\drivers\ecache.sys [2006-11-02 13:33] R0 FileInfo;File Information FS MiniFilter;C:\Windows\system32\drivers\fileinfo.sys [2006-11-02 10:49] R0 msisadrv;ISA/EISA Class Driver;C:\Windows\system32\drivers\msisadrv.sys [2007-07-14 03:08] R0 spldr;Security Processor Loader Driver;C:\Windows\system32\drivers\spldr.sys [2006-11-02 10:49] R0 volmgr;Volume Manager Driver;C:\Windows\system32\drivers\volmgr.sys [2007-07-14 03:08] R0 volmgrx;Dynamic Volume Manager;C:\Windows\system32\drivers\volmgrx.sys [2006-11-02 10:51] R1 DfsC;Dfs Client Driver;C:\Windows\system32\Drivers\dfsc.sys [2006-11-02 09:31] R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\F-Secure\HIPS\fshs.sys [2007-08-27 14:27] R1 FSES;F-Secure Email Scanning Driver;C:\Windows\system32\drivers\fses.sys [2007-08-27 14:27] R1 FSFW;F-Secure Firewall Driver;C:\Windows\system32\drivers\fsdfw.sys [2007-08-27 14:27] R1 fsvista;F-Secure Vista Support Driver;C:\Program Files\F-Secure\Anti-Virus\minifilter\fsvista.sys [2007-08-27 14:27] R1 nsiproxy;NSI proxy service;C:\Windows\system32\drivers\nsiproxy.sys [2006-11-02 09:57] R1 RDPENCDD;RDP Encoder Mirror Driver;C:\Windows\system32\drivers\rdpencdd.sys [2006-11-02 10:02] R1 Smb;Meldingsorientert TCP/IP- og TCP/IPv6-protokoll (SMB-økt);C:\Windows\system32\DRIVERS\smb.sys [2006-11-02 09:57] R1 tdx;TDI-støttedriver for eldre NetIO;C:\Windows\system32\DRIVERS\tdx.sys [2006-11-02 09:57] R1 Wanarpv6;Remote Access IPv6 ARP Driver;C:\Windows\system32\DRIVERS\wanarp.sys [2007-09-11 02:14] R2 AeLookupSvc;Application Experience;C:\Windows\system32\svchost.exe [2006-11-02 10:45] R2 AudioEndpointBuilder;Windows Audio Endpoint Builder;C:\Windows\System32\svchost.exe [2006-11-02 10:45] R2 BFE;Base Filtering Engine;C:\Windows\system32\svchost.exe [2006-11-02 10:45] R2 DPS;Diagnostic Policy Service;C:\Windows\System32\svchost.exe [2006-11-02 10:45] R2 FDResPub;Function Discovery Resource Publication;C:\Windows\system32\svchost.exe [2006-11-02 10:45] R2 gpsvc;Group Policy Client;C:\Windows\system32\svchost.exe [2006-11-02 10:45] R2 IKEEXT;IKE and AuthIP IPsec Keying Modules;C:\Windows\system32\svchost.exe [2006-11-02 10:45] R2 iphlpsvc;IP Helper;C:\Windows\System32\svchost.exe [2006-11-02 10:45] R2 KtmRm;KtmRm for Distributed Transaction Coordinator;C:\Windows\System32\svchost.exe [2006-11-02 10:45] R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;C:\Windows\system32\DRIVERS\lltdio.sys [2006-11-02 09:56] R2 luafv;UAC File Virtualization;C:\Windows\system32\drivers\luafv.sys [2006-11-02 09:33] R2 MMCSS;Multimedia Class Scheduler;C:\Windows\system32\svchost.exe [2006-11-02 10:45] R2 MpsSvc;Windows Firewall;C:\Windows\system32\svchost.exe [2006-11-02 10:45] R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" [2007-02-10 05:29] R2 netprofm;Network List Service;C:\Windows\System32\svchost.exe [2006-11-02 10:45] R2 NlaSvc;Network Location Awareness;C:\Windows\System32\svchost.exe [2006-11-02 10:45] R2 nsi;Network Store Interface Service;C:\Windows\system32\svchost.exe [2006-11-02 10:45] R2 PcaSvc;Program Compatibility Assistant Service;C:\Windows\system32\svchost.exe [2006-11-02 10:45] R2 pdfcDispatcher;PDF Document Manager;C:\Program Files\PDF Complete\pdfsvc.exe [2007-05-08 07:38] R2 PEAUTH;PEAUTH;C:\Windows\system32\drivers\peauth.sys [2006-11-02 10:04] R2 ProfSvc;User Profile Service;C:\Windows\system32\svchost.exe [2006-11-02 10:45] R2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29] R2 SysMain;Superfetch;C:\Windows\system32\svchost.exe [2006-11-02 10:45] R2 TabletInputService;Tablet PC Input Service;C:\Windows\System32\svchost.exe [2006-11-02 10:45] R2 tcpipreg;TCP/IP Registry Compatibility;C:\Windows\system32\drivers\tcpipreg.sys [2006-11-02 09:57] R2 UxSms;Desktop Window Manager Session Manager;C:\Windows\System32\svchost.exe [2006-11-02 10:45] R2 WerSvc;Windows Error Reporting Service;C:\Windows\System32\svchost.exe [2006-11-02 10:45] R2 Wlansvc;WLAN AutoConfig;C:\Windows\system32\svchost.exe [2006-11-02 10:45] R2 WPDBusEnum;Portable Device Enumerator Service;C:\Windows\system32\svchost.exe [2006-11-02 10:45] R3 Appinfo;Application Information;C:\Windows\system32\svchost.exe [2006-11-02 10:45] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-02-26 15:52] R3 bowser;Bowser;C:\Windows\system32\DRIVERS\bowser.sys [2006-11-02 09:31] R3 btwaudio;Bluetooth-lydenhet;C:\Windows\system32\drivers\btwaudio.sys [2007-05-11 11:42] R3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [2007-05-11 11:42] R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-05-11 11:42] R3 DXGKrnl;LDDM Graphics Subsystem;C:\Windows\system32\drivers\dxgkrnl.sys [2007-09-11 02:14] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure\Anti-Virus\minifilter\fsgk.sys [2007-08-27 14:27] R3 iScsiPrt;iScsiPort-driver;C:\Windows\system32\DRIVERS\msiscsi.sys [2006-11-02 10:51] R3 KeyIso;CNG Key Isolation;C:\Windows\system32\lsass.exe [2006-11-02 10:45] R3 monitor;Microsoft Monitor Class Function Driver Service;C:\Windows\system32\DRIVERS\monitor.sys [2006-11-02 09:54] R3 mpsdrv;Driver for Windows-brannmurgodkjenning;C:\Windows\system32\drivers\mpsdrv.sys [2007-09-11 02:10] R3 mrxsmb10;SMB 1.x MiniRedirector;C:\Windows\system32\DRIVERS\mrxsmb10.sys [2006-11-02 09:31] R3 mrxsmb20;SMB 2.0 MiniRedirector;C:\Windows\system32\DRIVERS\mrxsmb20.sys [2007-12-16 03:03] R3 NativeWifiP;NativeWiFi Filter;C:\Windows\system32\DRIVERS\nwifi.sys [2008-01-11 03:02] R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-02-02 17:09] R3 srv2;srv2;C:\Windows\system32\DRIVERS\srv2.sys [2007-12-16 03:03] R3 srvnet;srvnet;C:\Windows\system32\DRIVERS\srvnet.sys [2007-12-16 03:03] R3 tunnel;Microsoft IPv6 Tunnel Miniport Adapter Driver;C:\Windows\system32\DRIVERS\tunnel.sys [2007-09-11 02:10] R3 umbus;UMBus Enumerator Driver;C:\Windows\system32\DRIVERS\umbus.sys [2006-11-02 09:55] R3 WdiSystemHost;Diagnostic System Host;C:\Windows\System32\svchost.exe [2006-11-02 10:45] S2 EMDMgmt;ReadyBoost;C:\Windows\system32\svchost.exe [2006-11-02 10:45] S2 slsvc;Software Licensing;C:\Windows\system32\SLsvc.exe [2007-09-27 02:00] S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-12-13 11:49] S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;C:\Windows\system32\drivers\brfiltlo.sys [2006-11-02 09:24] S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;C:\Windows\system32\drivers\brfiltup.sys [2006-11-02 09:24] S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\Windows\system32\drivers\brusbser.sys [2006-11-02 09:24] S3 CertPropSvc;Certificate Propagation;C:\Windows\system32\svchost.exe [2006-11-02 10:45] S3 DFSR;DFS Replication;C:\Windows\system32\DFSR.exe [2006-11-02 13:35] S3 E1G60;Intel® PRO/1000 NDIS 6 Adapter Driver;C:\Windows\system32\DRIVERS\E1G60I32.sys [2006-11-02 08:30] S3 fdPHost;Function Discovery Provider Host;C:\Windows\system32\svchost.exe [2006-11-02 10:45] S3 Filetrace;FileTrace;C:\Windows\system32\drivers\filetrace.sys [2006-11-02 09:32] S3 IPBusEnum;PnP-X IP Bus Enumerator;C:\Windows\system32\svchost.exe [2006-11-02 10:45] S3 lltdsvc;Link-Layer Topology Discovery Mapper;C:\Windows\System32\svchost.exe [2006-11-02 10:45] S3 MSiSCSI;Microsoft iSCSI Initiator Service;C:\Windows\system32\svchost.exe [2006-11-02 10:45] S3 MsRPC;MsRPC;C:\Windows\system32\drivers\MsRPC.sys [2006-11-02 10:51] S3 p2pimsvc;Peer Networking Identity Manager;C:\Windows\System32\svchost.exe [2006-11-02 10:45] S3 p2psvc;Peer Networking Grouping;C:\Windows\System32\svchost.exe [2006-11-02 10:45] S3 pla;Performance Logs & Alerts;C:\Windows\System32\svchost.exe [2006-11-02 10:45] S3 PNRPAutoReg;PNRP Machine Name Publication Service;C:\Windows\System32\svchost.exe [2006-11-02 10:45] S3 PNRPsvc;Peer Name Resolution Protocol;C:\Windows\System32\svchost.exe [2006-11-02 10:45] S3 QWAVE;Quality Windows Audio Video Experience;C:\Windows\system32\svchost.exe [2006-11-02 10:45] S3 SCPolicySvc;Smart Card Removal Policy;C:\Windows\system32\svchost.exe [2006-11-02 10:45] S3 SDRSVC;Windows Backup;C:\Windows\system32\svchost.exe [2006-11-02 10:45] S3 SessionEnv;Terminal Services Configuration;C:\Windows\System32\svchost.exe [2006-11-02 10:45] S3 sffp_mmc;SFF Storage Protocol Driver for MMC;C:\Windows\system32\drivers\sffp_mmc.sys [2006-11-02 09:51] S3 SLUINotify;SL UI Notification Service;C:\Windows\system32\svchost.exe [2006-11-02 10:45] S3 TBS;TPM Base Services;C:\Windows\System32\svchost.exe [2006-11-02 10:45] S3 THREADORDER;Thread Ordering Server;C:\Windows\system32\svchost.exe [2006-11-02 10:45] S3 TPM;TPM;C:\Windows\system32\drivers\tpm.sys [2006-11-02 10:50] S3 TrustedInstaller;Windows Modules Installer;C:\Windows\servicing\TrustedInstaller.exe [2006-11-02 10:45] S3 tssecsrv;Terminal Services Security Filter Driver;C:\Windows\system32\DRIVERS\tssecsrv.sys [2006-11-02 10:02] S3 UI0Detect;Interactive Services Detection;C:\Windows\system32\UI0Detect.exe [2006-11-02 10:45] S3 uliagpkx;Uli AGP Bus Filter;C:\Windows\system32\drivers\uliagpkx.sys [2006-11-02 10:50] S3 vga;vga;C:\Windows\system32\DRIVERS\vgapnp.sys [2006-11-02 09:53] S3 wcncsvc;Windows Connect Now - Config Registrar;C:\Windows\System32\svchost.exe [2006-11-02 10:45] S3 WcsPlugInService;Windows Color System;C:\Windows\system32\svchost.exe [2006-11-02 10:45] S3 WdiServiceHost;Diagnostic Service Host;C:\Windows\System32\svchost.exe [2006-11-02 10:45] S3 Wecsvc;Windows Event Collector;C:\Windows\system32\svchost.exe [2006-11-02 10:45] S3 wercplsupport;Problem Reports and Solutions Control Panel Support;C:\Windows\System32\svchost.exe [2006-11-02 10:45] S3 WinHttpAutoProxySvc;WinHTTP Web Proxy Auto-Discovery Service;C:\Windows\system32\svchost.exe [2006-11-02 10:45] S3 WinRM;Windows Remote Management (WS-Management);C:\Windows\System32\svchost.exe [2006-11-02 10:45] S3 WPCSvc;Parental Controls;C:\Windows\system32\svchost.exe [2006-11-02 10:45] S4 adp94xx;adp94xx;C:\Windows\system32\drivers\adp94xx.sys [2006-11-02 10:51] S4 adpahci;adpahci;C:\Windows\system32\drivers\adpahci.sys [2006-11-02 10:51] S4 amdide;amdide;C:\Windows\system32\drivers\amdide.sys [2006-11-02 10:49] S4 arc;arc;C:\Windows\system32\drivers\arc.sys [2006-11-02 10:50] S4 arcsas;arcsas;C:\Windows\system32\drivers\arcsas.sys [2006-11-02 10:50] S4 Brserid;Brother MFC Serial Port Interface Driver (WDM);C:\Windows\system32\drivers\brserid.sys [2006-11-02 09:25] S4 BrSerWdm;Brother WDM Serial driver;C:\Windows\system32\drivers\brserwdm.sys [2006-11-02 09:24] S4 BrUsbMdm;Brother MFC USB Fax Only Modem;C:\Windows\system32\drivers\brusbmdm.sys [2006-11-02 09:24] S4 circlass;Consumer IR Devices;C:\Windows\system32\drivers\circlass.sys [2006-11-02 09:55] S4 Crusoe;Transmeta Crusoe Processor Driver;C:\Windows\system32\drivers\crusoe.sys [2006-11-02 09:30] S4 elxstor;elxstor;C:\Windows\system32\drivers\elxstor.sys [2006-11-02 10:51] S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2007-08-27 14:27] S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys [2007-08-27 14:27] S4 HpCISSs;HpCISSs;C:\Windows\system32\drivers\hpcisss.sys [2006-11-02 10:50] S4 iaStorV;Intel RAID Controller Vista;C:\Windows\system32\drivers\iastorv.sys [2006-11-02 10:51] S4 iirsp;iirsp;C:\Windows\system32\drivers\iirsp.sys [2006-11-02 10:50] S4 IPMIDRV;IPMIDRV;C:\Windows\system32\drivers\ipmidrv.sys [2006-11-02 09:42] S4 iteraid;ITERAID_Service_Install;C:\Windows\system32\drivers\iteraid.sys [2006-11-02 10:50] S4 LSI_FC;LSI_FC;C:\Windows\system32\drivers\lsi_fc.sys [2006-11-02 10:50] S4 LSI_SAS;LSI_SAS;C:\Windows\system32\drivers\lsi_sas.sys [2006-11-02 10:50] S4 LSI_SCSI;LSI_SCSI;C:\Windows\system32\drivers\lsi_scsi.sys [2006-11-02 10:50] S4 megasas;megasas;C:\Windows\system32\drivers\megasas.sys [2006-11-02 10:49] S4 mpio;Microsoft Multi-Path Bus Driver;C:\Windows\system32\drivers\mpio.sys [2006-11-02 10:50] S4 msahci;msahci;C:\Windows\system32\drivers\msahci.sys [2006-11-02 10:49] S4 msdsm;Microsoft Multi-Path Device Specific Module;C:\Windows\system32\drivers\msdsm.sys [2006-11-02 10:50] S4 nfrd960;nfrd960;C:\Windows\system32\drivers\nfrd960.sys [2006-11-02 10:50] S4 ntrigdigi;N-trig HID Tablet Driver;C:\Windows\system32\drivers\ntrigdigi.sys [2006-11-02 08:36] S4 nvstor;nvstor;C:\Windows\system32\drivers\nvstor.sys [2006-11-02 10:50] S4 ql2300;QLogic Fibre Channel Miniport Driver;C:\Windows\system32\drivers\ql2300.sys [2006-11-02 10:51] S4 ql40xx;QLogic iSCSI Miniport Driver;C:\Windows\system32\drivers\ql40xx.sys [2006-11-02 10:50] S4 SiSRaid2;SiSRaid2;C:\Windows\system32\drivers\sisraid2.sys [2006-11-02 10:50] S4 SiSRaid4;SiSRaid4;C:\Windows\system32\drivers\sisraid4.sys [2006-11-02 10:50] S4 uliahci;uliahci;C:\Windows\system32\drivers\uliahci.sys [2006-11-02 10:51] S4 ulsata2;ulsata2;C:\Windows\system32\drivers\ulsata2.sys [2006-11-02 10:50] S4 usbcir;eHome Infrared Receiver (USBCIR);C:\Windows\system32\drivers\usbcir.sys [2006-11-02 09:55] S4 ViaC7;VIA C7 Processor Driver;C:\Windows\system32\drivers\viac7.sys [2006-11-02 09:30] S4 vsmraid;vsmraid;C:\Windows\system32\drivers\vsmraid.sys [2006-11-02 10:50] S4 WacomPen;Wacom Serial Pen HID Driver;C:\Windows\system32\drivers\wacompen.sys [2006-11-02 09:52] S4 Wd;Microsoft Watchdog Timer Driver;C:\Windows\system32\drivers\wd.sys [2006-11-02 10:49] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalService REG_MULTI_SZ nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc wlansvc EMDMgmt TabletInputService WPDBusEnum NetworkServiceNetworkRestricted REG_MULTI_SZ PolicyAgent LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc NetworkService REG_MULTI_SZ CryptSvc DHCP TermService KtmRm DNSCache NapAgent nlasvc WinRM WECSVC Tapisrv WerSvcGroup REG_MULTI_SZ wersvc swprv REG_MULTI_SZ swprv LocalServiceNetworkRestricted REG_MULTI_SZ DHCP eventlog AudioSrv LmHosts wscsvc p2pimsvc PNRPSvc p2psvc WPCSvc PnrpAutoReg regsvc REG_MULTI_SZ RemoteRegistry wcssvc REG_MULTI_SZ WcsPlugInService DcomLaunch REG_MULTI_SZ PlugPlay DcomLaunch wdisvc REG_MULTI_SZ WdiServiceHost sdrsvc REG_MULTI_SZ sdrsvc secsvcs REG_MULTI_SZ WinDefend GPSvcGroup REG_MULTI_SZ GPSvc HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs AeLookupSvc wercplsupport Themes CertPropSvc SCPolicySvc lanmanserver gpsvc IKEEXT AudioSrv FastUserSwitchingCompatibility Nla NWCWorkstation SRService Wmi WmdmPmSp TermService wuauserv BITS ShellHWDetection LogonHours PCAudit helpsvc uploadmgr iphlpsvc seclogon AppInfo msiscsi MMCSS ProfSvc EapHost winmgmt schedule SessionEnv browser hkmsvc [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] C:\Windows\system32\unregmp2.exe /ShowWMP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static] msiexec /fums {990BA001-D69F-9DB2-56CE-88E0399B30FB} /qb [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI . Contents of the 'Scheduled Tasks' folder "2007-11-30 15:39:31 C:\Windows\Tasks\Se etter oppdateringer for Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-14 20:14:55 Windows 5.1.2600 Service Pack 2 NTFS detected NTDLL code modification: ZwEnumerateKey, ZwQueryKey, ZwOpenKey, ZwClose, ZwEnumerateValueKey, ZwQueryValueKey, ZwOpenFile, ZwQueryDirectoryFile, ZwQuerySystemInformation scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-14 20:17:55 ComboFix-quarantined-files.txt 2008-01-14 19:17:45 ComboFix2.txt 2007-12-29 00:24:11 ComboFix3.txt 2007-12-28 14:45:36 ComboFix4.txt 2007-12-28 13:34:31 . 2008-01-11 02:05:18 --- E O F --- Endret 14. januar 2008 av mona14 Lenke til kommentar
norbat Skrevet 14. januar 2008 Del Skrevet 14. januar 2008 (endret) tauromachine:Og hvor skulle disse filene ligge? Snakker vi om noen form for Tracking Cookies? Ja. Tracking cookies i Opera Det er ikke spesielt skummelt. Du kan administrere informasjonskapslene (cookies) fra følgende plass: Verktøy->Avansert->Informasjonskapsler... Endret 15. januar 2008 av norbat Lenke til kommentar
norbat Skrevet 14. januar 2008 Del Skrevet 14. januar 2008 Combofix logg; ComboFix 08-01-14.4 - monapona 2008-01-14 20:10:20.4 - NTFSx86 Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1044.18.145 [GMT 1:00] Running from: C:\Users\monapona\Desktop\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-12-14 to 2008-01-14 ))))))))))))))))))))))))))))))) . 2008-01-14 20:03 . 2000-08-31 08:00 51,200 --a------ C:\Windows\NirCmd.exe 2008-01-14 18:58 . 2008-01-14 18:58 <DIR> dr------- C:\Windows\System32\config\systemprofile\Music 2008-01-13 20:52 . 2008-01-13 20:52 <DIR> d--hs---- C:\found.000 2008-01-12 13:00 . 2008-01-12 13:00 <DIR> d-------- C:\Users\All Users\OrbNetworks 2008-01-12 13:00 . 2008-01-12 13:00 <DIR> d-------- C:\ProgramData\OrbNetworks 2008-01-12 13:00 . 2008-01-12 13:00 <DIR> d-------- C:\Program Files\Winamp Remote 2008-01-12 12:58 . 2008-01-12 13:01 <DIR> d-------- C:\Users\monapona\AppData\Roaming\Winamp 2008-01-12 12:58 . 2008-01-14 19:59 <DIR> d-------- C:\Program Files\Winamp 2008-01-11 11:36 . 2008-01-13 21:30 <DIR> d-------- C:\Users\monapona\AppData\Roaming\FrostWire 2008-01-11 11:36 . 2008-01-11 11:36 <DIR> d-------- C:\Program Files\FrostWire 2008-01-11 11:36 . 2008-01-11 11:36 <DIR> d-------- C:\Program Files\AskSBar 2008-01-11 03:05 . 2008-01-11 03:05 802,816 --a------ C:\Windows\System32\drivers\tcpip.sys 2008-01-11 03:05 . 2008-01-11 03:05 216,760 --a------ C:\Windows\System32\drivers\netio.sys 2008-01-11 03:05 . 2008-01-11 03:05 167,424 --a------ C:\Windows\System32\tcpipcfg.dll 2008-01-11 03:05 . 2008-01-11 03:05 24,064 --a------ C:\Windows\System32\netcfg.exe 2008-01-11 03:05 . 2008-01-11 03:05 22,016 --a------ C:\Windows\System32\netiougc.exe 2008-01-11 03:02 . 2008-01-11 03:02 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll 2008-01-11 03:02 . 2008-01-11 03:02 1,686,016 --a------ C:\Windows\System32\gameux.dll 2008-01-11 03:02 . 2008-01-11 03:02 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys 2008-01-11 03:02 . 2008-01-11 03:02 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys 2008-01-11 03:02 . 2008-01-11 03:02 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys 2008-01-11 03:02 . 2008-01-11 03:02 109,624 --a------ C:\Windows\System32\drivers\ataport.sys 2008-01-11 03:02 . 2008-01-11 03:02 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys 2008-01-11 03:02 . 2008-01-11 03:02 21,560 --a------ C:\Windows\System32\drivers\atapi.sys 2008-01-11 03:02 . 2008-01-11 03:02 15,928 --a------ C:\Windows\System32\drivers\pciide.sys 2008-01-11 03:01 . 2008-01-11 03:01 11,776 --a------ C:\Windows\System32\sbunattend.exe 2007-12-27 23:17 . 2007-12-27 23:17 <DIR> d-------- C:\Users\monapona\AppData\Roaming\SUPERAntiSpyware.com 2007-12-27 23:17 . 2007-12-27 23:17 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com 2007-12-27 23:17 . 2007-12-27 23:17 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com 2007-12-27 23:17 . 2007-12-27 23:20 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2007-12-27 23:17 . 2007-12-27 23:17 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-12-16 03:05 . 2007-12-16 03:05 1,327,104 --a------ C:\Windows\System32\quartz.dll 2007-12-16 03:05 . 2007-12-16 03:05 223,232 --a------ C:\Windows\System32\WMASF.DLL 2007-12-16 03:05 . 2007-12-16 03:05 9,728 --a------ C:\Windows\System32\LAPRXY.DLL 2007-12-16 03:05 . 2007-12-16 03:05 2,048 --a------ C:\Windows\System32\asferror.dll 2007-12-16 03:03 . 2007-12-16 03:03 1,830,912 --a------ C:\Windows\System32\inetcpl.cpl 2007-12-16 03:01 . 2007-12-16 03:01 3,504,824 --a------ C:\Windows\System32\ntkrnlpa.exe 2007-12-16 03:01 . 2007-12-16 03:01 3,470,520 --a------ C:\Windows\System32\ntoskrnl.exe 2007-12-16 03:01 . 2007-12-16 03:01 2,048 --a------ C:\Windows\System32\tzres.dll 2007-12-15 20:06 . 2007-12-15 20:06 <DIR> d-------- C:\Program Files\Trend Micro 2007-12-15 19:08 . 2007-12-15 19:08 244 --ah----- C:\sqmnoopt00.sqm 2007-12-15 19:08 . 2007-12-15 19:08 232 --ah----- C:\sqmdata00.sqm . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-13 19:56 --------- d-----w C:\Users\monapona\AppData\Roaming\OpenOffice.org2 2008-01-11 10:16 --------- d-----w C:\Program Files\LimeWire 2008-01-11 09:34 --------- d-----w C:\Users\monapona\AppData\Roaming\LimeWire 2008-01-11 02:11 --------- d-----w C:\Program Files\Windows Sidebar 2008-01-11 02:11 --------- d-----w C:\Program Files\Windows Mail 2008-01-11 02:03 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-01-11 02:02 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-01-11 02:02 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-01-11 02:02 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2007-12-16 02:06 --------- d-----w C:\ProgramData\Microsoft Help 2007-12-16 02:04 824,832 ----a-w C:\Windows\System32\wininet.dll 2007-12-16 02:04 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2007-12-16 02:03 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys 2007-12-16 02:03 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys 2007-12-16 02:03 56,320 ----a-w C:\Windows\System32\iesetup.dll 2007-12-16 02:03 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2007-12-16 02:03 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys 2007-12-16 02:03 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys 2007-12-10 09:55 --------- d-----w C:\ProgramData\WLInstaller 2007-12-03 21:28 --------- d-----w C:\ProgramData\WEBREG 2007-12-03 21:28 --------- d-----w C:\ProgramData\HP 2007-12-03 21:20 --------- d-----w C:\Users\monapona\AppData\Roaming\HPAppData 2007-12-03 21:20 --------- d-----w C:\ProgramData\HPSSUPPLY 2007-12-03 21:20 --------- d-----w C:\Program Files\Hp 2007-12-03 21:20 --------- d-----w C:\Program Files\Hewlett-Packard 2007-12-03 21:17 --------- d-----w C:\ProgramData\HP Product Assistant 2007-12-03 21:16 --------- d-----w C:\Program Files\Common Files\HP 2007-12-03 21:15 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard 2007-12-03 21:08 --------- d-----w C:\ProgramData\Hewlett-Packard 2007-11-30 17:52 --------- d-----w C:\Program Files\BearShare Applications 2007-11-30 15:41 --------- d-----w C:\Program Files\Windows Live 2007-11-30 15:39 --------- d-----w C:\Program Files\Windows Live Toolbar 2007-11-30 15:32 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2007-11-30 11:53 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr 2007-11-30 11:52 28,344 ----a-w C:\Windows\system32\drivers\battc.sys 2007-11-30 11:52 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys 2007-11-30 11:52 24,064 ----a-w C:\Windows\System32\wtsapi32.dll 2007-11-30 11:52 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys 2007-11-30 11:52 2,923,520 ----a-w C:\Windows\explorer.exe 2007-11-30 11:52 2,027,008 ----a-w C:\Windows\System32\win32k.sys 2007-11-30 11:52 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys 2007-11-30 11:52 11,264 ----a-w C:\Windows\system32\drivers\wmiacpi.sys 2007-11-30 11:34 --------- d-----w C:\Program Files\Microsoft SQL Server 2007-11-30 11:32 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2 2007-11-30 07:33 542,720 ----a-w C:\Windows\System32\sysmain.dll 2007-11-30 07:32 67,584 ----a-w C:\Windows\System32\wlanhlp.dll 2007-11-30 07:32 502,784 ----a-w C:\Windows\System32\wlansvc.dll 2007-11-30 07:32 47,104 ----a-w C:\Windows\System32\wlanapi.dll 2007-11-30 07:32 297,984 ----a-w C:\Windows\System32\wlansec.dll 2007-11-30 07:32 290,816 ----a-w C:\Windows\System32\wlanmsm.dll 2007-11-29 13:19 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL 2007-11-29 13:19 7,680 ----a-w C:\Windows\System32\spwmp.dll 2007-11-29 13:19 4,096 ----a-w C:\Windows\System32\dxmasf.dll 2007-11-29 13:18 8,704 ----a-w C:\Windows\System32\hcrstco.dll 2007-11-29 13:18 8,704 ----a-w C:\Windows\System32\hccoin.dll 2007-11-29 13:18 73,216 ----a-w C:\Windows\system32\drivers\usbccgp.sys 2007-11-29 13:18 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys 2007-11-29 13:18 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys 2007-11-29 13:18 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll 2007-11-29 13:18 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys 2007-11-29 13:18 193,536 ----a-w C:\Windows\system32\drivers\usbhub.sys 2007-11-29 13:18 19,456 ----a-w C:\Windows\system32\drivers\usbohci.sys 2007-11-29 13:15 84,480 ----a-w C:\Windows\System32\INETRES.dll 2007-11-29 13:15 788,992 ----a-w C:\Windows\System32\rpcrt4.dll 2007-11-29 13:15 737,792 ----a-w C:\Windows\System32\inetcomm.dll 2007-11-29 10:23 --------- d-----w C:\Users\monapona\AppData\Roaming\ATI 2007-11-29 10:17 --------- d-----w C:\Users\monapona\AppData\Roaming\Hewlett-Packard 2007-10-18 10:31 51,224 ----a-w C:\Windows\System32\sirenacm.dll 2007-09-11 01:25 174 --sha-w C:\Program Files\desktop.ini . ((((((((((((((((((((((((((((( snapshot@2007-12-28_14.33.53.56 ))))))))))))))))))))))))))))))))))))))))) . - 2007-12-28 10:32:58 67,584 --s-a-w C:\Windows\bootstat.dat + 2008-01-14 17:41:44 67,584 --s-a-w C:\Windows\bootstat.dat + 2000-08-31 07:00:00 163,328 ----a-w C:\Windows\erdnt\Hiv-backup\ERDNT.EXE + 2008-01-14 19:06:58 204,800 ----a-w C:\Windows\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT + 2008-01-14 19:06:58 204,800 ----a-w C:\Windows\erdnt\Hiv-backup\Users\00000002\NTUSER.DAT + 2008-01-14 19:06:58 1,540,096 ----a-w C:\Windows\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT + 2008-01-14 19:06:59 729,088 ----a-w C:\Windows\erdnt\Hiv-backup\Users\00000004\UsrClass.dat - 2007-11-30 11:56:54 665,600 ----a-w C:\Windows\inf\drvindex.dat + 2008-01-11 02:11:02 665,600 ----a-w C:\Windows\inf\drvindex.dat - 2007-12-03 21:13:35 51,200 ----a-w C:\Windows\inf\infpub.dat + 2008-01-11 02:11:10 51,200 ----a-w C:\Windows\inf\infpub.dat - 2007-12-03 21:13:19 86,016 ----a-w C:\Windows\inf\infstor.dat + 2008-01-11 02:11:01 86,016 ----a-w C:\Windows\inf\infstor.dat - 2007-12-03 21:13:35 86,016 ----a-w C:\Windows\inf\infstrng.dat + 2008-01-11 02:11:01 86,016 ----a-w C:\Windows\inf\infstrng.dat - 2007-12-28 12:33:05 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat + 2008-01-14 18:42:18 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat - 2007-12-27 23:45:29 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-01-13 19:54:52 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-01-13 19:54:52 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 - 2007-12-28 10:57:03 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat + 2008-01-13 20:34:30 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat - 2007-12-27 23:45:55 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-01-13 19:54:47 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-01-13 19:54:47 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 - 2007-07-14 03:20:21 13,403 ----a-w C:\Windows\System32\config\systemprofile\AppData\Local\ATI\ACE\Manifest.Bin + 2008-01-11 07:23:45 13,403 ----a-w C:\Windows\System32\config\systemprofile\AppData\Local\ATI\ACE\Manifest.Bin - 2007-12-28 13:27:36 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-01-14 18:32:23 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2007-12-28 13:27:36 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-01-14 18:32:23 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2007-12-28 13:27:36 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-01-14 18:32:23 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2007-12-28 13:29:04 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat + 2008-01-14 19:10:13 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat + 2008-01-14 19:10:13 262,144 ---ha-w C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1 - 2006-07-24 01:00:00 36,528 ----a-w C:\Windows\System32\drivers\pxhelp20.sys + 2007-03-07 23:51:00 43,528 ------w C:\Windows\System32\drivers\pxhelp20.sys + 2008-01-11 02:02:33 17,464 ----a-w C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_ecc53ff9\aliide.sys + 2008-01-11 02:02:33 17,976 ----a-w C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_ecc53ff9\amdide.sys + 2008-01-11 02:02:33 21,560 ----a-w C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_ecc53ff9\atapi.sys + 2008-01-11 02:02:33 109,624 ----a-w C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_ecc53ff9\ataport.sys + 2008-01-11 02:02:33 19,000 ----a-w C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_ecc53ff9\cmdide.sys + 2008-01-11 02:02:33 17,464 ----a-w C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_ecc53ff9\intelide.sys + 2008-01-11 02:02:33 25,656 ----a-w C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_ecc53ff9\msahci.sys + 2008-01-11 02:02:33 15,928 ----a-w C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_ecc53ff9\pciide.sys + 2008-01-11 02:02:33 45,112 ----a-w C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_ecc53ff9\pciidex.sys + 2008-01-11 02:02:33 20,024 ----a-w C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_ecc53ff9\viaide.sys + 2008-01-11 02:02:32 211,000 ----a-w C:\Windows\System32\DriverStore\FileRepository\volume.inf_f47b2c78\volsnap.sys + 2007-08-07 12:37:56 53,248 ----a-w C:\Windows\System32\Macromed\Common\SwSupport.dll + 2007-08-07 16:20:44 182,248 ----a-w C:\Windows\System32\Macromed\Director\swdir.dll + 2007-08-07 16:21:02 55,272 ----a-w C:\Windows\System32\Macromed\Director\SwDnld.exe + 2007-11-21 00:52:38 2,884,992 ----a-w C:\Windows\System32\Macromed\Flash\NPSWF32.dll + 2007-11-21 00:52:40 218,496 ----a-w C:\Windows\System32\Macromed\Flash\NPSWF32_FlashUtil.exe + 2008-01-12 11:57:59 70,264 ----a-w C:\Windows\System32\Macromed\Flash\uninstall_plugin.exe + 2007-08-07 12:35:56 585,728 ----a-w C:\Windows\System32\Macromed\Shockwave 10\Control.dll + 2007-08-07 12:19:40 1,490,944 ----a-w C:\Windows\System32\Macromed\Shockwave 10\dirapi.dll + 2007-08-07 12:36:32 24,576 ----a-w C:\Windows\System32\Macromed\Shockwave 10\DynaPlayer.dll + 2007-08-07 15:52:32 1,113,600 ----a-w C:\Windows\System32\Macromed\Shockwave 10\gi.dll + 2007-08-07 12:08:48 52,288 ----a-w C:\Windows\System32\Macromed\Shockwave 10\gtapi.dll + 2007-08-07 12:17:24 606,208 ----a-w C:\Windows\System32\Macromed\Shockwave 10\iml32.dll + 2007-08-07 12:35:22 339,968 ----a-w C:\Windows\System32\Macromed\Shockwave 10\Plugin.dll + 2007-08-07 12:35:32 483,328 ----a-w C:\Windows\System32\Macromed\Shockwave 10\PluginPing.dll + 2007-08-07 12:28:38 180,224 ----a-w C:\Windows\System32\Macromed\Shockwave 10\Proj.dll + 2007-08-07 16:20:28 391,144 ----a-w C:\Windows\System32\Macromed\Shockwave 10\SwHelper_1020023.exe + 2007-08-07 12:37:56 77,824 ----a-w C:\Windows\System32\Macromed\Shockwave 10\SwInit.exe + 2007-08-07 12:35:18 86,016 ----a-w C:\Windows\System32\Macromed\Shockwave 10\SwMenu.dll + 2007-08-07 12:37:58 98,304 ----a-w C:\Windows\System32\Macromed\Shockwave 10\SwOnce.dll + 2007-08-07 12:08:46 50,808 ----a-w C:\Windows\System32\Macromed\Shockwave 10\SYMCCHECKER.DLL + 1999-06-25 09:55:30 149,504 ----a-w C:\Windows\System32\Macromed\Shockwave 10\UNWISE.EXE - 2006-11-02 09:46:11 49,152 ----a-w C:\Windows\System32\migration\netiomig.dll + 2008-01-11 02:05:06 49,152 ----a-w C:\Windows\System32\migration\netiomig.dll - 2007-12-02 23:00:05 18,684,536 ----a-w C:\Windows\System32\mrt.exe + 2008-01-02 18:21:36 17,642,616 ----a-w C:\Windows\System32\mrt.exe - 2006-09-21 12:28:26 523,000 ----a-w C:\Windows\System32\Px.dll + 2007-03-07 23:51:00 547,576 ------w C:\Windows\System32\Px.dll - 2006-09-21 12:28:26 129,784 ----a-w C:\Windows\System32\PxAFS.DLL + 2007-03-07 23:51:00 129,784 ------w C:\Windows\System32\PxAFS.DLL + 2007-03-07 23:51:00 64,760 ------w C:\Windows\System32\pxcpya64.exe - 2006-09-18 23:01:00 486,136 ----a-w C:\Windows\System32\pxdrv.dll + 2007-03-07 23:51:00 510,712 ------w C:\Windows\System32\pxdrv.dll + 2007-03-07 23:51:00 72,440 ------w C:\Windows\System32\pxhpinst.exe + 2007-03-07 23:51:00 64,760 ------w C:\Windows\System32\pxinsa64.exe - 2006-09-21 12:28:28 183,032 ----a-w C:\Windows\System32\PxMas.dll + 2007-03-07 23:51:00 187,128 ------w C:\Windows\System32\PxMas.dll - 2006-09-21 12:28:28 1,329,912 ----a-w C:\Windows\System32\PxSFS.DLL + 2007-03-07 23:51:00 1,628,920 ------w C:\Windows\System32\PxSFS.DLL - 2006-09-21 12:28:30 379,640 ----a-w C:\Windows\System32\PxWave.dll + 2007-03-07 23:51:00 379,640 ------w C:\Windows\System32\PxWave.dll - 2007-12-16 02:14:49 6,029,312 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT + 2008-01-11 02:14:27 6,029,312 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT - 2007-12-13 20:26:50 156,160 ----a-w C:\Windows\System32\swreg.exe + 2000-08-31 07:00:00 156,160 ----a-w C:\Windows\System32\swreg.exe - 2006-08-20 23:00:00 39,672 ----a-w C:\Windows\System32\VXBLOCK.dll + 2007-03-07 23:51:00 39,672 ------w C:\Windows\System32\VXBLOCK.dll - 2007-12-27 23:46:25 4,318 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2824029198-3598538209-984558974-1010_UserData.bin + 2008-01-13 19:55:38 5,796 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2824029198-3598538209-984558974-1010_UserData.bin - 2007-12-27 23:46:24 75,560 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2008-01-13 19:55:35 76,920 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2007-12-27 23:46:22 38,652 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2008-01-11 07:25:19 40,884 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin - 2007-12-28 10:33:02 253,856 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin + 2008-01-14 17:42:13 267,860 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin - 2007-12-12 09:59:55 66,054 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin + 2008-01-14 07:34:08 108,228 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin + 2008-01-11 02:03:00 2,143,744 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.16581_none_09e8791bf5640942\AcGenral.dll + 2008-01-11 02:02:59 2,144,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.20704_none_0acb980b0e3e12b0\AcGenral.dll + 2008-01-11 02:02:59 449,024 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.16581_none_09e97965f5632299\AcSpecfc.dll + 2008-01-11 02:02:59 450,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.20704_none_0acc98550e3d2c07\AcSpecfc.dll + 2008-01-11 02:02:58 537,600 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16581_none_09ea79aff5623bf0\AcLayers.dll + 2008-01-11 02:02:58 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16581_none_09ea79aff5623bf0\AcXtrnal.dll + 2008-01-11 02:02:58 537,600 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.20704_none_0acd989f0e3c455e\AcLayers.dll + 2008-01-11 02:02:58 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.20704_none_0acd989f0e3c455e\AcXtrnal.dll + 2008-01-11 02:02:51 1,686,016 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16581_none_3fc48f6cc4566c42\gameux.dll + 2008-01-11 02:02:55 4,247,552 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16581_none_3fc48f6cc4566c42\GameUXLegacyGDFs.dll + 2008-01-11 02:02:44 1,686,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.20704_none_40a7ae5bdd3075b0\gameux.dll + 2008-01-11 02:02:48 4,247,552 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.20704_none_40a7ae5bdd3075b0\GameUXLegacyGDFs.dll + 2008-01-11 02:02:31 154,624 ----a-w C:\Windows\winsxs\x86_microsoft-windows-native-80211_31bf3856ad364e35_6.0.6000.16588_none_4cd3eb749205a268\nwifi.sys + 2008-01-11 02:02:31 154,624 ----a-w C:\Windows\winsxs\x86_microsoft-windows-native-80211_31bf3856ad364e35_6.0.6000.20711_none_4da23793aaf0ca61\nwifi.sys + 2008-01-11 02:05:06 24,064 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netcfg_31bf3856ad364e35_6.0.6000.16615_none_0e42ce98545690c8\netcfg.exe + 2008-01-11 02:05:06 24,064 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netcfg_31bf3856ad364e35_6.0.6000.20739_none_0ebaccb36d80cdd0\netcfg.exe + 2008-01-11 02:05:06 216,760 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6000.16567_none_547b4ec7b851524e\netio.sys + 2008-01-11 02:05:06 217,272 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6000.20689_none_54f14c4ed17d5ca8\netio.sys + 2008-01-11 02:02:34 1,060,920 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6000.16586_none_a43a6b8d2000830d\ntfs.sys + 2008-01-11 02:02:33 1,061,432 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6000.20709_none_a51d8a7c38da8c7b\ntfs.sys + 2008-01-11 02:05:14 2,414,088 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16618_none_f09f0de26e54a8df\OESpamFilter.dat + 2008-01-11 02:05:14 2,414,088 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.20743_none_f1033977878f1dc9\OESpamFilter.dat + 2008-01-11 02:01:54 66,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-sidebar_31bf3856ad364e35_6.0.6000.16615_none_ccf09e9d29852489\sbdrop.dll + 2008-01-11 02:01:52 11,776 ----a-w C:\Windows\winsxs\x86_microsoft-windows-sidebar_31bf3856ad364e35_6.0.6000.16615_none_ccf09e9d29852489\sbunattend.exe + 2008-01-11 02:01:54 1,232,896 ----a-w C:\Windows\winsxs\x86_microsoft-windows-sidebar_31bf3856ad364e35_6.0.6000.16615_none_ccf09e9d29852489\sidebar.exe + 2008-01-11 02:01:52 66,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-sidebar_31bf3856ad364e35_6.0.6000.20740_none_cd54ca3242bf9973\sbdrop.dll + 2008-01-11 02:01:47 11,776 ----a-w C:\Windows\winsxs\x86_microsoft-windows-sidebar_31bf3856ad364e35_6.0.6000.20740_none_cd54ca3242bf9973\sbunattend.exe + 2008-01-11 02:01:50 1,232,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-sidebar_31bf3856ad364e35_6.0.6000.20740_none_cd54ca3242bf9973\sidebar.exe + 2008-01-11 02:05:06 49,152 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16567_none_5f6577ce925d75a7\netiomig.dll + 2008-01-11 02:05:06 22,016 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16567_none_5f6577ce925d75a7\netiougc.exe + 2008-01-11 02:05:06 802,816 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16567_none_5f6577ce925d75a7\tcpip.sys + 2008-01-11 02:05:06 167,424 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16567_none_5f6577ce925d75a7\tcpipcfg.dll + 2008-01-11 02:05:05 49,152 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20689_none_5fdb7555ab898001\netiomig.dll + 2008-01-11 02:05:05 22,016 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20689_none_5fdb7555ab898001\netiougc.exe + 2008-01-11 02:05:05 804,352 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20689_none_5fdb7555ab898001\tcpip.sys + 2008-01-11 02:05:05 167,424 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20689_none_5fdb7555ab898001\tcpipcfg.dll + 2008-01-11 02:02:33 17,464 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16584_none_daff695624a08568\aliide.sys + 2008-01-11 02:02:33 17,976 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16584_none_daff695624a08568\amdide.sys + 2008-01-11 02:02:33 21,560 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16584_none_daff695624a08568\atapi.sys + 2008-01-11 02:02:33 109,624 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16584_none_daff695624a08568\ataport.sys + 2008-01-11 02:02:33 19,000 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16584_none_daff695624a08568\cmdide.sys + 2008-01-11 02:02:33 17,464 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16584_none_daff695624a08568\intelide.sys + 2008-01-11 02:02:33 25,656 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16584_none_daff695624a08568\msahci.sys + 2008-01-11 02:02:33 15,928 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16584_none_daff695624a08568\pciide.sys + 2008-01-11 02:02:33 45,112 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16584_none_daff695624a08568\pciidex.sys + 2008-01-11 02:02:33 20,024 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16584_none_daff695624a08568\viaide.sys + 2008-01-11 02:02:32 17,464 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20707_none_dbe288453d7a8ed6\aliide.sys + 2008-01-11 02:02:33 17,976 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20707_none_dbe288453d7a8ed6\amdide.sys + 2008-01-11 02:02:32 21,560 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20707_none_dbe288453d7a8ed6\atapi.sys + 2008-01-11 02:02:32 110,136 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20707_none_dbe288453d7a8ed6\ataport.sys + 2008-01-11 02:02:32 19,000 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20707_none_dbe288453d7a8ed6\cmdide.sys + 2008-01-11 02:02:32 17,976 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20707_none_dbe288453d7a8ed6\intelide.sys + 2008-01-11 02:02:32 28,216 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20707_none_dbe288453d7a8ed6\msahci.sys + 2008-01-11 02:02:32 15,928 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20707_none_dbe288453d7a8ed6\pciide.sys + 2008-01-11 02:02:32 45,112 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20707_none_dbe288453d7a8ed6\pciidex.sys + 2008-01-11 02:02:32 20,024 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20707_none_dbe288453d7a8ed6\viaide.sys + 2008-01-11 02:02:32 211,000 ----a-w C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6000.16586_none_137ff950ff29e447\volsnap.sys + 2008-01-11 02:02:31 211,000 ----a-w C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6000.20709_none_146318401803edb5\volsnap.sys . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}] 2007-03-02 16:52 177768 -ra------ C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_framework.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}] 2008-01-11 11:36 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}] 2007-11-05 11:51 402872 --a------ C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}] 2008-01-11 11:36 267592 --a------ C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} [HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-01-11 11:36 267592] [HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-11 03:01 1232896] "WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 13:34 2159104 C:\Windows\System32\oobefldr.dll] "StartCCC"="c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112] "LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 12:26 484904] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912] "Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-01-07 21:02 495616] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:34 201728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-07-14 03:03 1006264] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-15 12:08 1097728] "PDF Complete"="C:\Program Files\PDF Complete\pdfsty.exe" [2007-05-08 07:38 331552] "PTHOSTTR"="C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.exe" [2007-01-09 14:52 145184] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 14:36 827392] "hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 12:18 472776] "WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 15:12 317128] "HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 10:54 50696] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00 132496] "QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-05-02 15:17 163840] "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152] "WatchDog"="C:\Program Files\InterVideo\DVD Check\DVDCheck.exe" [2007-05-23 10:00 192512] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47 31016] "F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.exe" [2007-08-27 14:28 182952] "F-Secure TNB"="C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" [2007-08-27 14:27 895600] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 03:31 36352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "ST Recovery Launcher"="%WINDIR%\SMINST\launcher.exe" [ ] C:\Users\monapona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper og Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 19:24:54] OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-09-11 04:43:54] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-03-29 12:11:50] DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2007-09-10 08:17:10] HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] @="IEEE 1394 Bus host controllers" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] @="SBP2 IEEE 1394 Devices" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] @="SecurityDevices" R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 12:23] R0 CLFS;Common Log (CLFS);C:\Windows\system32\CLFS.sys [2006-11-02 10:51] R0 crcdisk;Crcdisk Filter Driver;C:\Windows\system32\drivers\crcdisk.sys [2006-11-02 10:49] R0 Ecache;ReadyBoost Caching Driver;C:\Windows\system32\drivers\ecache.sys [2006-11-02 13:33] R0 FileInfo;File Information FS MiniFilter;C:\Windows\system32\drivers\fileinfo.sys [2006-11-02 10:49] R0 msisadrv;ISA/EISA Class Driver;C:\Windows\system32\drivers\msisadrv.sys [2007-07-14 03:08] R0 spldr;Security Processor Loader Driver;C:\Windows\system32\drivers\spldr.sys [2006-11-02 10:49] R0 volmgr;Volume Manager Driver;C:\Windows\system32\drivers\volmgr.sys [2007-07-14 03:08] R0 volmgrx;Dynamic Volume Manager;C:\Windows\system32\drivers\volmgrx.sys [2006-11-02 10:51] R1 DfsC;Dfs Client Driver;C:\Windows\system32\Drivers\dfsc.sys [2006-11-02 09:31] R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\F-Secure\HIPS\fshs.sys [2007-08-27 14:27] R1 FSES;F-Secure Email Scanning Driver;C:\Windows\system32\drivers\fses.sys [2007-08-27 14:27] R1 FSFW;F-Secure Firewall Driver;C:\Windows\system32\drivers\fsdfw.sys [2007-08-27 14:27] R1 fsvista;F-Secure Vista Support Driver;C:\Program Files\F-Secure\Anti-Virus\minifilter\fsvista.sys [2007-08-27 14:27] R1 nsiproxy;NSI proxy service;C:\Windows\system32\drivers\nsiproxy.sys [2006-11-02 09:57] R1 RDPENCDD;RDP Encoder Mirror Driver;C:\Windows\system32\drivers\rdpencdd.sys [2006-11-02 10:02] R1 Smb;Meldingsorientert TCP/IP- og TCP/IPv6-protokoll (SMB-økt);C:\Windows\system32\DRIVERS\smb.sys [2006-11-02 09:57] R1 tdx;TDI-støttedriver for eldre NetIO;C:\Windows\system32\DRIVERS\tdx.sys [2006-11-02 09:57] R1 Wanarpv6;Remote Access IPv6 ARP Driver;C:\Windows\system32\DRIVERS\wanarp.sys [2007-09-11 02:14] R2 AeLookupSvc;Application Experience;C:\Windows\system32\svchost.exe [2006-11-02 10:45] R2 AudioEndpointBuilder;Windows Audio Endpoint Builder;C:\Windows\System32\svchost.exe [2006-11-02 10:45] R2 BFE;Base Filtering Engine;C:\Windows\system32\svchost.exe [2006-11-02 10:45] R2 DPS;Diagnostic Policy Service;C:\Windows\System32\svchost.exe [2006-11-02 10:45] R2 FDResPub;Function Discovery Resource Publication;C:\Windows\system32\svchost.exe [2006-11-02 10:45] R2 gpsvc;Group Policy Client;C:\Windows\system32\svchost.exe [2006-11-02 10:45] R2 IKEEXT;IKE and AuthIP IPsec Keying Modules;C:\Windows\system32\svchost.exe [2006-11-02 10:45] R2 iphlpsvc;IP Helper;C:\Windows\System32\svchost.exe [2006-11-02 10:45] R2 KtmRm;KtmRm for Distributed Transaction Coordinator;C:\Windows\System32\svchost.exe [2006-11-02 10:45] R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;C:\Windows\system32\DRIVERS\lltdio.sys [2006-11-02 09:56] R2 luafv;UAC File Virtualization;C:\Windows\system32\drivers\luafv.sys [2006-11-02 09:33] R2 MMCSS;Multimedia Class Scheduler;C:\Windows\system32\svchost.exe [2006-11-02 10:45] R2 MpsSvc;Windows Firewall;C:\Windows\system32\svchost.exe [2006-11-02 10:45] R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" [2007-02-10 05:29] R2 netprofm;Network List Service;C:\Windows\System32\svchost.exe [2006-11-02 10:45] R2 NlaSvc;Network Location Awareness;C:\Windows\System32\svchost.exe [2006-11-02 10:45] R2 nsi;Network Store Interface Service;C:\Windows\system32\svchost.exe [2006-11-02 10:45] R2 PcaSvc;Program Compatibility Assistant Service;C:\Windows\system32\svchost.exe [2006-11-02 10:45] R2 pdfcDispatcher;PDF Document Manager;C:\Program Files\PDF Complete\pdfsvc.exe [2007-05-08 07:38] R2 PEAUTH;PEAUTH;C:\Windows\system32\drivers\peauth.sys [2006-11-02 10:04] R2 ProfSvc;User Profile Service;C:\Windows\system32\svchost.exe [2006-11-02 10:45] R2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29] R2 SysMain;Superfetch;C:\Windows\system32\svchost.exe [2006-11-02 10:45] R2 TabletInputService;Tablet PC Input Service;C:\Windows\System32\svchost.exe [2006-11-02 10:45] R2 tcpipreg;TCP/IP Registry Compatibility;C:\Windows\system32\drivers\tcpipreg.sys [2006-11-02 09:57] R2 UxSms;Desktop Window Manager Session Manager;C:\Windows\System32\svchost.exe [2006-11-02 10:45] R2 WerSvc;Windows Error Reporting Service;C:\Windows\System32\svchost.exe [2006-11-02 10:45] R2 Wlansvc;WLAN AutoConfig;C:\Windows\system32\svchost.exe [2006-11-02 10:45] R2 WPDBusEnum;Portable Device Enumerator Service;C:\Windows\system32\svchost.exe [2006-11-02 10:45] R3 Appinfo;Application Information;C:\Windows\system32\svchost.exe [2006-11-02 10:45] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-02-26 15:52] R3 bowser;Bowser;C:\Windows\system32\DRIVERS\bowser.sys [2006-11-02 09:31] R3 btwaudio;Bluetooth-lydenhet;C:\Windows\system32\drivers\btwaudio.sys [2007-05-11 11:42] R3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [2007-05-11 11:42] R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-05-11 11:42] R3 DXGKrnl;LDDM Graphics Subsystem;C:\Windows\system32\drivers\dxgkrnl.sys [2007-09-11 02:14] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure\Anti-Virus\minifilter\fsgk.sys [2007-08-27 14:27] R3 iScsiPrt;iScsiPort-driver;C:\Windows\system32\DRIVERS\msiscsi.sys [2006-11-02 10:51] R3 KeyIso;CNG Key Isolation;C:\Windows\system32\lsass.exe [2006-11-02 10:45] R3 monitor;Microsoft Monitor Class Function Driver Service;C:\Windows\system32\DRIVERS\monitor.sys [2006-11-02 09:54] R3 mpsdrv;Driver for Windows-brannmurgodkjenning;C:\Windows\system32\drivers\mpsdrv.sys [2007-09-11 02:10] R3 mrxsmb10;SMB 1.x MiniRedirector;C:\Windows\system32\DRIVERS\mrxsmb10.sys [2006-11-02 09:31] R3 mrxsmb20;SMB 2.0 MiniRedirector;C:\Windows\system32\DRIVERS\mrxsmb20.sys [2007-12-16 03:03] R3 NativeWifiP;NativeWiFi Filter;C:\Windows\system32\DRIVERS\nwifi.sys [2008-01-11 03:02] R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-02-02 17:09] R3 srv2;srv2;C:\Windows\system32\DRIVERS\srv2.sys [2007-12-16 03:03] R3 srvnet;srvnet;C:\Windows\system32\DRIVERS\srvnet.sys [2007-12-16 03:03] R3 tunnel;Microsoft IPv6 Tunnel Miniport Adapter Driver;C:\Windows\system32\DRIVERS\tunnel.sys [2007-09-11 02:10] R3 umbus;UMBus Enumerator Driver;C:\Windows\system32\DRIVERS\umbus.sys [2006-11-02 09:55] R3 WdiSystemHost;Diagnostic System Host;C:\Windows\System32\svchost.exe [2006-11-02 10:45] S2 EMDMgmt;ReadyBoost;C:\Windows\system32\svchost.exe [2006-11-02 10:45] S2 slsvc;Software Licensing;C:\Windows\system32\SLsvc.exe [2007-09-27 02:00] S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-12-13 11:49] S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;C:\Windows\system32\drivers\brfiltlo.sys [2006-11-02 09:24] S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;C:\Windows\system32\drivers\brfiltup.sys [2006-11-02 09:24] S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\Windows\system32\drivers\brusbser.sys [2006-11-02 09:24] S3 CertPropSvc;Certificate Propagation;C:\Windows\system32\svchost.exe [2006-11-02 10:45] S3 DFSR;DFS Replication;C:\Windows\system32\DFSR.exe [2006-11-02 13:35] S3 E1G60;Intel® PRO/1000 NDIS 6 Adapter Driver;C:\Windows\system32\DRIVERS\E1G60I32.sys [2006-11-02 08:30] S3 fdPHost;Function Discovery Provider Host;C:\Windows\system32\svchost.exe [2006-11-02 10:45] S3 Filetrace;FileTrace;C:\Windows\system32\drivers\filetrace.sys [2006-11-02 09:32] S3 IPBusEnum;PnP-X IP Bus Enumerator;C:\Windows\system32\svchost.exe [2006-11-02 10:45] S3 lltdsvc;Link-Layer Topology Discovery Mapper;C:\Windows\System32\svchost.exe [2006-11-02 10:45] S3 MSiSCSI;Microsoft iSCSI Initiator Service;C:\Windows\system32\svchost.exe [2006-11-02 10:45] S3 MsRPC;MsRPC;C:\Windows\system32\drivers\MsRPC.sys [2006-11-02 10:51] S3 p2pimsvc;Peer Networking Identity Manager;C:\Windows\System32\svchost.exe [2006-11-02 10:45] S3 p2psvc;Peer Networking Grouping;C:\Windows\System32\svchost.exe [2006-11-02 10:45] S3 pla;Performance Logs & Alerts;C:\Windows\System32\svchost.exe [2006-11-02 10:45] S3 PNRPAutoReg;PNRP Machine Name Publication Service;C:\Windows\System32\svchost.exe [2006-11-02 10:45] S3 PNRPsvc;Peer Name Resolution Protocol;C:\Windows\System32\svchost.exe [2006-11-02 10:45] S3 QWAVE;Quality Windows Audio Video Experience;C:\Windows\system32\svchost.exe [2006-11-02 10:45] S3 SCPolicySvc;Smart Card Removal Policy;C:\Windows\system32\svchost.exe [2006-11-02 10:45] S3 SDRSVC;Windows Backup;C:\Windows\system32\svchost.exe [2006-11-02 10:45] S3 SessionEnv;Terminal Services Configuration;C:\Windows\System32\svchost.exe [2006-11-02 10:45] S3 sffp_mmc;SFF Storage Protocol Driver for MMC;C:\Windows\system32\drivers\sffp_mmc.sys [2006-11-02 09:51] S3 SLUINotify;SL UI Notification Service;C:\Windows\system32\svchost.exe [2006-11-02 10:45] S3 TBS;TPM Base Services;C:\Windows\System32\svchost.exe [2006-11-02 10:45] S3 THREADORDER;Thread Ordering Server;C:\Windows\system32\svchost.exe [2006-11-02 10:45] S3 TPM;TPM;C:\Windows\system32\drivers\tpm.sys [2006-11-02 10:50] S3 TrustedInstaller;Windows Modules Installer;C:\Windows\servicing\TrustedInstaller.exe [2006-11-02 10:45] S3 tssecsrv;Terminal Services Security Filter Driver;C:\Windows\system32\DRIVERS\tssecsrv.sys [2006-11-02 10:02] S3 UI0Detect;Interactive Services Detection;C:\Windows\system32\UI0Detect.exe [2006-11-02 10:45] S3 uliagpkx;Uli AGP Bus Filter;C:\Windows\system32\drivers\uliagpkx.sys [2006-11-02 10:50] S3 vga;vga;C:\Windows\system32\DRIVERS\vgapnp.sys [2006-11-02 09:53] S3 wcncsvc;Windows Connect Now - Config Registrar;C:\Windows\System32\svchost.exe [2006-11-02 10:45] S3 WcsPlugInService;Windows Color System;C:\Windows\system32\svchost.exe [2006-11-02 10:45] S3 WdiServiceHost;Diagnostic Service Host;C:\Windows\System32\svchost.exe [2006-11-02 10:45] S3 Wecsvc;Windows Event Collector;C:\Windows\system32\svchost.exe [2006-11-02 10:45] S3 wercplsupport;Problem Reports and Solutions Control Panel Support;C:\Windows\System32\svchost.exe [2006-11-02 10:45] S3 WinHttpAutoProxySvc;WinHTTP Web Proxy Auto-Discovery Service;C:\Windows\system32\svchost.exe [2006-11-02 10:45] S3 WinRM;Windows Remote Management (WS-Management);C:\Windows\System32\svchost.exe [2006-11-02 10:45] S3 WPCSvc;Parental Controls;C:\Windows\system32\svchost.exe [2006-11-02 10:45] S4 adp94xx;adp94xx;C:\Windows\system32\drivers\adp94xx.sys [2006-11-02 10:51] S4 adpahci;adpahci;C:\Windows\system32\drivers\adpahci.sys [2006-11-02 10:51] S4 amdide;amdide;C:\Windows\system32\drivers\amdide.sys [2006-11-02 10:49] S4 arc;arc;C:\Windows\system32\drivers\arc.sys [2006-11-02 10:50] S4 arcsas;arcsas;C:\Windows\system32\drivers\arcsas.sys [2006-11-02 10:50] S4 Brserid;Brother MFC Serial Port Interface Driver (WDM);C:\Windows\system32\drivers\brserid.sys [2006-11-02 09:25] S4 BrSerWdm;Brother WDM Serial driver;C:\Windows\system32\drivers\brserwdm.sys [2006-11-02 09:24] S4 BrUsbMdm;Brother MFC USB Fax Only Modem;C:\Windows\system32\drivers\brusbmdm.sys [2006-11-02 09:24] S4 circlass;Consumer IR Devices;C:\Windows\system32\drivers\circlass.sys [2006-11-02 09:55] S4 Crusoe;Transmeta Crusoe Processor Driver;C:\Windows\system32\drivers\crusoe.sys [2006-11-02 09:30] S4 elxstor;elxstor;C:\Windows\system32\drivers\elxstor.sys [2006-11-02 10:51] S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2007-08-27 14:27] S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys [2007-08-27 14:27] S4 HpCISSs;HpCISSs;C:\Windows\system32\drivers\hpcisss.sys [2006-11-02 10:50] S4 iaStorV;Intel RAID Controller Vista;C:\Windows\system32\drivers\iastorv.sys [2006-11-02 10:51] S4 iirsp;iirsp;C:\Windows\system32\drivers\iirsp.sys [2006-11-02 10:50] S4 IPMIDRV;IPMIDRV;C:\Windows\system32\drivers\ipmidrv.sys [2006-11-02 09:42] S4 iteraid;ITERAID_Service_Install;C:\Windows\system32\drivers\iteraid.sys [2006-11-02 10:50] S4 LSI_FC;LSI_FC;C:\Windows\system32\drivers\lsi_fc.sys [2006-11-02 10:50] S4 LSI_SAS;LSI_SAS;C:\Windows\system32\drivers\lsi_sas.sys [2006-11-02 10:50] S4 LSI_SCSI;LSI_SCSI;C:\Windows\system32\drivers\lsi_scsi.sys [2006-11-02 10:50] S4 megasas;megasas;C:\Windows\system32\drivers\megasas.sys [2006-11-02 10:49] S4 mpio;Microsoft Multi-Path Bus Driver;C:\Windows\system32\drivers\mpio.sys [2006-11-02 10:50] S4 msahci;msahci;C:\Windows\system32\drivers\msahci.sys [2006-11-02 10:49] S4 msdsm;Microsoft Multi-Path Device Specific Module;C:\Windows\system32\drivers\msdsm.sys [2006-11-02 10:50] S4 nfrd960;nfrd960;C:\Windows\system32\drivers\nfrd960.sys [2006-11-02 10:50] S4 ntrigdigi;N-trig HID Tablet Driver;C:\Windows\system32\drivers\ntrigdigi.sys [2006-11-02 08:36] S4 nvstor;nvstor;C:\Windows\system32\drivers\nvstor.sys [2006-11-02 10:50] S4 ql2300;QLogic Fibre Channel Miniport Driver;C:\Windows\system32\drivers\ql2300.sys [2006-11-02 10:51] S4 ql40xx;QLogic iSCSI Miniport Driver;C:\Windows\system32\drivers\ql40xx.sys [2006-11-02 10:50] S4 SiSRaid2;SiSRaid2;C:\Windows\system32\drivers\sisraid2.sys [2006-11-02 10:50] S4 SiSRaid4;SiSRaid4;C:\Windows\system32\drivers\sisraid4.sys [2006-11-02 10:50] S4 uliahci;uliahci;C:\Windows\system32\drivers\uliahci.sys [2006-11-02 10:51] S4 ulsata2;ulsata2;C:\Windows\system32\drivers\ulsata2.sys [2006-11-02 10:50] S4 usbcir;eHome Infrared Receiver (USBCIR);C:\Windows\system32\drivers\usbcir.sys [2006-11-02 09:55] S4 ViaC7;VIA C7 Processor Driver;C:\Windows\system32\drivers\viac7.sys [2006-11-02 09:30] S4 vsmraid;vsmraid;C:\Windows\system32\drivers\vsmraid.sys [2006-11-02 10:50] S4 WacomPen;Wacom Serial Pen HID Driver;C:\Windows\system32\drivers\wacompen.sys [2006-11-02 09:52] S4 Wd;Microsoft Watchdog Timer Driver;C:\Windows\system32\drivers\wd.sys [2006-11-02 10:49] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalService REG_MULTI_SZ nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc wlansvc EMDMgmt TabletInputService WPDBusEnum NetworkServiceNetworkRestricted REG_MULTI_SZ PolicyAgent LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc NetworkService REG_MULTI_SZ CryptSvc DHCP TermService KtmRm DNSCache NapAgent nlasvc WinRM WECSVC Tapisrv WerSvcGroup REG_MULTI_SZ wersvc swprv REG_MULTI_SZ swprv LocalServiceNetworkRestricted REG_MULTI_SZ DHCP eventlog AudioSrv LmHosts wscsvc p2pimsvc PNRPSvc p2psvc WPCSvc PnrpAutoReg regsvc REG_MULTI_SZ RemoteRegistry wcssvc REG_MULTI_SZ WcsPlugInService DcomLaunch REG_MULTI_SZ PlugPlay DcomLaunch wdisvc REG_MULTI_SZ WdiServiceHost sdrsvc REG_MULTI_SZ sdrsvc secsvcs REG_MULTI_SZ WinDefend GPSvcGroup REG_MULTI_SZ GPSvc HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs AeLookupSvc wercplsupport Themes CertPropSvc SCPolicySvc lanmanserver gpsvc IKEEXT AudioSrv FastUserSwitchingCompatibility Nla NWCWorkstation SRService Wmi WmdmPmSp TermService wuauserv BITS ShellHWDetection LogonHours PCAudit helpsvc uploadmgr iphlpsvc seclogon AppInfo msiscsi MMCSS ProfSvc EapHost winmgmt schedule SessionEnv browser hkmsvc [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] C:\Windows\system32\unregmp2.exe /ShowWMP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static] msiexec /fums {990BA001-D69F-9DB2-56CE-88E0399B30FB} /qb [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI . Contents of the 'Scheduled Tasks' folder "2007-11-30 15:39:31 C:\Windows\Tasks\Se etter oppdateringer for Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-14 20:14:55 Windows 5.1.2600 Service Pack 2 NTFS detected NTDLL code modification: ZwEnumerateKey, ZwQueryKey, ZwOpenKey, ZwClose, ZwEnumerateValueKey, ZwQueryValueKey, ZwOpenFile, ZwQueryDirectoryFile, ZwQuerySystemInformation scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-14 20:17:55 ComboFix-quarantined-files.txt 2008-01-14 19:17:45 ComboFix2.txt 2007-12-29 00:24:11 ComboFix3.txt 2007-12-28 14:45:36 ComboFix4.txt 2007-12-28 13:34:31 . 2008-01-11 02:05:18 --- E O F --- Var ikke så mye å se i den loggen. Plages du med at MSN sender ut i hytt og pine? Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå