Gå til innhold
Trenger du hjelp med PCen? Still spørsmål her! ×

Får ikke opp oppgavebehandlingen, Ctrl+alt+delete.

MadsBmv

Av MadsBmv
i Maskinen fungerer ikke

Anbefalte innlegg

Videoannonse

Videoannonse
Annonse
snippsat

snippsat

Skrevet
Skrevet (endret)

Den ligger i på c:\sdfix viss du har pakket den ut.

Da skal du kjøre RunThis.bat som ligger i den folder.

 

Du kan starte sikkerhetmodus med nettverk,og laste den ned der.

Samme måte da dobbelklikk og pakk ut og den vil legge seg på c:\sdfix

Endret av SNIPPSAT
Lenke til kommentar
MadsBmv

MadsBmv

Skrevet
  • Forfatter
Skrevet

System Report

*************

 

Run on 28.02.2008 at 15:10

 

Microsoft Windows XP [Versjon 5.1.2600]

 

Current user is an administrator

 

Running Processes:

 

\SystemRoot\System32\smss.exe [476]

\??\C:\WINDOWS\system32\csrss.exe [532]

\??\C:\WINDOWS\system32\winlogon.exe [556]

C:\WINDOWS\system32\services.exe [600]

C:\WINDOWS\system32\lsass.exe [612]

C:\WINDOWS\system32\svchost.exe [756]

C:\WINDOWS\system32\svchost.exe [808]

C:\WINDOWS\system32\svchost.exe [864]

C:\WINDOWS\system32\svchost.exe [896]

C:\WINDOWS\system32\svchost.exe [948]

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [1168]

C:\WINDOWS\Explorer.EXE [1508]

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [1672]

C:\Program Files\McAfee\MPF\MPFSrv.exe [1728]

C:\PROGRA~1\McAfee.com\Agent\mcagent.exe [1936]

C:\PROGRA~1\McAfee\MSC\mcregist.exe [224]

C:\Program Files\Internet Explorer\iexplore.exe [792]

C:\WINDOWS\system32\ctfmon.exe [884]

C:\Program Files\McAfee\MSC\mcuimgr.exe [1544]

 

 

Drivers - Running:

 

abp480n5

ACPI

ACPIEC

adpu160m

AFD

agp440

agpCPQ

Aha154x

aic78u2

aic78xx

AliIde

alim1541

amdagp

amsint

AR5211

asc

asc3350p

asc3550

atapi

Beep

cbidf

cd20xrnt

Cdfs

Cdrom

CmdIde

Compbatt

Cpqarray

dac2w2k

dac960nt

Disk

DKbFltr

dmio

dmload

dpti2o

EMSCR

ESDCR

ESMCR

Fastfat

FltMgr

Ftdisk

GEARAspiWDM

Gpc

HDAudBus

hpn

i2omgmt

i2omp

i8042prt

Imapi

ini910u

IntelIde

IpFilterDriver

IPSec

isapnp

Kbdclass

KSecDD

Mouclass

MountMgr

MPFP

mraid35x

MRxSmb

Msfs

mssmbios

Mup

NDIS

NdisTapi

Ndisuio

NdisWan

NDProxy

NetBIOS

NetBT

Npfs

NTIDrvr

Null

ohci1394

PartMgr

PCI

PCIIde

perc2

perc2hib

PptpMiniport

PSched

Ptilink

PxHelp20

ql1080

Ql10wnt

ql12160

ql1240

ql1280

RasAcd

Rasirda

Rasl2tp

RasPppoe

Raspti

Rdbss

RDPCDD

rdpdr

redbook

sfdrv01

sfhlp02

sfsync02

sfvfs02

sisagp

Sparrow

sptd

sr

Srv

swenum

symc810

symc8xx

sym_hi

sym_u3

SynTP

Tcpip

TermDD

TosIde

UBHelper

ultra

Update

usbehci

usbhub

usbohci

VgaSave

viaagp

ViaIde

VolSnap

WmiAcpi

 

 

Drivers - Stopped:

 

Abiosdsk

aec

AmdK8

Arp1394

AsyncMac

Atdisk

ati2mtag

Atmarpc

audstub

btaudio

BTDriver

BthEnum

BthPan

BTHPORT

BTHUSB

BTKRNL

BTWDNDIS

btwmodem

BTWUSB

Cam5603D

cbidf2k

CCDECODE

Cdaudio

Changer

CmBatt

dmboot

DMusic

DritekPortIO

drmkaud

eeCtrl

eLock2BurnerLockDriver

eLock2FSCTLDriver

Fdc

Fips

Flpydisk

gUSBSTOi

HidUsb

HSFHWAZL

HSF_DPV

HSXHWAZL

HTTP

int15

IntcAzAudAddService

Ip6Fw

IpInIp

IpNat

irda

IRENUM

irsir

kbdhid

kmixer

lbrtfdc

mdmxsdk

mfeavfk

mfebopk

mfehidk

mferkdk

mfesmfk

MHNDRV

mnmdd

Modem

mouhid

MRxDAV

MSKSSRV

MSPCLOCK

MSPQM

MSTEE

NABTSFEC

NdisIP

NIC1394

Ntfs

NwlnkFlt

NwlnkFwd

Parport

ParVdm

PCIDump

Pcmcia

pcouffin

PDCOMP

PDFRAME

PDRELI

PDRFRAME

Processor

RDPWD

RFCOMM

RTL8023xp

s616bus

s616mdfl

s616mdm

s616mgmt

s616nd5

s616obex

s616unic

sdbus

Secdrv

Serial

Sfloppy

Simbad

SLIP

SMCIRDA

splitter

streamip

swmidi

sysaudio

TDPIPE

TDTCP

tvicport

Udfs

usbccgp

USBSTOR

Wanarp

WDICA

wdmaud

winachsf

WSTCODEC

WudfPf

WudfRd

zntport

 

 

Services - Running:

 

aawservice

Browser

CryptSvc

DcomLaunch

Dhcp

dmserver

Dnscache

Eventlog

helpsvc

lanmanserver

lanmanworkstation

LmHosts

mcmscsvc

MpfService

Netman

PlugPlay

RpcSs

srservice

TermService

winmgmt

WZCSVC

 

 

Services - Stopped:

 

AcerMemUsageCheckService

Adobe

Alerter

ALG

AppMgmt

aspnet_state

Ati

AudioSrv

Automatic

BITS

BthServ

CiSvc

ClipSrv

clr_optimization_v2.0.50727_32

COMSysApp

dmadmin

ehRecvr

ehSched

ERSvc

EventSystem

FastUserSwitchingCompatibility

Fax

HidServ

HTTPFilter

ImapiService

iPod

Irmon

Isacpedcqf

LightScribeService

McNASvc

McODS

McProxy

McrdSvc

McShield

McSysmon

Messenger

MHN

mnmsrvc

MSDTC

MSIServer

NetDDE

NetDDEdsdm

Netlogon

Nla

NtLmSsp

NtmsSvc

ose

PolicyAgent

ProtectedStorage

RasAuto

RasMan

RDSessMgr

RemoteAccess

RemoteRegistry

RpcLocator

RSVP

SamSs

SCardSvr

Schedule

seclogon

SENS

SharedAccess

ShellHWDetection

SiteAdvisor

Spooler

SSDPSRV

stisvc

SwPrv

SysmonLog

TapiSrv

Themes

TlntSvr

TrkWks

upnphost

UPS

usnjsvc

VSS

W32Time

WebClient

WLSetupSvc

WmdmPmSN

Wmi

WmiApSrv

WMPNetworkSvc

wscsvc

wuauserv

WudfSvc

xmlprov

 

 

Files Created/Modified - 60 Days:

 

 

C:\

 

9 Jan 2008 18:06:50 336 353 A.... "C:\cc_20080109_1806.reg"

9 Jan 2008 18:07:20 9 348 A.... "C:\cc_20080109_1807.reg"

4 Jan 2008 10:00:22 244 A..H. "C:\sqmnoopt00.sqm"

4 Jan 2008 10:00:22 268 A..H. "C:\sqmdata00.sqm"

4 Jan 2008 14:30:38 244 A..H. "C:\sqmnoopt01.sqm"

4 Jan 2008 14:30:38 268 A..H. "C:\sqmdata01.sqm"

4 Jan 2008 14:36:28 244 A..H. "C:\sqmnoopt02.sqm"

4 Jan 2008 14:36:28 268 A..H. "C:\sqmdata02.sqm"

6 Jan 2008 21:48:20 244 A..H. "C:\sqmnoopt03.sqm"

6 Jan 2008 21:48:20 268 A..H. "C:\sqmdata03.sqm"

8 Jan 2008 15:16:56 244 A..H. "C:\sqmnoopt04.sqm"

8 Jan 2008 15:16:56 268 A..H. "C:\sqmdata04.sqm"

8 Jan 2008 15:43:36 244 A..H. "C:\sqmnoopt05.sqm"

8 Jan 2008 15:43:36 268 A..H. "C:\sqmdata05.sqm"

8 Jan 2008 17:49:56 244 A..H. "C:\sqmnoopt06.sqm"

8 Jan 2008 17:49:56 268 A..H. "C:\sqmdata06.sqm"

8 Jan 2008 17:49:56 136 A..H. "C:\sqmnoopt07.sqm"

8 Jan 2008 17:49:56 136 A..H. "C:\sqmdata07.sqm"

21 Feb 2008 18:06:18 244 A..H. "C:\sqmnoopt08.sqm"

21 Feb 2008 18:06:18 268 A..H. "C:\sqmdata08.sqm"

22 Feb 2008 10:45:14 244 A..H. "C:\sqmnoopt09.sqm"

22 Feb 2008 10:45:14 268 A..H. "C:\sqmdata09.sqm"

3 Jan 2008 20:30:20 244 A..H. "C:\sqmnoopt19.sqm"

3 Jan 2008 20:30:20 232 A..H. "C:\sqmdata19.sqm"

28 Feb 2008 15:05:10 1 409 286 144 A.SH. "C:\pagefile.sys"

26 Jan 2008 21:59:08 293 A.... "C:\BcBtRmv.log"

 

 

C:\WINDOWS\

 

1 Feb 2008 12:43:14 370 176 A.... "C:\WINDOWS\sys.exe"

28 Feb 2008 15:05:18 0 A.... "C:\WINDOWS.log"

8 Feb 2008 14:21:30 5 729 A.... "C:\WINDOWS\mgxoschk.ini"

14 Jan 2008 18:29:48 223 232 A.... "C:\WINDOWS\sysss.exe"

18 Jan 2008 12:47:56 370 176 A.... "C:\WINDOWS\sys30.exe"

12 Feb 2008 19:19:18 54 156 A..H. "C:\WINDOWS\QTFont.qfn"

28 Feb 2008 15:04:30 8 951 A.... "C:\WINDOWS\WindowsUpdate.log"

28 Feb 2008 13:40:18 205 101 A.... "C:\WINDOWS\setupapi.log"

28 Feb 2008 15:05:34 501 178 A.... "C:\WINDOWS\ntbtlog.txt"

28 Feb 2008 15:04:30 12 A.... "C:\WINDOWS\bthservsdp.dat"

27 Jan 2008 10:01:04 1 409 A.... "C:\WINDOWS\QTFont.for"

8 Feb 2008 14:29:12 111 A.... "C:\WINDOWS\musicmaker.INI"

9 Feb 2008 10:28:48 6 144 A.SH. "C:\WINDOWS\Thumbs.db"

28 Feb 2008 15:05:16 2 048 A.S.. "C:\WINDOWS\bootstat.dat"

28 Feb 2008 15:04:30 32 622 A.... "C:\WINDOWS\SchedLgU.Txt"

28 Feb 2008 15:04:30 50 A.... "C:\WINDOWS\wiaservc.log"

28 Feb 2008 15:04:30 275 A.... "C:\WINDOWS\wiadebug.log"

6 Feb 2008 19:56:08 3 966 A.... "C:\WINDOWS\ModemLog_Sony Ericsson Device 616 USB WMC Modem.txt"

6 Feb 2008 19:56:06 3 244 A.... "C:\WINDOWS\ModemLog_Sony Ericsson Device 616 USB WMC Data Modem.txt"

28 Feb 2008 15:02:12 5 726 A.... "C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt"

28 Feb 2008 15:05:48 1 158 A.... "C:\WINDOWS\system32\wpa.dbl"

10 Feb 2008 7:48:00 290 088 A.... "C:\WINDOWS\system32\FNTCACHE.DAT"

28 Feb 2008 15:05:52 8 745 A.... "C:\WINDOWS\system32\Config.MPF"

22 Jan 2008 20:27:20 22 547 A.... "C:\WINDOWS\system32\winabc.sys"

6 Jan 2008 20:53:20 4 100 A.... "C:\WINDOWS\inf\branches.PNF"

6 Jan 2008 20:48:58 8 048 A.... "C:\WINDOWS\inf\oem37.PNF"

6 Jan 2008 20:48:58 20 650 A.... "C:\WINDOWS\inf\oem45.PNF"

6 Jan 2008 20:49:00 12 410 A.... "C:\WINDOWS\inf\oem46.PNF"

6 Jan 2008 20:49:00 8 258 A.... "C:\WINDOWS\inf\oem47.PNF"

6 Jan 2008 20:49:00 8 602 A.... "C:\WINDOWS\inf\oem48.PNF"

6 Jan 2008 20:49:00 9 690 A.... "C:\WINDOWS\inf\oem49.PNF"

6 Jan 2008 20:49:00 15 072 A.... "C:\WINDOWS\inf\oem50.PNF"

6 Jan 2008 20:49:20 15 144 A.... "C:\WINDOWS\inf\oem51.PNF"

6 Jan 2008 20:49:20 15 144 A.... "C:\WINDOWS\inf\oem52.PNF"

6 Jan 2008 20:49:20 15 144 A.... "C:\WINDOWS\inf\oem53.PNF"

6 Jan 2008 20:49:20 15 150 A.... "C:\WINDOWS\inf\oem54.PNF"

6 Jan 2008 20:49:20 14 976 A.... "C:\WINDOWS\inf\oem55.PNF"

6 Jan 2008 20:49:20 14 976 A.... "C:\WINDOWS\inf\oem56.PNF"

6 Jan 2008 20:49:20 14 976 A.... "C:\WINDOWS\inf\oem57.PNF"

6 Jan 2008 20:49:20 14 976 A.... "C:\WINDOWS\inf\oem58.PNF"

6 Jan 2008 20:49:22 14 976 A.... "C:\WINDOWS\inf\oem59.PNF"

6 Jan 2008 20:49:22 14 696 A.... "C:\WINDOWS\inf\oem60.PNF"

6 Jan 2008 20:49:22 14 976 A.... "C:\WINDOWS\inf\oem61.PNF"

6 Jan 2008 20:49:22 14 976 A.... "C:\WINDOWS\inf\oem62.PNF"

6 Jan 2008 20:49:22 14 976 A.... "C:\WINDOWS\inf\oem63.PNF"

6 Jan 2008 20:49:22 14 976 A.... "C:\WINDOWS\inf\oem64.PNF"

6 Jan 2008 20:49:22 14 976 A.... "C:\WINDOWS\inf\oem65.PNF"

6 Jan 2008 20:49:22 15 144 A.... "C:\WINDOWS\inf\oem66.PNF"

6 Jan 2008 20:49:22 15 144 A.... "C:\WINDOWS\inf\oem67.PNF"

6 Jan 2008 20:49:22 15 144 A.... "C:\WINDOWS\inf\oem68.PNF"

6 Jan 2008 20:49:22 15 144 A.... "C:\WINDOWS\inf\oem69.PNF"

6 Jan 2008 20:49:22 15 144 A.... "C:\WINDOWS\inf\oem70.PNF"

6 Jan 2008 20:49:22 15 144 A.... "C:\WINDOWS\inf\oem71.PNF"

6 Jan 2008 20:49:22 15 144 A.... "C:\WINDOWS\inf\oem72.PNF"

6 Jan 2008 20:49:22 15 144 A.... "C:\WINDOWS\inf\oem73.PNF"

6 Jan 2008 20:49:22 15 144 A.... "C:\WINDOWS\inf\oem74.PNF"

6 Jan 2008 20:49:24 15 144 A.... "C:\WINDOWS\inf\oem75.PNF"

6 Jan 2008 20:49:24 15 144 A.... "C:\WINDOWS\inf\oem76.PNF"

6 Jan 2008 20:49:24 15 144 A.... "C:\WINDOWS\inf\oem77.PNF"

6 Jan 2008 20:49:24 7 704 A.... "C:\WINDOWS\inf\oem78.PNF"

6 Jan 2008 20:49:24 19 434 A.... "C:\WINDOWS\inf\oem79.PNF"

6 Jan 2008 20:49:24 18 850 A.... "C:\WINDOWS\inf\oem80.PNF"

6 Jan 2008 20:49:24 7 650 A.... "C:\WINDOWS\inf\oem81.PNF"

6 Jan 2008 20:49:24 7 578 A.... "C:\WINDOWS\inf\oem82.PNF"

6 Jan 2008 20:49:24 9 034 A.... "C:\WINDOWS\inf\oem83.PNF"

6 Jan 2008 20:49:24 7 386 A.... "C:\WINDOWS\inf\oem84.PNF"

6 Jan 2008 20:49:24 7 890 A.... "C:\WINDOWS\inf\oem85.PNF"

6 Jan 2008 20:49:24 9 018 A.... "C:\WINDOWS\inf\oem86.PNF"

6 Jan 2008 20:49:26 7 378 A.... "C:\WINDOWS\inf\oem87.PNF"

6 Jan 2008 20:49:26 7 704 A.... "C:\WINDOWS\inf\oem88.PNF"

6 Jan 2008 20:49:26 19 522 A.... "C:\WINDOWS\inf\oem89.PNF"

6 Jan 2008 20:49:26 18 850 A.... "C:\WINDOWS\inf\oem90.PNF"

6 Jan 2008 20:49:26 7 858 A.... "C:\WINDOWS\inf\oem91.PNF"

6 Jan 2008 20:49:26 7 642 A.... "C:\WINDOWS\inf\oem92.PNF"

6 Jan 2008 20:49:26 9 034 A.... "C:\WINDOWS\inf\oem93.PNF"

6 Jan 2008 20:49:26 7 602 A.... "C:\WINDOWS\inf\oem94.PNF"

6 Jan 2008 20:49:26 7 954 A.... "C:\WINDOWS\inf\oem95.PNF"

6 Jan 2008 20:49:26 9 018 A.... "C:\WINDOWS\inf\oem96.PNF"

6 Jan 2008 20:49:28 7 594 A.... "C:\WINDOWS\inf\oem97.PNF"

6 Jan 2008 20:49:28 7 704 A.... "C:\WINDOWS\inf\oem98.PNF"

6 Jan 2008 20:49:28 19 434 A.... "C:\WINDOWS\inf\oem99.PNF"

6 Jan 2008 20:49:28 18 850 A.... "C:\WINDOWS\inf\oem100.PNF"

6 Jan 2008 20:49:28 7 650 A.... "C:\WINDOWS\inf\oem101.PNF"

6 Jan 2008 20:49:28 7 578 A.... "C:\WINDOWS\inf\oem102.PNF"

6 Jan 2008 20:49:28 9 034 A.... "C:\WINDOWS\inf\oem103.PNF"

6 Jan 2008 20:49:28 7 386 A.... "C:\WINDOWS\inf\oem104.PNF"

6 Jan 2008 20:49:28 7 890 A.... "C:\WINDOWS\inf\oem105.PNF"

6 Jan 2008 20:49:30 9 018 A.... "C:\WINDOWS\inf\oem106.PNF"

6 Jan 2008 20:49:30 7 378 A.... "C:\WINDOWS\inf\oem107.PNF"

6 Jan 2008 20:49:30 7 416 A.... "C:\WINDOWS\inf\oem108.PNF"

6 Jan 2008 20:49:30 19 138 A.... "C:\WINDOWS\inf\oem109.PNF"

6 Jan 2008 20:49:30 19 138 A.... "C:\WINDOWS\inf\oem110.PNF"

6 Jan 2008 20:49:30 8 090 A.... "C:\WINDOWS\inf\oem111.PNF"

6 Jan 2008 20:49:36 7 610 A.... "C:\WINDOWS\inf\oem112.PNF"

6 Jan 2008 20:49:40 8 930 A.... "C:\WINDOWS\inf\oem113.PNF"

6 Jan 2008 20:49:40 7 338 A.... "C:\WINDOWS\inf\oem114.PNF"

6 Jan 2008 20:49:40 7 738 A.... "C:\WINDOWS\inf\oem115.PNF"

6 Jan 2008 20:49:40 8 946 A.... "C:\WINDOWS\inf\oem116.PNF"

6 Jan 2008 20:49:40 7 466 A.... "C:\WINDOWS\inf\oem117.PNF"

6 Jan 2008 20:49:40 7 408 A.... "C:\WINDOWS\inf\oem118.PNF"

6 Jan 2008 20:49:42 19 122 A.... "C:\WINDOWS\inf\oem119.PNF"

6 Jan 2008 20:49:42 19 122 A.... "C:\WINDOWS\inf\oem120.PNF"

6 Jan 2008 20:49:42 8 018 A.... "C:\WINDOWS\inf\oem121.PNF"

6 Jan 2008 20:49:42 7 610 A.... "C:\WINDOWS\inf\oem122.PNF"

6 Jan 2008 20:49:42 8 922 A.... "C:\WINDOWS\inf\oem123.PNF"

6 Jan 2008 20:49:42 7 290 A.... "C:\WINDOWS\inf\oem124.PNF"

6 Jan 2008 20:49:42 7 722 A.... "C:\WINDOWS\inf\oem125.PNF"

6 Jan 2008 20:49:42 8 930 A.... "C:\WINDOWS\inf\oem126.PNF"

6 Jan 2008 20:49:42 7 402 A.... "C:\WINDOWS\inf\oem127.PNF"

6 Jan 2008 20:49:44 8 384 A.... "C:\WINDOWS\inf\oem128.PNF"

6 Jan 2008 20:49:44 20 202 A.... "C:\WINDOWS\inf\oem129.PNF"

6 Jan 2008 20:49:44 19 090 A.... "C:\WINDOWS\inf\oem130.PNF"

6 Jan 2008 20:49:44 8 234 A.... "C:\WINDOWS\inf\oem131.PNF"

6 Jan 2008 20:49:44 12 242 A.... "C:\WINDOWS\inf\oem132.PNF"

6 Jan 2008 20:49:44 8 082 A.... "C:\WINDOWS\inf\oem133.PNF"

6 Jan 2008 20:49:44 9 274 A.... "C:\WINDOWS\inf\oem134.PNF"

6 Jan 2008 20:49:44 7 930 A.... "C:\WINDOWS\inf\oem135.PNF"

6 Jan 2008 20:49:44 8 402 A.... "C:\WINDOWS\inf\oem136.PNF"

6 Jan 2008 20:49:44 9 258 A.... "C:\WINDOWS\inf\oem137.PNF"

6 Jan 2008 20:49:46 7 906 A.... "C:\WINDOWS\inf\oem138.PNF"

6 Jan 2008 20:49:46 8 978 A.... "C:\WINDOWS\inf\oem139.PNF"

6 Jan 2008 20:49:46 8 384 A.... "C:\WINDOWS\inf\oem140.PNF"

6 Jan 2008 20:49:46 20 202 A.... "C:\WINDOWS\inf\oem141.PNF"

6 Jan 2008 20:49:46 19 090 A.... "C:\WINDOWS\inf\oem142.PNF"

6 Jan 2008 20:49:46 8 234 A.... "C:\WINDOWS\inf\oem143.PNF"

6 Jan 2008 20:49:46 12 242 A.... "C:\WINDOWS\inf\oem144.PNF"

6 Jan 2008 20:49:46 8 082 A.... "C:\WINDOWS\inf\oem145.PNF"

6 Jan 2008 20:49:46 9 274 A.... "C:\WINDOWS\inf\oem146.PNF"

6 Jan 2008 20:49:46 7 930 A.... "C:\WINDOWS\inf\oem147.PNF"

6 Jan 2008 20:49:48 8 402 A.... "C:\WINDOWS\inf\oem148.PNF"

6 Jan 2008 20:49:48 9 258 A.... "C:\WINDOWS\inf\oem149.PNF"

6 Jan 2008 20:49:48 7 906 A.... "C:\WINDOWS\inf\oem150.PNF"

6 Jan 2008 20:49:48 8 978 A.... "C:\WINDOWS\inf\oem151.PNF"

6 Jan 2008 20:49:48 8 384 A.... "C:\WINDOWS\inf\oem152.PNF"

6 Jan 2008 20:49:48 20 202 A.... "C:\WINDOWS\inf\oem153.PNF"

6 Jan 2008 20:49:48 19 090 A.... "C:\WINDOWS\inf\oem154.PNF"

6 Jan 2008 20:49:48 8 234 A.... "C:\WINDOWS\inf\oem155.PNF"

6 Jan 2008 20:49:50 12 298 A.... "C:\WINDOWS\inf\oem156.PNF"

6 Jan 2008 20:49:50 8 082 A.... "C:\WINDOWS\inf\oem157.PNF"

6 Jan 2008 20:49:50 9 274 A.... "C:\WINDOWS\inf\oem158.PNF"

6 Jan 2008 20:49:50 7 930 A.... "C:\WINDOWS\inf\oem159.PNF"

6 Jan 2008 20:49:50 8 402 A.... "C:\WINDOWS\inf\oem160.PNF"

6 Jan 2008 20:49:50 9 258 A.... "C:\WINDOWS\inf\oem161.PNF"

6 Jan 2008 20:50:00 7 906 A.... "C:\WINDOWS\inf\oem162.PNF"

6 Jan 2008 20:50:00 9 162 A.... "C:\WINDOWS\inf\oem163.PNF"

6 Jan 2008 20:50:00 8 384 A.... "C:\WINDOWS\inf\oem164.PNF"

6 Jan 2008 20:50:00 20 202 A.... "C:\WINDOWS\inf\oem165.PNF"

6 Jan 2008 20:50:00 19 090 A.... "C:\WINDOWS\inf\oem166.PNF"

6 Jan 2008 20:50:00 8 234 A.... "C:\WINDOWS\inf\oem167.PNF"

6 Jan 2008 20:50:02 12 298 A.... "C:\WINDOWS\inf\oem168.PNF"

6 Jan 2008 20:50:02 8 082 A.... "C:\WINDOWS\inf\oem169.PNF"

6 Jan 2008 20:50:02 9 274 A.... "C:\WINDOWS\inf\oem170.PNF"

6 Jan 2008 20:50:02 7 930 A.... "C:\WINDOWS\inf\oem171.PNF"

6 Jan 2008 20:50:02 8 402 A.... "C:\WINDOWS\inf\oem172.PNF"

6 Jan 2008 20:50:02 9 258 A.... "C:\WINDOWS\inf\oem173.PNF"

6 Jan 2008 20:50:02 7 906 A.... "C:\WINDOWS\inf\oem174.PNF"

6 Jan 2008 20:50:02 9 162 A.... "C:\WINDOWS\inf\oem175.PNF"

6 Jan 2008 20:50:02 8 384 A.... "C:\WINDOWS\inf\oem176.PNF"

6 Jan 2008 20:50:04 20 202 A.... "C:\WINDOWS\inf\oem177.PNF"

6 Jan 2008 20:50:04 19 090 A.... "C:\WINDOWS\inf\oem178.PNF"

6 Jan 2008 20:50:04 8 234 A.... "C:\WINDOWS\inf\oem179.PNF"

6 Jan 2008 20:50:04 12 298 A.... "C:\WINDOWS\inf\oem180.PNF"

6 Jan 2008 20:50:04 8 082 A.... "C:\WINDOWS\inf\oem181.PNF"

6 Jan 2008 20:50:04 9 274 A.... "C:\WINDOWS\inf\oem182.PNF"

6 Jan 2008 20:50:04 7 930 A.... "C:\WINDOWS\inf\oem183.PNF"

6 Jan 2008 20:50:04 8 402 A.... "C:\WINDOWS\inf\oem184.PNF"

6 Jan 2008 20:50:04 9 258 A.... "C:\WINDOWS\inf\oem185.PNF"

6 Jan 2008 20:50:06 7 906 A.... "C:\WINDOWS\inf\oem186.PNF"

6 Jan 2008 20:50:06 9 162 A.... "C:\WINDOWS\inf\oem187.PNF"

6 Jan 2008 20:50:06 8 384 A.... "C:\WINDOWS\inf\oem188.PNF"

6 Jan 2008 20:50:06 20 202 A.... "C:\WINDOWS\inf\oem189.PNF"

6 Jan 2008 20:50:06 19 090 A.... "C:\WINDOWS\inf\oem190.PNF"

6 Jan 2008 20:50:06 8 234 A.... "C:\WINDOWS\inf\oem191.PNF"

6 Jan 2008 20:50:06 12 298 A.... "C:\WINDOWS\inf\oem192.PNF"

6 Jan 2008 20:50:06 8 082 A.... "C:\WINDOWS\inf\oem193.PNF"

6 Jan 2008 20:50:06 9 274 A.... "C:\WINDOWS\inf\oem194.PNF"

6 Jan 2008 20:50:08 7 930 A.... "C:\WINDOWS\inf\oem195.PNF"

6 Jan 2008 20:50:08 8 402 A.... "C:\WINDOWS\inf\oem196.PNF"

6 Jan 2008 20:50:08 9 258 A.... "C:\WINDOWS\inf\oem197.PNF"

6 Jan 2008 20:50:08 7 906 A.... "C:\WINDOWS\inf\oem198.PNF"

6 Jan 2008 20:50:08 9 162 A.... "C:\WINDOWS\inf\oem199.PNF"

6 Jan 2008 20:50:08 8 384 A.... "C:\WINDOWS\inf\oem200.PNF"

6 Jan 2008 20:50:08 20 202 A.... "C:\WINDOWS\inf\oem201.PNF"

6 Jan 2008 20:50:08 19 090 A.... "C:\WINDOWS\inf\oem202.PNF"

6 Jan 2008 20:50:08 8 234 A.... "C:\WINDOWS\inf\oem203.PNF"

6 Jan 2008 20:50:10 12 298 A.... "C:\WINDOWS\inf\oem204.PNF"

6 Jan 2008 20:50:10 8 082 A.... "C:\WINDOWS\inf\oem205.PNF"

6 Jan 2008 20:50:10 9 274 A.... "C:\WINDOWS\inf\oem206.PNF"

6 Jan 2008 20:50:10 7 930 A.... "C:\WINDOWS\inf\oem207.PNF"

6 Jan 2008 20:50:10 8 402 A.... "C:\WINDOWS\inf\oem208.PNF"

6 Jan 2008 20:50:10 9 258 A.... "C:\WINDOWS\inf\oem209.PNF"

6 Jan 2008 20:50:10 7 906 A.... "C:\WINDOWS\inf\oem210.PNF"

6 Jan 2008 20:50:10 9 162 A.... "C:\WINDOWS\inf\oem211.PNF"

6 Jan 2008 20:50:10 8 384 A.... "C:\WINDOWS\inf\oem212.PNF"

6 Jan 2008 20:50:12 20 202 A.... "C:\WINDOWS\inf\oem213.PNF"

6 Jan 2008 20:50:12 19 090 A.... "C:\WINDOWS\inf\oem214.PNF"

6 Jan 2008 20:50:12 8 234 A.... "C:\WINDOWS\inf\oem215.PNF"

6 Jan 2008 20:50:12 12 242 A.... "C:\WINDOWS\inf\oem216.PNF"

6 Jan 2008 20:50:12 8 082 A.... "C:\WINDOWS\inf\oem217.PNF"

6 Jan 2008 20:50:12 9 274 A.... "C:\WINDOWS\inf\oem218.PNF"

6 Jan 2008 20:50:12 7 930 A.... "C:\WINDOWS\inf\oem219.PNF"

6 Jan 2008 20:50:12 8 402 A.... "C:\WINDOWS\inf\oem220.PNF"

6 Jan 2008 20:50:12 9 258 A.... "C:\WINDOWS\inf\oem221.PNF"

6 Jan 2008 20:50:14 7 906 A.... "C:\WINDOWS\inf\oem222.PNF"

6 Jan 2008 20:50:14 8 978 A.... "C:\WINDOWS\inf\oem223.PNF"

6 Jan 2008 20:50:14 7 872 A.... "C:\WINDOWS\inf\oem224.PNF"

6 Jan 2008 20:50:14 19 298 A.... "C:\WINDOWS\inf\oem225.PNF"

6 Jan 2008 20:50:14 18 930 A.... "C:\WINDOWS\inf\oem226.PNF"

6 Jan 2008 20:50:14 7 378 A.... "C:\WINDOWS\inf\oem227.PNF"

6 Jan 2008 20:50:14 7 802 A.... "C:\WINDOWS\inf\oem228.PNF"

6 Jan 2008 20:50:14 9 122 A.... "C:\WINDOWS\inf\oem229.PNF"

6 Jan 2008 20:50:16 7 498 A.... "C:\WINDOWS\inf\oem230.PNF"

6 Jan 2008 20:50:16 8 058 A.... "C:\WINDOWS\inf\oem231.PNF"

6 Jan 2008 20:50:16 9 106 A.... "C:\WINDOWS\inf\oem232.PNF"

6 Jan 2008 20:50:16 7 506 A.... "C:\WINDOWS\inf\oem233.PNF"

6 Jan 2008 20:50:16 8 328 A.... "C:\WINDOWS\inf\oem234.PNF"

6 Jan 2008 20:50:16 20 314 A.... "C:\WINDOWS\inf\oem235.PNF"

6 Jan 2008 20:50:16 19 130 A.... "C:\WINDOWS\inf\oem236.PNF"

6 Jan 2008 20:50:16 8 106 A.... "C:\WINDOWS\inf\oem237.PNF"

6 Jan 2008 20:50:16 12 242 A.... "C:\WINDOWS\inf\oem238.PNF"

6 Jan 2008 20:50:18 8 130 A.... "C:\WINDOWS\inf\oem239.PNF"

6 Jan 2008 20:50:18 9 314 A.... "C:\WINDOWS\inf\oem240.PNF"

6 Jan 2008 20:50:18 7 786 A.... "C:\WINDOWS\inf\oem241.PNF"

6 Jan 2008 20:50:18 8 450 A.... "C:\WINDOWS\inf\oem242.PNF"

6 Jan 2008 20:50:18 9 298 A.... "C:\WINDOWS\inf\oem243.PNF"

6 Jan 2008 20:50:18 7 770 A.... "C:\WINDOWS\inf\oem244.PNF"

6 Jan 2008 20:50:18 8 978 A.... "C:\WINDOWS\inf\oem245.PNF"

6 Jan 2008 20:50:18 8 440 A.... "C:\WINDOWS\inf\oem246.PNF"

6 Jan 2008 20:50:18 20 314 A.... "C:\WINDOWS\inf\oem247.PNF"

6 Jan 2008 20:50:20 19 130 A.... "C:\WINDOWS\inf\oem248.PNF"

6 Jan 2008 20:50:20 8 106 A.... "C:\WINDOWS\inf\oem249.PNF"

6 Jan 2008 20:50:20 12 242 A.... "C:\WINDOWS\inf\oem250.PNF"

6 Jan 2008 20:50:20 8 130 A.... "C:\WINDOWS\inf\oem251.PNF"

6 Jan 2008 20:50:20 9 314 A.... "C:\WINDOWS\inf\oem252.PNF"

6 Jan 2008 20:50:20 7 786 A.... "C:\WINDOWS\inf\oem253.PNF"

6 Jan 2008 20:50:20 8 450 A.... "C:\WINDOWS\inf\oem254.PNF"

6 Jan 2008 20:50:20 9 298 A.... "C:\WINDOWS\inf\oem255.PNF"

6 Jan 2008 20:50:20 7 770 A.... "C:\WINDOWS\inf\oem256.PNF"

6 Jan 2008 20:50:20 8 978 A.... "C:\WINDOWS\inf\oem257.PNF"

6 Jan 2008 20:50:22 8 440 A.... "C:\WINDOWS\inf\oem258.PNF"

6 Jan 2008 20:50:22 20 314 A.... "C:\WINDOWS\inf\oem259.PNF"

6 Jan 2008 20:50:22 19 130 A.... "C:\WINDOWS\inf\oem260.PNF"

6 Jan 2008 20:50:22 8 106 A.... "C:\WINDOWS\inf\oem261.PNF"

6 Jan 2008 20:50:22 12 242 A.... "C:\WINDOWS\inf\oem262.PNF"

6 Jan 2008 20:50:22 8 130 A.... "C:\WINDOWS\inf\oem263.PNF"

6 Jan 2008 20:50:22 9 314 A.... "C:\WINDOWS\inf\oem264.PNF"

6 Jan 2008 20:50:22 7 786 A.... "C:\WINDOWS\inf\oem265.PNF"

6 Jan 2008 20:50:22 8 450 A.... "C:\WINDOWS\inf\oem266.PNF"

6 Jan 2008 20:50:22 9 298 A.... "C:\WINDOWS\inf\oem267.PNF"

6 Jan 2008 20:50:24 7 770 A.... "C:\WINDOWS\inf\oem268.PNF"

6 Jan 2008 20:50:24 8 978 A.... "C:\WINDOWS\inf\oem269.PNF"

6 Jan 2008 20:50:24 8 440 A.... "C:\WINDOWS\inf\oem270.PNF"

6 Jan 2008 20:50:24 20 314 A.... "C:\WINDOWS\inf\oem271.PNF"

6 Jan 2008 20:50:24 19 130 A.... "C:\WINDOWS\inf\oem272.PNF"

6 Jan 2008 20:50:24 8 122 A.... "C:\WINDOWS\inf\oem273.PNF"

6 Jan 2008 20:50:24 12 242 A.... "C:\WINDOWS\inf\oem274.PNF"

6 Jan 2008 20:50:24 8 130 A.... "C:\WINDOWS\inf\oem275.PNF"

6 Jan 2008 20:50:26 9 314 A.... "C:\WINDOWS\inf\oem276.PNF"

6 Jan 2008 20:50:26 7 786 A.... "C:\WINDOWS\inf\oem277.PNF"

6 Jan 2008 20:50:26 8 450 A.... "C:\WINDOWS\inf\oem278.PNF"

6 Jan 2008 20:50:26 9 298 A.... "C:\WINDOWS\inf\oem279.PNF"

6 Jan 2008 20:50:26 7 770 A.... "C:\WINDOWS\inf\oem280.PNF"

6 Jan 2008 20:50:26 8 978 A.... "C:\WINDOWS\inf\oem281.PNF"

6 Jan 2008 20:50:26 7 480 A.... "C:\WINDOWS\inf\oem282.PNF"

6 Jan 2008 20:50:26 19 594 A.... "C:\WINDOWS\inf\oem283.PNF"

6 Jan 2008 20:50:28 19 090 A.... "C:\WINDOWS\inf\oem284.PNF"

6 Jan 2008 20:50:28 7 602 A.... "C:\WINDOWS\inf\oem285.PNF"

6 Jan 2008 20:50:28 12 242 A.... "C:\WINDOWS\inf\oem286.PNF"

6 Jan 2008 20:50:28 7 506 A.... "C:\WINDOWS\inf\oem287.PNF"

6 Jan 2008 20:50:28 9 010 A.... "C:\WINDOWS\inf\oem288.PNF"

6 Jan 2008 20:50:28 7 362 A.... "C:\WINDOWS\inf\oem289.PNF"

6 Jan 2008 20:50:28 7 826 A.... "C:\WINDOWS\inf\oem290.PNF"

6 Jan 2008 20:50:28 8 994 A.... "C:\WINDOWS\inf\oem291.PNF"

6 Jan 2008 20:50:28 7 346 A.... "C:\WINDOWS\inf\oem292.PNF"

6 Jan 2008 20:50:30 8 978 A.... "C:\WINDOWS\inf\oem293.PNF"

6 Jan 2008 20:50:30 7 480 A.... "C:\WINDOWS\inf\oem294.PNF"

6 Jan 2008 20:50:30 19 594 A.... "C:\WINDOWS\inf\oem295.PNF"

6 Jan 2008 20:50:30 19 090 A.... "C:\WINDOWS\inf\oem296.PNF"

6 Jan 2008 20:50:30 7 602 A.... "C:\WINDOWS\inf\oem297.PNF"

6 Jan 2008 20:50:30 12 242 A.... "C:\WINDOWS\inf\oem298.PNF"

6 Jan 2008 20:50:30 7 506 A.... "C:\WINDOWS\inf\oem299.PNF"

6 Jan 2008 20:50:30 9 010 A.... "C:\WINDOWS\inf\oem300.PNF"

6 Jan 2008 20:50:30 7 362 A.... "C:\WINDOWS\inf\oem301.PNF"

6 Jan 2008 20:50:32 7 826 A.... "C:\WINDOWS\inf\oem302.PNF"

6 Jan 2008 20:50:32 8 994 A.... "C:\WINDOWS\inf\oem303.PNF"

6 Jan 2008 20:50:32 7 346 A.... "C:\WINDOWS\inf\oem304.PNF"

6 Jan 2008 20:50:32 8 978 A.... "C:\WINDOWS\inf\oem305.PNF"

6 Jan 2008 20:50:32 7 480 A.... "C:\WINDOWS\inf\oem306.PNF"

6 Jan 2008 20:50:32 19 594 A.... "C:\WINDOWS\inf\oem307.PNF"

6 Jan 2008 20:50:32 19 090 A.... "C:\WINDOWS\inf\oem308.PNF"

6 Jan 2008 20:50:32 7 602 A.... "C:\WINDOWS\inf\oem309.PNF"

6 Jan 2008 20:50:34 12 242 A.... "C:\WINDOWS\inf\oem310.PNF"

6 Jan 2008 20:50:34 7 506 A.... "C:\WINDOWS\inf\oem311.PNF"

6 Jan 2008 20:50:34 9 010 A.... "C:\WINDOWS\inf\oem312.PNF"

6 Jan 2008 20:50:34 7 362 A.... "C:\WINDOWS\inf\oem313.PNF"

6 Jan 2008 20:50:34 7 826 A.... "C:\WINDOWS\inf\oem314.PNF"

6 Jan 2008 20:50:34 8 994 A.... "C:\WINDOWS\inf\oem315.PNF"

6 Jan 2008 20:50:34 7 346 A.... "C:\WINDOWS\inf\oem316.PNF"

6 Jan 2008 20:50:34 8 978 A.... "C:\WINDOWS\inf\oem317.PNF"

6 Jan 2008 20:50:34 7 584 A.... "C:\WINDOWS\inf\oem318.PNF"

6 Jan 2008 20:50:36 19 674 A.... "C:\WINDOWS\inf\oem319.PNF"

6 Jan 2008 20:50:36 19 090 A.... "C:\WINDOWS\inf\oem320.PNF"

6 Jan 2008 20:50:36 7 602 A.... "C:\WINDOWS\inf\oem321.PNF"

6 Jan 2008 20:50:36 7 554 A.... "C:\WINDOWS\inf\oem322.PNF"

6 Jan 2008 20:50:36 9 010 A.... "C:\WINDOWS\inf\oem323.PNF"

6 Jan 2008 20:50:36 7 362 A.... "C:\WINDOWS\inf\oem324.PNF"

6 Jan 2008 20:50:36 7 866 A.... "C:\WINDOWS\inf\oem325.PNF"

6 Jan 2008 20:50:36 8 994 A.... "C:\WINDOWS\inf\oem326.PNF"

6 Jan 2008 20:50:36 7 354 A.... "C:\WINDOWS\inf\oem327.PNF"

6 Jan 2008 20:50:38 7 704 A.... "C:\WINDOWS\inf\oem328.PNF"

6 Jan 2008 20:50:38 19 434 A.... "C:\WINDOWS\inf\oem329.PNF"

6 Jan 2008 20:50:38 18 850 A.... "C:\WINDOWS\inf\oem330.PNF"

6 Jan 2008 20:50:38 7 650 A.... "C:\WINDOWS\inf\oem331.PNF"

6 Jan 2008 20:50:38 7 578 A.... "C:\WINDOWS\inf\oem332.PNF"

6 Jan 2008 20:50:38 9 034 A.... "C:\WINDOWS\inf\oem333.PNF"

6 Jan 2008 20:50:38 7 386 A.... "C:\WINDOWS\inf\oem334.PNF"

6 Jan 2008 20:50:38 7 890 A.... "C:\WINDOWS\inf\oem335.PNF"

6 Jan 2008 20:50:38 9 018 A.... "C:\WINDOWS\inf\oem336.PNF"

6 Jan 2008 20:50:40 7 378 A.... "C:\WINDOWS\inf\oem337.PNF"

6 Jan 2008 20:50:40 7 416 A.... "C:\WINDOWS\inf\oem338.PNF"

6 Jan 2008 20:50:40 19 226 A.... "C:\WINDOWS\inf\oem339.PNF"

6 Jan 2008 20:50:40 19 178 A.... "C:\WINDOWS\inf\oem340.PNF"

6 Jan 2008 20:50:40 8 082 A.... "C:\WINDOWS\inf\oem341.PNF"

6 Jan 2008 20:50:40 7 610 A.... "C:\WINDOWS\inf\oem342.PNF"

6 Jan 2008 20:50:40 8 970 A.... "C:\WINDOWS\inf\oem343.PNF"

6 Jan 2008 20:50:40 7 146 A.... "C:\WINDOWS\inf\oem344.PNF"

6 Jan 2008 20:50:42 7 738 A.... "C:\WINDOWS\inf\oem345.PNF"

6 Jan 2008 20:50:42 8 986 A.... "C:\WINDOWS\inf\oem346.PNF"

6 Jan 2008 20:50:42 7 274 A.... "C:\WINDOWS\inf\oem347.PNF"

6 Jan 2008 20:50:42 7 416 A.... "C:\WINDOWS\inf\oem348.PNF"

6 Jan 2008 20:50:42 19 226 A.... "C:\WINDOWS\inf\oem349.PNF"

6 Jan 2008 20:50:42 19 178 A.... "C:\WINDOWS\inf\oem350.PNF"

6 Jan 2008 20:50:42 8 082 A.... "C:\WINDOWS\inf\oem351.PNF"

6 Jan 2008 20:50:42 7 610 A.... "C:\WINDOWS\inf\oem352.PNF"

6 Jan 2008 20:50:42 8 970 A.... "C:\WINDOWS\inf\oem353.PNF"

6 Jan 2008 20:50:44 7 146 A.... "C:\WINDOWS\inf\oem354.PNF"

6 Jan 2008 20:50:44 7 738 A.... "C:\WINDOWS\inf\oem355.PNF"

6 Jan 2008 20:50:44 8 986 A.... "C:\WINDOWS\inf\oem356.PNF"

6 Jan 2008 20:50:44 7 274 A.... "C:\WINDOWS\inf\oem357.PNF"

6 Jan 2008 20:50:44 7 736 A.... "C:\WINDOWS\inf\oem358.PNF"

6 Jan 2008 20:50:44 19 458 A.... "C:\WINDOWS\inf\oem359.PNF"

6 Jan 2008 20:50:44 18 786 A.... "C:\WINDOWS\inf\oem360.PNF"

6 Jan 2008 20:50:44 7 794 A.... "C:\WINDOWS\inf\oem361.PNF"

6 Jan 2008 20:50:44 7 578 A.... "C:\WINDOWS\inf\oem362.PNF"

6 Jan 2008 20:50:46 8 970 A.... "C:\WINDOWS\inf\oem363.PNF"

6 Jan 2008 20:50:46 7 538 A.... "C:\WINDOWS\inf\oem364.PNF"

6 Jan 2008 20:50:46 7 890 A.... "C:\WINDOWS\inf\oem365.PNF"

6 Jan 2008 20:50:46 8 954 A.... "C:\WINDOWS\inf\oem366.PNF"

6 Jan 2008 20:50:46 7 530 A.... "C:\WINDOWS\inf\oem367.PNF"

6 Jan 2008 20:50:46 7 608 A.... "C:\WINDOWS\inf\oem368.PNF"

6 Jan 2008 20:50:46 19 434 A.... "C:\WINDOWS\inf\oem369.PNF"

6 Jan 2008 20:50:46 19 250 A.... "C:\WINDOWS\inf\oem370.PNF"

6 Jan 2008 20:50:46 8 226 A.... "C:\WINDOWS\inf\oem371.PNF"

6 Jan 2008 20:50:48 7 746 A.... "C:\WINDOWS\inf\oem372.PNF"

6 Jan 2008 20:50:48 9 042 A.... "C:\WINDOWS\inf\oem373.PNF"

6 Jan 2008 20:50:48 7 426 A.... "C:\WINDOWS\inf\oem374.PNF"

6 Jan 2008 20:50:48 7 874 A.... "C:\WINDOWS\inf\oem375.PNF"

6 Jan 2008 20:50:48 9 058 A.... "C:\WINDOWS\inf\oem376.PNF"

6 Jan 2008 20:50:48 7 554 A.... "C:\WINDOWS\inf\oem377.PNF"

6 Jan 2008 20:50:48 7 704 A.... "C:\WINDOWS\inf\oem378.PNF"

6 Jan 2008 20:50:48 19 434 A.... "C:\WINDOWS\inf\oem379.PNF"

6 Jan 2008 20:50:48 18 850 A.... "C:\WINDOWS\inf\oem380.PNF"

6 Jan 2008 20:50:50 7 650 A.... "C:\WINDOWS\inf\oem381.PNF"

6 Jan 2008 20:50:50 7 578 A.... "C:\WINDOWS\inf\oem382.PNF"

6 Jan 2008 20:50:50 9 034 A.... "C:\WINDOWS\inf\oem383.PNF"

6 Jan 2008 20:50:50 7 386 A.... "C:\WINDOWS\inf\oem384.PNF"

6 Jan 2008 20:50:50 7 890 A.... "C:\WINDOWS\inf\oem385.PNF"

6 Jan 2008 20:50:50 9 018 A.... "C:\WINDOWS\inf\oem386.PNF"

6 Jan 2008 20:50:50 7 378 A.... "C:\WINDOWS\inf\oem387.PNF"

6 Jan 2008 20:50:50 8 384 A.... "C:\WINDOWS\inf\oem388.PNF"

6 Jan 2008 20:50:52 20 202 A.... "C:\WINDOWS\inf\oem389.PNF"

6 Jan 2008 20:50:52 19 090 A.... "C:\WINDOWS\inf\oem390.PNF"

6 Jan 2008 20:50:52 8 234 A.... "C:\WINDOWS\inf\oem391.PNF"

6 Jan 2008 20:50:52 12 578 A.... "C:\WINDOWS\inf\oem392.PNF"

6 Jan 2008 20:50:52 8 210 A.... "C:\WINDOWS\inf\oem393.PNF"

6 Jan 2008 20:50:52 9 274 A.... "C:\WINDOWS\inf\oem394.PNF"

6 Jan 2008 20:50:52 8 058 A.... "C:\WINDOWS\inf\oem395.PNF"

6 Jan 2008 20:50:52 8 402 A.... "C:\WINDOWS\inf\oem396.PNF"

6 Jan 2008 20:50:54 9 258 A.... "C:\WINDOWS\inf\oem397.PNF"

6 Jan 2008 20:50:54 7 906 A.... "C:\WINDOWS\inf\oem398.PNF"

6 Jan 2008 20:50:54 9 122 A.... "C:\WINDOWS\inf\oem399.PNF"

6 Jan 2008 20:50:54 7 608 A.... "C:\WINDOWS\inf\oem400.PNF"

6 Jan 2008 20:50:54 19 202 A.... "C:\WINDOWS\inf\oem401.PNF"

6 Jan 2008 20:50:54 19 162 A.... "C:\WINDOWS\inf\oem402.PNF"

6 Jan 2008 20:50:54 8 226 A.... "C:\WINDOWS\inf\oem403.PNF"

6 Jan 2008 20:50:54 7 658 A.... "C:\WINDOWS\inf\oem404.PNF"

6 Jan 2008 20:51:14 9 042 A.... "C:\WINDOWS\inf\oem405.PNF"

6 Jan 2008 20:51:14 7 426 A.... "C:\WINDOWS\inf\oem406.PNF"

6 Jan 2008 20:51:16 7 786 A.... "C:\WINDOWS\inf\oem407.PNF"

6 Jan 2008 20:51:16 9 058 A.... "C:\WINDOWS\inf\oem408.PNF"

6 Jan 2008 20:51:16 7 554 A.... "C:\WINDOWS\inf\oem409.PNF"

6 Jan 2008 20:51:16 7 536 A.... "C:\WINDOWS\inf\oem410.PNF"

6 Jan 2008 20:51:16 19 234 A.... "C:\WINDOWS\inf\oem411.PNF"

6 Jan 2008 20:51:16 19 154 A.... "C:\WINDOWS\inf\oem412.PNF"

6 Jan 2008 20:51:16 8 170 A.... "C:\WINDOWS\inf\oem413.PNF"

6 Jan 2008 20:51:16 7 714 A.... "C:\WINDOWS\inf\oem414.PNF"

6 Jan 2008 20:51:16 9 010 A.... "C:\WINDOWS\inf\oem415.PNF"

6 Jan 2008 20:51:16 7 394 A.... "C:\WINDOWS\inf\oem416.PNF"

6 Jan 2008 20:51:18 7 826 A.... "C:\WINDOWS\inf\oem417.PNF"

6 Jan 2008 20:51:18 9 018 A.... "C:\WINDOWS\inf\oem418.PNF"

6 Jan 2008 20:51:18 7 506 A.... "C:\WINDOWS\inf\oem419.PNF"

6 Jan 2008 20:51:18 7 648 A.... "C:\WINDOWS\inf\oem420.PNF"

6 Jan 2008 20:51:18 19 378 A.... "C:\WINDOWS\inf\oem421.PNF"

6 Jan 2008 20:51:18 18 826 A.... "C:\WINDOWS\inf\oem422.PNF"

6 Jan 2008 20:51:18 7 626 A.... "C:\WINDOWS\inf\oem423.PNF"

6 Jan 2008 20:51:18 7 546 A.... "C:\WINDOWS\inf\oem424.PNF"

6 Jan 2008 20:51:18 9 002 A.... "C:\WINDOWS\inf\oem425.PNF"

6 Jan 2008 20:51:20 7 354 A.... "C:\WINDOWS\inf\oem426.PNF"

6 Jan 2008 20:51:20 7 850 A.... "C:\WINDOWS\inf\oem427.PNF"

6 Jan 2008 20:51:20 8 986 A.... "C:\WINDOWS\inf\oem428.PNF"

6 Jan 2008 20:51:20 7 346 A.... "C:\WINDOWS\inf\oem429.PNF"

6 Jan 2008 20:51:20 7 704 A.... "C:\WINDOWS\inf\oem430.PNF"

6 Jan 2008 20:51:20 19 434 A.... "C:\WINDOWS\inf\oem431.PNF"

6 Jan 2008 20:51:20 18 850 A.... "C:\WINDOWS\inf\oem432.PNF"

6 Jan 2008 20:51:20 7 650 A.... "C:\WINDOWS\inf\oem433.PNF"

6 Jan 2008 20:51:22 7 578 A.... "C:\WINDOWS\inf\oem434.PNF"

6 Jan 2008 20:51:22 9 034 A.... "C:\WINDOWS\inf\oem435.PNF"

6 Jan 2008 20:51:22 7 386 A.... "C:\WINDOWS\inf\oem436.PNF"

6 Jan 2008 20:51:22 7 890 A.... "C:\WINDOWS\inf\oem437.PNF"

6 Jan 2008 20:51:22 9 018 A.... "C:\WINDOWS\inf\oem438.PNF"

6 Jan 2008 20:51:22 7 378 A.... "C:\WINDOWS\inf\oem439.PNF"

6 Jan 2008 20:51:22 7 584 A.... "C:\WINDOWS\inf\oem440.PNF"

6 Jan 2008 20:51:22 19 674 A.... "C:\WINDOWS\inf\oem441.PNF"

6 Jan 2008 20:51:24 19 090 A.... "C:\WINDOWS\inf\oem442.PNF"

6 Jan 2008 20:51:24 7 602 A.... "C:\WINDOWS\inf\oem443.PNF"

6 Jan 2008 20:51:24 7 554 A.... "C:\WINDOWS\inf\oem444.PNF"

6 Jan 2008 20:51:24 9 010 A.... "C:\WINDOWS\inf\oem445.PNF"

6 Jan 2008 20:51:24 7 362 A.... "C:\WINDOWS\inf\oem446.PNF"

6 Jan 2008 20:51:24 7 866 A.... "C:\WINDOWS\inf\oem447.PNF"

6 Jan 2008 20:51:24 8 994 A.... "C:\WINDOWS\inf\oem448.PNF"

6 Jan 2008 20:51:24 7 354 A.... "C:\WINDOWS\inf\oem449.PNF"

6 Jan 2008 20:51:24 7 752 A.... "C:\WINDOWS\inf\oem450.PNF"

6 Jan 2008 20:51:26 19 522 A.... "C:\WINDOWS\inf\oem451.PNF"

6 Jan 2008 20:51:26 18 850 A.... "C:\WINDOWS\inf\oem452.PNF"

6 Jan 2008 20:51:26 7 858 A.... "C:\WINDOWS\inf\oem453.PNF"

6 Jan 2008 20:51:26 7 642 A.... "C:\WINDOWS\inf\oem454.PNF"

6 Jan 2008 20:51:26 9 034 A.... "C:\WINDOWS\inf\oem455.PNF"

6 Jan 2008 20:51:26 7 602 A.... "C:\WINDOWS\inf\oem456.PNF"

6 Jan 2008 20:51:26 7 954 A.... "C:\WINDOWS\inf\oem457.PNF"

6 Jan 2008 20:51:26 9 018 A.... "C:\WINDOWS\inf\oem458.PNF"

6 Jan 2008 20:51:28 7 594 A.... "C:\WINDOWS\inf\oem459.PNF"

6 Jan 2008 20:51:28 7 704 A.... "C:\WINDOWS\inf\oem460.PNF"

6 Jan 2008 20:51:28 19 522 A.... "C:\WINDOWS\inf\oem461.PNF"

6 Jan 2008 20:51:28 18 850 A.... "C:\WINDOWS\inf\oem462.PNF"

6 Jan 2008 20:51:28 7 858 A.... "C:\WINDOWS\inf\oem463.PNF"

6 Jan 2008 20:51:28 7 642 A.... "C:\WINDOWS\inf\oem464.PNF"

6 Jan 2008 20:51:28 9 034 A.... "C:\WINDOWS\inf\oem465.PNF"

6 Jan 2008 20:51:28 7 602 A.... "C:\WINDOWS\inf\oem466.PNF"

6 Jan 2008 20:51:30 7 954 A.... "C:\WINDOWS\inf\oem467.PNF"

6 Jan 2008 20:51:30 9 018 A.... "C:\WINDOWS\inf\oem468.PNF"

6 Jan 2008 20:51:30 7 594 A.... "C:\WINDOWS\inf\oem469.PNF"

6 Jan 2008 20:53:20 12 400 A.... "C:\WINDOWS\inf\erir380.PNF"

6 Jan 2008 20:53:20 14 768 A.... "C:\WINDOWS\inf\erir520.PNF"

6 Jan 2008 20:53:20 14 640 A.... "C:\WINDOWS\inf\Sem616_BT_x64.PNF"

6 Jan 2008 20:53:20 15 028 A.... "C:\WINDOWS\inf\Sem600i.PNF"

6 Jan 2008 20:53:20 14 624 A.... "C:\WINDOWS\inf\SemK320_BT.PNF"

6 Jan 2008 20:53:20 14 624 A.... "C:\WINDOWS\inf\SemK510_BT.PNF"

6 Jan 2008 20:53:20 14 676 A.... "C:\WINDOWS\inf\Sem750_BT.PNF"

6 Jan 2008 20:53:20 14 596 A.... "C:\WINDOWS\inf\Sem049_BT.PNF"

6 Jan 2008 20:53:20 14 596 A.... "C:\WINDOWS\inf\Sem039_BT.PNF"

6 Jan 2008 20:53:20 14 624 A.... "C:\WINDOWS\inf\SemS800_BT.PNF"

6 Jan 2008 20:53:20 14 932 A.... "C:\WINDOWS\inf\SemS800_IrDA_NT.PNF"

6 Jan 2008 20:53:20 14 596 A.... "C:\WINDOWS\inf\Sem038_BT.PNF"

6 Jan 2008 20:53:20 14 596 A.... "C:\WINDOWS\inf\Sem043_BT.PNF"

6 Jan 2008 20:53:20 14 596 A.... "C:\WINDOWS\inf\Sem044_BT.PNF"

6 Jan 2008 20:53:20 14 596 A.... "C:\WINDOWS\inf\Sem045_BT.PNF"

6 Jan 2008 20:53:20 14 596 A.... "C:\WINDOWS\inf\Sem046_BT.PNF"

6 Jan 2008 20:53:20 14 596 A.... "C:\WINDOWS\inf\Sem047_BT.PNF"

6 Jan 2008 20:53:20 14 596 A.... "C:\WINDOWS\inf\Sem048_BT.PNF"

6 Jan 2008 20:53:20 14 312 A.... "C:\WINDOWS\inf\Sem062_BT.PNF"

6 Jan 2008 20:53:20 14 596 A.... "C:\WINDOWS\inf\Sem067_BT.PNF"

6 Jan 2008 20:53:20 14 596 A.... "C:\WINDOWS\inf\Sem068_BT.PNF"

6 Jan 2008 20:53:20 14 596 A.... "C:\WINDOWS\inf\Sem069_BT.PNF"

6 Jan 2008 20:53:20 14 596 A.... "C:\WINDOWS\inf\Sem070_BT.PNF"

6 Jan 2008 20:53:20 14 596 A.... "C:\WINDOWS\inf\Sem086_BT.PNF"

6 Jan 2008 20:53:20 14 596 A.... "C:\WINDOWS\inf\Sem087_BT.PNF"

6 Jan 2008 20:53:20 14 596 A.... "C:\WINDOWS\inf\Sem0A1_BT.PNF"

6 Jan 2008 20:53:20 14 624 A.... "C:\WINDOWS\inf\SemW300_BT.PNF"

6 Jan 2008 20:53:20 14 624 A.... "C:\WINDOWS\inf\SemW550_BT.PNF"

6 Jan 2008 20:53:20 14 624 A.... "C:\WINDOWS\inf\SemW600_BT.PNF"

6 Jan 2008 20:53:20 14 624 A.... "C:\WINDOWS\inf\SemW700_BT.PNF"

6 Jan 2008 20:53:20 14 624 A.... "C:\WINDOWS\inf\SemW800_BT.PNF"

6 Jan 2008 20:53:20 14 624 A.... "C:\WINDOWS\inf\SemW810_BT.PNF"

6 Jan 2008 20:53:20 14 624 A.... "C:\WINDOWS\inf\SemW900_BT.PNF"

6 Jan 2008 20:53:20 14 624 A.... "C:\WINDOWS\inf\SemZ520_BT.PNF"

6 Jan 2008 20:53:20 14 624 A.... "C:\WINDOWS\inf\SemZ525_BT.PNF"

6 Jan 2008 20:53:20 14 624 A.... "C:\WINDOWS\inf\SemZ530_BT.PNF"

6 Jan 2008 20:53:20 14 624 A.... "C:\WINDOWS\inf\SemZ535_BT.PNF"

6 Jan 2008 20:53:20 14 624 A.... "C:\WINDOWS\inf\SemZ550_BT.PNF"

6 Jan 2008 20:53:20 14 624 A.... "C:\WINDOWS\inf\SemZ558_BT.PNF"

6 Jan 2008 20:53:20 1 701 560 A.... "C:\WINDOWS\inf\INFCACHE.1"

26 Feb 2008 18:13:30 19 996 A.... "C:\WINDOWS\inf\oem23.PNF"

28 Feb 2008 10:21:54 4 208 A.... "C:\WINDOWS\inf\oem24.PNF"

28 Feb 2008 10:21:56 4 208 A.... "C:\WINDOWS\inf\oem25.PNF"

28 Feb 2008 10:21:56 4 208 A.... "C:\WINDOWS\inf\oem26.PNF"

28 Feb 2008 10:21:56 4 208 A.... "C:\WINDOWS\inf\oem27.PNF"

28 Feb 2008 15:05:16 0 A.... "C:\WINDOWS\Debug\PASSWD.LOG"

28 Feb 2008 15:04:30 6 A..H. "C:\WINDOWS\Tasks\SA.DAT"

23 Feb 2008 10:28:04 284 A.... "C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

23 Feb 2008 18:35:52 270 A.... "C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"

28 Feb 2008 10:21:42 332 A.... "C:\WINDOWS\Tasks\McQcTask.job"

28 Feb 2008 10:21:42 340 A.... "C:\WINDOWS\Tasks\McDefragTask.job"

28 Feb 2008 15:02:14 1 048 576 A.... "C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{42EB91E3-341F-4750-A5F6-279B022AAE9D}.crmlog"

28 Feb 2008 15:05:18 64 A.S.. "C:\WINDOWS\CSC0000002"

28 Feb 2008 15:05:18 64 A.S.. "C:\WINDOWS\CSC0000001"

28 Feb 2008 15:05:28 255 A.... "C:\WINDOWS\TEMP\WGAErrLog.txt"

28 Feb 2008 15:05:54 409 A.... "C:\WINDOWS\TEMP\WGANotify.settings"

27 Feb 2008 19:32:12 0 A.... "C:\WINDOWS\TEMP\T30DebugLogFile.txt"

28 Feb 2008 14:59:02 0 A.... "C:\WINDOWS\TEMP\mcmsc_n5gleg5ApQJSfYy"

28 Feb 2008 15:05:38 0 A.... "C:\WINDOWS\TEMP\mcmsc_6JodfdIbkSGERqX"

28 Feb 2008 15:09:42 37 364 A.... "C:\WINDOWS\TEMP\scs3.tmp"

27 Jan 2008 9:46:56 11 348 A.... "C:\WINDOWS\network diagnostic\xpnetdiag.xml"

8 Feb 2008 14:21:24 170 A.... "C:\WINDOWS\system32\MAGIX\mgxcdrdll.ini"

28 Feb 2008 15:05:28 18 704 A.... "C:\WINDOWS\Debug\UserMode\userenv.log"

6 Jan 2008 20:47:50 7 239 A.... "C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9818.0_x-ww_8ff50c5d.cat"

6 Jan 2008 20:48:28 3 478 A.... "C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9818.0_x-ww_8ff50c5d.Manifest"

6 Jan 2008 20:47:50 7 243 A.... "C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a.cat"

6 Jan 2008 20:48:28 500 A.... "C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a.Manifest"

6 Jan 2008 20:47:50 1 233 920 A.... "C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9818.0_x-ww_8ff50c5d\msxml4.dll"

6 Jan 2008 20:47:50 82 432 A.... "C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll"

6 Jan 2008 20:47:18 34 549 760 A.... "C:\WINDOWS\Downloaded Installations\{05675D95-1567-4E00-A818-DB08064EA088}\Sony Ericsson PC Suite.msi"

28 Feb 2008 10:23:34 16 384 A.SH. "C:\WINDOWS\TEMP\Cookies\index.dat"

26 Feb 2008 18:07:46 8 A.... "C:\WINDOWS\system32\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\TimeStamp"

28 Feb 2008 13:40:18 8 A.... "C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TimeStamp"

25 Jan 2008 13:12:36 304 A.... "C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log"

28 Feb 2008 10:23:34 32 768 A.SH. "C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\index.dat"

28 Feb 2008 10:23:34 67 ..SH. "C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\desktop.ini"

28 Feb 2008 10:23:34 16 384 A.SH. "C:\WINDOWS\TEMP\History\History.IE5\index.dat"

28 Feb 2008 10:23:34 145 A.... "C:\WINDOWS\TEMP\History\History.IE5\desktop.ini"

28 Feb 2008 10:23:34 67 ..SH. "C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\UMJWXADW\desktop.ini"

28 Feb 2008 10:23:34 67 ..SH. "C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\OUG3L4VG\desktop.ini"

28 Feb 2008 10:23:34 67 ..SH. "C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\8RSK8TO0\desktop.ini"

28 Feb 2008 10:23:34 67 ..SH. "C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\OZ39OW1A\desktop.ini"

 

 

C:\Program Files\

 

28 Feb 2008 2:15:36 486 392 A.... "C:\Program Files\SDFix\RunThis.bat"

28 Feb 2008 2:15:36 142 336 A.... "C:\Program Files\SDFix\catchme.exe"

28 Feb 2008 2:15:36 6 656 A..H. "C:\Program Files\SDFix\dummy.exe"

28 Feb 2008 2:15:36 1 024 A..H. "C:\Program Files\SDFix\dummy.sys"

30 Dec 2007 21:55:08 263 504 A.... "C:\Program Files\McAfee\MSC\mispreg.exe"

10 Jan 2008 16:59:52 361 808 A.... "C:\Program Files\McAfee\MSC\mcmscins.dll"

10 Jan 2008 17:24:06 75 040 A.... "C:\Program Files\McAfee\MSC\mscinres.dll"

2 Feb 2008 7:23:02 111 944 A.... "C:\Program Files\McAfee\VirusScan\mvsmp.dll"

4 Jan 2008 13:27:08 587 096 A.... "C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe"

3 Jan 2008 11:06:54 738 664 A.... "C:\Program Files\Lavasoft\Ad-Aware 2007\CEAPI.dll"

18 Jan 2008 15:03:10 2 332 016 A.... "C:\Program Files\Lavasoft\Ad-Aware 2007\ProcessWatch.exe"

24 Jan 2008 9:22:52 2 476 408 A.... "C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe"

23 Jan 2008 16:06:50 2 858 320 A.... "C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe"

9 Jan 2008 9:27:10 2 293 112 A.... "C:\Program Files\Lavasoft\Ad-Aware 2007\HostFileEditor.exe"

10 Jan 2008 9:39:44 1 623 904 A.... "C:\Program Files\Lavasoft\Ad-Aware 2007\AAWLic.exe"

8 Jan 2008 13:40:36 578 904 A.... "C:\Program Files\Lavasoft\Ad-Aware 2007\lavamessage.dll"

18 Jan 2008 13:05:34 701 776 A.... "C:\Program Files\Lavasoft\Ad-Aware 2007\lavalicense.dll"

28 Feb 2008 10:22:50 111 904 A.... "C:\Program Files\SiteAdvisor\6172\APengine.dll"

28 Feb 2008 10:22:50 116 000 A.... "C:\Program Files\SiteAdvisor\6172\CntScan.dll"

28 Feb 2008 10:22:50 2 290 A.... "C:\Program Files\SiteAdvisor\6172\content.dat"

28 Feb 2008 10:22:50 34 909 A.... "C:\Program Files\SiteAdvisor\6172\elist.dat"

28 Feb 2008 10:22:50 70 432 A.... "C:\Program Files\SiteAdvisor\6172\McFrmWk.dll"

28 Feb 2008 10:22:50 231 000 A.... "C:\Program Files\SiteAdvisor\6172\McProHlp.dll"

28 Feb 2008 10:22:50 109 253 A.... "C:\Program Files\SiteAdvisor\6172\mcscindx.dat"

28 Feb 2008 10:22:50 11 552 A.... "C:\Program Files\SiteAdvisor\6172\saHook.dll"

28 Feb 2008 10:22:50 222 496 A.... "C:\Program Files\SiteAdvisor\6172\saPlugin.dll"

28 Feb 2008 10:22:50 230 688 A.... "C:\Program Files\SiteAdvisor\6172\SAReg.exe"

28 Feb 2008 10:22:50 341 280 A.... "C:\Program Files\SiteAdvisor\6172\SAService.exe"

28 Feb 2008 10:22:50 288 032 A.... "C:\Program Files\SiteAdvisor\6172\SASubMgr.dll"

28 Feb 2008 10:22:50 292 128 A.... "C:\Program Files\SiteAdvisor\6172\SASync.exe"

28 Feb 2008 10:22:50 68 A.... "C:\Program Files\SiteAdvisor\6172\Servers.dat"

28 Feb 2008 10:22:50 772 896 A.... "C:\Program Files\SiteAdvisor\6172\SiteAd64.dll"

28 Feb 2008 10:22:50 34 592 A.... "C:\Program Files\SiteAdvisor\6172\Uninstall.exe"

28 Feb 2008 10:22:50 271 648 A.... "C:\Program Files\SiteAdvisor\6172\Upsell.dll"

28 Feb 2008 13:37:18 396 288 A.... "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe"

28 Feb 2008 2:15:34 11 254 A.... "C:\Program Files\SDFix\apps\locate.com"

28 Feb 2008 2:15:34 10 240 A.... "C:\Program Files\SDFix\apps\cliptext.exe"

28 Feb 2008 2:15:34 61 440 A.... "C:\Program Files\SDFix\apps\download.exe"

28 Feb 2008 2:15:34 6 656 A.... "C:\Program Files\SDFix\apps\dummy.exe"

28 Feb 2008 2:15:34 157 696 A.... "C:\Program Files\SDFix\apps\ERUNT.EXE"

28 Feb 2008 2:15:34 27 136 A.... "C:\Program Files\SDFix\apps\FixPath.exe"

28 Feb 2008 2:15:34 80 412 A.... "C:\Program Files\SDFix\apps\grep.exe"

28 Feb 2008 2:15:34 33 280 A.... "C:\Program Files\SDFix\apps\isadmin.exe"

28 Feb 2008 2:15:34 49 152 A.... "C:\Program Files\SDFix\apps\LS.exe"

28 Feb 2008 2:15:34 6 656 A.... "C:\Program Files\SDFix\apps\MD5File.exe"

28 Feb 2008 2:15:34 53 248 A.... "C:\Program Files\SDFix\apps\Process.exe"

28 Feb 2008 2:15:34 16 414 A.... "C:\Program Files\SDFix\apps\procs.exe"

28 Feb 2008 2:15:34 61 440 A.... "C:\Program Files\SDFix\apps\psservice.exe"

28 Feb 2008 2:15:34 90 112 A.... "C:\Program Files\SDFix\apps\RegDACL.exe"

28 Feb 2008 2:15:34 146 432 A.... "C:\Program Files\SDFix\apps\regedit.exe"

28 Feb 2008 2:15:36 8 192 A.... "C:\Program Files\SDFix\apps\RestartIt!.exe"

28 Feb 2008 2:15:36 31 232 A.... "C:\Program Files\SDFix\apps\sc.exe"

28 Feb 2008 2:15:36 98 816 A.... "C:\Program Files\SDFix\apps\sed.exe"

28 Feb 2008 2:15:36 49 152 A.... "C:\Program Files\SDFix\apps\SF.exe"

28 Feb 2008 2:15:36 19 456 A.... "C:\Program Files\SDFix\apps\shutdown.exe"

28 Feb 2008 2:15:36 139 776 A.... "C:\Program Files\SDFix\apps\swreg.exe"

28 Feb 2008 2:15:36 40 960 A.... "C:\Program Files\SDFix\apps\swsc.exe"

28 Feb 2008 2:15:36 167 936 A.... "C:\Program Files\SDFix\apps\unzip.exe"

28 Feb 2008 2:15:36 49 152 A.... "C:\Program Files\SDFix\apps\vfind.exe"

28 Feb 2008 2:15:36 41 472 A.... "C:\Program Files\SDFix\apps\WINMSG.EXE"

28 Feb 2008 2:15:36 126 976 A.... "C:\Program Files\SDFix\apps\zip.exe"

28 Feb 2008 2:15:34 1 024 A.... "C:\Program Files\SDFix\apps\dummy.sys"

28 Feb 2008 2:15:34 1 218 A.... "C:\Program Files\SDFix\apps\assosfix.reg"

28 Feb 2008 2:15:34 344 A.... "C:\Program Files\SDFix\apps\Enable_Command_Prompt.reg"

28 Feb 2008 2:15:34 4 510 A.... "C:\Program Files\SDFix\apps\fix.reg"

28 Feb 2008 2:15:34 194 601 A.... "C:\Program Files\SDFix\apps\FixBH.reg"

28 Feb 2008 2:15:34 2 010 A.... "C:\Program Files\SDFix\apps\FixComponents.reg"

28 Feb 2008 2:15:34 39 877 A.... "C:\Program Files\SDFix\apps\FIXCU.reg"

28 Feb 2008 2:15:34 69 784 A.... "C:\Program Files\SDFix\apps\FIXLM.reg"

28 Feb 2008 2:15:34 591 A.... "C:\Program Files\SDFix\apps\FixRedir.reg"

28 Feb 2008 2:15:34 826 A.... "C:\Program Files\SDFix\apps\FixSchedule.reg"

28 Feb 2008 2:15:34 932 A.... "C:\Program Files\SDFix\apps\FixWebCheck.reg"

28 Feb 2008 2:15:34 1 582 A.... "C:\Program Files\SDFix\apps\fixXP.reg"

28 Feb 2008 2:15:34 376 A.... "C:\Program Files\SDFix\apps\FixXPsp2.reg"

28 Feb 2008 2:15:34 814 A.... "C:\Program Files\SDFix\apps\HPFix.reg"

28 Feb 2008 2:15:34 157 A.... "C:\Program Files\SDFix\apps\HPFix2.reg"

28 Feb 2008 2:15:34 1 760 A.... "C:\Program Files\SDFix\apps\HPFix3.reg"

28 Feb 2008 2:15:34 1 400 A.... "C:\Program Files\SDFix\apps\HPFix4.reg"

28 Feb 2008 2:15:34 690 A.... "C:\Program Files\SDFix\apps\HPFix5.reg"

28 Feb 2008 2:15:34 1 228 A.... "C:\Program Files\SDFix\apps\HPFix6.reg"

28 Feb 2008 2:15:34 2 484 A.... "C:\Program Files\SDFix\apps\HPFix7.reg"

28 Feb 2008 2:15:34 374 A.... "C:\Program Files\SDFix\apps\MyGcpvFix.reg"

28 Feb 2008 2:15:34 2 300 A.... "C:\Program Files\SDFix\apps\MyGkFix2.reg"

28 Feb 2008 2:15:36 106 A.... "C:\Program Files\SDFix\apps\Reset_AppInit_DLLs.reg"

28 Feb 2008 2:15:36 3 654 A.... "C:\Program Files\SDFix\apps\Restore_SecurityCenter.reg"

28 Feb 2008 2:15:36 5 768 A.... "C:\Program Files\SDFix\apps\Restore_SharedAccess.reg"

28 Feb 2008 2:15:36 304 A.... "C:\Program Files\SDFix\apps\winsec.reg"

28 Feb 2008 10:16:26 37 694 488 A.... "C:\Program Files\BitLord\Downloads\McAfee VirusScan Plus 2008 2.0.155.0\us-en.exe"

28 Feb 2008 10:16:30 37 799 096 A.... "C:\Program Files\BitLord\Downloads\McAfee VirusScan Plus 2008 2.0.155.0\gb-en.exe"

28 Feb 2008 2:15:36 94 208 A.... "C:\Program Files\SDFix\apps\Replace\W2K.exe"

28 Feb 2008 2:15:36 94 208 A.... "C:\Program Files\SDFix\apps\Replace\XP.exe"

9 Jan 2008 18:09:40 4 315 A.... "C:\Program Files\IObit\Advanced WindowsCare V2\Backup\aezssl.reg"

22 Feb 2008 12:33:24 3 890 353 A.... "C:\Program Files\IObit\Advanced WindowsCare V2\Backup\npacxy.reg"

28 Feb 2008 14:41:00 17 389 981 A...R "C:\Program Files\McAfee\VirusScan\DAT\5240.0\avvscan.dat"

28 Feb 2008 14:41:00 231 349 A...R "C:\Program Files\McAfee\VirusScan\DAT\5240.0\avvnames.dat"

28 Feb 2008 14:41:00 301 757 A...R "C:\Program Files\McAfee\VirusScan\DAT\5240.0\avvclean.dat"

28 Feb 2008 10:22:54 214 304 A.... "C:\Program Files\SiteAdvisor\6172\FF\components\FFHook.dll"

28 Feb 2008 2:15:34 4 080 A.... "C:\Program Files\SDFix\apps\Replace\w2k\beep.sys"

28 Feb 2008 2:15:34 2 800 A.... "C:\Program Files\SDFix\apps\Replace\w2k\null.sys"

28 Feb 2008 2:15:36 4 224 A.... "C:\Program Files\SDFix\apps\Replace\xp\beep.sys"

28 Feb 2008 2:15:36 2 944 A.... "C:\Program Files\SDFix\apps\Replace\xp\null.sys"

 

 

Files with hidden attributes:

 

Wed 13 Jun 2007 223,232 ..SHR --- "C:\WINDOWS\winsystem.exe"

Wed 13 Jun 2007 169,984 ..SHR --- "C:\WINDOWS\system32\svchosts.exe"

Fri 25 Aug 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK7.dll"

Fri 25 Aug 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIMP3.dll"

Fri 25 Aug 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIMPEG2.dll"

Fri 25 Aug 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIFCD3.dll"

Fri 25 Aug 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIBUN4.dll"

Wed 13 Jun 2007 370,176 ..SHR --- "C:\WINDOWS\system32\wkatzyl.exe"

Wed 13 Jun 2007 248,320 ..SHR --- "C:\WINDOWS\system32\WindowsXP.exe"

Sun 21 Jan 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

Thu 28 Feb 2008 20,487 A.SHR --- "C:\Program Files\McAfee\MQC\MRU.bak"

Thu 28 Feb 2008 211 A.SHR --- "C:\Program Files\McAfee\MQC\qcconf.bak"

Thu 20 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\237a9766ae0290fa051819086ff722c5\BIT1.tmp"

Mon 1 Jan 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

 

 

Catchme:

 

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-28 15:10:24

Windows 5.1.2600 Service Pack 2 FAT NTAPI

 

scanning hidden processes ...

 

scanning hidden services ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

 

 

 

Program Folders:

 

C:\Program Files\

 

Acer Inc

Adobe

Apple Software Update

Arjaloc

ATI Technologies

Audio Converter

BitLord

CCleaner

Common Files

ComPlus Applications

CONEXANT

CyberLink

DIFX

DivX

EnglishOtto

InstallShield Installation Information

Internet Explorer

IObit

iPod

iTunes

Java

Launch Manager

Lavalys

Lavasoft

LimeWire

McAfee

McAfee.com

Messenger

Microsoft CAPICOM 2.1.0.2

microsoft frontpage

Microsoft Games

Microsoft Office

Microsoft.NET

Movie Maker

MSN

MSN Gaming Zone

NetMeeting

NewTech Infosystems

Online Services

Outlook Express

QuickTime

Real

Realtek

Red Kawa

SDFix

SiteAdvisor

Sony Ericsson

Synaptics

TrackMania Nations ESWC

Trend Micro

Ubisoft

Uninstall Information

Valve

VideoLAN

VirtualDJ

Vstep

Windows Live

Windows Media Connect 2

Windows Media Player

Windows NT

Windows Plus

Windows XP MUI Pack

WindowsUpdate

WinRAR

xerox

Yahoo!

 

C:\Program Files\Common Files\

 

Adobe

Adobe Systems Shared

ATI Technologies

AVSMedia

DESIGNER

Download Manager

EasyInfo

InstallShield

Java

LightScribe

MAGIX Shared

McAfee

Microsoft Shared

MSSoap

muvee Technologies

NewTech Infosystems

ODBC

Real

Services

Sony Ericsson Shared

SpeechEngines

Symantec Shared

System

Teleca Shared

WindowsLiveInstaller

Wise Installation Wizard

xing shared

 

 

Add/Remove Programs:

 

Windows-driverpakke - Advanced Micro Devices (AmdK8) Processor (04/28/2006 1.3.1.0)

Ad-Aware SE Personal

Adobe Flash Player ActiveX

Adobe Flash Player Plugin

Adobe Shockwave Player

Advanced WindowsCare 2.30 Personal

ATI - Avinstalleringsverktøy for Programvaren

ATI Display Driver

Otto

BitLord 1.1

CCleaner (remove only)

Soft Data Fax Modem with SmartCP

EVEREST Home Edition v2.20

HijackThis 2.0.2

Microsoft Internationalized Domain Names Mitigation APIs

Windows Internet Explorer 7

NTI CD & DVD-Maker

NTI Backup NOW! 4

Security Update for Windows XP (KB921503)

Security Update for Microsoft .NET Framework 2.0 (KB928365)

Security Update for Windows Internet Explorer 7 (KB929969)

Microsoft .NET Framework 1.0 Hotfix (KB930494)

Security Update for Windows Internet Explorer 7 (KB931768)

Security Update for CAPICOM (KB931906)

Update for Windows XP (KB933360)

Security Update for Windows Internet Explorer 7 (KB933566)

Security Update for Windows XP (KB933729)

Security Update for Windows XP (KB936021)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Internet Explorer 7 (KB937143)

Security Update for Windows XP (KB937894)

Security Update for Windows Internet Explorer 7 (KB938127)

Update for Windows XP (KB938828)

Security Update for Windows XP (KB938829)

Security Update for Windows Internet Explorer 7 (KB939653)

Hotfix for Windows Media Player 11 (KB939683)

Security Update for Windows XP (KB941202)

Security Update for Windows XP (KB941568)

Security Update for Windows XP (KB941569)

Security Update for Windows Internet Explorer 7 (KB942615)

Update for Windows XP (KB942763)

Security Update for Windows XP (KB943460)

Security Update for Windows XP (KB944653)

LimeWire 4.14.10

Launch Manager

Microsoft .NET Framework 1.1 Hotfix (KB928366)

Microsoft .NET Framework 1.1

Microsoft .NET Framework 2.0

McAfee SecurityCenter

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft National Language Support Downlevel APIs

PSP Video 9 2.24

RealPlayer

Audio Converter 5-4

StepMania (remove only)

Synaptics Pointing Device Driver

TrackMania Nations ESWC 0.1.7.5

Virtual DJ - Atomix Productions

VideoLAN VLC media player 0.8.6a

Windows Genuine Advantage Validation Tool (KB892130)

Windows Genuine Advantage Notifications (KB905474)

Windows Media Format 11 runtime

Windows Media Player 11

WinRAR archiver

Windows Media Format 11 runtime

Windows Media Player 11

Microsoft User-Mode Driver Framework Feature Pack 1.0

Yahoo! Widgets

Yamaha R1 Screensaver

SpywareBot

Sony Ericsson PC Suite

Localization Pack for Microsoft Windows XP Media Center Edition

QuickTime

Security Update for CAPICOM (KB931906)

Counter-Strike 1.6

ATI Catalyst Control Center

NTI CD & DVD-Maker

Acer eSettings Management

Rhapsody Player Engine

J2SE Runtime Environment 5.0 Update 8

iTunes

ATI Parental Control & Encoder

NTI Backup NOW! 4

Microsoft .NET Framework 1.1 Norwegian Language Pack

Windows Live installer

Windows Movie Maker 2.0

Acer OrbiCam

Acer ePower Management

PowerDVD

Acer ePerformance Management

Microsoft .NET Framework 2.0

Text-To-Speech-Runtime

ATI Parental Control & Encoder

Microsoft Office Professional Edition 2003

Sonic Encoders

Apple Software Update

Acer Empowering Technology

Adobe Reader 7.0.9

Påloggingsassistent for Windows Live

DivX Web Player

PowerProducer

Acer ePresentation Management

Microsoft XML Parser

Sony Ericsson Device Data

Microsoft .NET Framework 1.1

DivX Content Uploader

Sony Ericsson PC Suite

Windows Live Messenger

LightScribe 1.4.74.1

Ad-Aware 2007

Sony Ericsson Drivers

Adobe Photoshop CS

Realtek High Definition Audio Driver

SMSC IrCC V5.1.3600.7

The Simpsons Hit & Run

 

 

Run Values:

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"

"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"

"Intranet"="WindowsXP.exe"

"Intec Service Drivers"="winsystem.exe"

"ePower_DMC"="C:\\Acer\\Empowering Technology\\ePower\\ePower_DMC.exe"

"mcagent_exe"="C:\\Program Files\\McAfee.com\\Agent\\mcagent.exe /runkey"

"SiteAdvisor"="C:\\Program Files\\SiteAdvisor\\6172\\SiteAdv.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]

"Installed"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]

"Installed"="1"

"NoChange"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]

"Installed"="1"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]

"Generic Host Process for Win32 Services"="svchosts.exe"

"Intranet"="WindowsXP.exe"

"Intec Service Drivers"="winsystem.exe"

 

 

Bot Check:

 

SERVICE_NAME: wscsvc

DISPLAY_NAME : Security Center

START_TYPE : 4 DISABLED

 

SERVICE_NAME: sharedaccess

DISPLAY_NAME : Windows Firewall/Internet Connection Sharing (ICS)

START_TYPE : 4 DISABLED

 

SERVICE_NAME: wuauserv

DISPLAY_NAME : Automatic Updates

START_TYPE : 4 DISABLED

 

SERVICE_NAME: srservice

DISPLAY_NAME : System Restore Service

START_TYPE : 2 AUTO_START

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]

"EnableDCOM"="N"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"restrictanonymous"=dword:00000001

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update]

"AUOptions"=dword:00000004

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify"=dword:00000001

"FirewallDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000000

"AntiVirusOverride"=dword:00000000

"FirewallOverride"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control]

"WaitToKillServiceTimeout"="5000"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"SFCDisable"=dword:00000000

"Shell"="Explorer.exe"

"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shell extensions]

 

 

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters]

"TransportBindName"="\\Device\\"

 

 

ShellExecuteHooks:

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

 

 

 

Environment:

 

 

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\environment

ComSpec REG_EXPAND_SZ %SystemRoot%\system32\cmd.exe

Path REG_EXPAND_SZ %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Teleca Shared

windir REG_EXPAND_SZ %SystemRoot%

OS REG_SZ Windows_NT

PATHEXT REG_SZ .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

TEMP REG_EXPAND_SZ %SystemRoot%\TEMP

TMP REG_EXPAND_SZ %SystemRoot%\TEMP

CLASSPATH REG_SZ .;C:\Program Files\Java\jre1.5.0_08\lib\ext\QTJava.zip

QTJAVA REG_SZ C:\Program Files\Java\jre1.5.0_08\lib\ext\QTJava.zip

SAFEBOOT_OPTION REG_SZ NETWORK

 

SecurityProviders:

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders

SecurityProviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

 

 

Authentication Packages:

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

Authentication Packages REG_MULTI_SZ msv1_0

 

 

Subsystem Startup:

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]

"Windows"="%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"

 

 

Midi Drivers:

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"midi"="wdmaud.drv"

 

 

Non-Default IFEO Debugger:

 

 

Non-Default Installed Components:

 

 

Non-Default Safeboot Minimal:

 

 

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice

<NO NAME> REG_SZ Service

 

 

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\mcmscsvc

<NO NAME> REG_SZ

 

 

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\mcods

<NO NAME> REG_SZ

 

 

File Associations:

 

 

[HKEY_CLASSES_ROOT\batfile\shell\open\command]

@="\"%1\" %*"

 

[HKEY_CLASSES_ROOT\cmdfile\shell\open\command]

@="\"%1\" %*"

 

[HKEY_CLASSES_ROOT\comfile\shell\open\command]

@="\"%1\" %*"

 

[HKEY_CLASSES_ROOT\exefile\shell\open\command]

@="\"%1\" %*"

 

[HKEY_CLASSES_ROOT\htafile\shell\open\command]

@="C:\\WINDOWS\\system32\\mshta.exe \"%1\" %*"

 

[HKEY_CLASSES_ROOT\http\shell\open\command]

@="\"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE\" -nohome"

 

[HKEY_CLASSES_ROOT\htmlfile\shell\open\command]

@="\"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE\" -nohome"

 

[HKEY_CLASSES_ROOT\regedit\shell\open\command]

@="regedit.exe %1"

 

[HKEY_CLASSES_ROOT\regfile\shell\open\command]

@="regedit.exe \"%1\""

 

[HKEY_CLASSES_ROOT\scrfile\shell\open\command]

@="\"%1\" /S"

 

[HKEY_CLASSES_ROOT\txtfile\shell\open\command]

@="%SystemRoot%\system32\NOTEPAD.EXE %1"

 

 

Finished!

Lenke til kommentar
MadsBmv

MadsBmv

Skrevet
  • Forfatter
Skrevet

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:23:01, on 28.02.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\SiteAdvisor\6172\SAService.exe

C:\WINDOWS\system32\svchost.exe

C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

C:\Program Files\SiteAdvisor\6172\SiteAdv.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\McAfee\MSC\mcregist.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\WindowsXP.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

C:\WINDOWS\winsystem.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\McAfee\MSC\mcuimgr.exe

C:\Documents and Settings\Madzy\Local Settings\Temporary Internet Files\Content.IE5E74P7NY\HiJackThis[1].exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ba.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [intranet] WindowsXP.exe

O4 - HKLM\..\Run: [intec Service Drivers] winsystem.exe

O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKLM\..\Run: [siteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe

O4 - HKLM\..\Run: [Generic Host Process for Win32 Services] svchosts.exe

O4 - HKLM\..\RunServices: [Generic Host Process for Win32 Services] svchosts.exe

O4 - HKLM\..\RunServices: [intranet] WindowsXP.exe

O4 - HKLM\..\RunServices: [intec Service Drivers] winsystem.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Generic Host Process for Win32 Services] svchosts.exe

O4 - HKCU\..\Run: [intec Service Drivers] winsystem.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\RunServices: [Generic Host Process for Win32 Services] svchosts.exe

O4 - HKCU\..\RunServices: [intec Service Drivers] winsystem.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1168455774015

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe

 

--

End of file - 8248 bytes

Lenke til kommentar
snippsat

snippsat

Skrevet
Skrevet

Tjaa for ta en annen metode.

 

I normalmodus.

 

Start HijackThis finn disse linjene merk dem,så trykk fixed checked.

 

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

 

O4 - HKLM\..\RunServices: [Generic Host Process for Win32 Services] svchosts.exe

 

O4 - HKCU\..\Run: [Generic Host Process for Win32 Services] svchosts.exe

 

O4 - HKCU\..\RunServices: [Generic Host Process for Win32 Services] svchosts.exe

 

Last Combofix ned ,legg på skrivebordet.

Ikke klikk på vindu mens programet kjører.

post logg C:\combofix.txt

 

Restart og en ny HijackThis logg.

Lenke til kommentar
MadsBmv

MadsBmv

Skrevet
  • Forfatter
Skrevet

ComboFix 08-02-25.3 - Mads 2008-02-28 15:54:47.1 - FAT32x86

Microsoft Windows XP Professional 5.1.2600.2.1252.47.1033.18.484 [GMT 1:00]

Running from: C:\Documents and Settings\Mads\Local Settings\Temporary Internet Files\Content.IE5\FYJ9TC06\ComboFix[1].exe

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\system32\svchosts.exe

 

.

((((((((((((((((((((((((( Files Created from 2008-01-28 to 2008-02-28 )))))))))))))))))))))))))))))))

.

 

2008-02-28 15:08 . 2008-02-28 02:16 <DIR> d-------- C:\SDFix

2008-02-28 14:55 . 2008-02-28 14:55 <DIR> d-------- C:\Program Files\SDFix

2008-02-28 13:33 . 2008-02-28 13:33 <DIR> d-------- C:\Program Files\Trend Micro

2008-02-28 10:23 . 2008-02-28 15:18 8,745 --a------ C:\WINDOWS\system32\Config.MPF

2008-02-28 10:22 . 2008-02-28 10:22 <DIR> d-------- C:\Program Files\SiteAdvisor

2008-02-28 10:22 . 2008-02-28 10:22 <DIR> d-------- C:\Documents and Settings\Madzy\Application Data\SiteAdvisor

2008-02-28 10:22 . 2008-02-28 10:22 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor

2008-02-28 10:22 . 2008-02-28 10:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor

2008-02-28 10:21 . 2008-02-28 10:21 <DIR> d-------- C:\Program Files\McAfee.com

2008-02-28 10:21 . 2008-02-28 10:21 <DIR> d-------- C:\Program Files\McAfee

2008-02-28 10:21 . 2008-02-28 10:21 <DIR> d-------- C:\Program Files\Common Files\McAfee

2008-02-28 10:21 . 2007-07-21 09:08 201,288 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys

2008-02-28 10:21 . 2007-07-13 09:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys

2008-02-28 10:21 . 2007-07-24 07:40 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys

2008-02-28 10:21 . 2007-07-21 09:08 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys

2008-02-28 10:21 . 2007-07-21 09:08 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys

2008-02-28 10:21 . 2007-07-24 12:02 33,800 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys

2008-02-28 10:18 . 2008-02-28 10:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7

2008-02-28 10:17 . 2008-02-28 10:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee

2008-02-26 18:07 . 2008-02-26 18:07 <DIR> d-------- C:\Program Files\Windows Live

2008-02-26 18:07 . 2008-02-26 18:07 <DIR> d--hs---- C:\Program Files\Common Files\WindowsLiveInstaller

2008-02-26 18:07 . 2008-02-26 18:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller

2008-02-09 10:28 . 2008-02-09 10:28 6,144 --ahs---- C:\WINDOWS\Thumbs.db

2008-02-08 14:29 . 2008-02-08 14:29 111 --a------ C:\WINDOWS\musicmaker.INI

2008-02-08 14:22 . 2003-04-18 16:29 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll

2008-02-08 14:21 . 2008-02-08 14:21 <DIR> d-------- C:\Program Files\Common Files\MAGIX Shared

2008-02-08 14:20 . 2008-02-08 14:20 <DIR> d-------- C:\WINDOWS\system32\MAGIX

2008-02-08 14:20 . 2002-09-21 00:33 1,089,536 --a------ C:\WINDOWS\system32\ROBOEX32.DLL

2008-02-08 14:20 . 2006-07-05 11:21 638,976 --a------ C:\WINDOWS\system32\mgxoschk.dll

2008-02-08 14:20 . 1998-10-15 17:28 85,504 --a------ C:\WINDOWS\system32\HtmlWH.dll

2008-02-08 14:20 . 1999-01-28 14:44 49,152 --a------ C:\WINDOWS\system32\INETWH32.dll

2008-02-08 14:20 . 2008-02-08 14:21 5,729 --a------ C:\WINDOWS\mgxoschk.ini

2008-02-08 09:17 . 2008-02-08 09:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-02-08 09:16 . 2008-02-08 09:16 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-01 11:43 370,176 ----a-w C:\WINDOWS\sys.exe

2008-01-22 19:27 22,547 ----a-w C:\WINDOWS\system32\winabc.sys

2008-01-18 11:47 370,176 ----a-w C:\WINDOWS\sys30.exe

2008-01-14 17:29 223,232 ----a-w C:\WINDOWS\sysss.exe

2008-01-11 17:26 --------- d-----w C:\Program Files\VirtualDJ

2008-01-09 17:07 9,348 ----a-w C:\cc_20080109_1807.reg

2008-01-09 17:06 336,353 ----a-w C:\cc_20080109_1806.reg

2008-01-06 19:53 --------- d-----w C:\Documents and Settings\Madzy\Application Data\Teleca

2008-01-06 19:48 --------- d-----w C:\Documents and Settings\Madzy\Application Data\Sony Ericsson

2008-01-06 19:47 --------- d-----w C:\Program Files\Sony Ericsson

2008-01-06 19:47 --------- d-----w C:\Program Files\Common Files\Teleca Shared

2008-01-06 19:47 --------- d-----w C:\Program Files\Common Files\Sony Ericsson Shared

2008-01-06 19:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Teleca

2008-01-06 19:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson

2007-12-14 15:31 201,728 ----a-w C:\WINDOWS\system32\Yamaha R1 Screensaver.scr

2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe

2007-03-12 17:57 87,608 ----a-w C:\Documents and Settings\Madzy\Application Data\ezpinst.exe

2007-03-12 17:57 47,360 ----a-w C:\Documents and Settings\Madzy\Application Data\pcouffin.sys

2006-12-25 13:38 251 ----a-w C:\Program Files\wt3d.ini

2007-06-13 11:23 223,232 --sh--r C:\WINDOWS\winsystem.exe

2007-06-13 11:23 370,176 --sh--r C:\WINDOWS\system32\wkatzyl.exe

2007-06-13 11:23 248,320 --sh--r C:\WINDOWS\system32\WindowsXP.exe

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 20:00 15360]

"Intec Service Drivers"="winsystem.exe" [2007-06-13 12:23 223232 C:\WINDOWS\winsystem.exe]

"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

"Intec Service Drivers"="winsystem.exe" [2007-06-13 12:23 223232 C:\WINDOWS\winsystem.exe]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 20:00 455168]

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 20:00 455168]

"Intranet"="WindowsXP.exe" [2007-06-13 12:23 248320 C:\WINDOWS\system32\WindowsXP.exe]

"Intec Service Drivers"="winsystem.exe" [2007-06-13 12:23 223232 C:\WINDOWS\winsystem.exe]

"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-30 12:11 421888]

"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]

"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2007-08-24 22:57 36640]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

"Generic Host Process for Win32 Services"="svchosts.exe" []

"Intranet"="WindowsXP.exe" [2007-06-13 12:23 248320 C:\WINDOWS\system32\WindowsXP.exe]

"Intec Service Drivers"="winsystem.exe" [2007-06-13 12:23 223232 C:\WINDOWS\winsystem.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 20:00 15360]

 

C:\Documents and Settings\Madzy\Start Menu\Programs\Startup\

Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe [2007-12-11 23:34:48 3746856]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveSearch"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePower_DMC]

--a------ 2006-05-30 12:11 421888 C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

C:\Program Files\MSN Messenger\MsnMsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2007-11-07 17:36 185632 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\LimeWire\\LimeWire.exe"=

"C:\\Program Files\\Messenger\\MSMSGS.EXE"=

"C:\\Program Files\\BitLord\\BitLord.exe"=

"C:\\WINDOWS\\System32\\dpnsvr.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\Valve\\czero.exe"=

"C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=

"C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

 

R0 viaagp;VIA AGP Bus Filter;C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-03 23:07]

S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;C:\WINDOWS\system32\eLock2BurnerLockDriver.sys []

S2 eLock2FSCTLDriver;eLock2FSCTLDriver;C:\WINDOWS\system32\eLock2FSCTLDriver.sys []

S3 gUSBSTOi;gUSBSTOi;C:\DOCUME~1\Madzy\LOCALS~1\Temp\gUSBSTOi.sys []

S3 Isacpedcqf;Isacpedcqf;C:\WINDOWS\system32\drivers\MSKSSRV.sys [2004-08-03 22:58]

 

.

Contents of the 'Scheduled Tasks' folder

"2008-02-23 09:28:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

"2007-12-25 15:19:30 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"

- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe

"2008-02-23 17:35:52 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"

- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe

"2008-02-28 09:21:42 C:\WINDOWS\Tasks\McQcTask.job"

- c:\PROGRA~1\mcafee\mqc\QcConsol.exe

"2008-02-28 09:21:42 C:\WINDOWS\Tasks\McDefragTask.job"

- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-28 15:56:35

Windows 5.1.2600 Service Pack 2 FAT NTAPI

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-02-28 15:56:59

ComboFix-quarantined-files.txt 2008-02-28 14:56:58

.

2008-02-26 21:36:48 --- E O F ---

Lenke til kommentar
MadsBmv

MadsBmv

Skrevet
  • Forfatter
Skrevet

Ny loggfile check:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:03:43, on 28.02.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

C:\Program Files\SiteAdvisor\6172\SiteAdv.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\WindowsXP.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

C:\WINDOWS\winsystem.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\SiteAdvisor\6172\SAService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\PROGRA~1\McAfee\MSC\mcregist.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Documents and Settings\Madzy\Local Settings\Temporary Internet Files\Content.IE5\IP0NCLL1\HiJackThis[1].exe

C:\Program Files\McAfee\MSC\mcuimgr.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ba.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [intranet] WindowsXP.exe

O4 - HKLM\..\Run: [intec Service Drivers] winsystem.exe

O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKLM\..\Run: [siteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe

O4 - HKLM\..\RunServices: [Generic Host Process for Win32 Services] svchosts.exe

O4 - HKLM\..\RunServices: [intranet] WindowsXP.exe

O4 - HKLM\..\RunServices: [intec Service Drivers] winsystem.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [intec Service Drivers] winsystem.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\RunServices: [intec Service Drivers] winsystem.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1168455774015

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe

 

--

End of file - 7684 bytes

Lenke til kommentar
MadsBmv

MadsBmv

Skrevet
  • Forfatter
Skrevet

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 02/28/2008 at 05:07 PM

 

Application Version : 4.0.1152

 

Core Rules Database Version : 3411

Trace Rules Database Version: 1403

 

Scan type : Quick Scan

Total Scan Time : 00:11:03

 

Memory items scanned : 547

Memory threats detected : 0

Registry items scanned : 68

Registry threats detected : 0

File items scanned : 11559

File threats detected : 6

 

Adware.Tracking Cookie

C:\Documents and Settings\Madzy\Cookies\madzy@tradedoubler[1].txt

C:\Documents and Settings\Madzy\Cookies\[email protected][1].txt

C:\Documents and Settings\Madzy\Cookies\[email protected][2].txt

C:\Documents and Settings\Madzy\Cookies\[email protected][2].txt

C:\Documents and Settings\Administrator\Cookies\administrator@adtech[1].txt

C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt

Lenke til kommentar
MadsBmv

MadsBmv

Skrevet
  • Forfatter
Skrevet

Ny logfile check!:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:15:28, on 28.02.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

C:\Program Files\SiteAdvisor\6172\SiteAdv.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\WindowsXP.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

C:\WINDOWS\winsystem.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\SiteAdvisor\6172\SAService.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\McAfee\MSC\mcregist.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\McAfee\MSC\mcuimgr.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Documents and Settings\Madzy\Local Settings\Temporary Internet Files\Content.IE5\A8GSIIN2\HiJackThis[1].exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ba.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [intranet] WindowsXP.exe

O4 - HKLM\..\Run: [intec Service Drivers] winsystem.exe

O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

O4 - HKLM\..\Run: [siteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe

O4 - HKLM\..\RunServices: [intranet] WindowsXP.exe

O4 - HKLM\..\RunServices: [intec Service Drivers] winsystem.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [intec Service Drivers] winsystem.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\RunServices: [intec Service Drivers] winsystem.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1168455774015

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe

 

--

End of file - 7694 bytes

Lenke til kommentar
amiganostalgia

amiganostalgia

Skrevet
Skrevet

Her var det altfor mye detaljer å lese imho. ;)

Moralen er vel at man alltid tar advanced/expert/custom install av programmer og slår av alt som prøver å legge seg i oppstarten.

 

Ett enda bedre tips er å deaktivere drivere spesifikt i vista er dette en stor gevinst på minne/ytelse, samt tjenester (services).

 

Vet dette er litt enkelt spsm, men hva med en system restore eller recovery fra ett backup image? True Image er veldig bra til dette synes jeg.

 

Acronis Try&Decide som du får med der er også helt genialt, da du kan installere programmer for å teste de ut og simpelten bare resette PC-en uten å "lagre" systemet med de ny installerte programmer.

Lenke til kommentar
Syar-2003

Syar-2003

Skrevet
Skrevet

Det er fortsatt flere kjørende prosesser som ikke hører hjemme her i det hele tatt.

Som f.eks

C:\WINDOWS\winsystem.exe (W32/VB-DWI : Worm/Orm)

C:\WINDOWS\system32\WindowsXP.exe (Bancos : Trojan)

Begge disse er trojanere , ormer.

Prosessene bør avsluttes og filene slettes.

 

 

Taskmanager (oppgavebehandler) for å slå av prosesser kan du få til å virke selv om du er hijacked ved å kopiere filen taskmgr.exe fra C:\Windows\system32 mappen til f.eks skrivebordet

deretter rename fila på skrivebordet til taskmgr.com . Så kjører du enkelt å greit taskmgr.com varianten av oppgavebehandler.

Lenke til kommentar
snippsat

snippsat

Skrevet
Skrevet (endret)

Ja har de filene i tankene sva2003.

 

Ville bare høre on GQ worm lagde problemet med taskmanager.

 

Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt.

Dra deretter fila over Combofix-iconet. Combofix vil starte igjen.

cfscriptjo5.gif

Post ny HijackThis logg.

 

File::

C:\WINDOWS\system32\WindowsXP.exe

C:\WINDOWS\winsystem.exe

 

Registry::

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WindowsXP.exe"=-

"winsystem.exe"=-

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices:]

"WindowsXP.exe"=-

"winsystem.exe"=-

Endret av SNIPPSAT
Lenke til kommentar
snippsat

snippsat

Skrevet
Skrevet

Loggen er ren :thumbup:

 

Litt opprydding.

 

Last ned kjør CCleaner

Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere xx.

Kjør register-renser og.

 

Defragmere + Pagedefrag

 

Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc.

Lenke til kommentar
MadsBmv

MadsBmv

Skrevet
  • Forfatter
Skrevet
Det er fortsatt flere kjørende prosesser som ikke hører hjemme her i det hele tatt.

Som f.eks

C:\WINDOWS\winsystem.exe (W32/VB-DWI : Worm/Orm)

C:\WINDOWS\system32\WindowsXP.exe (Bancos : Trojan)

Begge disse er trojanere , ormer.

Prosessene bør avsluttes og filene slettes.

 

Fikk slettet de i Hijackthis, men finner de ikke på win32..? Står det i koder i win32?

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
Gå til emneliste
×
×
  • Opprett ny...