Fjerne trojansk hest (igjen)

Jolsrud · 24. mars 2008

Jeg har fått en trojansk hest på maskinen. Kan noen hjelpe meg med hvordan jeg kan få den fjernet? (vet at det er flere tråder med dette, og har gjort det jeg kan ut fra det. Men det er ikke stort mer enn å installere kijackthis og combofix)

Jolsrud · 24. mars 2008

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:51:08, on 24.03.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe

C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe

C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe

C:\Programfiler\Norton AntiVirus\navapsvc.exe

C:\Programfiler\Norton AntiVirus\IWP\NPFMntor.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe

C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe

C:\Programfiler\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Programfiler\iPod\bin\iPodService.exe

C:\Programfiler\Siemens\Gigaset WLAN Adapter\WLM.exe

C:\Programfiler\Fellesfiler\Sonic Shared\cinetray.exe

C:\Programfiler\Fellesfiler\Symantec Shared\Security Console\NSCSRVCE.EXE

C:\Programfiler\Mozilla Firefox\firefox.exe

C:\Programfiler\Messenger\msmsgs.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bergensjakk.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programfiler\Norton AntiVirus\NavShExt.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll

O2 - BHO: Media Player Classic - {D2A8552D-4340-413E-B94E-245827FBC269} - C:\WINDOWS\ausctv32a.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programfiler\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar2.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [batSrv] C:\WINDOWS\batserv2.exe

O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: PowerReg Scheduler V3.exe

O4 - Global Startup: Gigaset WLAN Adapter Monitor.lnk = C:\Programfiler\Siemens\Gigaset WLAN Adapter\WLM.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = ?

O8 - Extra context menu item: &Google Search - res://C:\Programfiler\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://C:\Programfiler\Google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://C:\Programfiler\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Programfiler\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://C:\Programfiler\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://C:\Programfiler\Google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Programfiler\Internet Explorer\Plugins\NPDocBox.dll

O21 - SSODL: IEFilter - {C82ACA87-5636-4283-9703-9DB2ECDEEA00} - C:\WINDOWS\system32\IEFilter.dll (file missing)

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\SAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe

O23 - Service: SPBBCSvc - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe

--

End of file - 9340 bytes

Jeg har fått en trojansk hest på maskinen. Kan noen hjelpe meg med hvordan jeg kan få den fjernet? (vet at det er flere tråder med dette, og har gjort det jeg kan ut fra det. Men det er ikke stort mer enn å installere kijackthis og combofix)

snippsat · 24. mars 2008

Lag en combofix logg og.

Last Combofix ned ,legg på skrivebordet.

Ikke klikk på vindu mens programet kjører.

post logg C:\combofix.txt

Endret 24. mars 2008 av SNIPPSAT

Jolsrud · 24. mars 2008

ComboFix 08-03-24.1 - Bulten 2008-03-24 21:54:51.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.202 [GMT 1:00]

Running from: C:\Documents and Settings\Bulten\Skrivebord\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

-- Script messages for sUBs --

Findstr -MIF:/ sursen

CF3222.exe /c " VFind.exe -ltf -s-1000000 -d+2007-12-24 "C:\Programfiler\*" >progfile.dat"

VFind.exe -ltf -s-1000000 -d+2007-12-24 "C:\Programfiler\*"

CF3222.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"

((((((((((((((((((((((((( Files Created from 2008-02-24 to 2008-03-24 )))))))))))))))))))))))))))))))

.

2008-03-24 20:31 . 2008-03-24 20:31 <DIR> d-------- C:\Programfiler\Trend Micro

2008-03-24 19:32 . 2008-03-24 19:32 219,648 --a------ C:\WINDOWS\ausctv32a.dll

2008-03-24 19:32 . 2008-03-24 19:32 49 --a------ C:\xmp.bat

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-17 15:50 --------- d-----w C:\Programfiler\Java

2008-03-14 21:22 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared

2008-02-10 22:24 --------- d--h--w C:\Programfiler\Zero G Registry

2008-02-10 22:24 --------- d-----w C:\Programfiler\GeoGebra

2007-10-17 15:46 70,664 ----a-w C:\Documents and Settings\Bulten\Programdata\GDIPFONTCACHEV1.DAT

2004-10-27 16:50 192 ----a-w C:\Documents and Settings\Bulten\Programdata\wklnhst.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D2A8552D-4340-413E-B94E-245827FBC269}]

2008-03-24 19:32 219648 --a------ C:\WINDOWS\ausctv32a.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360]

"msnmsgr"="C:\Programfiler\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]

"swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-21 20:13 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMan"="SOUNDMAN.EXE" [2003-08-05 06:59 57344 C:\WINDOWS\SOUNDMAN.EXE]

"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2002-10-08 11:03 155648]

"QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2006-10-25 18:58 282624]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-02-28 21:00 315392]

"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 22:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]

"BatSrv"="C:\WINDOWS\batserv2.exe" [ ]

"ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2007-01-22 21:19 52840]

"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2006-10-30 09:36 256576]

"Symantec PIF AlertEng"="C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30 517768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360]

C:\Documents and Settings\Bulten\Start-meny\Programmer\Oppstart\

PowerReg Scheduler V3.exe [2008-03-24 20:55:09 225280]

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

Gigaset WLAN Adapter Monitor.lnk - C:\Programfiler\Siemens\Gigaset WLAN Adapter\WLM.exe [2003-08-23 11:34:38 225280]

Microsoft Office.lnk - C:\Programfiler\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]

Sonic CinePlayer Quick Launch.lnk - C:\Programfiler\Fellesfiler\Sonic Shared\cinetray.exe [2002-09-18 13:16:30 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"IEFilter"= {C82ACA87-5636-4283-9703-9DB2ECDEEA00} - C:\WINDOWS\system32\IEFilter.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programfiler\\Messenger\\msmsgs.exe"=

"C:\\Programfiler\\Internet Explorer\\iexplore.exe"=

"C:\\Programfiler\\iTunes\\iTunes.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\MSN Messenger\\livecall.exe"=

R0 BsStor;InCD Storage Helper Driver;C:\WINDOWS\system32\DRIVERS\bsstor.sys [2002-06-06 00:07]

R1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\Cinemsup.sys [2002-07-19 07:10]

R3 ATMELFVNETusb(AR)®;ATMEL FVNETusb(AR)® Service for Siemens Gigaset USB Adapter 11;C:\WINDOWS\system32\DRIVERS\vnetusbk.sys [2003-04-17 10:21]

S3 PCMCIAFVNETR;Siemens Gigaset PC Card 11;C:\WINDOWS\system32\DRIVERS\fvnetr.sys [2002-10-03 23:51]

S4 BsUDF;InCD UDF Driver;C:\WINDOWS\system32\drivers\BsUDF.sys [2003-02-12 12:16]

*Newly Created Service* - CATCHME

.

Contents of the 'Scheduled Tasks' folder

"2008-03-18 19:43:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe

"2008-03-21 19:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Bulten.job"

- C:\PROGRA~1\NORTON~1\Navw32.exec/TASK:

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-24 21:58:38

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

BatSrv = C:\WINDOWS\batserv2.exe???????????????????????????????B???????????1?|?????2?|?2?|.????????B??h????????????B?? ????B??????x???????????????4???????????????@????????????????3?|????????????41?|+C@??????????!o?&???(?@???@??}@??????????L?|????????????????+C@????

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-03-24 21:59:31

ComboFix-quarantined-files.txt 2008-03-24 20:59:15

.

2008-03-13 22:48:11 --- E O F ---

Lag en comofix logg og.

Last Combofix ned ,legg på skrivebordet.

Ikke klikk på vindu mens programet kjører.

post logg C:\combofix.txt

snippsat · 24. mars 2008

Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt.

Dra deretter fila over Combofix-iconet. Combofix vil starte igjen.

Post logg c:\combofix

File::

C:\WINDOWS\ausctv32a.dll

C:\xmp.bat

C:\Documents and Settings\Bulten\Start-meny\Programmer\Oppstart\

PowerReg Scheduler V3.exe

Last ned oppdatere og kjør full scan SAS free

Post loggen fra SAS (preferences->statistics/logs)

Restart og en ny HijackThis logg.

Jolsrud · 24. mars 2008

Her er loggen fra Combofix:

ComboFix 08-03-24.1 - Bulten 2008-03-24 22:21:55.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.157 [GMT 1:00]

Running from: C:\Documents and Settings\Bulten\Skrivebord\ComboFix.exe

Command switches used :: C:\Documents and Settings\Bulten\Skrivebord\CFScript.txt

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::

C:\Documents and Settings\Bulten\Start-meny\Programmer\Oppstart\

C:\WINDOWS\ausctv32a.dll

C:\xmp.bat

.

-- Script messages for sUBs --

CF8636.exe /c " VFind.exe -ltf -s-1000000 -d+2007-12-24 "C:\Programfiler\*" >progfile.dat"

VFind.exe -ltf -s-1000000 -d+2007-12-24 "C:\Programfiler\*"

CF8636.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))