[LØST]Trenger hjelp til å hjelpe, langversjon fulgt!

[ed9]

Hei.

 

En kompis lurte på om jeg kunne ta en titt på PC-en hans.

Han klaget over at den gikk utrolig treigt og hang seg opp hele tiden.

 

Viste seg at oppdateringene til både Norton og Windows var avslått, prosessorbruken føyk

opp i 100 % bare jeg gikk inn på c:\. Dessuten så funket ikke cd-romen, satt i en Windows cd og restartet,

leste fortsatt ikke under booting, tyder vel kanskje på at cd-romen har tatt kvelden?

Kjørte først en SAS scan og fikk fjernet mengder med trojanere og annet grums.

 

Idag tok jeg en ny titt og fulgte langversjonen her på forumet. Allerede nå ser det ut til at maskinen

kjører bedre, men for å være på den sikre siden hadde det vært fint om noen kunne se gjennom loggene!

 

SAS-logg:

Klikk for å se/fjerne innholdet nedenfor

<SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 05/16/2008 at 08:17 PM

 

Application Version : 4.0.1154

 

Core Rules Database Version : 3462

Trace Rules Database Version: 1453

 

Scan type : Complete Scan

Total Scan Time : 00:41:10

 

Memory items scanned : 560

Memory threats detected : 0

Registry items scanned : 5435

Registry threats detected : 0

File items scanned : 30016

File threats detected : 0

 

 

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 04/28/2008 at 08:59 PM

 

Application Version : 4.0.1154

 

Core Rules Database Version : 3449

Trace Rules Database Version: 1441

 

Scan type : Complete Scan

Total Scan Time : 00:33:07

 

Memory items scanned : 512

Memory threats detected : 1

Registry items scanned : 5410

Registry threats detected : 62

File items scanned : 16339

File threats detected : 208

 

Adware.Vundo Variant/Resident

C:\WINDOWS\SYSTEM32\MLJBRIBC.DLL

C:\WINDOWS\SYSTEM32\MLJBRIBC.DLL

 

Adware.180solutions/Seekmo

HKLM\Software\Classes\CLSID\{53E0B6E8-A51D-448B-B692-40B67B285543}

HKCR\CLSID\{53E0B6E8-A51D-448B-B692-40B67B285543}

HKCR\CLSID\{53E0B6E8-A51D-448B-B692-40B67B285543}

HKCR\CLSID\{53E0B6E8-A51D-448B-B692-40B67B285543}#AppID

HKCR\CLSID\{53E0B6E8-A51D-448B-B692-40B67B285543}\InprocServer32

HKCR\CLSID\{53E0B6E8-A51D-448B-B692-40B67B285543}\InprocServer32#ThreadingModel

HKCR\CLSID\{53E0B6E8-A51D-448B-B692-40B67B285543}\ProgID

HKCR\CLSID\{53E0B6E8-A51D-448B-B692-40B67B285543}\Programmable

HKCR\CLSID\{53E0B6E8-A51D-448B-B692-40B67B285543}\TypeLib

HKCR\CLSID\{53E0B6E8-A51D-448B-B692-40B67B285543}\VersionIndependentProgID

C:\PROGRAM FILES\SEEKMO PROGRAMS\SEEKMO TOOLBAR\SEEKMOTB.DLL

HKLM\Software\Microsoft\Internet Explorer\Toolbar#{53E0B6E8-A51D-448B-B692-40B67B285543}

HKCR\SeekmoToolbar.SeekmoToolband.1

HKCR\SeekmoToolbar.SeekmoToolband.1\CLSID

HKCR\SeekmoToolbar.SeekmoToolband

HKCR\SeekmoToolbar.SeekmoToolband\CLSID

HKCR\SeekmoToolbar.SeekmoToolband\CurVer

HKCR\TypeLib\{B3A2ECDA-1487-4E7B-815E-D91E43AC79DC}

HKCR\TypeLib\{B3A2ECDA-1487-4E7B-815E-D91E43AC79DC}\1.0

HKCR\TypeLib\{B3A2ECDA-1487-4E7B-815E-D91E43AC79DC}\1.0

HKCR\TypeLib\{B3A2ECDA-1487-4E7B-815E-D91E43AC79DC}\1.0\win32

HKCR\TypeLib\{B3A2ECDA-1487-4E7B-815E-D91E43AC79DC}\1.0\FLAGS

HKCR\TypeLib\{B3A2ECDA-1487-4E7B-815E-D91E43AC79DC}\1.0\HELPDIR

HKCR\Interface\{AA06DE54-7B8A-4366-9209-D1FA2FD5E680}

HKCR\Interface\{AA06DE54-7B8A-4366-9209-D1FA2FD5E680}\ProxyStubClsid

HKCR\Interface\{AA06DE54-7B8A-4366-9209-D1FA2FD5E680}\ProxyStubClsid32

HKCR\Interface\{AA06DE54-7B8A-4366-9209-D1FA2FD5E680}\TypeLib

HKCR\Interface\{AA06DE54-7B8A-4366-9209-D1FA2FD5E680}\TypeLib#Version

HKCR\AppId\SeekmoTB.DLL

HKCR\AppId\SeekmoTB.DLL#AppID

HKCR\AppId\{21B8997E-251A-412C-A805-B0A4F791B03E}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Seekmo Toolbar

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Seekmo Toolbar#DisplayName

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Seekmo Toolbar#UninstallString

 

Unclassified.Unknown Origin

HKLM\Software\Classes\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}

HKCR\CLSID\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}

HKCR\CLSID\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}\InprocServer32

HKCR\CLSID\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}\InprocServer32#ThreadingModel

C:\WINDOWS\SYSTEM32\TUVTJGVM.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}

HKCR\CLSID\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}

 

Adware.Vundo-Variant

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42C5C39E-F896-439C-9BCF-FE8CFC27C520}

HKCR\CLSID\{42C5C39E-F896-439C-9BCF-FE8CFC27C520}

HKCR\CLSID\{42C5C39E-F896-439C-9BCF-FE8CFC27C520}\InprocServer32

HKCR\CLSID\{42C5C39E-F896-439C-9BCF-FE8CFC27C520}\InprocServer32#ThreadingModel

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E6E175F6-F6A7-49AC-B899-4F1FB89DEEAF}

HKCR\CLSID\{E6E175F6-F6A7-49AC-B899-4F1FB89DEEAF}

HKCR\CLSID\{E6E175F6-F6A7-49AC-B899-4F1FB89DEEAF}\InprocServer32

HKCR\CLSID\{E6E175F6-F6A7-49AC-B899-4F1FB89DEEAF}\InprocServer32#ThreadingModel

C:\WINDOWS\SYSTEM32\YAYVSIHA.DLL

C:\DOCUMENTS AND SETTINGS\GJEST\LOKALE INNSTILLINGER\TEMP\PMNKHAQH.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP273\A0103343.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP273\A0103344.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP273\A0103345.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP273\A0103346.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP273\A0103347.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP273\A0103348.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP273\A0103349.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP273\A0103350.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP273\A0104343.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP273\A0104344.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP273\A0104345.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP273\A0104346.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP273\A0104347.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP273\A0104348.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP273\A0104349.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP273\A0104350.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP273\A0104351.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP273\A0104352.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP273\A0104353.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP273\A0104354.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP273\A0104355.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP273\A0104356.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP273\A0104357.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP273\A0105343.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP273\A0105344.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP273\A0105345.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP273\A0105346.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP273\A0105347.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP273\A0105348.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP273\A0105349.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP273\A0105350.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP273\A0105351.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP280\A0134468.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP280\A0134469.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP280\A0134470.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP280\A0134471.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP282\A0144515.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP282\A0144516.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP282\A0145515.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP282\A0145516.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP282\A0145517.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP282\A0145518.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP282\A0145519.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP282\A0145520.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP282\A0145521.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP282\A0147544.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP282\A0147545.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP282\A0147546.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP282\A0147547.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP282\A0147548.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP282\A0147549.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP282\A0147550.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP282\A0149580.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP287\A0158925.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP287\A0158926.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP287\A0158927.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP287\A0158928.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP287\A0158929.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP287\A0158930.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP287\A0158932.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP287\A0158933.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP287\A0158935.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP287\A0158936.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP287\A0158937.DLL

C:\WINDOWS\SYSTEM32\AWTQNKHE.DLL

C:\WINDOWS\SYSTEM32\CBXQIHAP.DLL

C:\WINDOWS\SYSTEM32\CBXRHXXP.DLL

C:\WINDOWS\SYSTEM32\DDCBRKLI.DLL

C:\WINDOWS\SYSTEM32\DDCBTLFC.DLL

C:\WINDOWS\SYSTEM32\EFCASIFU.DLL

C:\WINDOWS\SYSTEM32\EFCATJBU.DLL

C:\WINDOWS\SYSTEM32\GEBTQKLC.DLL

C:\WINDOWS\SYSTEM32\GEBTRLMK.DLL

C:\WINDOWS\SYSTEM32\LJJCUUNL.DLL

C:\WINDOWS\SYSTEM32\LJJCVVLE.DLL

C:\WINDOWS\SYSTEM32\MLJYPMGE.DLL

C:\WINDOWS\SYSTEM32\PMNKJBAS.DLL

C:\WINDOWS\SYSTEM32\PMNLJKAA.DLL

C:\WINDOWS\SYSTEM32\QOMCCBRP.DLL

C:\WINDOWS\SYSTEM32\QOMDETJD.DLL

C:\WINDOWS\SYSTEM32\QOMFCCRI.DLL

C:\WINDOWS\SYSTEM32\SSQNGYOI.DLL

C:\WINDOWS\SYSTEM32\SSQPGGXR.DLL

C:\WINDOWS\SYSTEM32\SSQQHFFC.DLL

C:\WINDOWS\SYSTEM32\URQRLBAB.DLL

C:\WINDOWS\SYSTEM32\VTUONLIB.DLL

C:\WINDOWS\SYSTEM32\WVUKIXQO.DLL

C:\WINDOWS\SYSTEM32\WVULIFEU.DLL

C:\WINDOWS\SYSTEM32\WVUMNKAW.DLL

C:\WINDOWS\SYSTEM32\XXYVVVOH.DLL

C:\WINDOWS\SYSTEM32\YAYAWMFD.DLL

C:\WINDOWS\SYSTEM32\YAYXWWND.DLL

 

Adware.Zango/ShoppingReport

HKU\S-1-5-21-2449234327-715213787-2878241473-1008\Software\ShoppingReport

HKLM\Software\ShoppingReport

HKLM\Software\ShoppingReport#affid

HKLM\Software\ShoppingReport#Version

HKLM\Software\ShoppingReport#ProductName

HKLM\Software\ShoppingReport#requestor

HKLM\Software\ShoppingReport#SG_Not_Set

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport#DisplayIcon

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport#DisplayName

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport#UninstallString

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport#DisplayVersion

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport#URLInfoAbout

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport#Publisher

C:\Programfiler\ShoppingReport\Bin\2.0.26\ShoppingReport.dll

C:\Programfiler\ShoppingReport\Bin\2.0.26

C:\Programfiler\ShoppingReport\Bin

C:\Programfiler\ShoppingReport\Uninst.exe

C:\Programfiler\ShoppingReport

C:\Documents and settings\abcd\Programdata\ShoppingReport\cs\Config.xml

C:\Documents and settings\abcd\Programdata\ShoppingReport\cs

C:\Documents and settings\abcd\Programdata\ShoppingReport

 

Adware.Tracking Cookie

C:\Documents and settings\Gjest\Cookies\gjest@atdmt[2].txt

C:\Documents and settings\Gjest\Cookies\[email protected][1].txt

C:\Documents and settings\Gjest\Cookies\[email protected][1].txt

C:\Documents and settings\Gjest\Cookies\[email protected][1].txt

 

Adware.Vundo-Variant/Small-A

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP273\A0097332.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP273\A0100332.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP273\A0102343.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP273\A0107343.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP273\A0111343.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP274\A0115365.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP275\A0121398.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP275\A0122398.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP275\A0123398.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP276\A0126421.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP276\A0127421.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP277\A0127435.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP278\A0128444.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP280\A0129456.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP280\A0132468.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP280\A0134472.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP280\A0135468.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP281\A0137481.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP282\A0141504.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP282\A0146544.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP282\A0147551.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP282\A0148544.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP282\A0149567.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP283\A0153601.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP283\A0153613.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP283\A0153614.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP283\A0153638.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP287\A0159138.DLL

C:\WINDOWS\SYSTEM32\BWNHPNHT.DLL

C:\WINDOWS\SYSTEM32\CRFSGTNG.DLL

C:\WINDOWS\SYSTEM32\DIDAVRMC.DLL

C:\WINDOWS\SYSTEM32\EHSKYREU.DLL

C:\WINDOWS\SYSTEM32\EQVQOUMB.DLL

C:\WINDOWS\SYSTEM32\FBJKNISN.DLL

C:\WINDOWS\SYSTEM32\GDXPQIIH.DLL

C:\WINDOWS\SYSTEM32\HMSDSBML.DLL

C:\WINDOWS\SYSTEM32\JORXHPAL.DLL

C:\WINDOWS\SYSTEM32\KFWTHDQF.DLL

C:\WINDOWS\SYSTEM32\KJEXFJLO.DLL

C:\WINDOWS\SYSTEM32\LHTVKCAV.DLL

C:\WINDOWS\SYSTEM32\NQRGXJAW.DLL

C:\WINDOWS\SYSTEM32\ORIFDYSG.DLL

C:\WINDOWS\SYSTEM32\OXANHLSQ.DLL

C:\WINDOWS\SYSTEM32\RAHFASMC.DLL

C:\WINDOWS\SYSTEM32\RHIBCJOK.DLL

C:\WINDOWS\SYSTEM32\RSSOIFFS.DLL

C:\WINDOWS\SYSTEM32\SPUUMRKG.DLL

C:\WINDOWS\SYSTEM32\TUUXTBJL.DLL

C:\WINDOWS\SYSTEM32\USHYURXS.DLL

C:\WINDOWS\SYSTEM32\VOLGSFHA.DLL

C:\WINDOWS\SYSTEM32\WQRSQHUP.DLL

 

Adware.Vundo-Variant/E

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP274\A0115366.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP282\A0142506.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP283\A0153635.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP283\A0153636.DLL

C:\WINDOWS\SYSTEM32\BTMICLBJ.DLL

C:\WINDOWS\SYSTEM32\ESTRSDHR.DLL

C:\WINDOWS\SYSTEM32\EXLDCTUW.DLL

C:\WINDOWS\SYSTEM32\FEDOTWID.DLL

C:\WINDOWS\SYSTEM32\FNSNSLUV.DLL

C:\WINDOWS\SYSTEM32\RSYEIPJR.DLL

 

Adware.180solutions/ZangoSearch

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP282\A0143525.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP287\A0159124.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP287\A0159115.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP287\A0159116.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP287\A0159117.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP287\A0159118.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP287\A0159119.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP287\A0159120.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP287\A0159122.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP287\A0159125.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP287\A0159126.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP287\A0159127.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP287\A0159129.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP287\A0159130.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{E28D08E5-8D71-426E-BE67-A403A7CF281E}\RP288\A0159142.DLL

 

Trojan.Vundo-Variant/F

C:\WINDOWS\SYSTEM32\AERTOJBS.DLL

C:\WINDOWS\SYSTEM32\DOIURNWO.DLL

C:\WINDOWS\SYSTEM32\JRCQNRQJ.DLL

C:\WINDOWS\SYSTEM32\MAOWHBNX.DLL

C:\WINDOWS\SYSTEM32\QBPNTAHD.DLL

C:\WINDOWS\SYSTEM32\WVJEXWUH.DLL

C:\WINDOWS\SYSTEM32\XSJOVBNB.DLL

C:\WINDOWS\SYSTEM32\XYTWCLLW.DLL

 

Adware.Vundo-Variant/M

C:\WINDOWS\SYSTEM32\AEWRLKET.DLL

C:\WINDOWS\SYSTEM32\EGXSGTLQ.DLL

C:\WINDOWS\SYSTEM32\HHHEGSPS.DLL

C:\WINDOWS\SYSTEM32\ICOAAEXI.DLL

C:\WINDOWS\SYSTEM32\IFRGSBJI.DLL

C:\WINDOWS\SYSTEM32\LLGNNECU.DLL

C:\WINDOWS\SYSTEM32\XBBTMRMB.DLL

 

Trojan.Unclassified/MRT-Fake

C:\WINDOWS\SYSTEM32\HEGFCDBR.DLL

C:\WINDOWS\SYSTEM32\JWXXLDBL.DLL

C:\WINDOWS\SYSTEM32\LERDMVXR.DLL

C:\WINDOWS\SYSTEM32\OICCCDYK.DLL

C:\WINDOWS\SYSTEM32\UACLMGXW.DLL

C:\WINDOWS\SYSTEM32\TYKTFVLN.DLL

C:\WINDOWS\SYSTEM32\UVLPGXEX.DLL

C:\WINDOWS\SYSTEM32\XARRUDXB.DLL

>

 

Combofix-logg:

Klikk for å se/fjerne innholdet nedenfor

<ComboFix 08-05-15.3 - abcd 2008-05-16 20:23:00.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.121 [GMT 2:00]

Running from: C:\Documents and settings\abcd\Skrivebord\ComboFix.exe

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\cookies.ini

C:\WINDOWS\pskt.ini

C:\WINDOWS\system32\aHiSvyay.ini

C:\WINDOWS\system32\aHiSvyay.ini2

C:\WINDOWS\system32\babLRqru.ini

C:\WINDOWS\system32\babLRqru.ini2

C:\WINDOWS\system32\BIlnoUtv.ini

C:\WINDOWS\system32\BIlnoUtv.ini2

C:\WINDOWS\system32\bufxgoob.ini

C:\WINDOWS\system32\CbIRBJlm.ini

C:\WINDOWS\system32\CbIRBJlm.ini2

C:\WINDOWS\system32\CffhQqss.ini

C:\WINDOWS\system32\CffhQqss.ini2

C:\WINDOWS\system32\cfLTBcdd.ini

C:\WINDOWS\system32\cfLTBcdd.ini2

C:\WINDOWS\system32\CLkQtBeg.ini

C:\WINDOWS\system32\CLkQtBeg.ini2

C:\WINDOWS\system32\dfMWayay.ini

C:\WINDOWS\system32\dfMWayay.ini2

C:\WINDOWS\system32\dJTEdMoq.ini

C:\WINDOWS\system32\dJTEdMoq.ini2

C:\WINDOWS\system32\dsrtphhb.ini

C:\WINDOWS\system32\ebgapnrl.ini

C:\WINDOWS\system32\EgMpYJlm.ini

C:\WINDOWS\system32\EgMpYJlm.ini2

C:\WINDOWS\system32\ehknqtwa.ini

C:\WINDOWS\system32\ehknqtwa.ini2

C:\WINDOWS\system32\ELVvCJjl.ini

C:\WINDOWS\system32\ELVvCJjl.ini2

C:\WINDOWS\system32\erkecjgs.ini

C:\WINDOWS\system32\fdcumyri.ini

C:\WINDOWS\system32\flovlgeq.ini

C:\WINDOWS\system32\gkneunga.ini

C:\WINDOWS\system32\gwpqyqlg.ini

C:\WINDOWS\system32\gywjsres.ini

C:\WINDOWS\system32\hOVvvyxx.ini

C:\WINDOWS\system32\hOVvvyxx.ini2

C:\WINDOWS\system32\IlkRBcdd.ini

C:\WINDOWS\system32\IlkRBcdd.ini2

C:\WINDOWS\system32\IOYGNqss.ini

C:\WINDOWS\system32\IOYGNqss.ini2

C:\WINDOWS\system32\iRCcfMoq.ini

C:\WINDOWS\system32\iRCcfMoq.ini2

C:\WINDOWS\system32\kmlRtBeg.ini

C:\WINDOWS\system32\kmlRtBeg.ini2

C:\WINDOWS\system32\lffevgyu.ini

C:\WINDOWS\system32\LnUuCJjl.ini

C:\WINDOWS\system32\LnUuCJjl.ini2

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\ngqtybwn.ini

C:\WINDOWS\system32\njtlqnhb.ini

C:\WINDOWS\system32\NmVvCfhk.ini

C:\WINDOWS\system32\NmVvCfhk.ini2

C:\WINDOWS\system32\oqXIkUvw.ini

C:\WINDOWS\system32\oqXIkUvw.ini2

C:\WINDOWS\system32\pAHiQXbc.ini

C:\WINDOWS\system32\pAHiQXbc.ini2

C:\WINDOWS\system32\pbkolmpp.ini

C:\WINDOWS\system32\pcvuvphj.ini

C:\WINDOWS\system32\prBccMoq.ini

C:\WINDOWS\system32\prBccMoq.ini2

C:\WINDOWS\system32\pXxHRXbc.ini

C:\WINDOWS\system32\pXxHRXbc.ini2

C:\WINDOWS\system32\qjyckxrn.ini

C:\WINDOWS\system32\qvosubgd.ini

C:\WINDOWS\system32\rxcqoiwi.ini

C:\WINDOWS\system32\rXGgPqss.ini

C:\WINDOWS\system32\rXGgPqss.ini2

C:\WINDOWS\system32\sAbJknmp.ini

C:\WINDOWS\system32\sAbJknmp.ini2

C:\WINDOWS\system32\sxruyhsu.ini

C:\WINDOWS\system32\ttnpdfvg.ini

C:\WINDOWS\system32\UBJTAcfe.ini

C:\WINDOWS\system32\UBJTAcfe.ini2

C:\WINDOWS\system32\uEfilUvw.ini

C:\WINDOWS\system32\uEfilUvw.ini2

C:\WINDOWS\system32\UFiSAcfe.ini

C:\WINDOWS\system32\UFiSAcfe.ini2

C:\WINDOWS\system32\ukjwuump.ini

C:\WINDOWS\system32\vhhcmyrh.ini

C:\WINDOWS\system32\viitsqeo.ini

C:\WINDOWS\system32\waKnmUvw.ini

C:\WINDOWS\system32\waKnmUvw.ini2

C:\WINDOWS\system32\wchledee.ini

C:\WINDOWS\system32\whcblkep.ini

C:\WINDOWS\system32\ygnggyec.ini

C:\WINDOWS\system32\ysldqhgu.ini

C:\WINDOWS\system32\aaKjlnmp.ini

C:\WINDOWS\system32\aaKjlnmp.ini2

 

.

((((((((((((((((((((((((( Files Created from 2008-04-16 to 2008-05-16 )))))))))))))))))))))))))))))))

.

 

2008-05-16 19:28 . 2008-05-16 20:20 <DIR> dr-h----- C:\Documents and settings\abcd\Siste

2008-05-16 19:28 . 2008-05-16 20:20 <DIR> dr-h----- C:\Documents and settings\abcd\Siste

2008-05-16 19:07 . 2008-05-16 19:07 <DIR> d-------- C:\WINDOWS\LastGood

2008-05-16 18:39 . 2008-05-16 18:39 <DIR> d-------- C:\Documents and settings\LocalService\Start-meny

2008-05-15 21:27 . 2008-05-15 21:37 <DIR> d-------- C:\WINDOWS\LastGood.Tmp

2008-05-15 21:22 . 2004-08-04 10:03 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2008-05-15 21:20 . 2008-05-15 21:20 <DIR> d-------- C:\WINDOWS\provisioning

2008-05-15 21:20 . 2008-05-15 21:20 <DIR> d-------- C:\WINDOWS\peernet

2008-05-15 21:15 . 2008-05-15 21:15 <DIR> d-------- C:\WINDOWS\ServicePackFiles

2008-05-15 20:59 . 2008-05-15 20:59 <DIR> d-------- C:\WINDOWS\EHome

2008-05-03 10:33 . 2008-05-03 11:52 6,955 --a------ C:\WINDOWS\system32\EPPICResdb0000

2008-05-03 10:33 . 2008-05-03 11:52 121 --a------ C:\WINDOWS\system32\EPPICResdb

2008-04-28 21:18 . 2008-04-28 21:18 0 --a------ C:\WINDOWS\nsreg.dat

2008-04-28 20:26 . 2008-04-28 20:26 67 --a------ C:\WINDOWS\system32\mmmfsxul.dll

2008-04-28 20:23 . 2008-04-28 20:23 <DIR> d-------- C:\Documents and settings\All Users\Programdata\SUPERAntiSpyware.com

2008-04-28 20:23 . 2008-04-28 20:23 67 --a------ C:\WINDOWS\system32\vnfhhyrn.dll

2008-04-28 20:22 . 2008-05-16 19:34 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware

2008-04-28 20:22 . 2008-04-28 20:22 <DIR> d-------- C:\Documents and settings\abcd\Programdata\SUPERAntiSpyware.com

2008-04-28 19:46 . 2008-04-28 19:46 <DIR> d-------- C:\Programfiler\CCleaner

2008-04-28 19:13 . 2008-04-28 19:13 67 --a------ C:\WINDOWS\system32\plkkirnu.dll

2008-04-28 19:11 . 2008-04-28 19:11 67 --a------ C:\WINDOWS\system32\kerytqol.dll

2008-04-28 19:04 . 2008-04-28 19:04 67 --a------ C:\WINDOWS\system32\tgywutis.dll

2008-04-28 19:01 . 2008-04-28 19:01 67 --a------ C:\WINDOWS\system32\ofobbnsn.dll

2008-04-28 17:32 . 2008-04-28 17:32 67 --a------ C:\WINDOWS\system32\bsqgmvyk.dll

2008-04-27 15:47 . 2008-04-27 15:47 67 --a------ C:\WINDOWS\system32\taaclpie.dll

2008-04-27 15:32 . 2008-04-27 15:32 <DIR> d-------- C:\Documents and settings\Gjest\Programdata\Symantec

2008-04-27 15:31 . 2004-10-01 12:37 <DIR> d---s---- C:\Documents and settings\Gjest\UserData

2008-04-27 15:31 . 2004-10-01 12:05 <DIR> dr------- C:\Documents and settings\Gjest\Start-meny

2008-04-27 15:31 . 2004-10-01 12:05 <DIR> d--h----- C:\Documents and settings\Gjest\Skrivere

2008-04-27 15:31 . 2008-04-27 15:31 <DIR> d-------- C:\Documents and settings\Gjest\Skrivebord

2008-04-27 15:31 . 2008-04-27 15:31 <DIR> dr-h----- C:\Documents and settings\Gjest\Siste

2008-04-27 15:31 . 2008-04-27 15:34 <DIR> dr-h----- C:\Documents and settings\Gjest\Programdata

2008-04-27 15:31 . 2008-04-27 15:31 <DIR> dr------- C:\Documents and settings\Gjest\Mine dokumenter

2008-04-27 15:31 . 2004-10-01 11:10 <DIR> d--h----- C:\Documents and settings\Gjest\Maler

2008-04-27 15:31 . 2008-05-16 20:25 <DIR> d--h----- C:\Documents and settings\Gjest\Lokale innstillinger

2008-04-27 15:31 . 2008-04-27 15:31 <DIR> dr------- C:\Documents and settings\Gjest\Favoritter

2008-04-27 15:31 . 2004-10-01 12:05 <DIR> d--h----- C:\Documents and settings\Gjest\AndrMask

2008-04-27 15:31 . 2008-04-27 15:31 <DIR> d-------- C:\Documents and settings\Gjest

2008-04-27 15:31 . 2008-05-16 20:22 1,024 --ah----- C:\Documents and settings\Gjest\ntuser.dat.LOG

2008-04-27 12:09 . 2008-04-27 12:09 67 --a------ C:\WINDOWS\system32\ollklaoy.dll

2008-04-27 10:57 . 2008-04-27 10:57 67 --a------ C:\WINDOWS\system32\qejlddte.dll

2008-04-26 19:32 . 2008-04-26 19:32 67 --a------ C:\WINDOWS\system32\owflawjh.dll

2008-04-26 19:30 . 2008-04-26 19:30 67 --a------ C:\WINDOWS\system32\fgbsaein.dll

2008-04-26 18:07 . 2008-04-26 18:07 67 --a------ C:\WINDOWS\system32\ivkcnrju.dll

2008-04-25 18:20 . 2008-04-25 18:20 67 --a------ C:\WINDOWS\system32\ucbmodvr.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-16 17:34 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared

2008-05-15 20:02 9,004 ----a-w C:\Documents and settings\abcd\Programdata\wklnhst.dat

2008-04-28 18:20 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-04-28 16:42 --------- d-----w C:\Programfiler\Norton Internet Security

2008-04-28 16:26 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF

2008-04-28 16:26 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL

2008-04-28 16:26 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS

2008-04-28 16:26 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT

2008-04-28 16:26 --------- d-----w C:\Programfiler\Symantec

2007-01-22 19:50 71,360 ----a-w C:\Documents and settings\abcd\Programdata\GDIPFONTCACHEV1.DAT

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4DA3FD30-AA3B-47EF-8270-163605FBFBA3}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:03 15360]

"MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" [2004-08-04 10:03 1667584]

"swg"="C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-02-03 22:30 171448]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMan"="SOUNDMAN.EXE" [2004-02-26 16:53 65024 C:\WINDOWS\SOUNDMAN.EXE]

"SynTPLpr"="C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe" [2003-07-25 14:49 110592]

"SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2003-07-25 14:47 618496]

"ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-07-17 21:10 339968]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

"LaunchAp"="C:\Programfiler\Launch Manager\LaunchAp.exe" [2004-08-06 14:04 32768]

"HotkeyApp"="C:\Programfiler\Launch Manager\HotkeyApp.exe" [2004-07-26 15:39 49152]

"CtrlVol"="C:\Programfiler\Launch Manager\CtrlVol.exe" [2003-09-16 14:28 20480]

"LMgrOSD"="C:\Programfiler\Launch Manager\OSD.exe" [2004-07-26 14:52 204800]

"Wbutton"="C:\Programfiler\Launch Manager\Wbutton.exe" [2004-08-06 14:49 73728]

"DAEMON Tools-1033"="C:\Programfiler\D-Tools\daemon.exe" [2003-12-27 21:43 81920]

"EPSON Stylus Photo R240 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.exe" [2005-04-25 06:00 98304]

"ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2007-03-01 12:18 52840]

"QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2006-10-25 19:58 282624]

"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2006-10-30 10:36 256576]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 16:07 49263]

"Microsoft Works Update Detection"="C:\Programfiler\Fellesfiler\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-10 02:11 50688]

"Telenor Online Start"="C:\Programfiler\Telenor\Online Start\Telenor.exe" [2006-11-30 14:51 178312]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

"DJSNetCN"="C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe" [2005-11-01 10:33 54928]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 10:03 15360]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvTjGVm]

tuvTjGVm.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programfiler\\Messenger\\msmsgs.exe"=

 

R0 d344bus;d344bus;C:\WINDOWS\system32\DRIVERS\d344bus.sys [2003-12-27 21:42]

R0 d344prt;d344prt;C:\WINDOWS\system32\Drivers\d344prt.sys [2003-12-27 03:38]

R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 11:27]

R2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;"C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-08-03 19:08]

R2 LogWatch;Event Log Watch;C:\Programfiler\CA\SharedComponents\CA_LIC\LogWatNT.exe [2002-09-20 18:29]

S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys []

S3 CA_LIC_CLNT;CA License Client;C:\Programfiler\CA\SharedComponents\CA_LIC\lic98rmt.exe [2002-09-20 18:27]

S3 CA_LIC_SRVR;CA License Server;C:\Programfiler\CA\SharedComponents\CA_LIC\lic98rmtd.exe [2002-09-20 18:41]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4626ec0-22ad-11dd-b83a-000e3551512c}]

\Shell\AutoRun\command - F:\LaunchU3.exe -a

 

*Newly Created Service* - CATCHME

*Newly Created Service* - COMHOST

*Newly Created Service* - DCOMLAUNCH

*Newly Created Service* - FLTMGR

*Newly Created Service* - HTTP

*Newly Created Service* - WSCSVC

.

Contents of the 'Scheduled Tasks' folder

"2008-05-16 18:01:30 C:\WINDOWS\Tasks\Norton AntiVirus - Kjør fullstendig systemsøk - abcd.job"

- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exec/TASK:

"2008-05-16 18:04:10 C:\WINDOWS\Tasks\Se etter oppdateringer for Windows Live Toolbar.job"

- C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-16 20:26:11

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-05-16 20:27:55

ComboFix-quarantined-files.txt 2008-05-16 18:27:47

 

Pre-Run: 16,536,354,816 byte ledig

Post-Run: 16,499,630,080 byte ledig

 

247 --- E O F --- 2008-05-15 20:30:47

>

 

HiJackThis-logg:

Klikk for å se/fjerne innholdet nedenfor

<Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:35:33, on 16.05.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe

C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe

C:\Programfiler\CA\SharedComponents\CA_LIC\LogWatNT.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe

C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe

C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe

C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Programfiler\Launch Manager\LaunchAp.exe

C:\Programfiler\Launch Manager\HotkeyApp.exe

C:\Programfiler\Launch Manager\OSD.exe

C:\Programfiler\Launch Manager\Wbutton.exe

C:\Programfiler\D-Tools\daemon.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE

C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe

C:\Programfiler\QuickTime\qttask.exe

C:\Programfiler\iTunes\iTunesHelper.exe

C:\Programfiler\Java\jre1.5.0_10\bin\jusched.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\Works Shared\WkUFind.exe

C:\Programfiler\Telenor\Online Start\Telenor.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Programfiler\Messenger\msmsgs.exe

C:\Programfiler\iPod\bin\iPodService.exe

C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Programfiler\Fellesfiler\Symantec Shared\Security Console\NSCSRVCE.EXE

C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\WINDOWS\explorer.exe

C:\Programfiler\internet explorer\iexplore.exe

C:\Documents and settings\abcd\Skrivebord\testing\Testing.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.online.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {4DA3FD30-AA3B-47EF-8270-163605FBFBA3} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar3.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programfiler\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programfiler\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar3.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LaunchAp] C:\Programfiler\Launch Manager\LaunchAp.exe

O4 - HKLM\..\Run: [HotkeyApp] C:\Programfiler\Launch Manager\HotkeyApp.exe

O4 - HKLM\..\Run: [CtrlVol] C:\Programfiler\Launch Manager\CtrlVol.exe

O4 - HKLM\..\Run: [LMgrOSD] C:\Programfiler\Launch Manager\OSD.exe

O4 - HKLM\..\Run: [Wbutton] "C:\Programfiler\Launch Manager\Wbutton.exe"

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programfiler\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P30 "EPSON Stylus Photo R240 Series" /O6 "USB001" /M "Stylus Photo R240"

O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.5.0_10\bin\jusched.exe"

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programfiler\Fellesfiler\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [Telenor Online Start] "C:\Programfiler\Telenor\Online Start\Telenor.exe"

O4 - HKLM\..\RunServices: [DJSNetCN] C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Åpne i ny bakgrunnsflik - res://C:\Programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/229?1a576e7e8eff4fa2a808dc80d04afc4c

O8 - Extra context menu item: Åpne i ny forgrunnsflik - res://C:\Programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/230?1a576e7e8eff4fa2a808dc80d04afc4c

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1096627073104

O16 - DPF: {B69B0694-EB7C-4468-B572-B781062A1EF2} (KooPlayer Control) - http://static.mediazone.com/player/1.0.0.67/MZPlayer.CAB

O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: tuvTjGVm - tuvTjGVm.dll (file missing)

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Programfiler\CA\SharedComponents\CA_LIC\lic98rmt.exe

O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Programfiler\CA\SharedComponents\CA_LIC\lic98rmtd.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\ccPwdSvc.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Norton Internet Security\comHost.exe

O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Programfiler\CA\SharedComponents\CA_LIC\LogWatNT.exe

O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

 

--

End of file - 11587 bytes

>

 

Mvh

ed9

Endret 18. mai 2008 av ed9

[norbat]

Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript

Dra deretter fila over Combofix-iconet. Combofix vil starte igjen.

File::

C:\WINDOWS\system32\mmmfsxul.dll

C:\WINDOWS\system32\vnfhhyrn.dll

C:\WINDOWS\system32\plkkirnu.dll

C:\WINDOWS\system32\kerytqol.dll

C:\WINDOWS\system32\tgywutis.dll

C:\WINDOWS\system32\ofobbnsn.dll

C:\WINDOWS\system32\bsqgmvyk.dll

C:\WINDOWS\system32\taaclpie.dll

C:\WINDOWS\system32\ollklaoy.dll

C:\WINDOWS\system32\qejlddte.dll

C:\WINDOWS\system32\owflawjh.dll

C:\WINDOWS\system32\fgbsaein.dll

C:\WINDOWS\system32\ivkcnrju.dll

C:\WINDOWS\system32\ucbmodvr.dll

 

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4DA3FD30-AA3B-47EF-8270-163605FBFBA3}]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvTjGVm]

 

Post ny hjt-logg, så ser vi om det er noe mer å gjøre.

[ed9]

Det var kjapt

 

Får ikke gjort det ikveld, men skal prøve å få gjort det iløpet av helgen!

[ed9]

Her er logger etter å ha kjørt CFScriptet:

 

Combofix-logg

Klikk for å se/fjerne innholdet nedenfor

<ComboFix 08-05-15.3 - abcd 2008-05-18 17:00:45.2 - NTFSx86

Running from: C:\Documents and settings\abcd\Skrivebord\ComboFix.exe

Command switches used :: C:\Documents and settings\abcd\Skrivebord\CFScript.txt

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

 

FILE ::

C:\WINDOWS\system32\bsqgmvyk.dll

C:\WINDOWS\system32\fgbsaein.dll

C:\WINDOWS\system32\ivkcnrju.dll

C:\WINDOWS\system32\kerytqol.dll

C:\WINDOWS\system32\mmmfsxul.dll

C:\WINDOWS\system32\ofobbnsn.dll

C:\WINDOWS\system32\ollklaoy.dll

C:\WINDOWS\system32\owflawjh.dll

C:\WINDOWS\system32\plkkirnu.dll

C:\WINDOWS\system32\qejlddte.dll

C:\WINDOWS\system32\tgywutis.dll

C:\WINDOWS\system32\taaclpie.dll

C:\WINDOWS\system32\ucbmodvr.dll

C:\WINDOWS\system32\vnfhhyrn.dll

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\system32\bsqgmvyk.dll

C:\WINDOWS\system32\fgbsaein.dll

C:\WINDOWS\system32\ivkcnrju.dll

C:\WINDOWS\system32\kerytqol.dll

C:\WINDOWS\system32\mmmfsxul.dll

C:\WINDOWS\system32\ofobbnsn.dll

C:\WINDOWS\system32\ollklaoy.dll

C:\WINDOWS\system32\owflawjh.dll

C:\WINDOWS\system32\plkkirnu.dll

C:\WINDOWS\system32\qejlddte.dll

C:\WINDOWS\system32\tgywutis.dll

C:\WINDOWS\system32\taaclpie.dll

C:\WINDOWS\system32\ucbmodvr.dll

C:\WINDOWS\system32\vnfhhyrn.dll

 

.

((((((((((((((((((((((((( Files Created from 2008-04-18 to 2008-05-18 )))))))))))))))))))))))))))))))

.

 

2008-05-18 01:35 . 2008-05-18 01:35 <DIR> d-------- C:\Documents and settings\abcd\Programdata\U3

2008-05-16 21:04 . 2008-05-16 21:04 <DIR> d-------- C:\Programfiler\MSXML 4.0

2008-05-16 21:01 . 2008-05-16 21:17 1,374 --a------ C:\WINDOWS\imsins.BAK

2008-05-16 20:45 . 2008-05-16 20:46 <DIR> d-------- C:\Documents and settings\abcd\Programdata\Media Player Classic

2008-05-16 19:28 . 2008-05-18 16:57 <DIR> dr-h----- C:\Documents and settings\abcd\Siste

2008-05-16 19:28 . 2008-05-18 16:57 <DIR> dr-h----- C:\Documents and settings\abcd\Siste

2008-05-16 19:21 . 2007-07-09 15:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll

2008-05-16 18:39 . 2008-05-16 18:39 <DIR> d-------- C:\Documents and settings\LocalService\Start-meny

2008-05-15 21:22 . 2004-08-04 10:03 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2008-05-15 21:20 . 2008-05-15 21:20 <DIR> d-------- C:\WINDOWS\provisioning

2008-05-15 21:20 . 2008-05-15 21:20 <DIR> d-------- C:\WINDOWS\peernet

2008-05-15 21:15 . 2008-05-15 21:15 <DIR> d-------- C:\WINDOWS\ServicePackFiles

2008-05-15 20:59 . 2008-05-15 20:59 <DIR> d-------- C:\WINDOWS\EHome

2008-05-03 10:33 . 2008-05-03 11:52 6,955 --a------ C:\WINDOWS\system32\EPPICResdb0000

2008-05-03 10:33 . 2008-05-03 11:52 121 --a------ C:\WINDOWS\system32\EPPICResdb

2008-04-28 21:18 . 2008-04-28 21:18 0 --a------ C:\WINDOWS\nsreg.dat

2008-04-28 20:23 . 2008-04-28 20:23 <DIR> d-------- C:\Documents and settings\All Users\Programdata\SUPERAntiSpyware.com

2008-04-28 20:22 . 2008-05-16 19:34 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware

2008-04-28 20:22 . 2008-04-28 20:22 <DIR> d-------- C:\Documents and settings\abcd\Programdata\SUPERAntiSpyware.com

2008-04-28 19:46 . 2008-04-28 19:46 <DIR> d-------- C:\Programfiler\CCleaner

2008-04-27 15:32 . 2008-04-27 15:32 <DIR> d-------- C:\Documents and settings\Gjest\Programdata\Symantec

2008-04-27 15:31 . 2004-10-01 12:37 <DIR> d---s---- C:\Documents and settings\Gjest\UserData

2008-04-27 15:31 . 2004-10-01 12:05 <DIR> dr------- C:\Documents and settings\Gjest\Start-meny

2008-04-27 15:31 . 2004-10-01 12:05 <DIR> d--h----- C:\Documents and settings\Gjest\Skrivere

2008-04-27 15:31 . 2008-04-27 15:31 <DIR> d-------- C:\Documents and settings\Gjest\Skrivebord

2008-04-27 15:31 . 2008-04-27 15:31 <DIR> dr-h----- C:\Documents and settings\Gjest\Siste

2008-04-27 15:31 . 2008-04-27 15:34 <DIR> dr-h----- C:\Documents and settings\Gjest\Programdata

2008-04-27 15:31 . 2008-04-27 15:31 <DIR> dr------- C:\Documents and settings\Gjest\Mine dokumenter

2008-04-27 15:31 . 2004-10-01 11:10 <DIR> d--h----- C:\Documents and settings\Gjest\Maler

2008-04-27 15:31 . 2008-05-18 17:05 <DIR> d--h----- C:\Documents and settings\Gjest\Lokale innstillinger

2008-04-27 15:31 . 2008-04-27 15:31 <DIR> dr------- C:\Documents and settings\Gjest\Favoritter

2008-04-27 15:31 . 2004-10-01 12:05 <DIR> d--h----- C:\Documents and settings\Gjest\AndrMask

2008-04-27 15:31 . 2008-04-27 15:31 <DIR> d-------- C:\Documents and settings\Gjest

2008-04-27 15:31 . 2008-05-17 23:28 1,024 --ah----- C:\Documents and settings\Gjest\ntuser.dat.LOG

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-18 15:06 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared

2008-05-15 20:02 9,004 ----a-w C:\Documents and settings\abcd\Programdata\wklnhst.dat

2008-04-28 18:20 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-04-28 16:42 --------- d-----w C:\Programfiler\Norton Internet Security

2008-04-28 16:26 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF

2008-04-28 16:26 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL

2008-04-28 16:26 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS

2008-04-28 16:26 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT

2008-04-28 16:26 --------- d-----w C:\Programfiler\Symantec

2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll

2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll

2008-03-20 08:11 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys

2008-02-20 06:52 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll

2008-02-20 05:39 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll

2007-01-22 19:50 71,360 ----a-w C:\Documents and settings\abcd\Programdata\GDIPFONTCACHEV1.DAT

.

 

((((((((((((((((((((((((((((( snapshot@2008-05-16_20.27.25,76 )))))))))))))))))))))))))))))))))))))))))

.

- 2007-01-20 09:04:39 1,200,128 ----a-w C:\WINDOWS\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll

+ 2008-05-16 20:40:07 1,200,128 ----a-w C:\WINDOWS\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll

- 2007-01-20 08:33:29 1,257,472 ----a-w C:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll

+ 2008-05-16 19:11:25 1,265,664 ----a-w C:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll

- 2004-10-01 15:34:57 1,224,704 ----a-w C:\WINDOWS\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll

+ 2008-05-16 19:11:26 1,232,896 ----a-w C:\WINDOWS\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll

+ 2008-05-16 21:16:06 61,440 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.0.3705\CustomMarshalers\1.0.3300.0__b03f5f7f11d50a3a_59d8716d\CustomMarshalers.dll

+ 2008-05-16 20:40:19 3,301,376 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.0.3705\mscorlib\1.0.3300.0__b77a5c561934e089_1e2dc234\mscorlib.dll

+ 2008-05-16 21:15:33 1,454,080 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.0.3705\System.Design\1.0.3300.0__b03f5f7f11d50a3a_bd6cf6ef\System.Design.dll

+ 2008-05-16 21:16:04 90,112 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.0.3705\System.Drawing.Design\1.0.3300.0__b03f5f7f11d50a3a_57cef002\System.Drawing.Design.dll

+ 2008-05-16 21:15:15 847,872 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.0.3705\System.Drawing\1.0.3300.0__b03f5f7f11d50a3a_afd4a924\System.Drawing.dll

+ 2008-05-16 21:15:58 2,953,216 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.0.3705\System.Windows.Forms\1.0.3300.0__b77a5c561934e089_c5bda493\System.Windows.Forms.dll

+ 2008-05-16 21:15:44 2,027,520 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.0.3705\System.Xml\1.0.3300.0__b77a5c561934e089_064cf421\System.Xml.dll

+ 2008-05-16 20:40:39 1,855,488 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.0.3705\System\1.0.3300.0__b77a5c561934e089_49db112a\System.dll

+ 2008-05-16 19:11:47 61,440 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_e4ec1498\CustomMarshalers.dll

+ 2008-05-16 19:12:15 3,391,488 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_1296505b\mscorlib.dll

+ 2008-05-16 19:12:09 1,466,368 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_bf43031a\System.Design.dll

+ 2008-05-16 19:11:50 90,112 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_b356a3a9\System.Drawing.Design.dll

+ 2008-05-16 19:12:11 835,584 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_60e3b334\System.Drawing.dll

+ 2008-05-16 19:11:57 3,018,752 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_a7be098a\System.Windows.Forms.dll

+ 2008-05-16 19:12:03 2,088,960 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_2dda2196\System.Xml.dll

+ 2008-05-16 19:11:45 1,966,080 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_a58a102f\System.dll

- 2008-05-16 16:37:02 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-05-18 14:53:41 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2006-02-15 00:22:26 142,464 ------w C:\WINDOWS\Driver Cache\i386\aec.sys

+ 2006-03-17 00:33:10 262,784 ------w C:\WINDOWS\Driver Cache\i386\http.sys

+ 2006-06-14 08:47:45 172,416 ------w C:\WINDOWS\Driver Cache\i386\kmixer.sys

- 2005-03-02 18:09:56 2,137,600 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe

+ 2007-02-28 16:05:16 2,138,112 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe

- 2005-03-02 18:09:56 2,058,624 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe

+ 2007-02-28 16:05:26 2,059,392 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe

- 2005-03-02 18:09:59 2,017,280 ------w C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe

+ 2007-02-28 16:05:16 2,017,792 ------w C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe

- 2005-03-02 18:10:04 2,181,120 ------w C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe

+ 2007-02-28 16:05:27 2,182,144 ------w C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe

+ 2006-06-14 08:47:46 6,400 ------w C:\WINDOWS\Driver Cache\i386\splitter.sys

+ 2006-06-14 09:00:45 82,944 ------w C:\WINDOWS\Driver Cache\i386\wdmaud.sys

- 2004-08-04 08:03:30 1,032,192 ----a-w C:\WINDOWS\explorer.exe

+ 2007-06-13 13:24:02 1,033,216 ----a-w C:\WINDOWS\explorer.exe

- 2005-05-04 14:33:52 1,077,312 ----a-w C:\WINDOWS\Help\SBSI\Training\orun32.exe

+ 2006-08-21 13:57:14 1,077,321 ----a-w C:\WINDOWS\Help\SBSI\Training\orun32.exe

+ 2008-05-16 19:04:31 32,768 ----a-r C:\WINDOWS\Installer\{C04E32E0-0416-434D-AFB9-6969D703A9EF}\icon.exe

- 2004-07-14 21:36:08 200,704 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll

+ 2007-01-02 14:34:04 200,704 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll

- 2004-07-14 21:36:10 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe

+ 2007-01-02 14:34:04 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe

- 2004-07-15 15:38:34 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\IEExec.exe

+ 2007-01-02 14:29:28 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\IEExec.exe

- 2004-07-14 20:50:30 73,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorie.dll

+ 2007-01-02 14:29:12 73,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorie.dll

- 2004-07-14 20:50:30 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorld.dll

+ 2007-01-02 14:29:12 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorld.dll

- 2004-07-15 15:36:46 1,998,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorlib.dll

+ 2007-01-02 14:21:20 1,998,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorlib.dll

- 2004-07-14 20:49:06 2,265,088 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorsvr.dll

+ 2007-01-02 14:28:28 2,273,280 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorsvr.dll

- 2004-07-14 20:49:54 2,269,184 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll

+ 2007-01-02 14:28:46 2,281,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll

- 2004-08-10 14:20:00 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\netfxupdate.exe

+ 2007-01-15 14:11:26 73,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\netfxupdate.exe

+ 2004-07-14 21:36:08 200,704 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\SHADOW1024\_aspnet_isapi.dll

+ 2004-07-14 20:50:22 69,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\SHADOW1024\_CORPerfMonExt.dll

+ 2004-07-14 20:48:20 233,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\SHADOW1024\_fusion.dll

+ 2004-07-14 20:48:28 303,104 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\SHADOW1024\_mscorjit.dll

+ 2004-07-15 15:36:46 1,998,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\SHADOW1024\_mscorlib.dll

+ 2004-07-14 20:50:34 69,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\SHADOW1024\_mscorsn.dll

+ 2004-07-14 20:49:06 2,265,088 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\SHADOW1024\_mscorsvr.dll

+ 2004-07-14 20:49:54 2,269,184 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\SHADOW1024\_mscorwks.dll

+ 2002-01-05 10:37:28 344,064 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\SHADOW1024\_msvcr70.dll

+ 2004-07-14 21:33:30 20,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\SHADOW1024\_PerfCounter.dll

+ 2004-07-14 21:36:08 200,704 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\SHADOW3116\_aspnet_isapi.dll

+ 2004-07-14 20:50:22 69,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\SHADOW3116\_CORPerfMonExt.dll

+ 2004-07-14 20:48:20 233,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\SHADOW3116\_fusion.dll

+ 2004-07-14 20:48:28 303,104 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\SHADOW3116\_mscorjit.dll

+ 2004-07-15 15:36:46 1,998,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\SHADOW3116\_mscorlib.dll

+ 2004-07-14 20:50:34 69,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\SHADOW3116\_mscorsn.dll

+ 2004-07-14 20:49:06 2,265,088 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\SHADOW3116\_mscorsvr.dll

+ 2004-07-14 20:49:54 2,269,184 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\SHADOW3116\_mscorwks.dll

+ 2002-01-05 10:37:28 344,064 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\SHADOW3116\_msvcr70.dll

+ 2004-07-14 21:33:30 20,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\SHADOW3116\_PerfCounter.dll

- 2004-10-07 12:28:36 1,200,128 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Web.dll

+ 2007-01-02 14:40:24 1,200,128 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Web.dll

- 2004-07-14 23:49:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll

+ 2007-04-13 19:30:52 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll

- 2004-07-14 23:49:22 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe

+ 2007-04-13 19:30:52 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe

- 2004-07-14 22:32:22 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll

+ 2007-04-13 18:57:52 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll

- 2003-02-20 18:09:14 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorie.dll

+ 2007-04-13 18:57:58 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorie.dll

- 2004-07-14 22:25:06 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll

+ 2007-04-13 18:56:30 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll

- 2004-07-14 22:33:04 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll

+ 2007-04-13 18:58:00 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll

- 2004-07-15 12:29:02 2,138,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll

+ 2007-04-13 18:50:46 2,142,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll

- 2003-02-20 18:09:18 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll

+ 2007-04-13 18:58:02 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll

- 2004-07-14 22:26:52 2,510,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll

+ 2007-04-13 18:57:00 2,523,136 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll

- 2004-07-14 22:28:34 2,502,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll

+ 2007-04-13 18:57:28 2,514,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll

- 2004-08-10 14:20:00 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe

+ 2007-01-15 14:11:26 73,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe

+ 2004-07-14 23:49:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3020\_aspnet_isapi.dll

+ 2004-07-14 22:32:22 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3020\_CORPerfMonExt.dll

+ 2004-07-14 22:24:30 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3020\_fusion.dll

+ 2004-07-14 22:25:06 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3020\_mscorjit.dll

+ 2004-07-15 12:29:02 2,138,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3020\_mscorlib.dll

+ 2003-02-20 18:09:18 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3020\_mscorsn.dll

+ 2004-07-14 22:26:52 2,510,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3020\_mscorsvr.dll

+ 2004-07-14 22:28:34 2,502,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3020\_mscorwks.dll

+ 2003-02-21 03:42:22 348,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3020\_msvcr71.dll

+ 2004-07-14 22:34:50 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3020\_PerfCounter.dll

- 2004-07-15 12:31:16 1,224,704 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.dll

+ 2007-04-13 19:35:38 1,232,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.dll

- 2004-10-08 05:20:12 1,257,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.dll

+ 2007-04-13 19:35:46 1,265,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.dll

- 2004-08-04 08:03:06 41,984 ----a-w C:\WINDOWS\msagent\agentdp2.dll

+ 2006-10-12 14:05:19 42,496 ----a-w C:\WINDOWS\msagent\agentdp2.dll

- 2005-04-22 05:09:23 57,344 ----a-w C:\WINDOWS\msagent\agentdpv.dll

+ 2007-03-09 13:48:18 57,344 ----a-w C:\WINDOWS\msagent\agentdpv.dll

- 2004-08-04 08:03:27 256,512 ----a-w C:\WINDOWS\msagent\agentsvr.exe

+ 2006-10-12 11:09:53 256,512 ----a-w C:\WINDOWS\msagent\agentsvr.exe

- 2004-08-04 08:03:06 1,016,832 ----a-w C:\WINDOWS\system32\browseui.dll

+ 2008-02-16 09:05:40 1,023,488 ----a-w C:\WINDOWS\system32\browseui.dll

- 2004-08-04 08:03:07 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll

+ 2008-02-16 09:05:40 151,552 ----a-w C:\WINDOWS\system32\cdfview.dll

- 2005-10-20 19:10:14 986,624 ----a-w C:\WINDOWS\system32\DANIM.DLL

+ 2008-02-16 09:05:41 1,054,720 ----a-w C:\WINDOWS\system32\danim.dll

+ 2006-10-12 14:05:19 42,496 -c----w C:\WINDOWS\system32\dllcache\agentdp2.dll

- 2005-04-22 05:09:23 57,344 -c--a-w C:\WINDOWS\system32\dllcache\agentdpv.dll

+ 2007-03-09 13:48:18 57,344 -c--a-w C:\WINDOWS\system32\dllcache\agentdpv.dll

+ 2006-10-12 11:09:53 256,512 -c----w C:\WINDOWS\system32\dllcache\agentsvr.exe

+ 2008-02-16 09:05:40 1,023,488 -c----w C:\WINDOWS\system32\dllcache\browseui.dll

+ 2008-02-16 09:05:40 151,552 -c----w C:\WINDOWS\system32\dllcache\cdfview.dll

- 2005-10-20 19:10:14 986,624 -c--a-w C:\WINDOWS\system32\dllcache\DANIM.DLL

+ 2008-02-16 09:05:41 1,054,720 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll

+ 2008-03-25 04:50:25 554,008 -c----w C:\WINDOWS\system32\dllcache\dao360.dll

+ 2007-05-16 15:19:42 86,528 -c----w C:\WINDOWS\system32\dllcache\directdb.dll

- 2006-06-26 17:45:59 148,480 -c----w C:\WINDOWS\system32\dllcache\dnsapi.dll

+ 2008-02-20 05:39:05 148,992 -c----w C:\WINDOWS\system32\dllcache\dnsapi.dll

+ 2008-02-20 05:39:06 45,568 -c----w C:\WINDOWS\system32\dllcache\dnsrslvr.dll

+ 2006-08-24 11:18:20 498,742 -c----w C:\WINDOWS\system32\dllcache\dxmasf.dll

+ 2008-02-16 09:05:42 357,888 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll

+ 2008-02-16 09:05:42 205,312 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll

+ 2007-06-13 13:24:02 1,033,216 -c----w C:\WINDOWS\system32\dllcache\explorer.exe

+ 2008-02-16 09:05:42 55,808 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll

+ 2006-08-21 12:28:02 16,896 -c----w C:\WINDOWS\system32\dllcache\fltlib.dll

+ 2006-08-21 09:14:58 23,040 -c----w C:\WINDOWS\system32\dllcache\fltmc.exe

+ 2006-08-21 09:14:58 128,896 -c----w C:\WINDOWS\system32\dllcache\fltmgr.sys

+ 2008-02-20 06:52:04 282,624 -c----w C:\WINDOWS\system32\dllcache\gdi32.dll

+ 2008-02-15 09:23:37 18,432 -c----w C:\WINDOWS\system32\dllcache\iedw.exe

+ 2008-02-16 09:05:42 251,392 -c----w C:\WINDOWS\system32\dllcache\iepeers.dll

+ 2007-08-21 06:18:26 683,520 -c----w C:\WINDOWS\system32\dllcache\inetcomm.dll

+ 2008-02-16 09:05:42 96,768 -c----w C:\WINDOWS\system32\dllcache\inseng.dll

- 2006-05-18 05:45:05 450,560 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll

+ 2007-12-18 14:43:09 450,560 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll

+ 2008-02-16 09:05:42 16,384 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll

- 2006-07-05 10:57:15 985,088 -c----w C:\WINDOWS\system32\dllcache\kernel32.dll

+ 2007-04-16 15:54:45 985,600 -c----w C:\WINDOWS\system32\dllcache\kernel32.dll

+ 2006-06-14 08:47:45 172,416 -c----w C:\WINDOWS\system32\dllcache\kmixer.sys

+ 2007-11-07 09:30:24 721,920 -c----w C:\WINDOWS\system32\dllcache\lsasrv.dll

+ 2007-03-08 15:39:11 40,960 -c----w C:\WINDOWS\system32\dllcache\mf3216.dll

- 2002-09-16 12:00:00 924,432 -c--a-w C:\WINDOWS\system32\dllcache\mfc40u.dll

+ 2006-11-01 19:19:13 927,504 -c--a-w C:\WINDOWS\system32\dllcache\mfc40u.dll

+ 2006-10-14 08:13:25 981,760 -c----w C:\WINDOWS\system32\dllcache\mfc42u.dll

+ 2007-12-18 09:51:35 179,584 -c----w C:\WINDOWS\system32\dllcache\mrxdav.sys

+ 2006-12-26 13:09:26 536,576 -c----w C:\WINDOWS\system32\dllcache\msado15.dll

+ 2006-12-26 13:09:26 180,224 -c----w C:\WINDOWS\system32\dllcache\msadomd.dll

+ 2006-12-26 13:09:26 200,704 -c----w C:\WINDOWS\system32\dllcache\msadox.dll

+ 2008-03-25 04:50:28 518,944 -c----w C:\WINDOWS\system32\dllcache\msexch40.dll

+ 2008-03-25 04:50:30 326,432 -c----w C:\WINDOWS\system32\dllcache\msexcl40.dll

+ 2006-11-27 14:55:50 539,136 -c----w C:\WINDOWS\system32\dllcache\msftedit.dll

+ 2008-02-16 22:35:48 3,080,704 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll

+ 2008-02-16 09:05:48 449,024 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll

- 2005-05-03 11:58:36 2,890,240 -c--a-w C:\WINDOWS\system32\dllcache\msi.dll

+ 2007-04-18 16:15:14 2,854,400 -c--a-w C:\WINDOWS\system32\dllcache\msi.dll

+ 2008-03-25 04:50:34 1,516,568 -c----w C:\WINDOWS\system32\dllcache\msjet40.dll

- 2004-03-01 18:52:15 358,976 -c--a-w C:\WINDOWS\system32\dllcache\msjetol1.dll

+ 2008-03-25 04:50:40 355,112 -c--a-w C:\WINDOWS\system32\dllcache\msjetol1.dll

+ 2008-03-25 04:51:59 166,688 -c----w C:\WINDOWS\system32\dllcache\msjint40.dll

+ 2006-12-26 13:09:26 102,400 -c----w C:\WINDOWS\system32\dllcache\msjro.dll

+ 2008-03-25 04:50:42 60,192 -c----w C:\WINDOWS\system32\dllcache\msjter40.dll

+ 2008-03-25 04:50:42 248,608 -c----w C:\WINDOWS\system32\dllcache\msjtes40.dll

+ 2008-03-25 04:50:44 219,936 -c----w C:\WINDOWS\system32\dllcache\msltus40.dll

+ 2007-05-16 15:19:43 1,314,816 -c----w C:\WINDOWS\system32\dllcache\msoe.dll

+ 2008-03-25 04:50:45 355,104 -c----w C:\WINDOWS\system32\dllcache\mspbde40.dll

+ 2008-02-16 09:05:48 146,432 -c----w C:\WINDOWS\system32\dllcache\msrating.dll

+ 2008-03-25 04:50:47 432,928 -c----w C:\WINDOWS\system32\dllcache\msrd2x40.dll

+ 2008-03-25 04:50:49 322,336 -c----w C:\WINDOWS\system32\dllcache\msrd3x40.dll

+ 2008-03-25 04:50:52 559,904 -c----w C:\WINDOWS\system32\dllcache\msrepl40.dll

+ 2008-03-25 04:50:55 264,992 -c----w C:\WINDOWS\system32\dllcache\mstext40.dll

+ 2008-02-16 09:05:48 532,480 -c----w C:\WINDOWS\system32\dllcache\mstime.dll

+ 2008-03-25 04:50:57 838,432 -c----w C:\WINDOWS\system32\dllcache\mswdat10.dll

+ 2008-03-25 04:51:59 621,344 -c----w C:\WINDOWS\system32\dllcache\mswstr10.dll

+ 2008-03-25 04:50:58 355,104 -c----w C:\WINDOWS\system32\dllcache\msxbde40.dll

- 2006-09-13 05:07:08 1,084,416 -c--a-w C:\WINDOWS\system32\dllcache\msxml3.dll

+ 2007-06-26 06:10:37 1,104,896 -c--a-w C:\WINDOWS\system32\dllcache\msxml3.dll

- 2006-07-14 15:41:10 332,288 -c----w C:\WINDOWS\system32\dllcache\netapi32.dll

+ 2006-08-17 12:30:01 332,288 -c----w C:\WINDOWS\system32\dllcache\netapi32.dll

+ 2007-02-09 11:10:35 574,464 -c----w C:\WINDOWS\system32\dllcache\ntfs.sys

+ 2007-02-28 16:05:16 2,138,112 -c----w C:\WINDOWS\system32\dllcache\ntkrnlmp.exe

+ 2007-02-28 16:05:26 2,059,392 -c----w C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

+ 2007-02-28 16:05:16 2,017,792 -c----w C:\WINDOWS\system32\dllcache\ntkrpamp.exe

+ 2007-02-28 16:05:27 2,182,144 -c----w C:\WINDOWS\system32\dllcache\ntoskrnl.exe

+ 2006-10-13 12:41:29 141,824 -c----w C:\WINDOWS\system32\dllcache\nwprovau.dll

+ 2007-12-04 18:42:25 550,912 -c----w C:\WINDOWS\system32\dllcache\oleaut32.dll

- 2002-09-16 12:00:00 117,760 -c--a-w C:\WINDOWS\system32\dllcache\oledlg.dll

+ 2006-10-16 16:16:24 122,880 -c--a-w C:\WINDOWS\system32\dllcache\oledlg.dll

+ 2008-02-16 09:05:49 39,424 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll

+ 2007-10-29 22:45:19 1,290,752 -c----w C:\WINDOWS\system32\dllcache\quartz.dll

+ 2006-11-27 14:55:50 433,152 -c----w C:\WINDOWS\system32\dllcache\riched20.dll

+ 2007-04-25 14:23:31 144,896 -c----w C:\WINDOWS\system32\dllcache\schannel.dll

- 2006-09-04 06:13:54 1,494,016 -c----w C:\WINDOWS\system32\dllcache\shdocvw.dll

+ 2008-02-16 09:05:52 1,494,528 -c----w C:\WINDOWS\system32\dllcache\shdocvw.dll

- 2006-07-13 13:36:23 8,459,776 -c----w C:\WINDOWS\system32\dllcache\shell32.dll

+ 2007-10-25 16:57:36 8,460,800 -c----w C:\WINDOWS\system32\dllcache\shell32.dll

+ 2008-02-16 09:05:52 474,112 -c----w C:\WINDOWS\system32\dllcache\shlwapi.dll

+ 2006-12-19 21:51:45 134,656 -c----w C:\WINDOWS\system32\dllcache\shsvcs.dll

+ 2006-06-14 08:47:46 6,400 -c----w C:\WINDOWS\system32\dllcache\splitter.sys

+ 2006-08-24 11:19:52 246,814 -c----w C:\WINDOWS\system32\dllcache\strmdll.dll

+ 2006-10-20 01:39:57 713,728 -c----w C:\WINDOWS\system32\dllcache\sxs.dll

- 2006-04-20 11:51:50 359,808 -c----w C:\WINDOWS\system32\dllcache\tcpip.sys

+ 2007-10-30 17:20:55 360,064 -c----w C:\WINDOWS\system32\dllcache\tcpip.sys

+ 2007-04-23 10:32:54 364,160 -c----w C:\WINDOWS\system32\dllcache\update.sys

+ 2007-02-05 20:19:38 185,344 -c----w C:\WINDOWS\system32\dllcache\upnphost.dll

+ 2008-02-16 09:05:53 615,936 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll

+ 2007-03-08 15:39:11 577,536 -c----w C:\WINDOWS\system32\dllcache\user32.dll

+ 2007-12-18 14:43:09 417,792 -c----w C:\WINDOWS\system32\dllcache\vbscript.dll

+ 2007-06-26 13:57:31 851,968 -c----w C:\WINDOWS\system32\dllcache\vgx.dll

+ 2007-05-16 15:19:48 510,976 -c----w C:\WINDOWS\system32\dllcache\wab32.dll

+ 2007-05-16 15:19:50 85,504 -c----w C:\WINDOWS\system32\dllcache\wabimp.dll

+ 2006-06-14 09:00:45 82,944 -c----w C:\WINDOWS\system32\dllcache\wdmaud.sys

+ 2006-12-19 18:18:33 333,824 -c----w C:\WINDOWS\system32\dllcache\wiaservc.dll

+ 2008-03-20 08:11:33 1,845,248 -c----w C:\WINDOWS\system32\dllcache\win32k.sys

+ 2008-02-16 09:05:54 658,944 -c----w C:\WINDOWS\system32\dllcache\wininet.dll

+ 2007-03-17 13:45:38 292,864 -c----w C:\WINDOWS\system32\dllcache\winsrv.dll

+ 2006-08-17 12:30:01 132,096 -c----w C:\WINDOWS\system32\dllcache\wkssvc.dll

+ 2007-10-25 08:00:50 230,912 -c----w C:\WINDOWS\system32\dllcache\wmasf.dll

- 2006-04-24 14:40:00 4,730,880 -c--a-w C:\WINDOWS\system32\dllcache\wmp.dll

+ 2007-04-30 00:22:16 4,734,976 -c--a-w C:\WINDOWS\system32\dllcache\wmp.dll

+ 2007-10-25 08:01:10 2,109,440 -c----w C:\WINDOWS\system32\dllcache\wmvcore.dll

- 2006-06-26 17:45:59 148,480 ----a-w C:\WINDOWS\system32\dnsapi.dll

+ 2008-02-20 05:39:05 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll

- 2004-08-04 05:39:36 142,464 ----a-w C:\WINDOWS\system32\drivers\aec.sys

+ 2006-02-15 00:22:26 142,464 ----a-w C:\WINDOWS\system32\drivers\aec.sys

- 2004-08-04 06:01:19 124,800 ------w C:\WINDOWS\system32\drivers\fltmgr.sys

+ 2006-08-21 09:14:58 128,896 ------w C:\WINDOWS\system32\drivers\fltmgr.sys

- 2004-08-04 06:00:13 263,040 ------w C:\WINDOWS\system32\drivers\http.sys

+ 2006-03-17 00:33:10 262,784 ------w C:\WINDOWS\system32\drivers\http.sys

- 2004-08-04 06:04:50 134,912 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys

+ 2004-09-29 22:28:37 134,912 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys

- 2004-08-04 06:07:48 171,776 ----a-w C:\WINDOWS\system32\drivers\kmixer.sys

+ 2006-06-14 08:47:45 172,416 ----a-w C:\WINDOWS\system32\drivers\kmixer.sys

- 2004-08-04 06:00:56 181,248 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys

+ 2007-12-18 09:51:35 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys

- 2004-08-04 06:15:09 574,592 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys

+ 2007-02-09 11:10:35 574,464 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys

- 2002-09-16 12:00:00 27,440 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

+ 2007-11-13 10:25:55 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

- 2004-08-04 06:07:47 6,400 ----a-w C:\WINDOWS\system32\drivers\splitter.sys

+ 2006-06-14 08:47:46 6,400 ----a-w C:\WINDOWS\system32\drivers\splitter.sys

- 2006-04-20 11:51:50 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

+ 2007-10-30 17:20:55 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

- 2004-08-04 05:58:32 209,408 ----a-w C:\WINDOWS\system32\drivers\update.sys

+ 2007-04-23 10:32:54 364,160 ----a-w C:\WINDOWS\system32\drivers\update.sys

- 2004-08-04 06:15:04 82,944 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys

+ 2006-06-14 09:00:45 82,944 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys

- 2004-08-04 08:03:09 497,693 ----a-w C:\WINDOWS\system32\dxmasf.dll

+ 2006-08-24 11:18:20 498,742 ----a-w C:\WINDOWS\system32\dxmasf.dll

- 2004-08-04 08:03:09 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll

+ 2008-02-16 09:05:42 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll

- 2004-08-04 08:03:09 201,728 ----a-w C:\WINDOWS\system32\dxtrans.dll

+ 2008-02-16 09:05:42 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll

- 2004-08-04 08:03:10 55,808 ------w C:\WINDOWS\system32\extmgr.dll

+ 2008-02-16 09:05:42 55,808 ------w C:\WINDOWS\system32\extmgr.dll

- 2004-08-04 08:03:10 16,896 ------w C:\WINDOWS\system32\fltlib.dll

+ 2006-08-21 12:28:02 16,896 ----a-w C:\WINDOWS\system32\fltlib.dll

- 2004-08-04 08:03:30 22,528 ------w C:\WINDOWS\system32\fltmc.exe

+ 2006-08-21 09:14:58 23,040 ----a-w C:\WINDOWS\system32\fltmc.exe

- 2008-05-16 16:36:48 250,288 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT

+ 2008-05-16 19:19:44 250,288 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT

- 2004-08-04 08:03:12 249,344 ----a-w C:\WINDOWS\system32\iepeers.dll

+ 2008-02-16 09:05:42 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll

- 2004-08-04 08:03:12 678,400 ----a-w C:\WINDOWS\system32\inetcomm.dll

+ 2007-08-21 06:18:26 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll

- 2004-08-04 08:03:13 96,768 ----a-w C:\WINDOWS\system32\inseng.dll

+ 2008-02-16 09:05:42 96,768 ----a-w C:\WINDOWS\system32\inseng.dll

- 2006-05-18 05:45:05 450,560 ----a-w C:\WINDOWS\system32\jscript.dll

+ 2007-12-18 14:43:09 450,560 ----a-w C:\WINDOWS\system32\jscript.dll

- 2004-08-04 08:03:13 15,872 ----a-w C:\WINDOWS\system32\jsproxy.dll

+ 2008-02-16 09:05:42 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll

- 2006-07-05 10:57:15 985,088 ----a-w C:\WINDOWS\system32\kernel32.dll

+ 2007-04-16 15:54:45 985,600 ----a-w C:\WINDOWS\system32\kernel32.dll

- 2004-10-28 01:29:00 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll

+ 2007-11-07 09:30:24 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll

- 2004-08-04 08:03:14 39,936 ----a-w C:\WINDOWS\system32\mf3216.dll

+ 2007-03-08 15:39:11 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll

- 2002-09-16 12:00:00 924,432 ----a-w C:\WINDOWS\system32\mfc40u.dll

+ 2006-11-01 19:19:13 927,504 ----a-w C:\WINDOWS\system32\mfc40u.dll

- 2004-08-04 08:03:14 1,024,000 ----a-w C:\WINDOWS\system32\mfc42u.dll

+ 2006-10-14 08:13:25 981,760 ----a-w C:\WINDOWS\system32\mfc42u.dll

- 2008-04-06 05:56:20 19,836,024 ----a-w C:\WINDOWS\system32\MRT.exe

+ 2008-05-09 21:35:04 16,863,864 ----a-w C:\WINDOWS\system32\MRT.exe

- 2004-07-14 22:24:50 155,648 ----a-w C:\WINDOWS\system32\mscoree.dll

+ 2006-12-22 10:28:14 271,360 ----a-w C:\WINDOWS\system32\mscoree.dll

- 2004-08-04 08:03:16 512,029 ----a-w C:\WINDOWS\system32\msexch40.dll

+ 2008-03-25 04:50:28 518,944 ----a-w C:\WINDOWS\system32\msexch40.dll

- 2004-08-04 08:03:16 319,517 ----a-w C:\WINDOWS\system32\msexcl40.dll

+ 2008-03-25 04:50:30 326,432 ----a-w C:\WINDOWS\system32\msexcl40.dll

- 2004-08-04 08:03:16 537,088 ----a-w C:\WINDOWS\system32\msftedit.dll

+ 2006-11-27 14:55:50 539,136 ----a-w C:\WINDOWS\system32\msftedit.dll

- 2004-08-04 08:03:16 3,003,392 ----a-w C:\WINDOWS\system32\mshtml.dll

+ 2008-02-16 22:35:48 3,080,704 ----a-w C:\WINDOWS\system32\mshtml.dll

- 2004-08-04 08:03:16 448,512 ----a-w C:\WINDOWS\system32\mshtmled.dll

+ 2008-02-16 09:05:48 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll

- 2005-05-03 11:58:36 2,890,240 ----a-w C:\WINDOWS\system32\msi.dll

+ 2007-04-18 16:15:14 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll

- 2004-08-04 08:03:16 1,507,356 ----a-w C:\WINDOWS\system32\msjet40.dll

+ 2008-03-25 04:50:34 1,516,568 ----a-w C:\WINDOWS\system32\msjet40.dll

- 2004-03-01 18:52:15 358,976 ----a-w C:\WINDOWS\system32\msjetoledb40.dll

+ 2008-03-25 04:50:40 355,112 ----a-w C:\WINDOWS\system32\msjetoledb40.dll

- 2004-08-04 08:03:16 53,279 ----a-w C:\WINDOWS\system32\msjter40.dll

+ 2008-03-25 04:50:42 60,192 ----a-w C:\WINDOWS\system32\msjter40.dll

- 2004-08-04 08:03:16 241,693 ----a-w C:\WINDOWS\system32\msjtes40.dll

+ 2008-03-25 04:50:42 248,608 ----a-w C:\WINDOWS\system32\msjtes40.dll

- 2004-08-04 08:03:17 213,023 ----a-w C:\WINDOWS\system32\msltus40.dll

+ 2008-03-25 04:50:44 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll

- 2004-08-04 08:03:17 348,189 ----a-w C:\WINDOWS\system32\mspbde40.dll

+ 2008-03-25 04:50:45 355,104 ----a-w C:\WINDOWS\system32\mspbde40.dll

- 2004-08-04 08:03:17 146,432 ----a-w C:\WINDOWS\system32\msrating.dll

+ 2008-02-16 09:05:48 146,432 ----a-w C:\WINDOWS\system32\msrating.dll

- 2004-08-04 08:03:17 421,919 ----a-w C:\WINDOWS\system32\msrd2x40.dll

+ 2008-03-25 04:50:47 432,928 ----a-w C:\WINDOWS\system32\msrd2x40.dll

- 2004-08-04 08:03:17 315,423 ----a-w C:\WINDOWS\system32\msrd3x40.dll

+ 2008-03-25 04:50:49 322,336 ----a-w C:\WINDOWS\system32\msrd3x40.dll

- 2004-08-04 08:03:17 552,989 ----a-w C:\WINDOWS\system32\msrepl40.dll

+ 2008-03-25 04:50:52 559,904 ----a-w C:\WINDOWS\system32\msrepl40.dll

- 2004-08-04 08:03:17 258,077 ----a-w C:\WINDOWS\system32\mstext40.dll

+ 2008-03-25 04:50:55 264,992 ----a-w C:\WINDOWS\system32\mstext40.dll

- 2004-08-04 08:03:17 530,432 ----a-w C:\WINDOWS\system32\mstime.dll

+ 2008-02-16 09:05:48 532,480 ----a-w C:\WINDOWS\system32\mstime.dll

- 2004-08-04 08:03:17 831,519 ----a-w C:\WINDOWS\system32\mswdat10.dll

+ 2008-03-25 04:50:57 838,432 ----a-w C:\WINDOWS\system32\mswdat10.dll

- 2004-08-04 08:03:18 348,189 ----a-w C:\WINDOWS\system32\msxbde40.dll

+ 2008-03-25 04:50:58 355,104 ----a-w C:\WINDOWS\system32\msxbde40.dll

- 2006-09-13 05:07:08 1,084,416 ----a-w C:\WINDOWS\system32\msxml3.dll

+ 2007-06-26 06:10:37 1,104,896 ----a-w C:\WINDOWS\system32\msxml3.dll

- 2002-02-04 03:52:54 1,230,336 ----a-w C:\WINDOWS\system32\msxml4.dll

+ 2007-05-08 13:03:04 1,275,392 ----a-w C:\WINDOWS\system32\msxml4.dll

+ 2006-12-22 11:02:36 6,144 ----a-w C:\WINDOWS\system32\mui\0409\mscorees.dll

- 2006-07-14 15:41:10 332,288 ----a-w C:\WINDOWS\system32\netapi32.dll

+ 2006-08-17 12:30:01 332,288 ----a-w C:\WINDOWS\system32\netapi32.dll

- 2005-03-02 18:09:56 2,058,624 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe

+ 2007-02-28 16:05:26 2,059,392 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe

- 2005-03-02 18:10:04 2,181,120 ----a-w C:\WINDOWS\system32\ntoskrnl.exe

+ 2007-02-28 16:05:27 2,182,144 ----a-w C:\WINDOWS\system32\ntoskrnl.exe

- 2004-08-04 08:03:19 143,872 ----a-w C:\WINDOWS\system32\nwprovau.dll

+ 2006-10-13 12:41:29 141,824 ----a-w C:\WINDOWS\system32\nwprovau.dll

- 2004-08-04 08:03:19 553,472 ----a-w C:\WINDOWS\system32\oleaut32.dll

+ 2007-12-04 18:42:25 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll

- 2002-09-16 12:00:00 117,760 ----a-w C:\WINDOWS\system32\oledlg.dll

+ 2006-10-16 16:16:24 122,880 ----a-w C:\WINDOWS\system32\oledlg.dll

- 2008-05-16 16:40:14 52,148 ----a-w C:\WINDOWS\system32\perfc009.dat

+ 2008-05-16 19:22:54 52,148 ----a-w C:\WINDOWS\system32\perfc009.dat

- 2008-05-16 16:40:14 59,668 ----a-w C:\WINDOWS\system32\perfc014.dat

+ 2008-05-16 19:22:54 59,668 ----a-w C:\WINDOWS\system32\perfc014.dat

- 2008-05-16 16:40:14 376,350 ----a-w C:\WINDOWS\system32\perfh009.dat

+ 2008-05-16 19:22:54 376,350 ----a-w C:\WINDOWS\system32\perfh009.dat

- 2008-05-16 16:40:14 381,504 ----a-w C:\WINDOWS\system32\perfh014.dat

+ 2008-05-16 19:22:55 381,504 ----a-w C:\WINDOWS\system32\perfh014.dat

- 2004-08-04 08:03:20 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll

+ 2008-02-16 09:05:49 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll

- 2004-08-04 08:03:20 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll

+ 2007-10-29 22:45:19 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll

- 2004-08-04 08:03:20 431,616 ----a-w C:\WINDOWS\system32\riched20.dll

+ 2006-11-27 14:55:50 433,152 ----a-w C:\WINDOWS\system32\riched20.dll

- 2004-08-04 08:03:20 581,120 ----a-w C:\WINDOWS\system32\rpcrt4.dll

+ 2007-07-09 13:11:54 584,192 ----a-w C:\WINDOWS\system32\rpcrt4.dll

- 2004-08-04 08:03:21 144,896 ----a-w C:\WINDOWS\system32\schannel.dll

+ 2007-04-25 14:23:31 144,896 ----a-w C:\WINDOWS\system32\schannel.dll

- 2006-09-04 06:13:54 1,494,016 ----a-w C:\WINDOWS\system32\shdocvw.dll

+ 2008-02-16 09:05:52 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll

- 2006-07-13 13:36:23 8,459,776 ----a-w C:\WINDOWS\system32\shell32.dll

+ 2007-10-25 16:57:36 8,460,800 ----a-w C:\WINDOWS\system32\shell32.dll

- 2005-09-02 23:55:06 473,600 ----a-w C:\WINDOWS\system32\shlwapi.dll

+ 2008-02-16 09:05:52 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll

- 2004-08-04 08:03:22 134,656 ----a-w C:\WINDOWS\system32\shsvcs.dll

+ 2006-12-19 21:51:45 134,656 ----a-w C:\WINDOWS\system32\shsvcs.dll

- 2005-10-12 23:20:56 14,560 ------w C:\WINDOWS\system32\spmsg.dll

+ 2006-01-19 19:29:41 14,560 ------w C:\WINDOWS\system32\spmsg.dll

- 2005-06-28 09:21:34 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe

+ 2005-06-28 08:21:34 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe

- 2004-08-04 08:03:23 246,302 ----a-w C:\WINDOWS\system32\strmdll.dll

+ 2006-08-24 11:19:52 246,814 ----a-w C:\WINDOWS\system32\strmdll.dll

- 2004-08-04 08:03:23 713,728 ----a-w C:\WINDOWS\system32\sxs.dll

+ 2006-10-20 01:39:57 713,728 ----a-w C:\WINDOWS\system32\sxs.dll

+ 2007-11-13 11:31:11 60,416 ------w C:\WINDOWS\system32\tzchange.exe

- 2004-08-04 08:03:24 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll

+ 2007-02-05 20:19:38 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll

- 2004-08-04 08:03:24 601,088 ----a-w C:\WINDOWS\system32\urlmon.dll

+ 2008-02-16 09:05:53 615,936 ----a-w C:\WINDOWS\system32\urlmon.dll

- 2005-03-02 18:19:19 577,024 ----a-w C:\WINDOWS\system32\user32.dll

+ 2007-03-08 15:39:11 577,536 ----a-w C:\WINDOWS\system32\user32.dll

- 2004-08-04 08:03:24 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll

+ 2007-12-18 14:43:09 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll

- 2004-08-04 08:03:25 333,312 ----a-w C:\WINDOWS\system32\wiaservc.dll

+ 2006-12-19 18:18:33 333,824 ----a-w C:\WINDOWS\system32\wiaservc.dll

- 2004-08-04 08:03:25 655,872 ----a-w C:\WINDOWS\system32\wininet.dll

+ 2008-02-16 09:05:54 658,944 ----a-w C:\WINDOWS\system32\wininet.dll

- 2005-09-01 02:28:08 291,840 ----a-w C:\WINDOWS\system32\winsrv.dll

+ 2007-03-17 13:45:38 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll

- 2004-08-04 08:03:25 132,096 ----a-w C:\WINDOWS\system32\wkssvc.dll

+ 2006-08-17 12:30:01 132,096 ----a-w C:\WINDOWS\system32\wkssvc.dll

- 2004-08-04 08:03:25 230,400 ----a-w C:\WINDOWS\system32\wmasf.dll

+ 2007-10-25 08:00:50 230,912 ----a-w C:\WINDOWS\system32\wmasf.dll

- 2006-04-24 14:40:00 4,730,880 ----a-w C:\WINDOWS\system32\wmp.dll

+ 2007-04-30 00:22:16 4,734,976 ----a-w C:\WINDOWS\system32\wmp.dll

- 2004-08-04 08:03:43 2,105,344 ----a-w C:\WINDOWS\system32\wmvcore.dll

+ 2007-10-25 08:01:10 2,109,440 ----a-w C:\WINDOWS\system32\wmvcore.dll

- 2005-05-17 00:42:28 15,360 ----a-w C:\WINDOWS\system32\xpsp3res.dll

+ 2008-02-15 23:03:24 354,304 ----a-w C:\WINDOWS\system32\xpsp3res.dll

+ 2007-05-08 13:06:44 1,275,392 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9848.0_x-ww_1b897e9a\msxml4.dll

+ 2007-04-18 08:36:40 82,432 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll

+ 2007-01-19 12:52:09 74,802 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\atl.dll

+ 2007-01-19 12:52:09 995,383 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\mfc42.dll

+ 2007-01-19 12:52:09 1,011,774 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\mfc42u.dll

+ 2007-01-19 12:52:09 401,462 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\msvcp60.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:03 15360]

"MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]

"swg"="C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-02-03 22:30 171448]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMan"="SOUNDMAN.EXE" [2004-02-26 16:53 65024 C:\WINDOWS\SOUNDMAN.EXE]

"SynTPLpr"="C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe" [2003-07-25 14:49 110592]

"SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2003-07-25 14:47 618496]

"ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-07-17 21:10 339968]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

"LaunchAp"="C:\Programfiler\Launch Manager\LaunchAp.exe" [2004-08-06 14:04 32768]

"HotkeyApp"="C:\Programfiler\Launch Manager\HotkeyApp.exe" [2004-07-26 15:39 49152]

"CtrlVol"="C:\Programfiler\Launch Manager\CtrlVol.exe" [2003-09-16 14:28 20480]

"LMgrOSD"="C:\Programfiler\Launch Manager\OSD.exe" [2004-07-26 14:52 204800]

"Wbutton"="C:\Programfiler\Launch Manager\Wbutton.exe" [2004-08-06 14:49 73728]

"DAEMON Tools-1033"="C:\Programfiler\D-Tools\daemon.exe" [2003-12-27 21:43 81920]

"EPSON Stylus Photo R240 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.exe" [2005-04-25 06:00 98304]

"ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2007-03-01 12:18 52840]

"QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2006-10-25 19:58 282624]

"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2006-10-30 10:36 256576]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 16:07 49263]

"Microsoft Works Update Detection"="C:\Programfiler\Fellesfiler\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-10 02:11 50688]

"Telenor Online Start"="C:\Programfiler\Telenor\Online Start\Telenor.exe" [2006-11-30 14:51 178312]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

"DJSNetCN"="C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe" [2005-11-01 10:33 54928]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 10:03 15360]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programfiler\\Messenger\\msmsgs.exe"=

 

R0 d344bus;d344bus;C:\WINDOWS\system32\DRIVERS\d344bus.sys [2003-12-27 21:42]

R0 d344prt;d344prt;C:\WINDOWS\system32\Drivers\d344prt.sys [2003-12-27 03:38]

R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 11:27]

S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys []

 

*Newly Created Service* - COMHOST

.

Contents of the 'Scheduled Tasks' folder

"2008-05-16 18:01:30 C:\WINDOWS\Tasks\Norton AntiVirus - Kjør fullstendig systemsøk - abcd.job"

- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe

"2008-05-18 15:04:12 C:\WINDOWS\Tasks\Se etter oppdateringer for Windows Live Toolbar.job"

- C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-18 17:06:46

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-05-18 17:10:05

ComboFix-quarantined-files.txt 2008-05-18 15:09:57

ComboFix2.txt 2008-05-16 18:27:56

 

Pre-Run: 16,544,727,040 byte ledig

Post-Run: 16,536,748,032 byte ledig

 

602 --- E O F --- 2008-05-16 20:40:16

>

 

HiJackThis-logg

Klikk for å se/fjerne innholdet nedenfor

<Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:13:28, on 18.05.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe

C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe

C:\Programfiler\CA\SharedComponents\CA_LIC\LogWatNT.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe

C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe

C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe

C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Programfiler\Launch Manager\LaunchAp.exe

C:\Programfiler\Launch Manager\HotkeyApp.exe

C:\Programfiler\Launch Manager\OSD.exe

C:\Programfiler\Launch Manager\Wbutton.exe

C:\Programfiler\D-Tools\daemon.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE

C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe

C:\Programfiler\QuickTime\qttask.exe

C:\Programfiler\iTunes\iTunesHelper.exe

C:\Programfiler\Java\jre1.5.0_10\bin\jusched.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\Works Shared\WkUFind.exe

C:\Programfiler\Telenor\Online Start\Telenor.exe

C:\Programfiler\iPod\bin\iPodService.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Messenger\msmsgs.exe

C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Programfiler\Fellesfiler\Symantec Shared\Security Console\NSCSRVCE.EXE

C:\Programfiler\Java\jre1.5.0_10\bin\jucheck.exe

C:\WINDOWS\explorer.exe

C:\Documents and settings\abcd\Skrivebord\testing\Testing.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.online.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar3.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programfiler\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programfiler\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar3.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LaunchAp] C:\Programfiler\Launch Manager\LaunchAp.exe

O4 - HKLM\..\Run: [HotkeyApp] C:\Programfiler\Launch Manager\HotkeyApp.exe

O4 - HKLM\..\Run: [CtrlVol] C:\Programfiler\Launch Manager\CtrlVol.exe

O4 - HKLM\..\Run: [LMgrOSD] C:\Programfiler\Launch Manager\OSD.exe

O4 - HKLM\..\Run: [Wbutton] "C:\Programfiler\Launch Manager\Wbutton.exe"

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programfiler\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P30 "EPSON Stylus Photo R240 Series" /O6 "USB001" /M "Stylus Photo R240"

O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.5.0_10\bin\jusched.exe"

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programfiler\Fellesfiler\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [Telenor Online Start] "C:\Programfiler\Telenor\Online Start\Telenor.exe"

O4 - HKLM\..\RunServices: [DJSNetCN] C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Åpne i ny bakgrunnsflik - res://C:\Programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/229?1a576e7e8eff4fa2a808dc80d04afc4c

O8 - Extra context menu item: Åpne i ny forgrunnsflik - res://C:\Programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/230?1a576e7e8eff4fa2a808dc80d04afc4c

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1096627073104

O16 - DPF: {B69B0694-EB7C-4468-B572-B781062A1EF2} (KooPlayer Control) - http://static.mediazone.com/player/1.0.0.67/MZPlayer.CAB

O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Programfiler\CA\SharedComponents\CA_LIC\lic98rmt.exe

O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Programfiler\CA\SharedComponents\CA_LIC\lic98rmtd.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\ccPwdSvc.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Norton Internet Security\comHost.exe

O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Programfiler\CA\SharedComponents\CA_LIC\LogWatNT.exe

O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

 

--

End of file - 11376 bytes

>

[norbat]

Ser greit ut dette

 

Bruk utforsker til å slette følgende fil:

C:\WINDOWS\imsins.BAK

 

Oppdater java: http://java.com/en/download/index.jsp

 

Gå til windowds update (start->Alle programmer->windows update) og sjekk om det ligger noen oppdateringer der (bla. IE 7,....)

[ed9]

Flotters!

 

Takk så mye for hjelpen!

 

ed9