sommer87 Skrevet 29. mai 2008 Del Skrevet 29. mai 2008 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:40, on 29.05.08 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe C:\Programfiler\COMODO\Firewall\cmdagent.exe C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe C:\Programfiler\Apoint2K\Apoint.exe C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe C:\Programfiler\Microsoft IntelliPoint\point32.exe C:\WINDOWS\AGRSMMSG.exe C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Programfiler\COMODO\Firewall\cfp.exe C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe C:\Programfiler\Apoint2K\Apntex.exe C:\Programfiler\RALINK\Common\RaUI.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Programfiler\Windows Live\Messenger\usnsvc.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avscan.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SurfingSoftware - {D4070176-F144-22CD-0D5C-71B49B46FF19} - C:\Programfiler\SurfingSoftware\SurfingSoftware-2.dll O4 - HKLM\..\Run: [soundMAXPnP] C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [soundMAX] C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [Apoint] C:\Programfiler\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [intelliPoint] "C:\Programfiler\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [avgnt] "C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programfiler\COMODO\Firewall\cfp.exe" -h O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Registry Helper] "C:\Programfiler\Registry Helper\RegistryHelper.Exe" /boot O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Programfiler\RALINK\Common\RaUI.exe O8 - Extra context menu item: Send til &Bluetooth - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Programfiler\COMODO\Firewall\cmdagent.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programfiler\HPQ\SHARED\HPQWMI.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 6436 bytes Lenke til kommentar
r2d290 Skrevet 29. mai 2008 Del Skrevet 29. mai 2008 (endret) Slette oppføringer med HijackThis: Klikk for å se/fjerne innholdet nedenfor Kjør hijackthis.exe. Velg "Do a system scan only" 1. Kryss av for de oppførningene du blir bedt om nedenfor. Avslutt alle programmer, nettlesere og vinduer (utenom HijackThis) 2. Trykk på knappen "Fix checked". 3. Trykk Ja/yes for å fjerne oppførningene. R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: SurfingSoftware - {D4070176-F144-22CD-0D5C-71B49B46FF19} - C:\Programfiler\SurfingSoftware\SurfingSoftware-2.dll ************ I tillegg bør du oppdatere Java. Med en uoppdatert verson av java, kan det lett oppstå smytthull som gjør at virus/spyware lettere kan komme inn i systemet. Nedenfor er det en engelsk guide på hvordan du gjør dette. Si ifra hvis det er noe du lurer på. Updating Java: Go here and download the latest version of Java (Not beta):http://java.sun.com/javase/downloads/index.jsp Go to Start > Control Panel > Add or Remove Programs. Search in the list for all previous installed versions of Java. (JRE, J2SE Runtime Environment.... ) They should have this icon next to any that are there: Select any found and click Remove. Then install the version you downloaded earlier. Bruk pc-en litt, og gi tilbakemelding om hvordan maskinen fungerer. Si også ifra hvis det er noe du ikke forstår. IKKE gjør noe dersom du er usikker, da er det bedre at du spør her først Når alt dette er gjort, poster du en ny HijackThis (som nevnt i øverste spoiler). Endret 29. mai 2008 av r2d290 Lenke til kommentar
sommer87 Skrevet 29. mai 2008 Forfatter Del Skrevet 29. mai 2008 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:00, on 29.05.08 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe C:\Programfiler\COMODO\Firewall\cmdagent.exe C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe C:\Programfiler\Apoint2K\Apoint.exe C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe C:\Programfiler\Microsoft IntelliPoint\point32.exe C:\WINDOWS\AGRSMMSG.exe C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Programfiler\COMODO\Firewall\cfp.exe C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe C:\Programfiler\RALINK\Common\RaUI.exe C:\Programfiler\Apoint2K\Apntex.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe C:\Programfiler\Windows Live\Messenger\usnsvc.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [soundMAXPnP] C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [soundMAX] C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [Apoint] C:\Programfiler\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [intelliPoint] "C:\Programfiler\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [avgnt] "C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programfiler\COMODO\Firewall\cfp.exe" -h O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Registry Helper] "C:\Programfiler\Registry Helper\RegistryHelper.Exe" /boot O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Programfiler\RALINK\Common\RaUI.exe O8 - Extra context menu item: Send til &Bluetooth - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Programfiler\COMODO\Firewall\cmdagent.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programfiler\HPQ\SHARED\HPQWMI.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 5949 bytes Lenke til kommentar
r2d290 Skrevet 29. mai 2008 Del Skrevet 29. mai 2008 Linjene jeg ba deg om å fjerne, er nå fjernet. Får du fortsatt pop-ups? Lenke til kommentar
sommer87 Skrevet 30. mai 2008 Forfatter Del Skrevet 30. mai 2008 kommer fremdeles pop-ups noen som vet hvordan jeg kan få fjernet d? Lenke til kommentar
snippsat Skrevet 30. mai 2008 Del Skrevet 30. mai 2008 Husk ha på popup-blokkering bruker du IE. Last Combofix ned ,legg på skrivebordet. Ikke klikk på vindu mens programet kjører. post logg C:\combofix.txt Lenke til kommentar
sommer87 Skrevet 30. mai 2008 Forfatter Del Skrevet 30. mai 2008 ComboFix 08-05-29.1 - gunn beate gjengedal 2008-05-30 19:28:54.4 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.456 [GMT 2:00] Running from: C:\Documents and Settings\gunn beate gjengedal\Skrivebord\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\gunn beate gjengedal\Lokale innstillinger\Programdata\Microsoft\Windows Media\10.0\WMSDKNSD.XML . ((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-30 ))))))))))))))))))))))))))))))) . 2008-05-30 19:26 . 2008-05-30 19:26 <DIR> dr-h----- C:\Documents and Settings\gunn beate gjengedal\Siste 2008-05-24 20:28 . 2008-05-24 20:28 <DIR> d-------- C:\Programfiler\Windows Live Favorites 2008-05-24 20:27 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2008-05-24 20:26 . 2008-05-24 20:26 <DIR> d-------- C:\Programfiler\Microsoft SQL Server Compact Edition 2008-05-24 20:22 . 2008-05-26 16:29 <DIR> d-------- C:\Programfiler\Windows Live 2008-05-24 20:22 . 2008-05-24 20:23 <DIR> d--hsc--- C:\Programfiler\Fellesfiler\WindowsLiveInstaller 2008-05-24 20:21 . 2008-05-24 20:21 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\WLInstaller 2008-05-21 17:39 . 2008-05-21 17:39 <DIR> d-------- C:\fotoknudsen 2008-05-20 23:09 . 2008-05-29 15:11 <DIR> d-------- C:\Programfiler\SurfingSoftware 2008-05-20 23:09 . 2008-05-30 19:15 <DIR> d-------- C:\Programfiler\FBrowsingAdvisor 2008-05-20 23:09 . 2008-05-20 23:09 <DIR> d-------- C:\Programfiler\FBrowserAdvisor 2008-05-14 13:27 . 2008-05-14 13:27 <DIR> d-------- C:\Programfiler\SafeApp Screen Savers 2008-05-14 13:27 . 2008-05-14 13:28 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Registry Helper 2008-04-10 13:11 . 2004-08-04 01:03 21,504 --a------ C:\WINDOWS\system32\hidserv.dll 2008-04-10 13:11 . 2004-08-04 01:03 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll 2008-04-06 15:11 . 2008-04-06 15:11 <DIR> d-------- C:\Documents and Settings\gunn beate gjengedal\Programdata\Sonic . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-30 09:11 --------- d-----w C:\Documents and Settings\gunn beate gjengedal\Programdata\LimeWire 2008-05-29 16:41 --------- d-----w C:\Documents and Settings\gunn beate gjengedal\Programdata\uTorrent 2008-05-21 12:17 --------- d-----w C:\Programfiler\Fellesfiler\Tjenester 2008-05-19 10:54 --------- d-----w C:\Programfiler\LimeWire 2008-05-08 08:56 87,312 ----a-w C:\WINDOWS\system32\drivers\cmdguard.sys 2008-05-08 08:56 23,824 ----a-w C:\WINDOWS\system32\drivers\cmdhlp.sys 2008-05-08 08:56 139,008 ----a-w C:\WINDOWS\system32\guard32.dll 2008-03-28 00:15 --------- d-----w C:\Programfiler\Fellesfiler\Adobe 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-20 17:21 318 ----a-w C:\delete.bat 2008-03-20 08:11 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-11 23:18 680,960 ----a-w C:\WINDOWS\isRS-000.tmp 2008-02-21 02:05 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2008-02-21 02:05 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2008-02-21 02:05 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2008-02-21 02:05 129,784 ------w C:\WINDOWS\system32\pxafs.dll 2008-02-21 02:05 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe 2008-02-21 02:05 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe 2008-02-21 02:05 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2008-02-21 02:04 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2008-02-21 02:04 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2008-02-21 02:04 682,496 ----a-w C:\WINDOWS\system32\DivX.dll 2008-02-21 02:04 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2008-02-21 02:04 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2008-02-21 02:04 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2008-02-21 02:04 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2008-02-21 02:04 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2008-02-21 02:03 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2008-02-21 02:03 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2008-02-20 06:52 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 05:39 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2008-02-16 09:05 658,944 ----a-w C:\WINDOWS\system32\wininet.dll 2008-02-01 09:11 586,240 ----a-w C:\WINDOWS\WLXPGSS.SCR . ((((((((((((((((((((((((((((( snapshot@2008-03-20_18.41.34.12 ))))))))))))))))))))))))))))))))))))))))) . + 2008-03-20 08:01:16 1,845,888 ----a-w C:\WINDOWS\$hf_mig$\KB941693\SP2QFE\win32k.sys + 2007-03-06 02:01:46 14,560 ----a-w C:\WINDOWS\$hf_mig$\KB941693\spmsg.dll + 2007-03-06 02:01:51 214,752 ----a-w C:\WINDOWS\$hf_mig$\KB941693\spuninst.exe + 2007-03-06 02:01:45 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\spcustom.dll + 2007-03-06 02:02:09 721,120 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\update.exe + 2007-03-06 02:03:01 374,496 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\updspapi.dll + 2007-12-18 14:33:49 450,560 ----a-w C:\WINDOWS\$hf_mig$\KB944338\SP2QFE\jscript.dll + 2007-12-18 14:33:50 417,792 ----a-w C:\WINDOWS\$hf_mig$\KB944338\SP2QFE\vbscript.dll + 2007-03-06 02:01:46 14,560 ----a-w C:\WINDOWS\$hf_mig$\KB944338\spmsg.dll + 2007-03-06 02:01:51 214,752 ----a-w C:\WINDOWS\$hf_mig$\KB944338\spuninst.exe + 2007-03-06 02:01:45 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB944338\update\spcustom.dll + 2007-03-06 02:02:09 721,120 ----a-w C:\WINDOWS\$hf_mig$\KB944338\update\update.exe + 2007-03-06 02:03:01 374,496 ----a-w C:\WINDOWS\$hf_mig$\KB944338\update\updspapi.dll + 2008-02-20 05:23:39 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsapi.dll + 2008-02-20 18:53:40 45,568 ----a-w C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsrslvr.dll + 2007-03-06 02:01:46 14,560 ----a-w C:\WINDOWS\$hf_mig$\KB945553\spmsg.dll + 2007-03-06 02:01:51 214,752 ----a-w C:\WINDOWS\$hf_mig$\KB945553\spuninst.exe + 2007-03-06 02:01:45 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\spcustom.dll + 2007-03-06 02:02:09 721,120 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\update.exe + 2007-03-06 02:03:01 374,496 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\updspapi.dll + 2008-02-16 09:32:55 1,024,000 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\browseui.dll + 2008-02-16 09:32:55 151,552 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\cdfview.dll + 2008-02-16 09:32:56 1,054,720 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\danim.dll + 2008-02-16 09:32:56 357,888 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\dxtmsft.dll + 2008-02-16 09:32:56 205,312 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\dxtrans.dll + 2008-02-16 09:32:56 55,808 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\extmgr.dll + 2008-02-15 09:07:53 18,432 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\iedw.exe + 2008-02-16 09:32:56 251,904 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\iepeers.dll + 2008-02-16 09:32:56 96,768 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\inseng.dll + 2008-02-16 09:32:56 16,384 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\jsproxy.dll + 2008-02-16 09:32:57 3,087,872 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\mshtml.dll + 2008-02-16 09:32:57 449,024 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\mshtmled.dll + 2008-02-16 09:32:57 146,432 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\msrating.dll + 2008-02-16 09:32:58 532,480 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\mstime.dll + 2008-02-16 09:32:58 39,424 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\pngfilt.dll + 2008-02-16 09:32:58 1,499,136 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\shdocvw.dll + 2008-02-16 09:32:58 474,112 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\shlwapi.dll + 2008-02-15 23:03:24 354,304 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\spru0414.dll + 2008-02-16 09:32:59 618,496 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\urlmon.dll + 2008-02-16 09:32:59 665,600 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\wininet.dll + 2007-03-06 02:01:46 14,560 ----a-w C:\WINDOWS\$hf_mig$\KB947864\spmsg.dll + 2007-03-06 02:01:51 214,752 ----a-w C:\WINDOWS\$hf_mig$\KB947864\spuninst.exe + 2007-03-06 02:01:45 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB947864\update\spcustom.dll + 2007-03-06 02:02:09 721,120 ----a-w C:\WINDOWS\$hf_mig$\KB947864\update\update.exe + 2007-03-06 02:03:01 374,496 ----a-w C:\WINDOWS\$hf_mig$\KB947864\update\updspapi.dll + 2008-02-20 06:53:43 282,624 ----a-w C:\WINDOWS\$hf_mig$\KB948590\SP2QFE\gdi32.dll + 2007-03-06 02:01:46 14,560 ----a-w C:\WINDOWS\$hf_mig$\KB948590\spmsg.dll + 2007-03-06 02:01:51 214,752 ----a-w C:\WINDOWS\$hf_mig$\KB948590\spuninst.exe + 2007-03-06 02:01:45 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\spcustom.dll + 2007-03-06 02:02:09 721,120 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\update.exe + 2007-03-06 02:03:01 374,496 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\updspapi.dll + 2008-01-23 04:56:21 554,008 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\dao360.dll + 2007-12-10 12:41:11 518,944 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexch40.dll + 2007-12-10 12:41:11 326,432 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexcl40.dll + 2007-12-10 12:41:11 1,516,568 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjet40.dll + 2007-12-10 12:41:11 355,112 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjetol1.dll + 2007-11-01 05:16:22 166,688 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjint40.dll + 2007-12-10 12:41:12 60,192 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjter40.dll + 2007-12-10 12:41:12 248,608 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjtes40.dll + 2007-12-10 12:41:12 219,936 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msltus40.dll + 2007-12-10 12:41:12 355,104 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mspbde40.dll + 2007-12-10 12:41:13 432,928 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd2x40.dll + 2007-12-10 12:41:13 322,336 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd3x40.dll + 2007-12-10 12:41:13 559,904 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrepl40.dll + 2007-12-10 12:41:13 264,992 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mstext40.dll + 2007-12-10 12:41:13 838,432 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswdat10.dll + 2007-11-01 05:16:23 621,344 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswstr10.dll + 2007-12-10 12:41:14 355,104 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msxbde40.dll + 2007-03-06 02:01:46 14,560 ----a-w C:\WINDOWS\$hf_mig$\KB950749\spmsg.dll + 2007-03-06 02:01:51 214,752 ----a-w C:\WINDOWS\$hf_mig$\KB950749\spuninst.exe + 2007-03-06 02:01:45 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\spcustom.dll + 2007-03-06 02:02:09 721,120 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\update.exe + 2007-03-06 02:03:01 374,496 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\updspapi.dll + 2008-05-30 08:01:43 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2007-11-20 14:04:32 1,523,536 ----a-w C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe - 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE + 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE + 2000-08-31 06:00:00 89,504 ----a-w C:\WINDOWS\fdsv.exe + 2000-08-31 06:00:00 80,412 ----a-w C:\WINDOWS\grep.exe - 2006-11-15 09:45:30 315,904 ----a-w C:\WINDOWS\inf\unregmp2.exe + 2007-06-27 14:54:18 317,440 ----a-w C:\WINDOWS\inf\unregmp2.exe + 2008-05-24 18:24:35 86,746 ----a-r C:\WINDOWS\Installer\{184E7118-0295-43C4-B72C-1D54AA75AAF7}\wlmail.exe + 2008-05-26 14:29:28 123,008 ----a-r C:\WINDOWS\Installer\{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}\WLXPhotoGalleryIcon.exe + 2008-05-24 18:25:36 29,926 ----a-r C:\WINDOWS\Installer\{508CE775-4BA4-4748-82DF-FE28DA9F03B0}\MsblIco.Exe - 2000-08-31 07:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe + 2000-08-31 06:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe + 2000-08-31 06:00:00 98,816 ----a-w C:\WINDOWS\sed.exe + 2000-08-31 06:00:00 161,792 ----a-w C:\WINDOWS\swreg.exe + 2000-08-31 06:00:00 136,704 ----a-w C:\WINDOWS\swsc.exe + 2000-08-31 06:00:00 212,480 ----a-w C:\WINDOWS\swxcacls.exe + 2004-08-04 12:00:00 2,000 ----a-w C:\WINDOWS\system\KEYBOARD.DRV + 2004-08-04 12:00:00 2,032 ----a-w C:\WINDOWS\system\MOUSE.DRV + 2004-08-04 12:00:00 1,744 ----a-w C:\WINDOWS\system\SOUND.DRV + 2004-08-04 12:00:00 2,176 ----a-w C:\WINDOWS\system\VGA.DRV - 2007-12-07 01:08:08 1,023,488 ----a-w C:\WINDOWS\system32\browseui.dll + 2008-02-16 09:05:40 1,023,488 ----a-w C:\WINDOWS\system32\browseui.dll - 2007-12-07 01:08:08 151,552 ----a-w C:\WINDOWS\system32\cdfview.dll + 2008-02-16 09:05:40 151,552 ----a-w C:\WINDOWS\system32\cdfview.dll - 2007-12-07 01:08:09 1,054,720 ----a-w C:\WINDOWS\system32\danim.dll + 2008-02-16 09:05:41 1,054,720 ----a-w C:\WINDOWS\system32\danim.dll + 2004-08-04 12:00:00 1,788 ----a-w C:\WINDOWS\system32\Dcache.bin - 2007-12-07 01:08:08 1,023,488 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll + 2008-02-16 09:05:40 1,023,488 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll - 2007-12-07 01:08:08 151,552 -c--a-w C:\WINDOWS\system32\dllcache\cdfview.dll + 2008-02-16 09:05:40 151,552 -c--a-w C:\WINDOWS\system32\dllcache\cdfview.dll - 2007-12-07 01:08:09 1,054,720 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll + 2008-02-16 09:05:41 1,054,720 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll - 2004-08-04 12:00:00 561,179 -c--a-w C:\WINDOWS\system32\dllcache\dao360.dll + 2008-03-25 04:50:25 554,008 -c--a-w C:\WINDOWS\system32\dllcache\dao360.dll - 2006-06-26 17:45:59 148,480 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll + 2008-02-20 05:39:05 148,992 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll - 2004-08-04 12:00:00 45,568 -c--a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll + 2008-02-20 05:39:06 45,568 -c--a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll - 2007-12-07 01:08:09 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll + 2008-02-16 09:05:42 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll - 2007-12-07 01:08:09 205,312 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll + 2008-02-16 09:05:42 205,312 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll - 2007-12-07 01:08:09 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll + 2008-02-16 09:05:42 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll - 2007-06-19 13:33:12 282,112 -c--a-w C:\WINDOWS\system32\dllcache\gdi32.dll + 2008-02-20 06:52:04 282,624 -c--a-w C:\WINDOWS\system32\dllcache\gdi32.dll - 2007-12-06 13:07:07 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe + 2008-02-15 09:23:37 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe - 2007-12-07 01:08:09 251,392 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll + 2008-02-16 09:05:42 251,392 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll - 2007-12-07 01:08:09 96,768 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll + 2008-02-16 09:05:42 96,768 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll - 2007-11-14 07:29:37 450,560 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll + 2007-12-18 14:43:09 450,560 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll - 2007-12-07 01:08:09 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll + 2008-02-16 09:05:42 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll + 2004-08-04 12:00:00 2,000 -c--a-w C:\WINDOWS\system32\dllcache\keyboard.drv + 2004-08-04 12:00:00 2,560 -c--a-w C:\WINDOWS\system32\dllcache\lz32.dll + 2004-08-04 12:00:00 2,032 -c--a-w C:\WINDOWS\system32\dllcache\mouse.drv - 2004-08-04 12:00:00 512,029 -c--a-w C:\WINDOWS\system32\dllcache\msexch40.dll + 2008-03-25 04:50:28 518,944 -c--a-w C:\WINDOWS\system32\dllcache\msexch40.dll - 2004-08-04 12:00:00 319,517 -c--a-w C:\WINDOWS\system32\dllcache\msexcl40.dll + 2008-03-25 04:50:30 326,432 -c--a-w C:\WINDOWS\system32\dllcache\msexcl40.dll - 2007-12-07 14:38:10 3,080,192 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll + 2008-02-16 22:35:48 3,080,704 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll - 2007-12-07 01:08:09 449,024 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll + 2008-02-16 09:05:48 449,024 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll - 2004-08-04 12:00:00 1,507,356 -c--a-w C:\WINDOWS\system32\dllcache\msjet40.dll + 2008-03-25 04:50:34 1,516,568 -c--a-w C:\WINDOWS\system32\dllcache\msjet40.dll - 2004-08-04 12:00:00 358,976 -c--a-w C:\WINDOWS\system32\dllcache\msjetol1.dll + 2008-03-25 04:50:40 355,112 -c--a-w C:\WINDOWS\system32\dllcache\msjetol1.dll - 2004-08-04 12:00:00 159,775 -c--a-w C:\WINDOWS\system32\dllcache\msjint40.dll + 2008-03-25 04:51:59 166,688 -c--a-w C:\WINDOWS\system32\dllcache\msjint40.dll - 2004-08-04 12:00:00 53,279 -c--a-w C:\WINDOWS\system32\dllcache\msjter40.dll + 2008-03-25 04:50:42 60,192 -c--a-w C:\WINDOWS\system32\dllcache\msjter40.dll - 2004-08-04 12:00:00 241,693 -c--a-w C:\WINDOWS\system32\dllcache\msjtes40.dll + 2008-03-25 04:50:42 248,608 -c--a-w C:\WINDOWS\system32\dllcache\msjtes40.dll - 2004-08-04 12:00:00 213,023 -c--a-w C:\WINDOWS\system32\dllcache\msltus40.dll + 2008-03-25 04:50:44 219,936 -c--a-w C:\WINDOWS\system32\dllcache\msltus40.dll - 2004-08-04 12:00:00 348,189 -c--a-w C:\WINDOWS\system32\dllcache\mspbde40.dll + 2008-03-25 04:50:45 355,104 -c--a-w C:\WINDOWS\system32\dllcache\mspbde40.dll - 2007-12-07 01:08:09 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll + 2008-02-16 09:05:48 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll - 2004-08-04 12:00:00 421,919 -c--a-w C:\WINDOWS\system32\dllcache\msrd2x40.dll + 2008-03-25 04:50:47 432,928 -c--a-w C:\WINDOWS\system32\dllcache\msrd2x40.dll - 2004-08-04 12:00:00 315,423 -c--a-w C:\WINDOWS\system32\dllcache\msrd3x40.dll + 2008-03-25 04:50:49 322,336 -c--a-w C:\WINDOWS\system32\dllcache\msrd3x40.dll - 2004-08-04 12:00:00 552,989 -c--a-w C:\WINDOWS\system32\dllcache\msrepl40.dll + 2008-03-25 04:50:52 559,904 -c--a-w C:\WINDOWS\system32\dllcache\msrepl40.dll - 2004-08-04 12:00:00 258,077 -c--a-w C:\WINDOWS\system32\dllcache\mstext40.dll + 2008-03-25 04:50:55 264,992 -c--a-w C:\WINDOWS\system32\dllcache\mstext40.dll - 2007-12-07 01:08:09 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll + 2008-02-16 09:05:48 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll - 2004-08-04 12:00:00 831,519 -c--a-w C:\WINDOWS\system32\dllcache\mswdat10.dll + 2008-03-25 04:50:57 838,432 -c--a-w C:\WINDOWS\system32\dllcache\mswdat10.dll - 2004-08-04 12:00:00 614,429 -c--a-w C:\WINDOWS\system32\dllcache\mswstr10.dll + 2008-03-25 04:51:59 621,344 -c--a-w C:\WINDOWS\system32\dllcache\mswstr10.dll - 2004-08-04 12:00:00 348,189 -c--a-w C:\WINDOWS\system32\dllcache\msxbde40.dll + 2008-03-25 04:50:58 355,104 -c--a-w C:\WINDOWS\system32\dllcache\msxbde40.dll + 2004-08-04 12:00:00 2,944 -c--a-w C:\WINDOWS\system32\dllcache\null.sys - 2007-12-07 01:08:09 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll + 2008-02-16 09:05:49 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll - 2007-12-07 01:08:09 1,494,528 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll + 2008-02-16 09:05:52 1,494,528 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll - 2007-12-07 01:08:09 474,112 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll + 2008-02-16 09:05:52 474,112 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll + 2004-08-04 12:00:00 1,744 -c--a-w C:\WINDOWS\system32\dllcache\sound.drv - 2006-11-15 09:45:30 315,904 -c--a-w C:\WINDOWS\system32\dllcache\unregmp2.exe + 2007-06-27 14:54:18 317,440 -c--a-w C:\WINDOWS\system32\dllcache\unregmp2.exe - 2007-12-07 01:08:10 615,424 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll + 2008-02-16 09:05:53 615,936 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll + 2004-08-03 21:58:46 15,104 -c--a-w C:\WINDOWS\system32\dllcache\usbscan.sys - 2004-08-04 12:00:00 417,792 -c--a-w C:\WINDOWS\system32\dllcache\vbscript.dll + 2007-12-18 14:43:09 417,792 -c--a-w C:\WINDOWS\system32\dllcache\vbscript.dll + 2004-08-04 12:00:00 2,176 -c--a-w C:\WINDOWS\system32\dllcache\vga.drv - 2007-03-08 15:38:06 1,843,584 -c--a-w C:\WINDOWS\system32\dllcache\win32k.sys + 2008-03-20 08:11:33 1,845,248 -c--a-w C:\WINDOWS\system32\dllcache\win32k.sys - 2007-12-07 01:08:10 658,944 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll + 2008-02-16 09:05:54 658,944 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll + 2004-08-04 12:00:00 2,864 -c--a-w C:\WINDOWS\system32\dllcache\winsock.dll + 2004-08-04 12:00:00 2,112 -c--a-w C:\WINDOWS\system32\dllcache\winspool.exe + 2004-08-04 12:00:00 2,736 -c--a-w C:\WINDOWS\system32\dllcache\wowdeb.exe - 2006-06-26 17:45:59 148,480 ----a-w C:\WINDOWS\system32\dnsapi.dll + 2008-02-20 05:39:05 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll - 2008-03-19 21:50:04 61,632 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys + 2008-04-23 21:23:22 79,424 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys + 2004-08-04 12:00:00 2,944 ----a-w C:\WINDOWS\system32\drivers\drmkaud.sys - 2008-03-20 00:05:13 79,224 ----a-w C:\WINDOWS\system32\drivers\inspect.sys + 2008-05-08 08:56:32 79,760 ----a-w C:\WINDOWS\system32\drivers\inspect.sys + 2004-08-04 12:00:00 2,944 ----a-w C:\WINDOWS\system32\drivers\null.sys + 2005-03-15 09:45:20 20,352 ----a-w C:\WINDOWS\system32\drivers\point32.sys + 2004-08-03 21:58:46 15,104 ----a-w C:\WINDOWS\system32\drivers\usbscan.sys - 2007-12-07 01:08:09 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll + 2008-02-16 09:05:42 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll - 2007-12-07 01:08:09 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll + 2008-02-16 09:05:42 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll - 2007-12-07 01:08:09 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll + 2008-02-16 09:05:42 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll - 2008-03-05 16:27:51 173,080 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT + 2008-04-10 10:22:24 173,080 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT - 2007-12-07 01:08:09 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll + 2008-02-16 09:05:42 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll - 2007-12-07 01:08:09 96,768 ----a-w C:\WINDOWS\system32\inseng.dll + 2008-02-16 09:05:42 96,768 ----a-w C:\WINDOWS\system32\inseng.dll + 2005-03-15 09:45:20 94,208 ----a-w C:\WINDOWS\system32\ipcoin5.dll - 2007-11-14 07:29:37 450,560 ----a-w C:\WINDOWS\system32\jscript.dll + 2007-12-18 14:43:09 450,560 ----a-w C:\WINDOWS\system32\jscript.dll - 2007-12-07 01:08:09 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll + 2008-02-16 09:05:42 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll + 2004-08-04 12:00:00 2,000 ----a-w C:\WINDOWS\system32\keyboard.drv + 2004-08-04 12:00:00 2,560 ----a-w C:\WINDOWS\system32\lz32.dll - 2008-03-02 22:20:56 74,649 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe + 2008-03-30 18:35:21 74,649 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe + 2004-08-04 12:00:00 2,032 ----a-w C:\WINDOWS\system32\mouse.drv - 2004-08-04 12:00:00 512,029 ----a-w C:\WINDOWS\system32\msexch40.dll + 2008-03-25 04:50:28 518,944 ----a-w C:\WINDOWS\system32\msexch40.dll - 2004-08-04 12:00:00 319,517 ----a-w C:\WINDOWS\system32\msexcl40.dll + 2008-03-25 04:50:30 326,432 ----a-w C:\WINDOWS\system32\msexcl40.dll - 2007-12-07 14:38:10 3,080,192 ----a-w C:\WINDOWS\system32\mshtml.dll + 2008-02-16 22:35:48 3,080,704 ----a-w C:\WINDOWS\system32\mshtml.dll - 2007-12-07 01:08:09 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll + 2008-02-16 09:05:48 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll - 2004-08-04 12:00:00 1,507,356 ----a-w C:\WINDOWS\system32\msjet40.dll + 2008-03-25 04:50:34 1,516,568 ----a-w C:\WINDOWS\system32\msjet40.dll - 2004-08-04 12:00:00 358,976 ----a-w C:\WINDOWS\system32\msjetoledb40.dll + 2008-03-25 04:50:40 355,112 ----a-w C:\WINDOWS\system32\msjetoledb40.dll - 2004-08-04 12:00:00 53,279 ----a-w C:\WINDOWS\system32\msjter40.dll + 2008-03-25 04:50:42 60,192 ----a-w C:\WINDOWS\system32\msjter40.dll - 2004-08-04 12:00:00 241,693 ----a-w C:\WINDOWS\system32\msjtes40.dll + 2008-03-25 04:50:42 248,608 ----a-w C:\WINDOWS\system32\msjtes40.dll - 2004-08-04 12:00:00 213,023 ----a-w C:\WINDOWS\system32\msltus40.dll + 2008-03-25 04:50:44 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll - 2004-08-04 12:00:00 348,189 ----a-w C:\WINDOWS\system32\mspbde40.dll + 2008-03-25 04:50:45 355,104 ----a-w C:\WINDOWS\system32\mspbde40.dll - 2007-12-07 01:08:09 146,432 ----a-w C:\WINDOWS\system32\msrating.dll + 2008-02-16 09:05:48 146,432 ----a-w C:\WINDOWS\system32\msrating.dll - 2004-08-04 12:00:00 421,919 ----a-w C:\WINDOWS\system32\msrd2x40.dll + 2008-03-25 04:50:47 432,928 ----a-w C:\WINDOWS\system32\msrd2x40.dll - 2004-08-04 12:00:00 315,423 ----a-w C:\WINDOWS\system32\msrd3x40.dll + 2008-03-25 04:50:49 322,336 ----a-w C:\WINDOWS\system32\msrd3x40.dll - 2004-08-04 12:00:00 552,989 ----a-w C:\WINDOWS\system32\msrepl40.dll + 2008-03-25 04:50:52 559,904 ----a-w C:\WINDOWS\system32\msrepl40.dll - 2004-08-04 12:00:00 258,077 ----a-w C:\WINDOWS\system32\mstext40.dll + 2008-03-25 04:50:55 264,992 ----a-w C:\WINDOWS\system32\mstext40.dll - 2007-12-07 01:08:09 532,480 ----a-w C:\WINDOWS\system32\mstime.dll + 2008-02-16 09:05:48 532,480 ----a-w C:\WINDOWS\system32\mstime.dll - 2004-08-04 12:00:00 831,519 ----a-w C:\WINDOWS\system32\mswdat10.dll + 2008-03-25 04:50:57 838,432 ----a-w C:\WINDOWS\system32\mswdat10.dll - 2004-08-04 12:00:00 348,189 ----a-w C:\WINDOWS\system32\msxbde40.dll + 2008-03-25 04:50:58 355,104 ----a-w C:\WINDOWS\system32\msxbde40.dll - 2008-03-04 11:51:28 52,764 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-03-30 12:23:40 52,764 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-03-04 11:51:28 60,326 ----a-w C:\WINDOWS\system32\perfc014.dat + 2008-03-30 12:23:40 60,326 ----a-w C:\WINDOWS\system32\perfc014.dat - 2008-03-04 11:51:28 380,350 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-03-30 12:23:40 380,350 ----a-w C:\WINDOWS\system32\perfh009.dat - 2008-03-04 11:51:28 384,784 ----a-w C:\WINDOWS\system32\perfh014.dat + 2008-03-30 12:23:40 384,784 ----a-w C:\WINDOWS\system32\perfh014.dat + 2006-10-24 10:30:20 412,160 ------w C:\WINDOWS\system32\photometadatahandler.dll - 2007-12-07 01:08:09 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll + 2008-02-16 09:05:49 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll + 2001-10-06 13:02:34 5,632 ----a-w C:\WINDOWS\system32\ptpusb.dll + 2004-08-04 00:03:22 159,232 ----a-w C:\WINDOWS\system32\ptpusd.dll - 2007-12-07 01:08:09 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll + 2008-02-16 09:05:52 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll - 2007-12-07 01:08:09 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll + 2008-02-16 09:05:52 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll - 2007-01-19 11:53:04 51,056 ----a-w C:\WINDOWS\system32\sirenacm.dll + 2007-10-18 09:31:46 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll + 2004-08-04 12:00:00 1,744 ----a-w C:\WINDOWS\system32\sound.drv - 2006-09-25 16:58:48 14,640 ------w C:\WINDOWS\system32\spmsg.dll + 2006-10-16 14:10:58 14,640 ------w C:\WINDOWS\system32\spmsg.dll - 2006-09-25 16:58:48 23,856 ----a-w C:\WINDOWS\system32\spupdsvc.exe + 2006-10-16 14:10:58 23,856 ----a-w C:\WINDOWS\system32\spupdsvc.exe - 2007-12-07 01:08:10 615,424 ----a-w C:\WINDOWS\system32\urlmon.dll + 2008-02-16 09:05:53 615,936 ----a-w C:\WINDOWS\system32\urlmon.dll - 2004-08-04 12:00:00 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll + 2007-12-18 14:43:09 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll + 2004-08-04 12:00:00 2,176 ----a-w C:\WINDOWS\system32\vga.drv + 2006-10-24 10:30:06 716,288 ------w C:\WINDOWS\system32\WindowsCodecs.dll + 2006-10-24 10:29:50 352,256 ------w C:\WINDOWS\system32\WindowsCodecsExt.dll + 2004-08-04 12:00:00 2,864 ----a-w C:\WINDOWS\system32\winsock.dll + 2004-08-04 12:00:00 2,112 ----a-w C:\WINDOWS\system32\winspool.exe + 2006-10-24 10:30:00 276,992 ------w C:\WINDOWS\system32\WMPhoto.dll + 2004-08-04 12:00:00 2,736 ----a-w C:\WINDOWS\system32\wowdeb.exe - 2007-12-06 23:40:38 353,792 ----a-w C:\WINDOWS\system32\xpsp3res.dll + 2008-02-15 23:03:24 354,304 ----a-w C:\WINDOWS\system32\xpsp3res.dll + 2000-08-31 06:00:00 49,152 ----a-w C:\WINDOWS\VFind.exe + 2000-08-31 06:00:00 68,096 ----a-w C:\WINDOWS\zip.exe . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] "Registry Helper"="C:\Programfiler\Registry Helper\RegistryHelper.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 10:11 1388544] "Apoint"="C:\Programfiler\Apoint2K\Apoint.exe" [2005-02-08 18:38 159744] "ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-20 22:15 344064] "Cpqset"="C:\Programfiler\HPQ\Default Settings\cpqset.exe" [2005-03-29 15:45 233534] "HP Software Update"="C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152] "eabconfg.cpl"="C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 14:24 290816] "IntelliPoint"="C:\Programfiler\Microsoft IntelliPoint\point32.exe" [2005-03-24 01:26 217088] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 14:00 59392] "hpWirelessAssistant"="C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 17:45 507904] "AGRSMMSG"="AGRSMMSG.exe" [2005-04-13 12:12 88209 C:\WINDOWS\AGRSMMSG.exe] "avgnt"="C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-23 23:23 262401] "COMODO Firewall Pro"="C:\Programfiler\COMODO\Firewall\cfp.exe" [2008-05-08 10:47 1572608] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Ralink Wireless Utility.lnk - C:\Programfiler\RALINK\Common\RaUI.exe [2008-03-02 19:14:46 606208] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Programfiler\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] C:\Programfiler\MSN Messenger\MsnMsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2005-06-03 04:52 36975 C:\Programfiler\Java\jre1.5.0_04\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] --a------ 2008-02-29 17:03 1481968 C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\Messenger\\msmsgs.exe"= "C:\\Programfiler\\LimeWire\\LimeWire.exe"= "C:\\Programfiler\\uTorrent\\uTorrent.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-05-08 10:56] R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-05-08 10:56] *Newly Created Service* - CATCHME . Contents of the 'Scheduled Tasks' folder "2008-05-30 17:03:00 C:\WINDOWS\Tasks\Se etter oppdateringer for Windows Live Toolbar.job" - C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-30 19:30:25 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Programfiler\HPQ\Default Settings\cpqset.exe?????????3?9?8?-??????? ???B?????????????hLC???????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-05-30 19:31:27 ComboFix-quarantined-files.txt 2008-05-30 17:31:23 ComboFix2.txt 2008-03-20 17:41:53 Pre-Run: 6,756,265,984 byte ledig Post-Run: 6,747,512,832 byte ledig 458 --- E O F --- 2008-05-26 14:30:20 Lenke til kommentar
snippsat Skrevet 30. mai 2008 Del Skrevet 30. mai 2008 (endret) Kopiere fet tekst under bildet->åpne notisblokk og lim inn. Lagre på skrivebordet som CFScript.txt Gjør som på bildet combofix vil starte,Post logg c:\combofix.txt Folder:: C:\Programfiler\FBrowsingAdvisor C:\Programfiler\FBrowserAdvisor File:: C:\WINDOWS\isRS-000.tmp --- Last ned kjør CCleaner 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t. Kjør register-renser og"svar ja til og reparere" --- Restart --- Samme runde med CCleaner --- Oppdatere og kjør full scan med sas som du har. Finner den noe poster du loggen(preferences->statistics/logs) --- Si litt om dette har hjelpet på popup. Endret 30. mai 2008 av SNIPPSAT Lenke til kommentar
sommer87 Skrevet 12. juni 2008 Forfatter Del Skrevet 12. juni 2008 popupane har forsvunne;) tusen takk for hjelpa;) Lenke til kommentar
r2d290 Skrevet 12. juni 2008 Del Skrevet 12. juni 2008 (endret) Det er ønskelig at du poster loggen som combofix lagde. Du finner loggen ved å gå inn på min datamaskin, gå inn på harddisk C:/ og åpne tekstdokumentet "Combofix". Kopier innholdet, og lim det inn hit Endret 12. juni 2008 av r2d290 Lenke til kommentar
sommer87 Skrevet 12. juni 2008 Forfatter Del Skrevet 12. juni 2008 Klikk for å se/fjerne innholdet nedenfor ComboFix 08-05-29.1 - gunn beate gjengedal 2008-06-02 0:58:26.5 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.640 [GMT 2:00] Running from: C:\Documents and Settings\gunn beate gjengedal\Skrivebord\ComboFix.exe Command switches used :: C:\Documents and Settings\gunn beate gjengedal\Skrivebord\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\WINDOWS\isRS-000.tmp . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Programfiler\FBrowserAdvisor C:\Programfiler\FBrowsingAdvisor C:\Programfiler\FBrowsingAdvisor\IXPCOMEvents.xpt C:\Programfiler\FBrowsingAdvisor\Logo.png C:\Programfiler\FBrowsingAdvisor\main.db C:\Programfiler\FBrowsingAdvisor\unins000.dat C:\Programfiler\FBrowsingAdvisor\unins000.exe C:\Programfiler\FBrowsingAdvisor\XPCOMEvents.dll C:\WINDOWS\isRS-000.tmp . ((((((((((((((((((((((((( Files Created from 2008-05-01 to 2008-06-01 ))))))))))))))))))))))))))))))) . 2008-05-30 23:37 . 2008-06-02 00:57 <DIR> dr-h----- C:\Documents and Settings\gunn beate gjengedal\Siste 2008-05-24 20:28 . 2008-05-24 20:28 <DIR> d-------- C:\Programfiler\Windows Live Favorites 2008-05-24 20:27 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2008-05-24 20:26 . 2008-05-24 20:26 <DIR> d-------- C:\Programfiler\Microsoft SQL Server Compact Edition 2008-05-24 20:22 . 2008-05-26 16:29 <DIR> d-------- C:\Programfiler\Windows Live 2008-05-24 20:22 . 2008-05-24 20:23 <DIR> d--hsc--- C:\Programfiler\Fellesfiler\WindowsLiveInstaller 2008-05-24 20:21 . 2008-05-24 20:21 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\WLInstaller 2008-05-21 17:39 . 2008-05-21 17:39 <DIR> d-------- C:\fotoknudsen 2008-05-20 23:09 . 2008-05-29 15:11 <DIR> d-------- C:\Programfiler\SurfingSoftware 2008-05-14 13:27 . 2008-05-14 13:27 <DIR> d-------- C:\Programfiler\SafeApp Screen Savers 2008-05-14 13:27 . 2008-05-14 13:28 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Registry Helper . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-01 11:49 --------- d-----w C:\Documents and Settings\gunn beate gjengedal\Programdata\uTorrent 2008-05-30 09:11 --------- d-----w C:\Documents and Settings\gunn beate gjengedal\Programdata\LimeWire 2008-05-21 12:17 --------- d-----w C:\Programfiler\Fellesfiler\Tjenester 2008-05-19 10:54 --------- d-----w C:\Programfiler\LimeWire 2008-05-08 08:56 87,312 ----a-w C:\WINDOWS\system32\drivers\cmdguard.sys 2008-05-08 08:56 23,824 ----a-w C:\WINDOWS\system32\drivers\cmdhlp.sys 2008-05-08 08:56 139,008 ----a-w C:\WINDOWS\system32\guard32.dll 2008-04-06 13:11 --------- d-----w C:\Documents and Settings\gunn beate gjengedal\Programdata\Sonic 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-20 17:21 318 ----a-w C:\delete.bat 2008-03-20 08:11 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys . ((((((((((((((((((((((((((((( snapshot_2008-05-30_19.31.10,62 ))))))))))))))))))))))))))))))))))))))))) . - 2008-05-30 08:01:43 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-01 23:01:02 2,048 --s-a-w C:\WINDOWS\bootstat.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] "Registry Helper"="C:\Programfiler\Registry Helper\RegistryHelper.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 10:11 1388544] "Apoint"="C:\Programfiler\Apoint2K\Apoint.exe" [2005-02-08 18:38 159744] "ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-20 22:15 344064] "Cpqset"="C:\Programfiler\HPQ\Default Settings\cpqset.exe" [2005-03-29 15:45 233534] "HP Software Update"="C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152] "eabconfg.cpl"="C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 14:24 290816] "IntelliPoint"="C:\Programfiler\Microsoft IntelliPoint\point32.exe" [2005-03-24 01:26 217088] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 14:00 59392] "hpWirelessAssistant"="C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 17:45 507904] "AGRSMMSG"="AGRSMMSG.exe" [2005-04-13 12:12 88209 C:\WINDOWS\AGRSMMSG.exe] "avgnt"="C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-23 23:23 262401] "COMODO Firewall Pro"="C:\Programfiler\COMODO\Firewall\cfp.exe" [2008-05-08 10:47 1572608] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Ralink Wireless Utility.lnk - C:\Programfiler\RALINK\Common\RaUI.exe [2008-03-02 19:14:46 606208] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Programfiler\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] C:\Programfiler\MSN Messenger\MsnMsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2005-06-03 04:52 36975 C:\Programfiler\Java\jre1.5.0_04\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] --a------ 2008-02-29 17:03 1481968 C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\Messenger\\msmsgs.exe"= "C:\\Programfiler\\LimeWire\\LimeWire.exe"= "C:\\Programfiler\\uTorrent\\uTorrent.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-05-08 10:56] R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-05-08 10:56] . Contents of the 'Scheduled Tasks' folder "2008-06-01 23:03:05 C:\WINDOWS\Tasks\Se etter oppdateringer for Windows Live Toolbar.job" - C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-02 01:01:28 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Programfiler\HPQ\Default Settings\cpqset.exe?????????3?9?8?-??????? ???B?????????????hLC???????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\ati2evxx.exe C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe C:\Programfiler\COMODO\Firewall\cmdagent.exe C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe C:\Programfiler\Apoint2K\ApntEx.exe C:\WINDOWS\system32\imapi.exe . ************************************************************************** . Completion time: 2008-06-02 1:03:39 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-01 23:03:34 ComboFix2.txt 2008-05-30 17:31:28 ComboFix3.txt 2008-03-20 17:41:53 Pre-Run: 6,748,315,648 byte ledig Post-Run: 6,969,774,080 byte ledig 148 --- E O F --- 2008-05-26 14:30:20 Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå