MSN-virus...igjen... Kjørt

MrBaboy · 13. juni 2008

Jeg fatter det ikke...

Hadde msn-viruset for to tre uker siden og gjorde oppryddinger etter anbefalinger, og så ut til at alt var i orden.

Har heller ikke fått noen klager fra folk i msn-lista mi at de har fått noen flere virus-angrep fra meg.

Men plutselig i natt fikk jeg klager igjen. Folk har fått meldinger fra meg med slike dritt-linker, men jeg er helt sikker på at jeg ikke har klikket på noen link i meldinger. Jeg har ikke fått noen slike meldinger fra noen i lista mi heller...

Forige gang jeg hadde msn-viruset fikk jeg plutselig noen merkelige meldinger fra noen som plutselig var satt inn i MSN-lista mi.

Vet ikke om de to nye i lsta bare var noen boter eller om det var mennesker som plutselig snakket til meg på utenlandsk.

Fikk kjapt slettet de ut av lista mi og satt ignore på de.

Kan man få viruset fra surfing på nett også?

Har kjørt ComboFix og sjekket med HijackThis.

Kan noen sjekke loggen min for meg?

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:36:15, on 13.06.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Programfiler\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\Programfiler\Intel\Intel Matrix Storage Manager\iaantmon.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Programfiler\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\CTHELPER.EXE

C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe

C:\Programfiler\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe

C:\Programfiler\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE

C:\Programfiler\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe

C:\Programfiler\Creative\Shared Files\Module Loader\DLLML.exe

C:\Programfiler\Dell\Media Experience\DMXLauncher.exe

C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\Programfiler\Fellesfiler\PCSuite\DataLayer\DataLayer.exe

C:\Programfiler\Lexmark X1100 Series\lxbkbmgr.exe

C:\Programfiler\CyberLink\PCM4Everio\EverioService.exe

C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

C:\Programfiler\Lexmark X1100 Series\lxbkbmon.exe

C:\Programfiler\iTunes\iTunesHelper.exe

C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe

C:\PROGRA~1\FELLES~1\PCSuite\Services\SERVIC~1.EXE

C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

C:\Programfiler\Telenor\Telenorhjelpen\Telenor.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe

C:\Programfiler\Mamut Teamwork\Mamut Teamwork\Mamut Teamwork.exe

C:\Programfiler\iPod\bin\iPodService.exe

C:\Programfiler\Windows Live\Messenger\usnsvc.exe

C:\PROGRA~1\FELLES~1\SYMANT~1\CCPD-LC\symlcsvc.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Programfiler\Internet Explorer\iexplore.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com

R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FELLES~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Telenor Telenorhjelpen Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Programfiler\Telenor\Telenorhjelpen\IEFixItNowPlugin.dll

O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll

O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [iAAnotif] "C:\Programfiler\Intel\Intel Matrix Storage Manager\iaanotif.exe"

O4 - HKLM\..\Run: [DVDLauncher] "C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [CTDVDDET] "C:\Programfiler\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"

O4 - HKLM\..\Run: [VolPanel] "C:\Programfiler\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r

O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Programfiler\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Programfiler\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"

O4 - HKLM\..\Run: [CTXFIREG] C:\drivers\audio\addon\common\i386\CTxfiReg.exe

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [DMXLauncher] "C:\Programfiler\Dell\Media Experience\DMXLauncher.exe"

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [PCSuiteTrayApplication] "C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe" -onlytray

O4 - HKLM\..\Run: [DataLayer] C:\Programfiler\Fellesfiler\PCSuite\DataLayer\DataLayer.exe

O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Programfiler\Lexmark X1100 Series\lxbkbmgr.exe"

O4 - HKLM\..\Run: [EverioService] "C:\Programfiler\CyberLink\PCM4Everio\EverioService.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sweetIM] C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe

O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Programfiler\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [Telenorhjelpen] "C:\Programfiler\Telenor\Telenorhjelpen\Telenor.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [sweetIM] C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Mamut Teamwork.lnk = ?

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite...vex-2.0.4.4.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programfiler\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://lover-girl1992.spaces.live.com//Pho...ad/MsnPUpld.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1138223154390

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - https://eurofoto.if.no/uploader/ImageUploader4.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shock...ash/swflash.cab

O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://213.161.226.178:1111/activex/AMC.cab

O16 - DPF: {E43DF60D-D6FA-42AB-921C-FE0A023C5BE1} (eWebEditProLibCtl.eWebEditPro) - http://adm.home.online.no/ewebeditpro2/ewebeditpro.cab

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Programfiler\Intel\Intel Matrix Storage Manager\iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: LiveUpdate - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Programfiler\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programfiler\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FELLES~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--

End of file - 13626 bytes

norbat · 13. juni 2008

Kunne du ha postet combofix-loggen også?

I mens noen ser på den gjør du følgende:

Last ned Malwarebytes Anti-Malware til skrivebordet.

Kjør og installer programmet. Velg Norsk-språk

La programmet oppdatere seg og velg å kjør en 'hurtig systemscan', klikk Skann.

Det kommer en meldingsboks om at scannen er ferdig, klikk Ok

Klikk på 'Vis resultat'-knappen.Hvis det er funnet malware, vil du nå se hva som er funnet.

Klikk så påFjern valgte -knappen for å fjerne malwaren som evt. ble funnet.

Det vil deretter åpnes en logg i notisblokk. Den kan du kopiere og poste.

MrBaboy · 13. juni 2008

Glemte Combofix-log'n...sorry...

Jeg kjørte kommandoen Combofix /u i KJØR-vinduet da den var ferdig.

ComboFix 08-06-03.1 - Ofelia Leilani 2008-06-13 10:29:15.3 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.455 [GMT 2:00]

Running from: C:\Documents and Settings\Ofelia Leilani\Skrivebord\HiJackThis\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((( Files Created from 2008-05-13 to 2008-06-13 )))))))))))))))))))))))))))))))

.

2008-06-12 08:57 . 2008-04-14 17:54 272,256 -----c--- C:\WINDOWS\system32\drivers\bthport.sys

2008-06-12 08:57 . 2008-04-14 17:54 272,256 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

2008-06-07 09:25 . 2008-06-07 09:25 <DIR> d----c--- C:\Documents and Settings\All Users\Programdata\Emotum

2008-06-04 09:50 . 2008-06-04 09:50 <DIR> d----c--- C:\Programfiler\Trend Micro

2008-06-03 21:38 . 2008-01-04 20:34 23,920 --a--c--- C:\WINDOWS\system32\drivers\sskbfd.sys

2008-06-03 11:55 . 2008-06-04 09:01 <DIR> d----c--- C:\Programfiler\Panda Security

2008-06-03 11:22 . 2008-06-03 13:41 <DIR> d----c--- C:\WINDOWS\BDOSCAN8

2008-06-03 11:03 . 2008-06-03 11:03 <DIR> d----c--- C:\WINDOWS\system32\824223

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-13 08:33 --------- dc----w C:\Programfiler\Fellesfiler\Symantec Shared

2008-06-13 06:54 --------- dc----w C:\Documents and Settings\All Users\Programdata\Symantec

2008-06-09 09:45 --------- dc----w C:\Programfiler\Lexmark X1100 Series

2008-06-07 07:28 --------- dc----w C:\Documents and Settings\All Users\Programdata\Telenor

2008-06-07 07:24 --------- dc----w C:\Programfiler\Telenor

2008-06-04 08:23 --------- dc----w C:\Programfiler\Macrogaming

2008-06-03 11:59 --------- dc-h--w C:\Programfiler\InstallShield Installation Information

2008-06-03 06:35 805 -c--a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF

2008-06-03 06:35 60,800 -c--a-w C:\WINDOWS\system32\S32EVNT1.DLL

2008-06-03 06:35 123,952 -c--a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS

2008-06-03 06:35 10,671 -c--a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT

2008-06-03 06:35 --------- dc----w C:\Programfiler\Symantec

2008-05-22 07:53 --------- dc----w C:\Programfiler\Google

2008-05-10 14:09 --------- dc----w C:\Programfiler\Fellesfiler\Adobe

2008-05-10 14:08 --------- dc----w C:\Documents and Settings\Ofelia Leilani\Programdata\AdobeUM

2008-05-08 12:28 202,752 -c--a-w C:\WINDOWS\system32\drivers\rmcast.sys

2008-05-07 05:16 1,290,752 -c--a-w C:\WINDOWS\system32\quartz.dll

2008-04-29 12:23 --------- dc-h--r C:\Documents and Settings\Ofelia Leilani\Programdata\yahoo!

2008-04-29 12:23 --------- dc----w C:\Documents and Settings\Ofelia Leilani\Programdata\Lavasoft

2008-04-29 12:23 --------- dc----w C:\Documents and Settings\All Users\Programdata\yahoo!

2008-04-28 08:47 --------- dc----w C:\Programfiler\LimeWire

2008-04-23 04:22 826,368 -c--a-w C:\WINDOWS\system32\wininet.dll

2008-03-25 04:51 621,344 -c--a-w C:\WINDOWS\system32\mswstr10.dll

2008-03-25 04:51 166,688 -c--a-w C:\WINDOWS\system32\msjint40.dll

2008-03-20 08:11 1,845,248 -c--a-w C:\WINDOWS\system32\win32k.sys

.

((((((((((((((((((((((((((((( snapshot@2008-06-04_11.05.06,20 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-06-04 06:21:26 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-06-13 06:38:06 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-04-14 15:54:25 272,256 -c----w C:\WINDOWS\Driver Cache\i386\bthport.sys

+ 2008-03-01 13:05:18 124,928 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\advpack.dll

+ 2008-03-01 13:05:18 347,136 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtmsft.dll

+ 2008-03-01 13:05:18 214,528 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtrans.dll

+ 2008-03-01 13:05:18 133,120 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\extmgr.dll

+ 2008-03-01 13:05:18 63,488 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\icardie.dll

+ 2008-02-29 08:58:26 70,656 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ie4uinit.exe

+ 2008-03-01 13:05:18 153,088 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakeng.dll

+ 2008-03-01 13:05:18 230,400 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieaksie.dll

+ 2008-02-15 05:44:25 161,792 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakui.dll

+ 2008-03-01 13:05:18 383,488 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieapfltr.dll

+ 2008-03-01 13:05:19 384,512 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iedkcs32.dll

+ 2008-03-01 13:05:20 6,066,176 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieframe.dll

+ 2008-03-01 13:05:20 44,544 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iernonce.dll

+ 2008-03-01 13:05:20 267,776 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iertutil.dll

+ 2008-02-22 10:00:51 13,824 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieudinit.exe

+ 2008-02-29 08:58:53 625,664 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iexplore.exe

+ 2008-03-01 13:05:21 27,648 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\jsproxy.dll

+ 2008-03-01 13:05:21 459,264 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msfeeds.dll

+ 2008-03-01 13:05:21 52,224 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msfeedsbs.dll

+ 2008-03-01 16:35:26 3,591,680 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtml.dll

+ 2008-03-01 13:05:24 478,208 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtmled.dll

+ 2008-03-01 13:05:24 193,024 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msrating.dll

+ 2008-03-01 13:05:25 671,232 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mstime.dll

+ 2008-03-01 13:05:25 102,912 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\occache.dll

+ 2008-03-01 13:05:25 44,544 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\pngfilt.dll

+ 2007-03-06 02:01:51 214,752 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe

+ 2007-03-06 02:03:01 374,496 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\updspapi.dll

+ 2008-03-01 13:05:25 105,984 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\url.dll

+ 2008-03-01 13:05:25 1,159,680 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\urlmon.dll

+ 2008-03-01 13:05:25 233,472 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\webcheck.dll

+ 2008-03-01 13:05:26 826,368 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll

- 2008-05-14 22:03:58 593,920 -c--a-r C:\WINDOWS\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\accicons.exe

+ 2008-06-12 16:26:17 593,920 -c--a-r C:\WINDOWS\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\accicons.exe

- 2008-05-14 22:03:58 12,288 -c--a-r C:\WINDOWS\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\cagicon.exe

+ 2008-06-12 16:26:17 12,288 -c--a-r C:\WINDOWS\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\cagicon.exe

- 2008-05-14 22:03:58 86,016 -c--a-r C:\WINDOWS\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\inficon.exe

+ 2008-06-12 16:26:17 86,016 -c--a-r C:\WINDOWS\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\inficon.exe

- 2008-05-14 22:03:58 135,168 -c--a-r C:\WINDOWS\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\misc.exe

+ 2008-06-12 16:26:16 135,168 -c--a-r C:\WINDOWS\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\misc.exe

- 2008-05-14 22:03:58 11,264 -c--a-r C:\WINDOWS\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\mspicons.exe

+ 2008-06-12 16:26:17 11,264 -c--a-r C:\WINDOWS\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\mspicons.exe

- 2008-05-14 22:03:58 27,136 -c--a-r C:\WINDOWS\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\oisicon.exe

+ 2008-06-12 16:26:17 27,136 -c--a-r C:\WINDOWS\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\oisicon.exe

- 2008-05-14 22:03:58 4,096 -c--a-r C:\WINDOWS\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\opwicon.exe

+ 2008-06-12 16:26:17 4,096 -c--a-r C:\WINDOWS\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\opwicon.exe

- 2008-05-14 22:03:58 794,624 -c--a-r C:\WINDOWS\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\outicon.exe

+ 2008-06-12 16:26:17 794,624 -c--a-r C:\WINDOWS\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\outicon.exe

- 2008-05-14 22:03:58 249,856 -c--a-r C:\WINDOWS\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\pptico.exe

+ 2008-06-12 16:26:17 249,856 -c--a-r C:\WINDOWS\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\pptico.exe

- 2008-05-14 22:03:58 61,440 -c--a-r C:\WINDOWS\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\pubs.exe

+ 2008-06-12 16:26:16 61,440 -c--a-r C:\WINDOWS\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\pubs.exe

- 2008-05-14 22:03:58 23,040 -c--a-r C:\WINDOWS\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\unbndico.exe

+ 2008-06-12 16:26:17 23,040 -c--a-r C:\WINDOWS\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\unbndico.exe

- 2008-05-14 22:03:58 286,720 -c--a-r C:\WINDOWS\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\wordicon.exe

+ 2008-06-12 16:26:16 286,720 -c--a-r C:\WINDOWS\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\wordicon.exe

- 2008-05-14 22:03:57 409,600 -c--a-r C:\WINDOWS\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\xlicons.exe

+ 2008-06-12 16:26:16 409,600 -c--a-r C:\WINDOWS\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\xlicons.exe

- 2008-03-01 13:05:18 124,928 -c--a-w C:\WINDOWS\system32\advpack.dll

+ 2008-04-23 04:22:22 124,928 -c--a-w C:\WINDOWS\system32\advpack.dll

- 2008-03-01 13:05:18 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll

+ 2008-04-23 04:22:22 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll

- 2008-03-01 13:05:18 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll

+ 2008-04-23 04:22:22 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll

- 2008-03-01 13:05:18 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll

+ 2008-04-23 04:22:22 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll

- 2008-03-01 13:05:18 133,120 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll

+ 2008-04-23 04:22:22 133,120 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll

- 2008-03-01 13:05:18 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll

+ 2008-04-23 04:22:22 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll

- 2008-02-29 08:58:26 70,656 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe

+ 2008-04-22 07:43:26 70,656 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe

- 2008-03-01 13:05:18 153,088 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll

+ 2008-04-23 04:22:22 153,088 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll

- 2008-03-01 13:05:18 230,400 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll

+ 2008-04-23 04:22:22 230,400 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll

- 2008-02-15 05:44:25 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll

+ 2008-04-20 05:07:51 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll

- 2008-03-01 13:05:18 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll

+ 2008-04-23 04:22:22 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll

- 2008-03-01 13:05:19 384,512 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll

+ 2008-04-23 04:22:22 384,512 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll

- 2008-03-01 13:05:20 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll

+ 2008-04-23 04:22:23 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll

- 2008-03-01 13:05:20 44,544 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll

+ 2008-04-23 04:22:23 44,544 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll

- 2008-03-01 13:05:20 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll

+ 2008-04-23 04:22:23 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll

- 2008-02-22 10:00:51 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe

+ 2008-04-22 07:39:58 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe

- 2008-02-29 08:58:53 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe

+ 2008-04-22 07:43:46 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe

- 2008-03-01 13:05:21 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll

+ 2008-04-23 04:22:23 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll

- 2008-03-01 13:05:21 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll

+ 2008-04-23 04:22:23 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll

- 2008-03-01 13:05:21 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll

+ 2008-04-23 04:22:23 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll

- 2008-03-01 16:35:26 3,591,680 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll

+ 2008-04-23 20:22:24 3,591,680 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll

- 2008-03-01 13:05:24 478,208 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll

+ 2008-04-23 04:22:23 478,208 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll

- 2008-03-01 13:05:24 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll

+ 2008-04-23 04:22:23 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll

- 2008-03-01 13:05:25 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll

+ 2008-04-23 04:22:23 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll

- 2008-03-01 13:05:25 102,912 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll

+ 2008-04-23 04:22:23 102,912 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll

- 2008-03-01 13:05:25 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll

+ 2008-04-23 04:22:23 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll

- 2007-10-29 22:45:19 1,290,752 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll

+ 2008-05-07 05:16:33 1,290,752 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll

- 2006-07-13 08:48:58 202,240 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys

+ 2008-05-08 12:28:49 202,752 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys

- 2008-03-01 13:05:25 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll

+ 2008-04-23 04:22:23 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll

- 2008-03-01 13:05:25 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll

+ 2008-04-23 04:22:23 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll

- 2008-03-01 13:05:25 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll

+ 2008-04-23 04:22:23 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll

- 2008-03-01 13:05:26 826,368 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll

+ 2008-04-23 04:22:23 826,368 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll

- 2008-03-01 13:05:18 347,136 -c--a-w C:\WINDOWS\system32\dxtmsft.dll

+ 2008-04-23 04:22:22 347,136 -c--a-w C:\WINDOWS\system32\dxtmsft.dll

- 2008-03-01 13:05:18 214,528 -c--a-w C:\WINDOWS\system32\dxtrans.dll

+ 2008-04-23 04:22:22 214,528 -c--a-w C:\WINDOWS\system32\dxtrans.dll

- 2008-03-01 13:05:18 133,120 -c--a-w C:\WINDOWS\system32\extmgr.dll

+ 2008-04-23 04:22:22 133,120 -c--a-w C:\WINDOWS\system32\extmgr.dll

- 2008-03-01 13:05:18 63,488 -c--a-w C:\WINDOWS\system32\icardie.dll

+ 2008-04-23 04:22:22 63,488 -c--a-w C:\WINDOWS\system32\icardie.dll

- 2008-02-29 08:58:26 70,656 -c--a-w C:\WINDOWS\system32\ie4uinit.exe

+ 2008-04-22 07:43:26 70,656 -c--a-w C:\WINDOWS\system32\ie4uinit.exe

- 2008-03-01 13:05:18 153,088 -c--a-w C:\WINDOWS\system32\ieakeng.dll

+ 2008-04-23 04:22:22 153,088 -c--a-w C:\WINDOWS\system32\ieakeng.dll

- 2008-03-01 13:05:18 230,400 -c--a-w C:\WINDOWS\system32\ieaksie.dll

+ 2008-04-23 04:22:22 230,400 -c--a-w C:\WINDOWS\system32\ieaksie.dll

- 2008-02-15 05:44:25 161,792 -c--a-w C:\WINDOWS\system32\ieakui.dll

+ 2008-04-20 05:07:51 161,792 -c--a-w C:\WINDOWS\system32\ieakui.dll

- 2008-03-01 13:05:18 383,488 -c--a-w C:\WINDOWS\system32\ieapfltr.dll

+ 2008-04-23 04:22:22 383,488 -c--a-w C:\WINDOWS\system32\ieapfltr.dll

- 2008-03-01 13:05:19 384,512 -c--a-w C:\WINDOWS\system32\iedkcs32.dll

+ 2008-04-23 04:22:22 384,512 -c--a-w C:\WINDOWS\system32\iedkcs32.dll

- 2008-03-01 13:05:20 6,066,176 -c--a-w C:\WINDOWS\system32\ieframe.dll

+ 2008-04-23 04:22:23 6,066,176 -c--a-w C:\WINDOWS\system32\ieframe.dll

- 2008-03-01 13:05:20 44,544 -c--a-w C:\WINDOWS\system32\iernonce.dll

+ 2008-04-23 04:22:23 44,544 -c--a-w C:\WINDOWS\system32\iernonce.dll

- 2008-03-01 13:05:20 267,776 -c--a-w C:\WINDOWS\system32\iertutil.dll

+ 2008-04-23 04:22:23 267,776 -c--a-w C:\WINDOWS\system32\iertutil.dll

- 2008-02-22 10:00:51 13,824 -c--a-w C:\WINDOWS\system32\ieudinit.exe

+ 2008-04-22 07:39:58 13,824 -c--a-w C:\WINDOWS\system32\ieudinit.exe

- 2008-03-01 13:05:21 27,648 -c--a-w C:\WINDOWS\system32\jsproxy.dll

+ 2008-04-23 04:22:23 27,648 -c--a-w C:\WINDOWS\system32\jsproxy.dll

+ 2008-03-25 02:32:44 218,496 -c--a-r C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe

- 2008-02-13 21:16:16 74,649 -c--a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

+ 2008-06-12 06:54:36 74,137 -c--a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

- 2008-05-09 21:35:04 16,863,864 -c--a-w C:\WINDOWS\system32\MRT.exe

+ 2008-05-29 23:35:11 17,486,968 -c--a-w C:\WINDOWS\system32\MRT.exe

- 2008-03-01 13:05:21 459,264 -c--a-w C:\WINDOWS\system32\msfeeds.dll

+ 2008-04-23 04:22:23 459,264 -c--a-w C:\WINDOWS\system32\msfeeds.dll

- 2008-03-01 13:05:21 52,224 -c--a-w C:\WINDOWS\system32\msfeedsbs.dll

+ 2008-04-23 04:22:23 52,224 -c--a-w C:\WINDOWS\system32\msfeedsbs.dll

- 2008-03-01 16:35:26 3,591,680 -c--a-w C:\WINDOWS\system32\mshtml.dll

+ 2008-04-23 20:22:24 3,591,680 -c--a-w C:\WINDOWS\system32\mshtml.dll

- 2008-03-01 13:05:24 478,208 -c--a-w C:\WINDOWS\system32\mshtmled.dll

+ 2008-04-23 04:22:23 478,208 -c--a-w C:\WINDOWS\system32\mshtmled.dll

- 2008-03-01 13:05:24 193,024 -c--a-w C:\WINDOWS\system32\msrating.dll

+ 2008-04-23 04:22:23 193,024 -c--a-w C:\WINDOWS\system32\msrating.dll

- 2008-03-01 13:05:25 671,232 -c--a-w C:\WINDOWS\system32\mstime.dll

+ 2008-04-23 04:22:23 671,232 -c--a-w C:\WINDOWS\system32\mstime.dll

- 2008-03-01 13:05:25 102,912 -c--a-w C:\WINDOWS\system32\occache.dll

+ 2008-04-23 04:22:23 102,912 -c--a-w C:\WINDOWS\system32\occache.dll

- 2008-06-04 06:25:53 108,662 ----a-w C:\WINDOWS\system32\perfc009.dat

+ 2008-06-13 06:42:31 110,402 ----a-w C:\WINDOWS\system32\perfc009.dat

- 2008-06-04 06:25:53 118,254 ----a-w C:\WINDOWS\system32\perfc014.dat

+ 2008-06-13 06:42:31 119,994 ----a-w C:\WINDOWS\system32\perfc014.dat

- 2008-06-04 06:25:53 533,096 ----a-w C:\WINDOWS\system32\perfh009.dat

+ 2008-06-13 06:42:31 537,716 ----a-w C:\WINDOWS\system32\perfh009.dat

- 2008-06-04 06:25:53 533,708 ----a-w C:\WINDOWS\system32\perfh014.dat

+ 2008-06-13 06:42:31 538,208 ----a-w C:\WINDOWS\system32\perfh014.dat

- 2008-03-01 13:05:25 44,544 -c--a-w C:\WINDOWS\system32\pngfilt.dll

+ 2008-04-23 04:22:23 44,544 -c--a-w C:\WINDOWS\system32\pngfilt.dll

- 2006-10-16 15:10:58 14,640 -c----w C:\WINDOWS\system32\spmsg.dll

+ 2007-11-30 11:19:51 17,784 -c----w C:\WINDOWS\system32\spmsg.dll

- 2008-03-01 13:05:25 105,984 -c--a-w C:\WINDOWS\system32\url.dll

+ 2008-04-23 04:22:23 105,984 -c--a-w C:\WINDOWS\system32\url.dll

- 2008-03-01 13:05:25 1,159,680 -c--a-w C:\WINDOWS\system32\urlmon.dll

+ 2008-04-23 04:22:23 1,159,680 -c--a-w C:\WINDOWS\system32\urlmon.dll

- 2008-03-01 13:05:25 233,472 -c--a-w C:\WINDOWS\system32\webcheck.dll

+ 2008-04-23 04:22:23 233,472 -c--a-w C:\WINDOWS\system32\webcheck.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

2007-08-25 05:51 316784 --a--c--- C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]

2008-03-13 10:16 116088 --a--c--- C:\PROGRA~1\FELLES~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= "C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll" [2007-08-25 05:51 316784]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]

[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]

[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-25 05:51 316784]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]

[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]

[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe" [2005-10-28 17:25 94208]

"msnmsgr"="C:\Programfiler\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

"SweetIM"="C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe" [2008-01-02 21:15 103712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 14:00 33280 C:\WINDOWS\system32\rundll32.exe]

"CTHelper"="CTHELPER.EXE" [2005-09-20 13:08 16384 C:\WINDOWS\CTHELPER.EXE]

"CTxfiHlp"="CTXFIHLP.EXE" [2005-11-11 07:07 19968 C:\WINDOWS\system32\CTXFIHLP.EXE]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]

"IAAnotif"="C:\Programfiler\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 09:56 139264]

"DVDLauncher"="C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 18:19 53248]

"CTDVDDET"="C:\Programfiler\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 03:00 45056]

"VolPanel"="C:\Programfiler\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 13:34 122880]

"AudioDrvEmulator"="C:\Programfiler\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 20:25 49152]

"CTXFIREG"="C:\drivers\audio\addon\common\i386\CTxfiReg.exe" [2005-11-11 07:07 36864]

"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 03:00 90112]

"DMXLauncher"="C:\Programfiler\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 03:02 86016]

"ISUSPM Startup"="C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 18:50 221184]

"ISUSScheduler"="C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" [2004-07-27 18:50 81920]

"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 06:33 122941]

"PCSuiteTrayApplication"="C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-03-22 09:39 167936]

"DataLayer"="C:\Programfiler\Fellesfiler\PCSuite\DataLayer\DataLayer.exe" [2005-03-31 09:30 1106944]

"Lexmark X1100 Series"="C:\Programfiler\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 17:06 57344]

"EverioService"="C:\Programfiler\CyberLink\PCM4Everio\EverioService.exe" [2006-11-22 22:10 151552]

"QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2008-02-01 00:13 385024]

"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]

"SweetIM"="C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe" [2008-01-02 21:15 103712]

"ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2008-02-14 12:01 51048]

"osCheck"="C:\Programfiler\Norton Internet Security\osCheck.exe" [2007-08-25 06:53 714608]

"Telenorhjelpen"="C:\Programfiler\Telenor\Telenorhjelpen\Telenor.exe" [2008-02-07 15:35 189120]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]

C:\Documents and Settings\Ofelia Leilani\Start-meny\Programmer\Oppstart\

Mamut Teamwork.lnk - C:\Documents and Settings\Ofelia Leilani\Programdata\Microsoft\Installer\{B1A0C792-C497-44AD-8030-A46A9D4A2792}\_26e91eb.exe [2008-03-10 17:54:20 3638]

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

Adobe Reader Speed Launch.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.DIV3"= DivXc32.dll

"vidc.DIV4"= DivXc32f.dll

"msacm.divxa32"= DivXa32.acm

"VIDC.MJPG"= Pvmjpg30.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a--c--- 2008-02-19 14:10 267048 C:\Programfiler\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a--c--- 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programfiler\\Messenger\\msmsgs.exe"=

"C:\\Programfiler\\Pinnacle\\Studio 10\\programs\\RM.exe"=

"C:\\Programfiler\\Pinnacle\\Studio 10\\programs\\Studio.exe"=

"C:\\Programfiler\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=

"C:\\Programfiler\\Pinnacle\\Studio 10\\programs\\umi.exe"=

"C:\\Programfiler\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"C:\\Programfiler\\Yahoo!\\Messenger\\YServer.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Programfiler\\CyberLink\\PCM4Everio\\PCM4Everio.exe"=

"C:\\Programfiler\\CyberLink\\PCM4Everio\\EverioService.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Programfiler\\iTunes\\iTunes.exe"=

"C:\\Programfiler\\Telenor\\Telenorhjelpen\\Telenor.exe"=

R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe" /h ccCommon []

R3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 22:32]

R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2005-09-20 12:53]

S2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;"C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-08-31 12:49]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7921bbdb-14f4-11dd-89ca-0013720798c8}]

\Shell\AutoRun\command - J:\laucher.exe

*Newly Created Service* - COMHOST

.

Contents of the 'Scheduled Tasks' folder

"2008-06-09 20:47:37 C:\WINDOWS\Tasks\Norton Internet Security Online - Kjør full systemskanning - Ofelia Leilani.job"

- C:\Programfiler\Norton Internet Security\Norton AntiVirus\Navw32.exec/TASK:

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-13 10:33:14

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]

"IAAnotif"="\"C:\\Programfiler\\Intel\\Intel Matrix Storage Manager\\iaanotif.exe\""

.

Completion time: 2008-06-13 10:34:24

ComboFix-quarantined-files.txt 2008-06-13 08:34:03

ComboFix2.txt 2008-06-04 09:06:05

Pre-Run: 336,833,339,392 byte ledig

Post-Run: 337,109,372,928 byte ledig

361 --- E O F --- 2008-06-12 16:28:49

norbat · 13. juni 2008

Ser ingenting knyttet til 'msn-viruset'.

I din forrige post var det heller ingen filer som var knyttet til de msn-infeksjonene som har herjet litt i det siste. De linjene som du skulle fjerne ligger fortsatt i loggen din.

Kunne du si noe om hvilke lenker du sender ut (hva er linkadressen)?

Uansett, kjør Malwarebytes A-M og se om den snapper opp noe.

MrBaboy · 13. juni 2008

Ingen av de som har gitt tilbakemelding om at de fikk linker fra meg beit seg merke i hvilke adresser det var.

Muligens den ene var noe med mobiltelefon-tjenesterekal.e med .info

Malwarebytes' Anti-Malware 1.17

Database versjon: 851

11:20:10 13.06.2008

mbam-log-6-13-2008 (11-20-10).txt

Skann type: Rask Skann

Objekter skannet: 41352

Tid tilbakelagt: 6 minute(s), 52 second(s)

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 1

Registerverdier infisert: 13

Registerfiler infisert: 0

Mapper infisert: 2

Filer infisert: 1

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

Registernøkler infisert:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Web Application (Trojan.Zlob) -> Quarantined and deleted successfully.

Registerverdier infisert:

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{51d81dd5-55b7-497f-95db-d356429bb54e} (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchURL (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

Mapper infisert:

C:\Programfiler\SoftwareDoctor (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\824223 (Trojan.BHO) -> Quarantined and deleted successfully.

Filer infisert:

C:\Documents and Settings\Ofelia Leilani\results.txt (Malware.Trace) -> Quarantined and deleted successfully.

norbat · 13. juni 2008

Fint, så tar vi en ny hjt-logg til slutt

MrBaboy · 13. juni 2008

Ny HiackThis log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:32:56, on 13.06.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Programfiler\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\Programfiler\Intel\Intel Matrix Storage Manager\iaantmon.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Programfiler\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\CTHELPER.EXE

C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe

C:\Programfiler\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe

C:\Programfiler\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE

C:\Programfiler\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe

C:\Programfiler\Creative\Shared Files\Module Loader\DLLML.exe

C:\Programfiler\Dell\Media Experience\DMXLauncher.exe

C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\Programfiler\Fellesfiler\PCSuite\DataLayer\DataLayer.exe

C:\Programfiler\Lexmark X1100 Series\lxbkbmgr.exe

C:\Programfiler\CyberLink\PCM4Everio\EverioService.exe

C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

C:\Programfiler\Lexmark X1100 Series\lxbkbmon.exe

C:\Programfiler\iTunes\iTunesHelper.exe

C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe

C:\PROGRA~1\FELLES~1\PCSuite\Services\SERVIC~1.EXE

C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

C:\Programfiler\Telenor\Telenorhjelpen\Telenor.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe

C:\Programfiler\Mamut Teamwork\Mamut Teamwork\Mamut Teamwork.exe

C:\Programfiler\iPod\bin\iPodService.exe

C:\Programfiler\Windows Live\Messenger\usnsvc.exe

C:\PROGRA~1\FELLES~1\SYMANT~1\CCPD-LC\symlcsvc.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\WINDOWS\explorer.exe

C:\Programfiler\Internet Explorer\iexplore.exe

C:\Programfiler\Windows Live\Messenger\msnmsgr.exe