rstrr Skrevet 23. juli 2008 Del Skrevet 23. juli 2008 (endret) Da jeg laster ned Combofix på skrivebordet og kjør får jeg melding: Some of files are corrupt. Vil ikke kjøre men vil ha nyere versjon.Lastet fra flere sider. Endret 23. juli 2008 av rstrr Lenke til kommentar
rstrr Skrevet 23. juli 2008 Forfatter Del Skrevet 23. juli 2008 Her er min Hijackthis logg. Har problemer med Aware Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:31:18, on 23.07.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Programfiler\HPQ\IAM\bin\asghost.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Analog Devices\Core\smax4pnp.exe C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe C:\Programfiler\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Programfiler\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\WINDOWS\SMINST\Scheduler.exe C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Programfiler\Fellesfiler\Pure Networks Shared\Platform\nmctxth.exe C:\Programfiler\Pure Networks\Network Magic\nmapp.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Programfiler\SqueezeCenter\SqueezeTray.exe C:\PROGRA~1\SQUEEZ~1\server\SQUEEZ~1.EXE C:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe C:\PROGRA~1\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe C:\Programfiler\Fellesfiler\Pure Networks Shared\Platform\nmsrvc.exe C:\WINDOWS\system32\mqsvc.exe C:\WINDOWS\system32\mqtgsvc.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE C:\WINDOWS\System32\svchost.exe C:\Programfiler\Windows Live\Messenger\usnsvc.exe C:\Documents and Settings\Administrator\Skrivebord\TestThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/nyheter/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Programfiler\HPQ\IAM\Bin\ItIeAddIN.dll O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: (no name) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - (no file) O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [soundMAXPnP] C:\Programfiler\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [PTHOSTTR] C:\Programfiler\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe O4 - HKLM\..\Run: [scheduler] C:\WINDOWS\SMINST\Scheduler.exe O4 - HKLM\..\Run: [WatchDog] C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe O4 - HKLM\..\Run: [avgnt] "C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [nmctxth] "C:\Programfiler\Fellesfiler\Pure Networks Shared\Platform\nmctxth.exe" O4 - HKLM\..\Run: [nmapp] "C:\Programfiler\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: DVD Check.lnk = C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: SqueezeCenter Tray Tool.lnk = C:\Programfiler\SqueezeCenter\SqueezeTray.exe O8 - Extra context menu item: Send til &Bluetooth - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Blogg dette - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blogg dette i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Programfiler\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1209234571984 O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: OneCard - C:\Programfiler\HPQ\IAM\Bin\AsWlnPkg.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Automatisk LiveUpdate-planlegging - Unknown owner - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Programfiler\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Programfiler\Fellesfiler\Pure Networks Shared\Platform\nmsrvc.exe O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe O23 - Service: SqueezeMySQL - Unknown owner - C:\PROGRA~1\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe -- End of file - 10639 bytes Mvh rstrr Lenke til kommentar
baosen Skrevet 23. juli 2008 Del Skrevet 23. juli 2008 Hvis du har problemer med AdWare, er SuperAntiSpyware å anbefale . Last ned og kjør en full scan . Så kan du poste loggen den gir ut . Lenke til kommentar
rstrr Skrevet 23. juli 2008 Forfatter Del Skrevet 23. juli 2008 (endret) Her er Combofix loggen ComboFix 08-07-22.3 - Administrator 2008-07-23 11:13:07.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.464 [GMT 2:00] Running from: C:\Documents and Settings\Administrator\Skrivebord\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-06-23 to 2008-07-23 ))))))))))))))))))))))))))))))) . 2008-07-23 09:28 . 2008-07-23 09:28 <DIR> dr-h----- C:\Documents and Settings\Administrator\Siste 2008-07-22 21:35 . 2008-07-22 21:35 <DIR> d--h----- C:\WINDOWS\PIF 2008-07-22 09:35 . 2008-07-22 09:35 <DIR> d-------- C:\Programfiler\Pure Networks 2008-07-22 09:35 . 2008-05-16 06:10 23,992 --a------ C:\WINDOWS\system32\drivers\pnarp.sys 2008-07-22 09:34 . 2008-07-22 09:34 <DIR> d-------- C:\Programfiler\Fellesfiler\Pure Networks Shared 2008-07-22 09:34 . 2008-07-22 09:34 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Pure Networks 2008-07-22 09:34 . 2008-05-16 06:10 25,272 --a------ C:\WINDOWS\system32\drivers\purendis.sys 2008-07-21 01:25 . 2008-07-21 01:25 <DIR> d-------- C:\Programfiler\DVD Shrink 2008-07-21 01:25 . 2008-07-21 01:33 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\DVD Shrink 2008-07-21 00:43 . 2008-07-21 00:43 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\InterVideo 2008-07-20 18:42 . 2008-07-20 18:42 <DIR> d-------- C:\Documents and Settings\LocalService\Programdata\AdobeUM 2008-07-15 22:40 . 2008-07-15 22:40 <DIR> d-------- C:\Programfiler\Sun 2008-07-02 13:20 . 2008-07-02 13:20 <DIR> d-------- C:\WINDOWS\Sun 2008-07-02 13:14 . 2008-07-02 13:14 <DIR> d-------- C:\Programfiler\CCleaner 2008-06-25 11:58 . 2008-06-25 11:58 <DIR> d--hs---- C:\WINDOWS\ftpcache . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-15 20:40 --------- d-----w C:\Programfiler\Java 2008-07-10 09:53 --------- d-----w C:\Documents and Settings\Administrator\Programdata\foobar2000 2008-06-21 21:01 --------- d-----w C:\Documents and Settings\Administrator\Programdata\uTorrent 2008-06-20 17:49 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 17:49 246,784 ------w C:\WINDOWS\system32\dllcache\mswsock.dll 2008-06-20 17:49 147,968 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll 2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 11:51 361,600 ------w C:\WINDOWS\system32\dllcache\tcpip.sys 2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 11:40 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys 2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-20 11:08 225,856 ------w C:\WINDOWS\system32\dllcache\tcpip6.sys 2008-06-17 10:21 172 ----a-w C:\Documents and Settings\Administrator\Programdata\wklnhst.dat 2008-06-17 10:04 --------- d-----w C:\Documents and Settings\Administrator\Programdata\Template 2008-06-17 09:38 --------- d-----w C:\Programfiler\Microsoft Works 2008-06-14 17:36 272,256 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-06-14 17:36 272,256 ------w C:\WINDOWS\system32\dllcache\bthport.sys 2008-06-09 16:54 --------- d-----w C:\Programfiler\uTorrent 2008-06-05 12:22 --------- d-----w C:\Programfiler\Internet Download Manager 2008-06-05 12:20 --------- d-----w C:\Documents and Settings\Administrator\Programdata\DMCache 2008-06-05 11:17 --------- d-----w C:\Documents and Settings\Administrator\Programdata\IDM 2008-06-04 09:39 --------- d-----w C:\Documents and Settings\Administrator\Programdata\AccurateRip 2008-06-04 09:22 --------- d-----w C:\Programfiler\Exact Audio Copy 2008-06-04 09:22 --------- d-----w C:\Documents and Settings\Administrator\Programdata\AD ON Multimedia 2008-06-04 09:13 --------- d-----w C:\Programfiler\SqueezeCenter 2008-06-04 08:57 --------- d-----w C:\Programfiler\SUPERAntiSpyware 2008-05-27 09:32 --------- d-----w C:\Documents and Settings\Administrator\Programdata\Sonic 2008-05-27 09:32 --------- d-----w C:\Documents and Settings\Administrator\Programdata\Leadertech 2008-05-10 21:19 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE 2008-05-09 10:56 90,112 ----a-w C:\WINDOWS\system32\wshext.dll 2008-05-09 10:56 90,112 ------w C:\WINDOWS\system32\dllcache\wshext.dll 2008-05-09 10:56 512,000 ------w C:\WINDOWS\system32\dllcache\jscript.dll 2008-05-09 10:56 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll 2008-05-09 10:56 430,080 ------w C:\WINDOWS\system32\dllcache\vbscript.dll 2008-05-09 10:56 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll 2008-05-09 10:56 180,224 ------w C:\WINDOWS\system32\dllcache\scrobj.dll 2008-05-09 10:56 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll 2008-05-09 10:56 172,032 ------w C:\WINDOWS\system32\dllcache\scrrun.dll 2008-05-08 14:02 203,136 ------w C:\WINDOWS\system32\dllcache\rmcast.sys 2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe 2008-05-08 11:24 155,648 ------w C:\WINDOWS\system32\dllcache\wscript.exe 2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe 2008-05-07 09:07 135,168 ------w C:\WINDOWS\system32\dllcache\cscript.exe 2008-05-07 05:12 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll 2008-05-07 05:12 1,291,264 ------w C:\WINDOWS\system32\dllcache\quartz.dll 2008-04-23 20:22 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll . ((((((((((((((((((((((((((((( snapshot@2008-05-27_11.17.47,64 ))))))))))))))))))))))))))))))))))))))))) . + 2008-04-23 04:21:55 124,928 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\advpack.dll + 2008-04-23 04:21:55 347,136 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\dxtmsft.dll + 2008-04-23 04:21:55 214,528 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\dxtrans.dll + 2008-04-23 04:21:55 132,608 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\extmgr.dll + 2008-04-23 04:21:55 63,488 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\icardie.dll + 2008-04-22 08:02:19 70,656 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\ie4uinit.exe + 2008-04-23 04:21:55 153,088 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\ieakeng.dll + 2008-04-23 04:21:55 230,400 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\ieaksie.dll + 2008-04-20 05:07:38 161,792 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\ieakui.dll + 2007-04-17 09:32:38 2,455,488 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\ieapfltr.dat + 2008-04-23 04:21:55 383,488 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\ieapfltr.dll + 2008-04-23 04:21:56 388,608 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\iedkcs32.dll + 2008-04-23 04:21:56 6,068,224 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\ieframe.dll + 2008-04-23 04:21:56 44,544 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\iernonce.dll + 2008-04-23 04:21:56 267,776 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\iertutil.dll + 2008-04-22 08:02:19 13,824 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\ieudinit.exe + 2008-04-22 08:02:46 625,664 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\iexplore.exe + 2008-04-23 04:21:56 27,648 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\jsproxy.dll + 2008-04-23 04:21:56 459,264 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\msfeeds.dll + 2008-04-23 04:21:56 52,224 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\msfeedsbs.dll + 2008-04-23 04:21:57 3,593,728 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\mshtml.dll + 2008-04-23 04:21:57 478,208 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\mshtmled.dll + 2008-04-23 04:21:57 193,024 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\msrating.dll + 2008-04-23 04:21:57 671,232 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\mstime.dll + 2008-04-23 04:21:57 102,912 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\occache.dll + 2008-04-23 04:21:57 44,544 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\pngfilt.dll + 2008-04-23 04:21:57 105,984 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\url.dll + 2008-04-23 04:21:57 1,162,752 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\urlmon.dll + 2008-04-23 04:21:57 233,472 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\webcheck.dll + 2008-04-23 04:21:57 827,392 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll + 2007-03-06 02:01:46 14,560 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\spmsg.dll + 2007-03-06 02:01:51 214,752 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\spuninst.exe + 2007-03-06 02:01:44 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\update\spcustom.dll + 2007-03-06 02:02:09 721,120 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\update\update.exe + 2007-03-06 02:03:01 374,496 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\update\updspapi.dll + 2007-11-30 12:39:50 17,784 ----a-w C:\WINDOWS\$hf_mig$\KB950760\spmsg.dll + 2007-11-30 12:39:50 232,824 ----a-w C:\WINDOWS\$hf_mig$\KB950760\spuninst.exe + 2007-11-30 12:39:50 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB950760\update\spcustom.dll + 2007-11-30 12:39:50 760,696 ----a-w C:\WINDOWS\$hf_mig$\KB950760\update\update.exe + 2007-11-30 12:39:50 385,912 ----a-w C:\WINDOWS\$hf_mig$\KB950760\update\updspapi.dll + 2008-05-08 13:58:17 203,136 ----a-w C:\WINDOWS\$hf_mig$\KB950762\SP3QFE\rmcast.sys + 2007-11-30 12:39:50 17,784 ----a-w C:\WINDOWS\$hf_mig$\KB950762\spmsg.dll + 2007-11-30 12:39:50 232,824 ----a-w C:\WINDOWS\$hf_mig$\KB950762\spuninst.exe + 2007-11-30 12:39:50 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB950762\update\spcustom.dll + 2007-11-30 12:39:50 760,696 ----a-w C:\WINDOWS\$hf_mig$\KB950762\update\update.exe + 2007-11-30 12:39:50 385,912 ----a-w C:\WINDOWS\$hf_mig$\KB950762\update\updspapi.dll + 2008-06-14 17:42:06 272,256 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\SP3QFE\bthport.sys + 2007-11-30 11:19:51 17,784 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\spmsg.dll + 2007-11-30 11:19:51 232,824 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\spuninst.exe + 2007-11-30 11:19:51 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\update\spcustom.dll + 2007-11-30 11:19:51 760,696 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\update\update.exe + 2007-11-30 11:19:51 385,912 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\update\updspapi.dll + 2008-04-14 16:23:11 272,256 ----a-w C:\WINDOWS\$hf_mig$\KB951376\SP3QFE\bthport.sys + 2007-11-30 11:19:51 17,784 ----a-w C:\WINDOWS\$hf_mig$\KB951376\spmsg.dll + 2007-11-30 11:19:51 232,824 ----a-w C:\WINDOWS\$hf_mig$\KB951376\spuninst.exe + 2007-11-30 11:19:51 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951376\update\spcustom.dll + 2007-11-30 11:19:51 760,696 ----a-w C:\WINDOWS\$hf_mig$\KB951376\update\update.exe + 2007-11-30 11:19:51 385,912 ----a-w C:\WINDOWS\$hf_mig$\KB951376\update\updspapi.dll + 2008-05-07 05:09:20 1,291,264 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP3QFE\quartz.dll + 2007-11-30 11:19:51 17,784 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spmsg.dll + 2007-11-30 11:19:51 232,824 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spuninst.exe + 2007-11-30 11:19:51 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\spcustom.dll + 2007-11-30 12:39:50 760,696 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\update.exe + 2007-11-30 12:39:50 385,912 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\updspapi.dll + 2007-11-30 12:39:50 232,824 -c----w C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe + 2007-11-30 12:39:50 385,912 -c----w C:\WINDOWS\$NtUninstallKB950760$\spuninst\updspapi.dll + 2008-04-13 18:55:08 202,624 -c----w C:\WINDOWS\$NtUninstallKB950762$\rmcast.sys + 2007-11-30 12:39:50 232,824 -c----w C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe + 2007-11-30 12:39:50 385,912 -c----w C:\WINDOWS\$NtUninstallKB950762$\spuninst\updspapi.dll + 2008-04-14 16:01:07 272,256 -c----w C:\WINDOWS\$NtUninstallKB951376-v2$\bthport.sys + 2007-11-30 11:19:51 232,824 -c----w C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe + 2007-11-30 11:19:51 385,912 -c----w C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\updspapi.dll + 2008-04-14 15:43:05 273,152 -c----w C:\WINDOWS\$NtUninstallKB951376$\bthport.sys + 2007-11-30 11:19:51 232,824 -c----w C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe + 2007-11-30 11:19:51 385,912 -c----w C:\WINDOWS\$NtUninstallKB951376$\spuninst\updspapi.dll + 2008-04-14 16:22:19 1,291,264 -c----w C:\WINDOWS\$NtUninstallKB951698$\quartz.dll + 2007-11-30 11:19:51 232,824 -c----w C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe + 2007-11-30 12:39:50 385,912 -c----w C:\WINDOWS\$NtUninstallKB951698$\spuninst\updspapi.dll + 2007-09-04 13:59:42 380,144 ----a-w C:\WINDOWS\Downloaded Program Files\sabspx.dll + 2008-06-14 17:36:44 272,256 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys + 2008-03-01 13:05:18 124,928 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\advpack.dll + 2008-03-01 13:05:18 347,136 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtmsft.dll + 2008-03-01 13:05:18 214,528 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtrans.dll + 2008-03-01 13:05:18 133,120 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\extmgr.dll + 2008-03-01 13:05:18 63,488 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\icardie.dll + 2008-02-29 08:58:26 70,656 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ie4uinit.exe + 2008-03-01 13:05:18 153,088 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakeng.dll + 2008-03-01 13:05:18 230,400 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieaksie.dll + 2008-02-15 05:44:25 161,792 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakui.dll + 2008-03-01 13:05:18 383,488 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieapfltr.dll + 2008-03-01 13:05:19 384,512 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iedkcs32.dll + 2008-03-01 13:05:20 6,066,176 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieframe.dll + 2008-03-01 13:05:20 44,544 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iernonce.dll + 2008-03-01 13:05:20 267,776 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iertutil.dll + 2008-02-22 10:00:51 13,824 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieudinit.exe + 2008-02-29 08:58:53 625,664 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iexplore.exe + 2008-03-01 13:05:21 27,648 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\jsproxy.dll + 2008-03-01 13:05:21 459,264 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msfeeds.dll + 2008-03-01 13:05:21 52,224 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msfeedsbs.dll + 2008-03-01 16:35:26 3,591,680 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtml.dll + 2008-03-01 13:05:24 478,208 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtmled.dll + 2008-03-01 13:05:24 193,024 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msrating.dll + 2008-03-01 13:05:25 671,232 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mstime.dll + 2008-03-01 13:05:25 102,912 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\occache.dll + 2008-03-01 13:05:25 44,544 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\pngfilt.dll + 2007-03-06 02:01:51 214,752 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe + 2007-03-06 02:03:01 374,496 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\updspapi.dll + 2008-03-01 13:05:25 105,984 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\url.dll + 2008-03-01 13:05:25 1,159,680 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\urlmon.dll + 2008-03-01 13:05:25 233,472 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\webcheck.dll + 2008-03-01 13:05:26 826,368 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll + 2008-07-22 07:35:33 27,006 ----a-r C:\WINDOWS\Installer\{62218A0D-AAC7-4C72-9D18-83B0661E0D86}\NmApp.exe + 2008-06-17 09:38:54 184,320 ----a-r C:\WINDOWS\Installer\{F22E8D16-0D5E-4b25-A630-F1361E6B02D2}\_47C57659B591_4F10_9DA6_CEA7853ADA20.exe + 2008-06-17 09:38:54 65,536 ----a-r C:\WINDOWS\Installer\{F22E8D16-0D5E-4b25-A630-F1361E6B02D2}\_4CDE699FD2C6_4357_AE72_72D7823E9DAE.exe + 2008-06-17 09:38:54 65,536 ----a-r C:\WINDOWS\Installer\{F22E8D16-0D5E-4b25-A630-F1361E6B02D2}\_66BA2399D173_4BBB_A8A6_40135A68B620.exe + 2008-06-17 09:38:54 65,536 ----a-r C:\WINDOWS\Installer\{F22E8D16-0D5E-4b25-A630-F1361E6B02D2}\_CD5E6EF8C4F3_42A8_A34D_5C4B9C101A6E.exe + 2008-06-17 09:38:54 17,534 ----a-r C:\WINDOWS\Installer\{F22E8D16-0D5E-4b25-A630-F1361E6B02D2}\gtngstrtd.exe + 2008-06-17 09:38:54 4,710 ----a-r C:\WINDOWS\Installer\{F22E8D16-0D5E-4b25-A630-F1361E6B02D2}\Win2Kico.exe + 2008-06-17 09:38:54 4,710 ----a-r C:\WINDOWS\Installer\{F22E8D16-0D5E-4b25-A630-F1361E6B02D2}\WSBico.exe - 2000-08-31 06:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe + 2000-08-31 06:00:00 28,672 ----a-w C:\WINDOWS\Nircmd.exe - 2008-03-01 13:05:18 124,928 ----a-w C:\WINDOWS\system32\advpack.dll + 2008-04-23 04:22:22 124,928 ----a-w C:\WINDOWS\system32\advpack.dll - 2008-03-01 13:05:18 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll + 2008-04-23 04:22:22 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll - 2008-03-01 13:05:18 347,136 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll + 2008-04-23 04:22:22 347,136 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll - 2008-03-01 13:05:18 214,528 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll + 2008-04-23 04:22:22 214,528 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll - 2008-03-01 13:05:18 133,120 ------w C:\WINDOWS\system32\dllcache\extmgr.dll + 2008-04-23 04:22:22 133,120 ------w C:\WINDOWS\system32\dllcache\extmgr.dll - 2008-03-01 13:05:18 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll + 2008-04-23 04:22:22 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll - 2008-02-29 08:58:26 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe + 2008-04-22 07:43:26 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe - 2008-03-01 13:05:18 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll + 2008-04-23 04:22:22 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll - 2008-03-01 13:05:18 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll + 2008-04-23 04:22:22 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll - 2008-02-15 05:44:25 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll + 2008-04-20 05:07:51 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll - 2008-03-01 13:05:18 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll + 2008-04-23 04:22:22 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll - 2008-03-01 13:05:19 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll + 2008-04-23 04:22:22 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll - 2008-03-01 13:05:20 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll + 2008-04-23 04:22:23 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll - 2008-03-01 13:05:20 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll + 2008-04-23 04:22:23 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll - 2008-03-01 13:05:20 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll + 2008-04-23 04:22:23 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll - 2008-02-22 10:00:51 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe + 2008-04-22 07:39:58 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe - 2008-02-29 08:58:53 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe + 2008-04-22 07:43:46 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe - 2008-03-01 13:05:21 27,648 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll + 2008-04-23 04:22:23 27,648 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll - 2008-03-01 13:05:21 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll + 2008-04-23 04:22:23 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll - 2008-03-01 13:05:21 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll + 2008-04-23 04:22:23 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll - 2008-03-01 13:05:24 478,208 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll + 2008-04-23 04:22:23 478,208 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll - 2008-03-01 13:05:24 193,024 ------w C:\WINDOWS\system32\dllcache\msrating.dll + 2008-04-23 04:22:23 193,024 ------w C:\WINDOWS\system32\dllcache\msrating.dll - 2008-03-01 13:05:25 671,232 ------w C:\WINDOWS\system32\dllcache\mstime.dll + 2008-04-23 04:22:23 671,232 ------w C:\WINDOWS\system32\dllcache\mstime.dll - 2008-03-01 13:05:25 102,912 ------w C:\WINDOWS\system32\dllcache\occache.dll + 2008-04-23 04:22:23 102,912 ------w C:\WINDOWS\system32\dllcache\occache.dll - 2008-03-01 13:05:25 44,544 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll + 2008-04-23 04:22:23 44,544 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll - 2008-03-01 13:05:25 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll + 2008-04-23 04:22:23 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll - 2008-03-01 13:05:25 1,159,680 ------w C:\WINDOWS\system32\dllcache\urlmon.dll + 2008-04-23 04:22:23 1,159,680 ------w C:\WINDOWS\system32\dllcache\urlmon.dll - 2008-03-01 13:05:25 233,472 ------w C:\WINDOWS\system32\dllcache\webcheck.dll + 2008-04-23 04:22:23 233,472 ------w C:\WINDOWS\system32\dllcache\webcheck.dll - 2008-03-01 13:05:26 826,368 ------w C:\WINDOWS\system32\dllcache\wininet.dll + 2008-04-23 04:22:23 826,368 ------w C:\WINDOWS\system32\dllcache\wininet.dll - 2008-04-14 16:21:58 147,968 ----a-w C:\WINDOWS\system32\dnsapi.dll + 2008-06-20 17:49:37 147,968 ----a-w C:\WINDOWS\system32\dnsapi.dll - 2008-05-06 12:44:29 79,424 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys + 2008-07-19 08:54:40 75,072 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys - 2008-04-13 18:55:08 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys + 2008-05-08 14:02:52 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys + 2008-05-16 04:10:32 23,992 -c--a-w C:\WINDOWS\system32\DRVSTORE\pnarp_059E1832D591819CC995C0F515A33860128F95A8\pnarp.sys - 2008-01-08 15:16:10 25,272 -c--a-w C:\WINDOWS\system32\DRVSTORE\purendis_8B58769457D6A73C97495B8B0954E2612055C834\purendis.sys + 2008-05-16 04:10:30 25,272 -c--a-w C:\WINDOWS\system32\DRVSTORE\purendis_8B58769457D6A73C97495B8B0954E2612055C834\purendis.sys - 2008-03-01 13:05:18 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll + 2008-04-23 04:22:22 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll - 2008-03-01 13:05:18 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll + 2008-04-23 04:22:22 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll - 2008-03-01 13:05:18 133,120 ------w C:\WINDOWS\system32\extmgr.dll + 2008-04-23 04:22:22 133,120 ------w C:\WINDOWS\system32\extmgr.dll - 2008-05-11 16:15:47 107,808 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT + 2008-06-17 09:56:24 162,728 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT + 2005-06-10 13:05:30 31,744 ----a-w C:\WINDOWS\system32\hlp95en.dll - 2008-03-01 13:05:18 63,488 ----a-w C:\WINDOWS\system32\icardie.dll + 2008-04-23 04:22:22 63,488 ----a-w C:\WINDOWS\system32\icardie.dll - 2008-02-29 08:58:26 70,656 ------w C:\WINDOWS\system32\ie4uinit.exe + 2008-04-22 07:43:26 70,656 ------w C:\WINDOWS\system32\ie4uinit.exe - 2008-03-01 13:05:18 153,088 ------w C:\WINDOWS\system32\ieakeng.dll + 2008-04-23 04:22:22 153,088 ------w C:\WINDOWS\system32\ieakeng.dll - 2008-03-01 13:05:18 230,400 ------w C:\WINDOWS\system32\ieaksie.dll + 2008-04-23 04:22:22 230,400 ------w C:\WINDOWS\system32\ieaksie.dll - 2008-02-15 05:44:25 161,792 ------w C:\WINDOWS\system32\ieakui.dll + 2008-04-20 05:07:51 161,792 ------w C:\WINDOWS\system32\ieakui.dll - 2008-03-01 13:05:18 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll + 2008-04-23 04:22:22 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll - 2008-03-01 13:05:19 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll + 2008-04-23 04:22:22 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll - 2008-03-01 13:05:20 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll + 2008-04-23 04:22:23 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll - 2008-03-01 13:05:20 44,544 ------w C:\WINDOWS\system32\iernonce.dll + 2008-04-23 04:22:23 44,544 ------w C:\WINDOWS\system32\iernonce.dll - 2008-03-01 13:05:20 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll + 2008-04-23 04:22:23 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll - 2008-02-22 10:00:51 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe + 2008-04-22 07:39:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe - 2008-02-21 23:23:35 135,168 ----a-w C:\WINDOWS\system32\java.exe + 2008-06-09 23:21:01 135,168 ----a-w C:\WINDOWS\system32\java.exe - 2008-02-21 23:23:39 135,168 ----a-w C:\WINDOWS\system32\javaw.exe + 2008-06-09 23:21:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe - 2008-02-22 00:33:32 139,264 ----a-w C:\WINDOWS\system32\javaws.exe + 2008-06-10 00:32:34 139,264 ----a-w C:\WINDOWS\system32\javaws.exe - 2008-04-14 16:22:04 512,000 ----a-w C:\WINDOWS\system32\jscript.dll + 2008-05-09 10:56:30 512,000 ----a-w C:\WINDOWS\system32\jscript.dll - 2008-03-01 13:05:21 27,648 ------w C:\WINDOWS\system32\jsproxy.dll + 2008-04-23 04:22:23 27,648 ------w C:\WINDOWS\system32\jsproxy.dll + 2003-09-04 12:14:28 94,208 ----a-w C:\WINDOWS\system32\Macromed\Flash\GetFlash.exe - 2008-05-09 21:35:04 16,863,864 ----a-w C:\WINDOWS\system32\MRT.exe + 2008-06-25 16:15:46 17,972,344 ----a-w C:\WINDOWS\system32\MRT.exe - 2008-03-01 13:05:21 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll + 2008-04-23 04:22:23 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll - 2008-03-01 13:05:21 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll + 2008-04-23 04:22:23 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll - 2008-03-01 16:35:26 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll + 2008-04-23 20:22:24 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll - 2008-03-01 13:05:24 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll + 2008-04-23 04:22:23 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll + 2003-11-21 14:45:06 91,136 ----a-r C:\WINDOWS\system32\msls2.dll - 2008-03-01 13:05:24 193,024 ------w C:\WINDOWS\system32\msrating.dll + 2008-04-23 04:22:23 193,024 ------w C:\WINDOWS\system32\msrating.dll - 2008-03-01 13:05:25 671,232 ------w C:\WINDOWS\system32\mstime.dll + 2008-04-23 04:22:23 671,232 ------w C:\WINDOWS\system32\mstime.dll - 2008-03-01 13:05:25 102,912 ------w C:\WINDOWS\system32\occache.dll + 2008-04-23 04:22:23 102,912 ------w C:\WINDOWS\system32\occache.dll - 2008-03-01 13:05:25 44,544 ------w C:\WINDOWS\system32\pngfilt.dll + 2008-04-23 04:22:23 44,544 ------w C:\WINDOWS\system32\pngfilt.dll + 2005-03-21 09:00:24 4,096 ----a-w C:\WINDOWS\system32\sabprocenum.sys - 2007-08-10 06:22:34 17,784 ------w C:\WINDOWS\system32\spmsg.dll + 2007-11-30 12:39:50 17,784 ------w C:\WINDOWS\system32\spmsg.dll - 2008-03-01 13:05:25 105,984 ----a-w C:\WINDOWS\system32\url.dll + 2008-04-23 04:22:23 105,984 ----a-w C:\WINDOWS\system32\url.dll - 2008-03-01 13:05:25 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll + 2008-04-23 04:22:23 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll - 2008-03-01 13:05:25 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll + 2008-04-23 04:22:23 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll - 2008-03-01 13:05:26 826,368 ----a-w C:\WINDOWS\system32\wininet.dll + 2008-04-23 04:22:23 826,368 ----a-w C:\WINDOWS\system32\wininet.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 18:22 15360] "swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-04 16:00 68856] "MsnMsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-06-04 10:57 1506544] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="C:\Programfiler\Analog Devices\Core\smax4pnp.exe" [2005-05-20 10:11 925696] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "PTHOSTTR"="C:\Programfiler\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2006-02-14 11:56 122880] "HP Software Update"="C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152] "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-08-31 05:20 122940] "SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2005-11-10 20:04 761945] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 14:17 94208] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 14:13 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 14:17 118784] "hpWirelessAssistant"="C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 10:49 454656] "CognizanceTS"="C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-22 20:12 17920] "Cpqset"="C:\Programfiler\HPQ\Default Settings\cpqset.exe" [2006-02-22 08:03 40960] "Recguard"="C:\WINDOWS\Sminst\Recguard.exe" [2005-12-20 15:51 1187840] "Reminder"="C:\WINDOWS\Creator\Remind_XP.exe" [2006-01-23 16:11 802816] "Scheduler"="C:\WINDOWS\SMINST\Scheduler.exe" [2006-02-15 15:43 892928] "WatchDog"="C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe" [2005-11-08 11:59 184320] "avgnt"="C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-19 10:54 266497] "nmctxth"="C:\Programfiler\Fellesfiler\Pure Networks Shared\Platform\nmctxth.exe" [2008-05-16 06:11 648504] "nmapp"="C:\Programfiler\Pure Networks\Network Magic\nmapp.exe" [2008-05-21 17:26 451896] "MsmqIntCert"="mqrt.dll" [2008-04-14 18:22 177152 C:\WINDOWS\system32\mqrt.dll] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 18:22 15360] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ BTTray.lnk - C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe [2006-02-15 16:16:02 581693] DVD Check.lnk - C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe [2008-04-26 18:49:05 184320] Hurtigstart for Adobe Reader.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696] SqueezeCenter Tray Tool.lnk - C:\Programfiler\SqueezeCenter\SqueezeTray.exe [2008-05-06 16:18:34 1728599] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-24 20:02 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 12:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard] 2005-07-25 20:41 40960 C:\Programfiler\HPQ\IAM\Bin\AsWlnPkg.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\WINDOWS\\system32\\mqsvc.exe"= "C:\\WINDOWS\\SMINST\\Scheduler.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\Messenger\\msmsgs.exe"= "C:\\Programfiler\\DNA\\btdna.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "C:\\Programfiler\\uTorrent\\uTorrent.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "67:UDP"= 67:UDP:DHCP Discovery Service "9000:TCP"= 9000:TCP:SqueezeCenter 9000 tcp "3483:UDP"= 3483:UDP:SqueezeCenter 3483 udp "3483:TCP"= 3483:TCP:SqueezeCenter 3483 tcp R2 ASChannel;Local Communication Channel;C:\WINDOWS\System32\svchost.exe [2008-04-14 18:23] R2 SqueezeMySQL;SqueezeMySQL;C:\PROGRA~1\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe [2008-05-14 19:43] S2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Cognizance REG_MULTI_SZ ASChannel . . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://www.startsiden.no/nyheter/ R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 O8 -: Send til &Bluetooth - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie_ctx.htm ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-23 11:14:30 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Programfiler\HPQ\Default Settings\cpqset.exe??????? ???@???????????????@??????`??????(?@???????@ scanning hidden files ... C:\Documents and Settings\Administrator\Lokale innstillinger\Programdata\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_C4B0_BC10_B0BC_B46\$db_clean$ 0 bytes scan completed successfully hidden files: 1 ************************************************************************** . Completion time: 2008-07-23 11:15:29 ComboFix-quarantined-files.txt 2008-07-23 09:15:26 Pre-Run: 37,134,913,536 byte ledig Post-Run: 37,142,179,840 byte ledig 431 --- E O F --- 2008-07-10 09:59:01 Combofix her var 'corrupt' https://www.diskusjon.no/index.php?showtopic=691246 Endret 23. juli 2008 av rstrr Lenke til kommentar
rstrr Skrevet 23. juli 2008 Forfatter Del Skrevet 23. juli 2008 Vet ikke hvordan sende listen fra SAS. :!: Lenke til kommentar
snippsat Skrevet 23. juli 2008 Del Skrevet 23. juli 2008 Det ser bra ut dette. --- Start HijackThis "scan" finn disse linjene merk dem,så trykk fix checked. O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: (no name) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - (no file) O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) --- Loggen fra SAS ligger her. (preferences->statistics/logs) --- Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc. --- Last ned kjør CCleaner 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t. Kjør og register-renser"svar ja til og reparere"-->backup svar ja når du blir spørt. Kjør register-renser et par ganger til alle feil er borte. --- Etter dette sier vi det er bra. Lenke til kommentar
rstrr Skrevet 23. juli 2008 Forfatter Del Skrevet 23. juli 2008 (endret) Det ser bra ut dette.--- Start HijackThis "scan" finn disse linjene merk dem,så trykk fix checked. O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: (no name) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - (no file) O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) --- Loggen fra SAS ligger her. (preferences->statistics/logs) --- Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc. --- Last ned kjør CCleaner 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t. Kjør og register-renser"svar ja til og reparere"-->backup svar ja når du blir spørt. Kjør register-renser et par ganger til alle feil er borte. Fix checked = merk og slette? --- Etter dette sier vi det er bra. Endret 23. juli 2008 av rstrr Lenke til kommentar
rstrr Skrevet 23. juli 2008 Forfatter Del Skrevet 23. juli 2008 (endret) Fix checked? På norsk? I found it! SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 05/11/2008 at 12:57 PM Application Version : 4.0.1154 Core Rules Database Version : 3458 Trace Rules Database Version: 1449 Scan type : Quick Scan Total Scan Time : 00:09:06 Memory items scanned : 612 Memory threats detected : 0 Registry items scanned : 377 Registry threats detected : 0 File items scanned : 7856 File threats detected : 3 Adware.Tracking Cookie C:\Documents and Settings\Administrator\Cookies\administrator@adtech[1].txt C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt Endret 23. juli 2008 av rstrr Lenke til kommentar
rstrr Skrevet 23. juli 2008 Forfatter Del Skrevet 23. juli 2008 Jeg må ta pause 2 timer Mvh rstrr Lenke til kommentar
rstrr Skrevet 23. juli 2008 Forfatter Del Skrevet 23. juli 2008 (endret) Loggen til SAS er nå tomm. Mange takk SNIPPSAT Endret 23. juli 2008 av rstrr Lenke til kommentar
nasse222 Skrevet 30. juli 2008 Del Skrevet 30. juli 2008 Forrige maskinen eg renset for virus, ville ikke la NOEN av programmene kjøre! Eller jo, SAS fikk kjøre, men ikke de andre... Må mest sannsynlig reinstall! Kjipt Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå