Kan noen sjekke om maskin er infisert? HJT + Combofix

RMBB · 6. august 2008

Her er loggene, på forhånd takk.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:40:01, on 05.08.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\fxssvc.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Programfiler\Java\jre1.6.0_05\bin\jucheck.exe

C:\Programfiler\internet explorer\iexplore.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FELLES~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [storageGuard] "C:\Programfiler\VERITAS Software\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Programfiler\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Programfiler\Microsoft Works\WkDetect.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [suite] regedit -s c:\windows\temp\adj_hp.reg (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [suite] regedit -s c:\windows\temp\adj_hp.reg (User 'Default user')

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1010162048795

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Automatisk LiveUpdate-planlegging (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\VAScanner\comHost.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FELLES~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--

End of file - 6527 bytes

ComboFix 08-08-04.05 - Eier 2008-08-05 15:01:31.2 - NTFSx86

Running from: C:\Documents and Settings\Eier\Skrivebord\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((( Files Created from 2008-07-05 to 2008-08-05 )))))))))))))))))))))))))))))))

.

No new files created in this timespan

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-05 13:07 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared

2008-07-30 16:42 23,888 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys

2008-07-30 16:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf

2008-07-30 16:28 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat

2008-06-14 18:00 272,256 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-06-10 12:22 --------- d-----w C:\Programfiler\Fellesfiler\Hewlett-Packard

2008-06-10 12:20 --------- d-----w C:\Programfiler\HP

2008-06-10 09:34 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF

2008-06-10 09:34 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS

2008-06-10 09:34 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT

2008-06-10 09:34 --------- d-----w C:\Programfiler\Symantec

2008-06-10 08:47 --------- d-----w C:\Programfiler\Trend Micro

.

((((((((((((((((((((((((((((( snapshot@2008-06-10_10.36.00,18 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-02-26 11:50:13 297,984 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\SP2QFE\msctf.dll

+ 2007-03-06 02:01:46 14,560 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\spmsg.dll

+ 2007-03-06 02:01:51 214,752 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\spuninst.exe

+ 2007-03-06 02:01:45 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\update\spcustom.dll

+ 2007-03-06 02:02:09 721,120 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\update\update.exe

+ 2007-03-06 02:03:01 374,496 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\update\updspapi.dll

+ 2008-04-23 04:21:55 124,928 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\advpack.dll

+ 2008-04-23 04:21:55 347,136 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\dxtmsft.dll

+ 2008-04-23 04:21:55 214,528 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\dxtrans.dll

+ 2008-04-23 04:21:55 132,608 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\extmgr.dll

+ 2008-04-23 04:21:55 63,488 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\icardie.dll

+ 2008-04-22 08:02:19 70,656 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\ie4uinit.exe

+ 2008-04-23 04:21:55 153,088 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\ieakeng.dll

+ 2008-04-23 04:21:55 230,400 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\ieaksie.dll

+ 2008-04-20 05:07:38 161,792 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\ieakui.dll

+ 2007-04-17 09:32:38 2,455,488 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\ieapfltr.dat

+ 2008-04-23 04:21:55 383,488 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\ieapfltr.dll

+ 2008-04-23 04:21:56 388,608 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\iedkcs32.dll

+ 2008-04-23 04:21:56 6,068,224 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\ieframe.dll

+ 2008-04-23 04:21:56 44,544 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\iernonce.dll

+ 2008-04-23 04:21:56 267,776 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\iertutil.dll

+ 2008-04-22 08:02:19 13,824 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\ieudinit.exe

+ 2008-04-22 08:02:46 625,664 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\iexplore.exe

+ 2008-04-23 04:21:56 27,648 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\jsproxy.dll

+ 2008-04-23 04:21:56 459,264 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\msfeeds.dll

+ 2008-04-23 04:21:56 52,224 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\msfeedsbs.dll

+ 2008-04-23 04:21:57 3,593,728 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\mshtml.dll

+ 2008-04-23 04:21:57 478,208 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\mshtmled.dll

+ 2008-04-23 04:21:57 193,024 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\msrating.dll

+ 2008-04-23 04:21:57 671,232 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\mstime.dll

+ 2008-04-23 04:21:57 102,912 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\occache.dll

+ 2008-04-23 04:21:57 44,544 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\pngfilt.dll

+ 2008-04-23 04:21:57 105,984 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\url.dll

+ 2008-04-23 04:21:57 1,162,752 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\urlmon.dll

+ 2008-04-23 04:21:57 233,472 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\webcheck.dll

+ 2008-04-23 04:21:57 827,392 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll

+ 2007-03-06 02:01:46 14,560 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\spmsg.dll

+ 2007-03-06 02:01:51 214,752 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\spuninst.exe

+ 2007-03-06 02:01:44 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\update\spcustom.dll

+ 2007-03-06 02:02:09 721,120 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\update\update.exe

+ 2007-03-06 02:03:01 374,496 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\update\updspapi.dll

+ 2007-11-30 12:39:50 17,784 ----a-w C:\WINDOWS\$hf_mig$\KB950760\spmsg.dll

+ 2007-11-30 12:39:50 232,824 ----a-w C:\WINDOWS\$hf_mig$\KB950760\spuninst.exe

+ 2007-11-30 12:39:50 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB950760\update\spcustom.dll

+ 2007-11-30 12:39:50 760,696 ----a-w C:\WINDOWS\$hf_mig$\KB950760\update\update.exe

+ 2007-11-30 12:39:50 385,912 ----a-w C:\WINDOWS\$hf_mig$\KB950760\update\updspapi.dll

+ 2008-05-08 12:14:51 203,008 ----a-w C:\WINDOWS\$hf_mig$\KB950762\SP2QFE\rmcast.sys

+ 2008-05-08 14:02:52 203,136 ----a-w C:\WINDOWS\$hf_mig$\KB950762\SP3GDR\rmcast.sys

+ 2008-05-08 13:58:17 203,136 ----a-w C:\WINDOWS\$hf_mig$\KB950762\SP3QFE\rmcast.sys

+ 2007-11-30 12:39:50 17,784 ----a-w C:\WINDOWS\$hf_mig$\KB950762\spmsg.dll

+ 2007-11-30 12:39:50 232,824 ----a-w C:\WINDOWS\$hf_mig$\KB950762\spuninst.exe

+ 2007-11-30 12:39:50 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB950762\update\spcustom.dll

+ 2007-11-30 12:39:50 760,696 ----a-w C:\WINDOWS\$hf_mig$\KB950762\update\update.exe

+ 2007-11-30 12:39:50 385,912 ----a-w C:\WINDOWS\$hf_mig$\KB950762\update\updspapi.dll

+ 2008-06-14 18:06:18 272,256 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\SP2QFE\bthport.sys

+ 2008-06-14 17:36:44 272,256 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\SP3GDR\bthport.sys

+ 2008-06-14 17:42:06 272,256 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\SP3QFE\bthport.sys

+ 2007-11-30 11:19:51 17,784 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\spmsg.dll

+ 2007-11-30 11:19:51 232,824 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\spuninst.exe

+ 2007-11-30 11:19:51 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\update\spcustom.dll

+ 2007-11-30 11:19:51 760,696 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\update\update.exe

+ 2007-11-30 11:19:51 385,912 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\update\updspapi.dll

+ 2008-04-14 16:17:51 272,256 ----a-w C:\WINDOWS\$hf_mig$\KB951376\SP2QFE\bthport.sys

+ 2008-04-14 16:01:07 272,256 ----a-w C:\WINDOWS\$hf_mig$\KB951376\SP3GDR\bthport.sys

+ 2008-04-14 16:23:11 272,256 ----a-w C:\WINDOWS\$hf_mig$\KB951376\SP3QFE\bthport.sys

+ 2007-11-30 11:19:51 17,784 ----a-w C:\WINDOWS\$hf_mig$\KB951376\spmsg.dll

+ 2007-11-30 11:19:51 232,824 ----a-w C:\WINDOWS\$hf_mig$\KB951376\spuninst.exe

+ 2007-11-30 11:19:51 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951376\update\spcustom.dll

+ 2007-11-30 11:19:51 760,696 ----a-w C:\WINDOWS\$hf_mig$\KB951376\update\update.exe

+ 2007-11-30 11:19:51 385,912 ----a-w C:\WINDOWS\$hf_mig$\KB951376\update\updspapi.dll

+ 2008-05-07 05:03:49 1,291,264 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP2QFE\quartz.dll

+ 2008-05-07 05:12:39 1,291,264 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP3GDR\quartz.dll

+ 2008-05-07 05:09:20 1,291,264 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP3QFE\quartz.dll

+ 2007-11-30 11:19:51 17,784 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spmsg.dll

+ 2007-11-30 11:19:51 232,824 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spuninst.exe

+ 2007-11-30 11:19:51 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\spcustom.dll

+ 2007-11-30 12:39:50 760,696 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\update.exe

+ 2007-11-30 12:39:50 385,912 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\updspapi.dll

+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB953356\spmsg.dll

+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB953356\spuninst.exe

+ 2008-05-28 12:01:41 26,624 ----a-w C:\WINDOWS\$hf_mig$\KB953356\update\ippmcust.dll

+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB953356\update\spcustom.dll

+ 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB953356\update\update.exe

+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB953356\update\updspapi.dll

+ 2004-08-04 08:03:15 294,400 -c----w C:\WINDOWS\$NtUninstallKB932823-v3$\msctf.dll

+ 2007-03-06 02:01:51 214,752 -c----w C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe

+ 2007-03-06 02:03:01 374,496 -c----w C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\updspapi.dll

+ 2007-11-30 12:39:50 232,824 -c----w C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe

+ 2007-11-30 12:39:50 385,912 -c----w C:\WINDOWS\$NtUninstallKB950760$\spuninst\updspapi.dll

+ 2006-07-13 08:48:58 202,240 -c----w C:\WINDOWS\$NtUninstallKB950762$\rmcast.sys

+ 2007-11-30 12:39:50 232,824 -c----w C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe

+ 2007-11-30 12:39:50 385,912 -c----w C:\WINDOWS\$NtUninstallKB950762$\spuninst\updspapi.dll

+ 2008-04-14 15:54:25 272,256 -c----w C:\WINDOWS\$NtUninstallKB951376-v2$\bthport.sys

+ 2007-11-30 11:19:51 232,824 -c----w C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe

+ 2007-11-30 11:19:51 385,912 -c----w C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\updspapi.dll

+ 2004-08-04 07:55:06 274,432 -c----w C:\WINDOWS\$NtUninstallKB951376$\bthport.sys

+ 2007-11-30 11:19:51 232,824 -c----w C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe

+ 2007-11-30 11:19:51 385,912 -c----w C:\WINDOWS\$NtUninstallKB951376$\spuninst\updspapi.dll

+ 2007-10-29 22:45:19 1,290,752 -c----w C:\WINDOWS\$NtUninstallKB951698$\quartz.dll

+ 2007-11-30 11:19:51 232,824 -c----w C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe

+ 2007-11-30 12:39:50 385,912 -c----w C:\WINDOWS\$NtUninstallKB951698$\spuninst\updspapi.dll

+ 2007-11-30 12:39:22 231,288 -c----w C:\WINDOWS\$NtUninstallKB953356$\spuninst\spuninst.exe

+ 2007-11-30 12:39:22 382,840 -c----w C:\WINDOWS\$NtUninstallKB953356$\spuninst\updspapi.dll

+ 2008-06-14 18:00:44 272,256 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys

+ 2001-12-31 23:13:13 101,983 ----a-w C:\WINDOWS\hpoins08.dat

+ 2006-01-25 06:43:06 4,445 ------w C:\WINDOWS\hpomdl08.dat

+ 2006-01-25 06:43:06 4,445 ------w C:\WINDOWS\hpomdl08.dat.temp

+ 2008-03-01 13:05:18 124,928 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\advpack.dll

+ 2008-03-01 13:05:18 347,136 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtmsft.dll

+ 2008-03-01 13:05:18 214,528 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtrans.dll

+ 2008-03-01 13:05:18 133,120 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\extmgr.dll

+ 2008-03-01 13:05:18 63,488 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\icardie.dll

+ 2008-02-29 08:58:26 70,656 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ie4uinit.exe

+ 2008-03-01 13:05:18 153,088 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakeng.dll

+ 2008-03-01 13:05:18 230,400 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieaksie.dll

+ 2008-02-15 05:44:25 161,792 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakui.dll

+ 2008-03-01 13:05:18 383,488 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieapfltr.dll

+ 2008-03-01 13:05:19 384,512 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iedkcs32.dll

+ 2008-03-01 13:05:20 6,066,176 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieframe.dll

+ 2008-03-01 13:05:20 44,544 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iernonce.dll

+ 2008-03-01 13:05:20 267,776 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iertutil.dll

+ 2008-02-22 10:00:51 13,824 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieudinit.exe

+ 2008-02-29 08:58:53 625,664 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iexplore.exe

+ 2008-03-01 13:05:21 27,648 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\jsproxy.dll

+ 2008-03-01 13:05:21 459,264 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msfeeds.dll

+ 2008-03-01 13:05:21 52,224 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msfeedsbs.dll

+ 2008-03-01 16:35:26 3,591,680 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtml.dll

+ 2008-03-01 13:05:24 478,208 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtmled.dll

+ 2008-03-01 13:05:24 193,024 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msrating.dll

+ 2008-03-01 13:05:25 671,232 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mstime.dll

+ 2008-03-01 13:05:25 102,912 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\occache.dll

+ 2008-03-01 13:05:25 44,544 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\pngfilt.dll

+ 2007-03-06 02:01:51 214,752 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe

+ 2007-03-06 02:03:01 374,496 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\updspapi.dll

+ 2008-03-01 13:05:25 105,984 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\url.dll

+ 2008-03-01 13:05:25 1,159,680 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\urlmon.dll

+ 2008-03-01 13:05:25 233,472 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\webcheck.dll

+ 2008-03-01 13:05:26 826,368 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll

- 2002-01-01 18:06:11 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe

+ 2002-01-01 01:09:33 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe

- 2002-01-01 18:06:11 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe

+ 2002-01-01 01:09:34 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe

- 2001-07-27 10:23:52 306,947 ----a-w C:\WINDOWS\IsUninst.exe

+ 1998-10-29 14:45:06 306,688 ----a-w C:\WINDOWS\IsUninst.exe

- 2000-08-31 06:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe

+ 2000-08-31 06:00:00 28,672 ----a-w C:\WINDOWS\Nircmd.exe

- 2008-03-01 13:05:18 124,928 ----a-w C:\WINDOWS\system32\advpack.dll

+ 2008-04-23 04:22:22 124,928 ----a-w C:\WINDOWS\system32\advpack.dll

- 2008-03-01 13:05:18 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll

+ 2008-04-23 04:22:22 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll

+ 2008-06-14 18:00:44 272,256 -c----w C:\WINDOWS\system32\dllcache\bthport.sys

- 2008-03-01 13:05:18 347,136 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll

+ 2008-04-23 04:22:22 347,136 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll

- 2008-03-01 13:05:18 214,528 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll

+ 2008-04-23 04:22:22 214,528 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll

- 2008-03-01 13:05:18 133,120 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll

+ 2008-04-23 04:22:22 133,120 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll

- 2008-03-01 13:05:18 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll

+ 2008-04-23 04:22:22 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll

- 2008-02-29 08:58:26 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe

+ 2008-04-22 07:43:26 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe

- 2008-03-01 13:05:18 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll

+ 2008-04-23 04:22:22 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll

- 2008-03-01 13:05:18 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll

+ 2008-04-23 04:22:22 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll

- 2008-02-15 05:44:25 161,792 -c----w C:\WINDOWS\system32\dllcache\ieakui.dll

+ 2008-04-20 05:07:51 161,792 -c----w C:\WINDOWS\system32\dllcache\ieakui.dll

- 2008-03-01 13:05:18 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll

+ 2008-04-23 04:22:22 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll

- 2008-03-01 13:05:19 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll

+ 2008-04-23 04:22:22 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll

- 2008-03-01 13:05:20 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll

+ 2008-04-23 04:22:23 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll

- 2008-03-01 13:05:20 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll

+ 2008-04-23 04:22:23 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll

- 2008-03-01 13:05:20 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll

+ 2008-04-23 04:22:23 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll

- 2008-02-22 10:00:51 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe

+ 2008-04-22 07:39:58 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe

- 2008-02-29 08:58:53 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe

+ 2008-04-22 07:43:46 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe

- 2008-03-01 13:05:21 27,648 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll

+ 2008-04-23 04:22:23 27,648 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll

+ 2008-02-26 12:01:53 294,912 -c----w C:\WINDOWS\system32\dllcache\msctf.dll

- 2008-03-01 13:05:21 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll

+ 2008-04-23 04:22:23 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll

- 2008-03-01 13:05:21 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll

+ 2008-04-23 04:22:23 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll

- 2008-03-01 16:35:26 3,591,680 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll

+ 2008-04-23 20:22:24 3,591,680 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll

- 2008-03-01 13:05:24 478,208 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll

+ 2008-04-23 04:22:23 478,208 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll

- 2008-03-01 13:05:24 193,024 -c----w C:\WINDOWS\system32\dllcache\msrating.dll

+ 2008-04-23 04:22:23 193,024 -c----w C:\WINDOWS\system32\dllcache\msrating.dll

- 2008-03-01 13:05:25 671,232 -c----w C:\WINDOWS\system32\dllcache\mstime.dll

+ 2008-04-23 04:22:23 671,232 -c----w C:\WINDOWS\system32\dllcache\mstime.dll

- 2008-03-01 13:05:25 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll

+ 2008-04-23 04:22:23 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll

- 2008-03-01 13:05:25 44,544 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll

+ 2008-04-23 04:22:23 44,544 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll

- 2007-10-29 22:45:19 1,290,752 -c----w C:\WINDOWS\system32\dllcache\quartz.dll

+ 2008-05-07 05:16:33 1,290,752 -c----w C:\WINDOWS\system32\dllcache\quartz.dll

- 2006-07-13 08:48:58 202,240 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys

+ 2008-05-08 12:28:49 202,752 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys

- 2008-03-01 13:05:25 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll

+ 2008-04-23 04:22:23 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll

- 2008-03-01 13:05:25 1,159,680 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll

+ 2008-04-23 04:22:23 1,159,680 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll

+ 2004-08-04 06:58:46 15,104 -c--a-w C:\WINDOWS\system32\dllcache\usbscan.sys

- 2008-03-01 13:05:25 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll

+ 2008-04-23 04:22:23 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll

- 2008-03-01 13:05:26 826,368 -c----w C:\WINDOWS\system32\dllcache\wininet.dll

+ 2008-04-23 04:22:23 826,368 -c----w C:\WINDOWS\system32\dllcache\wininet.dll

+ 2005-10-28 01:24:28 49,664 ----a-w C:\WINDOWS\system32\drivers\HPZid412.sys

+ 2005-10-28 01:24:29 16,496 ----a-w C:\WINDOWS\system32\drivers\HPZipr12.sys

+ 2005-10-28 01:24:30 21,568 ----a-w C:\WINDOWS\system32\drivers\HPZius12.sys

- 2006-07-13 08:48:58 202,240 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys

+ 2008-05-08 12:28:49 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys

+ 2004-08-04 06:58:46 15,104 ----a-w C:\WINDOWS\system32\drivers\usbscan.sys

- 2008-03-01 13:05:18 347,136 ------w C:\WINDOWS\system32\dxtmsft.dll

+ 2008-04-23 04:22:22 347,136 ------w C:\WINDOWS\system32\dxtmsft.dll

- 2008-03-01 13:05:18 214,528 ------w C:\WINDOWS\system32\dxtrans.dll

+ 2008-04-23 04:22:22 214,528 ------w C:\WINDOWS\system32\dxtrans.dll

- 2008-03-01 13:05:18 133,120 ------w C:\WINDOWS\system32\extmgr.dll

+ 2008-04-23 04:22:22 133,120 ------w C:\WINDOWS\system32\extmgr.dll

+ 2005-10-28 23:11:19 614,400 ----a-w C:\WINDOWS\system32\hpotscl2.dll

+ 2005-10-28 23:11:19 254,026 ----a-w C:\WINDOWS\system32\hpovst09.dll

+ 2005-10-28 23:11:20 602,112 ----a-w C:\WINDOWS\system32\hpowiax2.dll

+ 2005-10-28 01:23:03 282,624 ----a-w C:\WINDOWS\system32\HPZc3212.dll

+ 2005-03-14 10:03:24 278,584 ----a-w C:\WINDOWS\system32\HPZidr12.dll

+ 2005-10-28 01:23:04 77,824 ----a-w C:\WINDOWS\system32\hpzids01.dll

+ 2005-03-14 11:39:06 65,536 ----a-w C:\WINDOWS\system32\HPZinw12.exe

+ 2005-03-14 10:05:02 69,632 ----a-w C:\WINDOWS\system32\HPZipm12.exe

+ 2005-03-14 10:05:40 204,800 ----a-w C:\WINDOWS\system32\HPZipr12.dll

+ 2005-03-08 09:55:00 94,208 ----a-w C:\WINDOWS\system32\HPZipt12.dll

+ 2005-03-08 09:55:04 57,344 ----a-w C:\WINDOWS\system32\HPZisn12.dll

+ 2005-09-09 23:28:03 98,304 ----a-w C:\WINDOWS\system32\hpzjsn01.dll

+ 2005-10-14 21:42:34 46,592 ----a-w C:\WINDOWS\system32\hpzll43a.dll

- 2008-03-01 13:05:18 63,488 ----a-w C:\WINDOWS\system32\icardie.dll

+ 2008-04-23 04:22:22 63,488 ----a-w C:\WINDOWS\system32\icardie.dll

- 2008-02-29 08:58:26 70,656 ------w C:\WINDOWS\system32\ie4uinit.exe

+ 2008-04-22 07:43:26 70,656 ------w C:\WINDOWS\system32\ie4uinit.exe

- 2008-03-01 13:05:18 153,088 ------w C:\WINDOWS\system32\ieakeng.dll

+ 2008-04-23 04:22:22 153,088 ------w C:\WINDOWS\system32\ieakeng.dll

- 2008-03-01 13:05:18 230,400 ------w C:\WINDOWS\system32\ieaksie.dll

+ 2008-04-23 04:22:22 230,400 ------w C:\WINDOWS\system32\ieaksie.dll

- 2008-02-15 05:44:25 161,792 ------w C:\WINDOWS\system32\ieakui.dll

+ 2008-04-20 05:07:51 161,792 ------w C:\WINDOWS\system32\ieakui.dll

- 2008-03-01 13:05:18 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll

+ 2008-04-23 04:22:22 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll

- 2008-03-01 13:05:19 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll

+ 2008-04-23 04:22:22 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll

- 2008-03-01 13:05:20 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll

+ 2008-04-23 04:22:23 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll

- 2008-03-01 13:05:20 44,544 ------w C:\WINDOWS\system32\iernonce.dll

+ 2008-04-23 04:22:23 44,544 ------w C:\WINDOWS\system32\iernonce.dll

- 2008-03-01 13:05:20 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll

+ 2008-04-23 04:22:23 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll

- 2008-02-22 10:00:51 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe

+ 2008-04-22 07:39:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe

- 2008-03-01 13:05:21 27,648 ------w C:\WINDOWS\system32\jsproxy.dll

+ 2008-04-23 04:22:23 27,648 ------w C:\WINDOWS\system32\jsproxy.dll

- 2008-05-09 21:35:04 16,863,864 ----a-w C:\WINDOWS\system32\MRT.exe

+ 2008-05-29 23:35:11 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe

- 2004-08-04 08:03:15 294,400 ----a-w C:\WINDOWS\system32\msctf.dll

+ 2008-02-26 12:01:53 294,912 ----a-w C:\WINDOWS\system32\msctf.dll

- 2008-03-01 13:05:21 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll

+ 2008-04-23 04:22:23 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll

- 2008-03-01 13:05:21 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll

+ 2008-04-23 04:22:23 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll

- 2008-03-01 16:35:26 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll

+ 2008-04-23 20:22:24 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll

- 2008-03-01 13:05:24 478,208 ------w C:\WINDOWS\system32\mshtmled.dll

+ 2008-04-23 04:22:23 478,208 ------w C:\WINDOWS\system32\mshtmled.dll

- 2008-03-01 13:05:24 193,024 ------w C:\WINDOWS\system32\msrating.dll

+ 2008-04-23 04:22:23 193,024 ------w C:\WINDOWS\system32\msrating.dll

- 2008-03-01 13:05:25 671,232 ------w C:\WINDOWS\system32\mstime.dll

+ 2008-04-23 04:22:23 671,232 ------w C:\WINDOWS\system32\mstime.dll

- 2008-03-01 13:05:25 102,912 ------w C:\WINDOWS\system32\occache.dll

+ 2008-04-23 04:22:23 102,912 ------w C:\WINDOWS\system32\occache.dll

- 2008-05-17 18:08:53 53,436 ----a-w C:\WINDOWS\system32\perfc009.dat

+ 2001-12-31 22:06:47 53,436 ----a-w C:\WINDOWS\system32\perfc009.dat

- 2008-05-17 18:08:56 61,158 ----a-w C:\WINDOWS\system32\perfc014.dat

+ 2001-12-31 22:06:47 61,158 ----a-w C:\WINDOWS\system32\perfc014.dat

- 2008-05-17 18:08:56 381,692 ----a-w C:\WINDOWS\system32\perfh009.dat

+ 2001-12-31 22:06:47 381,692 ----a-w C:\WINDOWS\system32\perfh009.dat

- 2008-05-17 18:08:57 386,046 ----a-w C:\WINDOWS\system32\perfh014.dat

+ 2001-12-31 22:06:47 386,046 ----a-w C:\WINDOWS\system32\perfh014.dat

- 2008-03-01 13:05:25 44,544 ------w C:\WINDOWS\system32\pngfilt.dll

+ 2008-04-23 04:22:23 44,544 ------w C:\WINDOWS\system32\pngfilt.dll

- 2007-10-29 22:45:19 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll

+ 2008-05-07 05:16:33 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll

- 2008-04-29 06:38:40 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL

+ 2008-06-10 09:34:18 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL

- 2007-03-06 02:01:46 14,560 ------w C:\WINDOWS\system32\spmsg.dll

+ 2007-11-30 11:19:51 17,784 ------w C:\WINDOWS\system32\spmsg.dll

+ 2005-09-08 18:44:20 1,339,392 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpbcfgre.dll

+ 2005-08-11 09:56:58 655,432 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpcdmc32.dll

+ 2005-09-19 14:49:20 255,488 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpfie43a.dll

+ 2005-07-15 09:39:06 5,336,064 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpfig43a.dll

+ 2005-07-15 09:39:36 71,680 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpfrs43a.dll

+ 2005-10-14 21:41:58 1,359,360 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpz3a43a.dll

+ 2005-10-14 21:42:22 2,461,184 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpz3r43a.dll

+ 2005-10-14 21:41:54 308,736 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzev43a.dll

+ 2005-10-14 21:42:00 4,968,960 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzla43a.dll

+ 2005-10-14 21:41:44 728,064 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzle43a.dll

+ 2005-10-14 21:41:56 72,192 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzpr43a.dll

+ 2005-10-14 20:03:04 562,688 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzss43a.dll

+ 2005-10-14 18:41:24 3,422,720 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzst43a.dll

+ 2005-10-17 14:02:20 2,334,208 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzui43a.dll

+ 2004-08-04 11:26:48 264,704 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIDRV.DLL

+ 2004-08-04 11:33:26 197,632 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIDRVUI.DLL

+ 2004-08-04 11:32:54 619,520 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIRES.DLL

+ 2005-09-08 18:44:20 1,339,392 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpdeskjet_f300_seriedfce\hpbcfgre.dll

+ 2005-08-11 09:56:58 655,432 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpdeskjet_f300_seriedfce\hpcdmc32.dll

+ 2005-09-19 14:49:20 255,488 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpdeskjet_f300_seriedfce\hpfie43a.dll

+ 2005-07-15 09:39:06 5,336,064 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpdeskjet_f300_seriedfce\hpfig43a.dll

+ 2005-07-15 09:39:36 71,680 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpdeskjet_f300_seriedfce\hpfrs43a.dll

+ 2005-10-14 21:41:58 1,359,360 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpdeskjet_f300_seriedfce\hpz3a43a.dll

+ 2005-10-14 21:42:22 2,461,184 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpdeskjet_f300_seriedfce\hpz3r43a.dll

+ 2005-10-14 21:41:54 308,736 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpdeskjet_f300_seriedfce\hpzev43a.dll

+ 2005-10-14 21:42:00 4,968,960 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpdeskjet_f300_seriedfce\hpzla43a.dll

+ 2005-10-14 21:41:44 728,064 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpdeskjet_f300_seriedfce\hpzle43a.dll

+ 2005-10-14 21:41:56 72,192 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpdeskjet_f300_seriedfce\hpzpr43a.dll

+ 2005-10-14 20:03:04 562,688 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpdeskjet_f300_seriedfce\hpzss43a.dll

+ 2005-10-14 18:41:24 3,422,720 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpdeskjet_f300_seriedfce\hpzst43a.dll

+ 2005-10-17 14:02:20 2,334,208 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpdeskjet_f300_seriedfce\hpzui43a.dll

+ 2004-08-04 11:26:48 264,704 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpdeskjet_f300_seriedfce\UNIDRV.DLL

+ 2004-08-04 11:33:26 197,632 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpdeskjet_f300_seriedfce\UNIDRVUI.DLL

+ 2004-08-04 11:32:54 619,520 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpdeskjet_f300_seriedfce\UNIRES.DLL

+ 2005-10-14 21:41:46 72,192 ----a-w C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp43a.dll

- 2008-03-01 13:05:25 105,984 ----a-w C:\WINDOWS\system32\url.dll

+ 2008-04-23 04:22:23 105,984 ----a-w C:\WINDOWS\system32\url.dll

- 2008-03-01 13:05:25 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll

+ 2008-04-23 04:22:23 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll

- 2008-03-01 13:05:25 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll

+ 2008-04-23 04:22:23 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll

- 2008-03-01 13:05:26 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

+ 2008-04-23 04:22:23 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Microsoft Works Update Detection"="c:\Programfiler\Microsoft Works\WkDetect.exe" [2000-09-14 12:53 28739]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:03 15360]

"NvMediaCenter"="C:\WINDOWS\system32\NVMCTRAY.DLL" [2003-07-28 15:19 49152]

"SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 11:33 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2002-05-15 03:29 155648]

"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2002-05-15 03:20 114688]

"StorageGuard"="C:\Programfiler\VERITAS Software\Update Manager\sgtray.exe" [2002-05-09 08:01 155648]

"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2002-07-16 08:03 106549]

"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2001-12-18 23:39 212992]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-07-28 15:19 4841472]

"ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2008-02-14 11:01 51048]

"osCheck"="C:\Programfiler\Norton Internet Security\osCheck.exe" [2007-08-24 22:53 714608]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"nwiz"="nwiz.exe" [2003-07-28 15:19 323584 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 10:03 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"Suite"="regedit -s" [X]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 11:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2007-04-19 14:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.MJPG"= pvmjpg20.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^hp center.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\hp center.lnk

backup=C:\WINDOWS\pss\hp center.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]

--a------ 1998-05-07 16:04 52736 c:\WINDOWS\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]

--a------ 2001-07-06 21:56 61440 C:\hp\KBD\KBD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Programfiler\\Messenger\\msmsgs.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

R2 LiveUpdate Notice;LiveUpdate Notice;C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe [2008-02-14 11:02]

R3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-07-30 18:42]

*Newly Created Service* - COMHOST

*Newly Created Service* - SASDIFSV

*Newly Created Service* - SASENUM

*Newly Created Service* - SASKUTIL

.

Contents of the 'Scheduled Tasks' folder

2008-04-28 C:\WINDOWS\Tasks\Norton Internet Security - Kjør full systemskanning - Eier.job

- C:\Programfiler\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-26 19:19]

.

- - - - ORPHANS REMOVED - - - -

HKLM-Run-PS2 - C:\WINDOWS\system32\ps2.exe

.

------- Supplementary Scan -------

.

R0 -: HKCU-Main,Start Page = hxxp://www.startsiden.no/

R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore

R1 -: HKCU-Internet Settings,ProxyOverride = localhost

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab

C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-05 15:07:25

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-08-05 15:12:15

ComboFix-quarantined-files.txt 2008-08-05 13:11:56

ComboFix2.txt 2008-06-10 08:37:04

Pre-Run: 45,955,952,640 byte ledig

Post-Run: 46,681,329,664 byte ledig

458 --- E O F --- 2008-06-30 12:49:08

vargaz · 6. august 2008

Jeg er ingenekspert på dette, men for meg så dette greit ut. Gleder meg til å se hva de andre klarer å finne

Logg inn

Kan noen sjekke om maskin er infisert? HJT + Combofix

Anbefalte innlegg

RMBB

Lenke til kommentar

Videoannonse

vargaz

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Opprett konto

Logg inn

Hvem er aktive 0 medlemmer