Gå til innhold

Kan noen lese combofix loggen min?

hegefrem

Av hegefrem
i IKT-drift og sikkerhet

Anbefalte innlegg

hegefrem

hegefrem

Skrevet
Skrevet

ComboFix 08-08-19.03 - Hege Fremmerlid 2008-08-20 21:41:18.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1044.18.574 [GMT 2:00]

Running from: C:\Documents and Settings\Hege Fremmerlid\Skrivebord\ComboFix.exe

Command switches used :: C:\Documents and Settings\Hege Fremmerlid\Skrivebord\WindowsXP-KB310994-SP2-Home-BootDisk-NOR.exe

* Created a new restore point

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\Hege Fremmerlid\Cookies\favaposu.exe

C:\Documents and Settings\Hege Fremmerlid\Cookies\kygysydylo.dl

C:\Documents and Settings\Hege Fremmerlid\Programdata\Adobe\crc.dat

C:\Programfiler\WinAntispyware2008

C:\WINDOWS\BM1323c2df.txt

C:\WINDOWS\BM1323c2df.xml

C:\WINDOWS\system32\ddNoYcdd.ini

C:\WINDOWS\system32\ddNoYcdd.ini2

C:\WINDOWS\system32\dllcache\figaro.sys

C:\WINDOWS\system32\hhnxmukh.ini

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\SZComp5.dll

C:\WINDOWS\system32\XHNpVyxx.ini

C:\WINDOWS\system32\XHNpVyxx.ini2

E:\Autorun.inf

 

.

((((((((((((((((((((((((( Files Created from 2008-07-20 to 2008-08-20 )))))))))))))))))))))))))))))))

.

 

2008-08-20 21:11 . 2008-08-20 21:11 <DIR> d-------- C:\Documents and Settings\Hege Fremmerlid\Programdata\Windows Desktop Search

2008-08-20 21:10 . 2008-08-20 21:10 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy

2008-08-20 21:10 . 2008-03-07 19:02 192,000 --------- C:\WINDOWS\system32\dllcache\offfilt.dll

2008-08-20 21:10 . 2008-03-07 19:02 98,304 --------- C:\WINDOWS\system32\dllcache\nlhtml.dll

2008-08-20 21:10 . 2008-03-07 19:02 29,696 --------- C:\WINDOWS\system32\dllcache\mimefilt.dll

2008-08-20 21:03 . 2008-08-20 21:11 1,374 --a------ C:\WINDOWS\imsins.BAK

2008-08-20 21:01 . 2008-08-20 21:01 <DIR> d-------- C:\Programfiler\Fellesfiler\Adobe AIR

2008-08-20 21:00 . 2008-08-20 21:02 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

2008-08-20 20:59 . 2008-08-20 20:59 <DIR> dr-h----- C:\Documents and Settings\Hege Fremmerlid\Siste

2008-08-20 20:50 . 2008-04-13 20:47 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys

2008-08-20 20:50 . 2008-04-13 20:47 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys

2008-08-20 20:48 . 2008-07-22 17:06 1,214,526 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb

2008-08-20 20:48 . 2008-07-22 17:06 790,846 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb

2008-08-20 20:48 . 2008-07-22 17:06 9,696 --------- C:\WINDOWS\system32\dllcache\drvmain.sdb

2008-08-20 20:47 . 2008-05-09 12:56 512,000 --------- C:\WINDOWS\system32\dllcache\jscript.dll

2008-08-20 20:47 . 2008-05-09 12:56 430,080 --------- C:\WINDOWS\system32\dllcache\vbscript.dll

2008-08-20 20:47 . 2008-05-09 12:56 180,224 --------- C:\WINDOWS\system32\dllcache\scrobj.dll

2008-08-20 20:47 . 2008-05-09 12:56 172,032 --------- C:\WINDOWS\system32\dllcache\scrrun.dll

2008-08-20 20:47 . 2008-05-08 13:24 155,648 --------- C:\WINDOWS\system32\dllcache\wscript.exe

2008-08-20 20:47 . 2008-05-10 01:26 135,168 --------- C:\WINDOWS\system32\dllcache\wshom.ocx

2008-08-20 20:47 . 2008-05-07 11:07 135,168 --------- C:\WINDOWS\system32\dllcache\cscript.exe

2008-08-20 20:47 . 2008-05-09 12:56 90,112 --------- C:\WINDOWS\system32\dllcache\wshext.dll

2008-08-20 20:39 . 2008-07-18 22:08 25,800 --a------ C:\WINDOWS\system32\wuapi.dll.mui

2008-08-20 20:37 . 2008-08-20 20:58 <DIR> d-------- C:\WINDOWS\LastGood

2008-08-20 19:24 . 2008-08-20 21:10 <DIR> d-------- C:\WINDOWS\system32\nb-no

2008-08-20 19:23 . 2008-08-20 19:23 <DIR> d-------- C:\WINDOWS\system32\no

2008-08-20 19:23 . 2008-08-20 19:23 <DIR> d-------- C:\WINDOWS\system32\bits

2008-08-20 17:47 . 2008-08-20 17:46 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys

2008-08-20 17:46 . 2008-08-20 17:50 <DIR> d-------- C:\Documents and Settings\Hege Fremmerlid\.housecall6.6

2008-08-20 17:43 . 2008-04-14 18:22 276,992 --------- C:\WINDOWS\system32\wmphoto.dll

2008-08-20 17:41 . 2008-04-14 18:22 412,160 --------- C:\WINDOWS\system32\photometadatahandler.dll

2008-08-20 17:40 . 2008-04-14 18:22 4,274,816 --------- C:\WINDOWS\system32\nv4_disp.dll

2008-08-20 17:39 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys

2008-08-20 17:00 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-08-20 17:00 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-08-20 14:26 . 2008-08-20 14:26 <DIR> d-------- C:\Programfiler\Quick StartUp

2008-08-19 19:17 . 2008-08-19 19:30 96,976 --a------ C:\WINDOWS\system32\drivers\klin.dat

2008-08-19 19:16 . 2008-08-19 19:16 87,855 --a------ C:\WINDOWS\system32\drivers\klick.dat

2008-08-19 19:06 . 2008-08-19 19:06 <DIR> d-------- C:\Programfiler\Kaspersky Lab

2008-08-19 19:05 . 2008-08-20 21:43 5,354,528 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat

2008-08-19 19:05 . 2008-08-20 21:43 565,280 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat

2008-08-19 19:05 . 2008-08-20 21:43 45,008 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx

2008-08-19 19:05 . 2008-08-20 21:43 4,060 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx

2008-08-19 17:49 . 2008-08-19 17:49 <DIR> d-------- C:\Documents and Settings\Hege Fremmerlid\Programdata\TuneUp Software

2008-08-19 16:17 . 2008-08-20 21:00 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2008-08-19 16:06 . 2008-08-19 16:06 <DIR> d-------- C:\Documents and Settings\All Users\Ny mappe

2008-08-19 16:04 . 2008-08-19 16:04 19,439 --a------ C:\Documents and Settings\Hege Fremmerlid\Programdata\aqobuh.vbs

2008-08-19 16:04 . 2008-08-19 16:04 18,498 --a------ C:\WINDOWS\system32\nolodobori.dl

2008-08-19 16:04 . 2008-08-19 16:04 18,380 --a------ C:\Documents and Settings\All Users\Programdata\cydac.dll

2008-08-19 16:04 . 2008-08-19 16:04 16,513 --a------ C:\WINDOWS\isuselu.dat

2008-08-19 16:04 . 2008-08-19 16:04 14,232 --a------ C:\WINDOWS\system32\xanudup.reg

2008-08-19 16:04 . 2008-08-19 16:04 13,723 --a------ C:\Documents and Settings\All Users\Programdata\ulyqanah.bat

2008-08-19 16:04 . 2008-08-19 16:04 13,366 --a------ C:\WINDOWS\hyhuvybojo.lib

2008-08-19 16:04 . 2008-08-19 16:04 12,638 --a------ C:\Documents and Settings\Hege Fremmerlid\Programdata\mihapehy.bat

2008-08-19 16:04 . 2008-08-19 16:04 12,555 --a------ C:\WINDOWS\system32\aquvop.dll

2008-08-19 16:04 . 2008-08-19 16:04 11,710 --a------ C:\Documents and Settings\All Users\Programdata\tesoxydiwy.dat

2008-08-19 16:04 . 2008-08-19 16:04 10,294 --a------ C:\WINDOWS\system32\iqob.inf

2008-08-19 16:03 . 2008-08-12 01:58 195,986 --a------ C:\WINDOWS\system32\_scui.cpl

2008-08-19 15:55 . 2008-08-19 15:55 <DIR> d-------- C:\Documents

2008-08-19 15:32 . 2008-08-19 15:32 <DIR> d-------- C:\Documents and Settings\Hege Fremmerlid\Programdata\Nero

2008-08-19 15:09 . 2008-06-14 19:36 272,256 --------- C:\WINDOWS\system32\drivers\bthport.sys

2008-08-19 15:09 . 2008-06-14 19:36 272,256 --------- C:\WINDOWS\system32\dllcache\bthport.sys

2008-08-19 15:06 . 2008-08-19 15:06 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Kaspersky Lab Setup Files

2008-08-19 14:57 . 2008-05-08 16:02 203,136 --------- C:\WINDOWS\system32\dllcache\rmcast.sys

2008-08-19 14:56 . 2008-08-19 14:56 <DIR> d---s---- C:\Documents and Settings\Hege Fremmerlid\UserData

2008-08-19 14:56 . 2008-08-19 16:20 314,724 --a------ C:\WINDOWS\system32\winstra2.exe

2008-08-19 14:50 . 2008-04-11 21:06 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll

2008-08-19 14:50 . 2008-07-07 22:29 253,952 --------- C:\WINDOWS\system32\dllcache\es.dll

2008-08-19 14:50 . 2008-06-24 18:46 74,240 --------- C:\WINDOWS\system32\dllcache\mscms.dll

2008-08-19 14:09 . 2008-08-19 14:09 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

2008-08-19 14:03 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-08-19 13:59 . 2008-08-19 13:59 <DIR> d-------- C:\Documents and Settings\Hege Fremmerlid\Programdata\Desktopicon

2008-08-19 13:58 . 2008-08-19 13:58 244 --ah----- C:\sqmnoopt04.sqm

2008-08-19 13:58 . 2008-08-19 13:58 232 --ah----- C:\sqmdata04.sqm

2008-08-19 13:55 . 2008-08-19 13:55 244 --ah----- C:\sqmnoopt03.sqm

2008-08-19 13:55 . 2008-08-19 13:55 232 --ah----- C:\sqmdata03.sqm

2008-08-19 13:51 . 2008-08-19 13:51 244 --ah----- C:\sqmnoopt02.sqm

2008-08-19 13:51 . 2008-08-19 13:51 244 --ah----- C:\sqmnoopt01.sqm

2008-08-19 13:51 . 2008-08-19 13:51 232 --ah----- C:\sqmdata02.sqm

2008-08-19 13:51 . 2008-08-19 13:51 232 --ah----- C:\sqmdata01.sqm

2008-08-19 13:41 . 2008-05-07 07:12 1,291,264 --------- C:\WINDOWS\system32\dllcache\quartz.dll

2008-08-19 13:39 . 2008-05-01 16:38 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll

2008-08-19 13:22 . 2008-08-20 15:47 <DIR> d-------- C:\Documents and Settings\Hege Fremmerlid\Programdata\uTorrent

2008-08-19 13:18 . 2005-12-07 10:35 47,104 --a------ C:\WINDOWS\system32\WACntlPnl.cpl

2008-08-19 13:14 . 2008-08-19 13:59 <DIR> dr------- C:\Documents and Settings\Hege Fremmerlid\Start-meny

2008-08-19 13:14 . 2006-04-25 08:28 <DIR> d--h----- C:\Documents and Settings\Hege Fremmerlid\Skrivere

2008-08-19 13:14 . 2008-08-20 21:19 <DIR> d-------- C:\Documents and Settings\Hege Fremmerlid\Skrivebord

2008-08-19 13:14 . 2008-08-20 21:11 <DIR> dr-h----- C:\Documents and Settings\Hege Fremmerlid\Programdata

2008-08-19 13:14 . 2008-08-20 20:36 <DIR> dr------- C:\Documents and Settings\Hege Fremmerlid\Mine dokumenter

2008-08-19 13:14 . 2008-08-19 21:32 <DIR> d--h----- C:\Documents and Settings\Hege Fremmerlid\Maler

2008-08-19 13:14 . 2008-08-20 21:43 <DIR> d--h----- C:\Documents and Settings\Hege Fremmerlid\Lokale innstillinger

2008-08-19 13:14 . 2008-08-20 20:36 <DIR> dr------- C:\Documents and Settings\Hege Fremmerlid\Favoritter

2008-08-19 13:14 . 2006-04-25 08:28 <DIR> d--h----- C:\Documents and Settings\Hege Fremmerlid\AndrMask

2008-08-19 13:14 . 2008-08-20 20:59 <DIR> d-------- C:\Documents and Settings\Hege Fremmerlid

2008-08-19 12:59 . 2008-04-13 20:45 32,128 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

2008-08-19 12:59 . 2008-04-14 18:22 21,504 --a------ C:\WINDOWS\system32\hidserv.dll

2008-08-19 12:59 . 2001-10-06 13:36 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys

2008-08-19 12:59 . 2008-04-13 20:45 10,368 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

2008-08-18 17:48 . 2008-08-18 17:48 <DIR> d-------- C:\WINDOWS\Sun

2008-08-17 16:32 . 2008-08-19 20:34 <DIR> d-------- C:\Programfiler\eMule

2008-08-16 19:39 . 2008-08-16 19:39 <DIR> d-------- C:\Programfiler\Windows Desktop Search

2008-08-16 18:55 . 2008-08-16 18:55 <DIR> d-------- C:\WINDOWS\l2schemas

2008-08-16 18:50 . 2008-08-16 18:56 <DIR> d-------- C:\WINDOWS\ServicePackFiles

2008-08-16 18:38 . 2008-08-20 18:11 <DIR> d-------- C:\WINDOWS\EHome

2008-08-16 16:48 . 2008-08-17 20:55 <DIR> dr-h----- C:\Documents and Settings\Hege G Fremmerlid\Siste

2008-08-13 14:32 . 2008-08-13 14:32 17,408 -ra------ C:\WINDOWS\system32\SZIO5.dll

2008-08-13 14:31 . 2008-08-13 14:31 262,144 -ra------ C:\WINDOWS\system32\SZBase5.dll

2008-08-12 20:35 . 2008-08-12 20:35 <DIR> d-------- C:\Programfiler\iPod

2008-08-11 13:22 . 2008-08-11 13:22 39,680 -ra------ C:\WINDOWS\system32\drivers\SZKG.sys

2008-08-06 17:56 . 2008-08-06 17:56 364,544 -ra------ C:\WINDOWS\system32\IS3DBA5.dll

2008-08-06 17:56 . 2008-08-06 17:56 126,976 -ra------ C:\WINDOWS\system32\IS3HTUI5.dll

2008-08-06 17:55 . 2008-08-06 17:55 372,736 -ra------ C:\WINDOWS\system32\IS3UI5.dll

2008-08-06 17:55 . 2008-08-06 17:55 61,440 -ra------ C:\WINDOWS\system32\IS3Hks5.dll

2008-08-06 17:55 . 2008-08-06 17:55 23,040 -ra------ C:\WINDOWS\system32\IS3XDat5.dll

2008-08-06 17:54 . 2008-08-06 17:54 212,992 -ra------ C:\WINDOWS\system32\IS3Win325.dll

2008-08-06 17:54 . 2008-08-06 17:54 94,208 -ra------ C:\WINDOWS\system32\IS3Inet5.dll

2008-08-06 17:54 . 2008-08-06 17:54 90,112 -ra------ C:\WINDOWS\system32\IS3Svc5.dll

2008-08-06 17:51 . 2008-08-06 17:51 708,608 -ra------ C:\WINDOWS\system32\IS3Base5.dll

2008-07-29 20:21 . 2008-07-29 20:21 218,376 --a------ C:\WINDOWS\system32\klogon.dll

2008-07-29 20:20 . 2008-07-29 20:20 24,774 --a------ C:\WINDOWS\system32\drivers\klopp.dat

2008-07-22 20:39 . 2008-07-22 20:39 81,420 --------- C:\WINDOWS\system32\dllcache\apps.chm

2008-07-22 20:36 . 2008-07-22 20:36 232,262 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb

2008-07-21 18:34 . 2008-07-21 18:34 121,872 --a------ C:\WINDOWS\system32\drivers\kl1.sys

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-20 19:48 --------- d-----w C:\Documents and Settings\All Users\Programdata\Kaspersky Lab

2008-08-20 19:46 --------- d-----w C:\Documents and Settings\All Users\Programdata\STOPzilla!

2008-08-20 19:03 --------- d-----w C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy

2008-08-20 18:58 --------- d-----w C:\Programfiler\Fellesfiler\Adobe

2008-08-20 18:53 --------- d-----w C:\Documents and Settings\All Users\Programdata\SITEguard

2008-08-20 12:29 --------- d-----w C:\Programfiler\Opera

2008-08-20 11:53 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-08-19 19:39 --------- d-----w C:\Programfiler\Sonic

2008-08-19 19:38 --------- d-----w C:\Programfiler\Microsoft Works

2008-08-19 19:37 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2008-08-19 19:36 --------- d-----w C:\Programfiler\Hewlett-Packard

2008-08-19 19:36 --------- d-----w C:\Programfiler\Google

2008-08-19 19:36 --------- d-----w C:\Programfiler\Fellesfiler\Tjenester

2008-08-19 19:36 --------- d-----w C:\Programfiler\Fellesfiler\TiVo Shared

2008-08-19 19:35 --------- d-----w C:\Programfiler\Fellesfiler\SureThing Shared

2008-08-19 19:35 --------- d-----w C:\Programfiler\Fellesfiler\Sonic Shared

2008-08-19 19:35 --------- d-----w C:\Programfiler\Fellesfiler\LightScribe

2008-08-19 19:35 --------- d-----w C:\Programfiler\Fellesfiler\InstallShield

2008-08-19 19:35 --------- d-----w C:\Programfiler\Elektroniske tjenester

2008-08-19 19:35 --------- d-----w C:\Programfiler\EasyBits

2008-08-19 19:32 --------- d-----w C:\Documents and Settings\All Users\Programdata\Sonic

2008-08-19 15:32 --------- d-----w C:\Programfiler\Unlocker

2008-08-19 14:04 16,294 ----a-w C:\Programfiler\Fellesfiler\opiquwehod._dl

2008-08-19 12:54 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared

2008-08-19 12:54 --------- d-----w C:\Documents and Settings\All Users\Programdata\Symantec

2008-08-19 12:34 --------- d-----w C:\Programfiler\uTorrent

2008-08-19 12:10 --------- d-----w C:\Programfiler\Windows Live

2008-08-19 12:05 --------- d-----w C:\Documents and Settings\All Users\Programdata\WLInstaller

2008-08-19 12:03 --------- d-----w C:\Programfiler\Java

2008-08-19 11:34 --------- d-----w C:\Programfiler\STOPzilla!

2008-08-19 10:59 --------- d-----w C:\Programfiler\HPQ

2008-08-19 08:18 --------- d-----w C:\Programfiler\Microsoft Silverlight

2008-08-16 15:46 --------- d-----w C:\Programfiler\Spybot - Search & Destroy

2008-08-13 15:12 --------- d-----w C:\Documents and Settings\All Users\Programdata\Microsoft Help

2008-08-13 07:19 --------- d-----w C:\Programfiler\Apple Software Update

2008-08-13 07:18 --------- d-----w C:\Programfiler\iTunes

2008-08-12 18:32 --------- d-----w C:\Programfiler\QuickTime

2008-07-12 12:59 --------- d-----w C:\Programfiler\Network Stumbler

2008-06-22 18:33 --------- d-----w C:\Documents and Settings\All Users\Programdata\DVD Shrink

2008-06-21 13:56 --------- d-----w C:\Documents and Settings\All Users\Programdata\Sony

2008-06-21 13:49 --------- d-----w C:\Programfiler\Sony Ericsson

2008-06-21 13:49 --------- d-----w C:\Programfiler\Sony

2008-06-21 13:29 --------- d-----w C:\Programfiler\Trend Micro

2008-06-21 13:19 --------- d-----w C:\Programfiler\Codec Pack - All In 1

2008-06-21 13:05 --------- d-----w C:\Documents and Settings\All Users\Programdata\Apple Computer

2008-06-21 11:39 --------- d-----w C:\Documents and Settings\All Users\Programdata\Sony Ericsson

2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPStart"="C:\Programfiler\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 02:29 102400]

"Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]

"AVP"="C:\Programfiler\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-07-29 20:20 206088]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"SpybotDeletingB9090"="command" [X]

"SpybotDeletingD6274"="del" [X]

"SpybotDeletingB7578"="command" [X]

"SpybotDeletingD8486"="del" [X]

"SpybotDeletingB8534"="command" [X]

"SpybotDeletingD24"="del" [X]

 

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

Windows Search.lnk - C:\Programfiler\Windows Desktop Search\WindowsSearch.exe [2008-05-26 22:19:14 123904]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Programfiler\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 22:19 304128]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]

"SynTPEnh"=C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

"HP Software Update"=C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe"

"QPService"="C:\Programfiler\HP\QuickPlay\QPService.exe"

"eabconfg.cpl"=C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe /Start

"Cpqset"=C:\Programfiler\HPQ\Default Settings\cpqset.exe

"RecGuard"=C:\Windows\SMINST\RecGuard.exe

"hpWirelessAssistant"=C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

"NeroFilterCheck"=C:\Programfiler\Fellesfiler\Nero\Lib\NeroCheck.exe

"NBKeyScan"="C:\Programfiler\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

"buritos"=buritos.exe

"BM1323c2df"=Rundll32.exe "C:\WINDOWS\system32\mpfatejg.dll",s

"ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programfiler\\uTorrent\\uTorrent.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

 

R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29]

R0 szkg5;szkg;C:\WINDOWS\system32\DRIVERS\szkg.sys [2008-08-11 13:22]

R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-08-22 15:06]

R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 19:02]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 18:06]

.

- - - - ORPHANS REMOVED - - - -

 

Toolbar-SITEguard - (no file)

 

 

.

------- Supplementary Scan -------

.

R0 -: HKCU-Main,Start Page = hxxp://www.google.com

R0 -: HKLM-Main,Start Page = hxxp://www.google.com

R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://www.dslreports.com/speedtest

 

O16 -: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab

C:\WINDOWS\Downloaded Program Files\ewidoOnlineScan.dll

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-20 21:47:11

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\system32\ati2evxx.exe

C:\Programfiler\Fellesfiler\iS3\Anti-Spyware\SZServer.exe

C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe

C:\Programfiler\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe

C:\WINDOWS\system32\searchindexer.exe

C:\WINDOWS\system32\ati2evxx.exe

C:\WINDOWS\system32\searchprotocolhost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\searchfilterhost.exe

.

**************************************************************************

.

Completion time: 2008-08-20 21:51:34 - machine was rebooted [Hege Fremmerlid]

ComboFix-quarantined-files.txt 2008-08-20 19:51:28

 

Pre-Run: 12,247,515,136 byte ledig

Post-Run: 17,104,211,968 byte ledig

 

WindowsXP-KB310994-SP2-Home-BootDisk-NOR.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

 

305 --- E O F --- 2008-08-20 15:00:38

Lenke til kommentar

Videoannonse

Videoannonse
Annonse
norbat

norbat

Skrevet
Skrevet

Før vi evt. tar noe manuelt, så gjør du følgende:

 

Last ned Malwarebytes Anti-Malware til skrivebordet.

Kjør og installer programmet. Velg Norsk-språk

La programmet oppdatere seg og velg å kjør en 'hurtig systemscan', klikk Skann.

Det kommer en meldingsboks om at scannen er ferdig, klikk Ok

 

Klikk på 'Vis resultat'-knappen.Hvis det er funnet malware, vil du nå se hva som er funnet.

Klikk så på Fjern valgte -knappen for å fjerne malwaren som evt. ble funnet.

 

Det vil deretter åpnes en logg i notisblokk. Den poster du.

Lenke til kommentar
hegefrem

hegefrem

Skrevet
  • Forfatter
Skrevet

Malwarebytes' Anti-Malware 1.25

Database versjon: 1073

Windows 5.1.2600 Service Pack 3

 

00:11:50 21.08.2008

mbam-log-08-21-2008 (00-11-50).txt

 

Skanntype: Rask Skann

Objekter skannet: 41107

Tid tilbakelagt: 5 minute(s), 18 second(s)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 0

Registerfiler infisert: 1

Mapper infisert: 0

Filer infisert: 2

 

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

 

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

 

Registernøkler infisert:

(Ingen mistenkelige filer funnet)

 

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

 

Registerfiler infisert:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 

Mapper infisert:

(Ingen mistenkelige filer funnet)

 

Filer infisert:

C:\WINDOWS\system32\winstra2.exe (Rogue.Installer) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\_scui.cpl (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Lenke til kommentar
norbat

norbat

Skrevet
Skrevet

Åpne notisblokk, kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt.

Dra fila over combofix-iconet. Combofix vil starte igjen

 

File::

C:\Documents and Settings\Hege Fremmerlid\Programdata\aqobuh.vbs

C:\WINDOWS\system32\nolodobori.dl

C:\Documents and Settings\All Users\Programdata\cydac.dll

C:\WINDOWS\isuselu.dat

C:\WINDOWS\system32\xanudup.reg

C:\Documents and Settings\All Users\Programdata\ulyqanah.bat

C:\WINDOWS\hyhuvybojo.lib

C:\Documents and Settings\Hege Fremmerlid\Programdata\mihapehy.bat

C:\WINDOWS\system32\aquvop.dll

C:\Documents and Settings\All Users\Programdata\tesoxydiwy.dat

C:\WINDOWS\system32\iqob.inf

 

Post loggen og fortell hvordan pc'n kjører.

Lenke til kommentar
hegefrem

hegefrem

Skrevet
  • Forfatter
Skrevet

Det virket veldig greit :) Tusen takk! Ser alt ok ut?

 

 

ComboFix 08-08-21.02 - Hege Fremmerlid 2008-08-22 10:02:24.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1044.18.655 [GMT 2:00]

Running from: C:\Documents and Settings\Hege Fremmerlid\Skrivebord\ComboFix.exe

Command switches used :: C:\Documents and Settings\Hege Fremmerlid\Skrivebord\CFScript.txt

* Created a new restore point

 

FILE ::

C:\Documents and Settings\All Users\Programdata\cydac.dll

C:\Documents and Settings\All Users\Programdata\tesoxydiwy.dat

C:\Documents and Settings\All Users\Programdata\ulyqanah.bat

C:\Documents and Settings\Hege Fremmerlid\Programdata\aqobuh.vbs

C:\Documents and Settings\Hege Fremmerlid\Programdata\mihapehy.bat

C:\WINDOWS\hyhuvybojo.lib

C:\WINDOWS\isuselu.dat

C:\WINDOWS\system32\aquvop.dll

C:\WINDOWS\system32\iqob.inf

C:\WINDOWS\system32\nolodobori.dl

C:\WINDOWS\system32\xanudup.reg

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\All Users\Programdata\cydac.dll

C:\Documents and Settings\All Users\Programdata\tesoxydiwy.dat

C:\Documents and Settings\All Users\Programdata\ulyqanah.bat

C:\Documents and Settings\Hege Fremmerlid\Programdata\aqobuh.vbs

C:\Documents and Settings\Hege Fremmerlid\Programdata\mihapehy.bat

C:\WINDOWS\hyhuvybojo.lib

C:\WINDOWS\isuselu.dat

C:\WINDOWS\system32\aquvop.dll

C:\WINDOWS\system32\iqob.inf

C:\WINDOWS\system32\nolodobori.dl

C:\WINDOWS\system32\xanudup.reg

 

.

((((((((((((((((((((((((( Files Created from 2008-07-22 to 2008-08-22 )))))))))))))))))))))))))))))))

.

 

2008-08-21 19:24 . 2006-10-05 04:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys

2008-08-21 19:24 . 2006-10-05 04:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys

2008-08-20 23:14 . 2008-08-20 23:14 <DIR> d-------- C:\Programfiler\Malwarebytes' Anti-Malware

2008-08-20 23:14 . 2008-08-20 23:14 <DIR> d-------- C:\Documents and Settings\Hege Fremmerlid\Programdata\Malwarebytes

2008-08-20 23:14 . 2008-08-20 23:14 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Malwarebytes

2008-08-20 23:14 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-08-20 23:14 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-08-20 21:11 . 2008-08-20 21:11 <DIR> d-------- C:\Documents and Settings\Hege Fremmerlid\Programdata\Windows Desktop Search

2008-08-20 21:10 . 2008-08-20 21:10 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy

2008-08-20 21:10 . 2008-03-07 19:02 192,000 --------- C:\WINDOWS\system32\dllcache\offfilt.dll

2008-08-20 21:10 . 2008-03-07 19:02 98,304 --------- C:\WINDOWS\system32\dllcache\nlhtml.dll

2008-08-20 21:10 . 2008-03-07 19:02 29,696 --------- C:\WINDOWS\system32\dllcache\mimefilt.dll

2008-08-20 21:03 . 2008-08-20 23:17 1,374 --a------ C:\WINDOWS\imsins.BAK

2008-08-20 21:01 . 2008-08-20 21:01 <DIR> d-------- C:\Programfiler\Fellesfiler\Adobe AIR

2008-08-20 21:00 . 2008-08-20 21:02 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

2008-08-20 20:59 . 2008-08-22 10:00 <DIR> dr-h----- C:\Documents and Settings\Hege Fremmerlid\Siste

2008-08-20 20:50 . 2008-04-13 20:47 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys

2008-08-20 20:50 . 2008-04-13 20:47 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys

2008-08-20 20:48 . 2008-07-22 17:06 1,214,526 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb

2008-08-20 20:48 . 2008-07-22 17:06 790,846 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb

2008-08-20 20:48 . 2008-07-22 17:06 9,696 --------- C:\WINDOWS\system32\dllcache\drvmain.sdb

2008-08-20 20:47 . 2008-05-09 12:56 512,000 --------- C:\WINDOWS\system32\dllcache\jscript.dll

2008-08-20 20:47 . 2008-05-09 12:56 430,080 --------- C:\WINDOWS\system32\dllcache\vbscript.dll

2008-08-20 20:47 . 2008-05-09 12:56 180,224 --------- C:\WINDOWS\system32\dllcache\scrobj.dll

2008-08-20 20:47 . 2008-05-09 12:56 172,032 --------- C:\WINDOWS\system32\dllcache\scrrun.dll

2008-08-20 20:47 . 2008-05-08 13:24 155,648 --------- C:\WINDOWS\system32\dllcache\wscript.exe

2008-08-20 20:47 . 2008-05-10 01:26 135,168 --------- C:\WINDOWS\system32\dllcache\wshom.ocx

2008-08-20 20:47 . 2008-05-07 11:07 135,168 --------- C:\WINDOWS\system32\dllcache\cscript.exe

2008-08-20 20:47 . 2008-05-09 12:56 90,112 --------- C:\WINDOWS\system32\dllcache\wshext.dll

2008-08-20 20:39 . 2008-07-18 22:08 25,800 --a------ C:\WINDOWS\system32\wuapi.dll.mui

2008-08-20 19:24 . 2008-08-20 21:10 <DIR> d-------- C:\WINDOWS\system32\nb-no

2008-08-20 19:23 . 2008-08-20 19:23 <DIR> d-------- C:\WINDOWS\system32\no

2008-08-20 19:23 . 2008-08-20 19:23 <DIR> d-------- C:\WINDOWS\system32\bits

2008-08-20 17:47 . 2008-08-20 17:46 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys

2008-08-20 17:46 . 2008-08-20 17:50 <DIR> d-------- C:\Documents and Settings\Hege Fremmerlid\.housecall6.6

2008-08-20 17:43 . 2008-04-14 18:22 276,992 --------- C:\WINDOWS\system32\wmphoto.dll

2008-08-20 17:41 . 2008-04-14 18:22 412,160 --------- C:\WINDOWS\system32\photometadatahandler.dll

2008-08-20 17:40 . 2008-04-14 18:22 4,274,816 --------- C:\WINDOWS\system32\nv4_disp.dll

2008-08-20 17:39 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys

2008-08-20 17:00 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll

2008-08-20 17:00 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-08-20 14:26 . 2008-08-20 14:26 <DIR> d-------- C:\Programfiler\Quick StartUp

2008-08-19 19:17 . 2008-08-19 19:30 96,976 --a------ C:\WINDOWS\system32\drivers\klin.dat

2008-08-19 19:16 . 2008-08-19 19:16 87,855 --a------ C:\WINDOWS\system32\drivers\klick.dat

2008-08-19 19:06 . 2008-08-19 19:06 <DIR> d-------- C:\Programfiler\Kaspersky Lab

2008-08-19 19:05 . 2008-08-22 00:43 5,354,528 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat

2008-08-19 19:05 . 2008-08-22 00:43 598,048 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat

2008-08-19 19:05 . 2008-08-22 00:43 45,008 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx

2008-08-19 19:05 . 2008-08-22 00:43 4,172 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx

2008-08-19 17:49 . 2008-08-19 17:49 <DIR> d-------- C:\Documents and Settings\Hege Fremmerlid\Programdata\TuneUp Software

2008-08-19 16:17 . 2008-08-20 21:00 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2008-08-19 16:06 . 2008-08-19 16:06 <DIR> d-------- C:\Documents and Settings\All Users\Ny mappe

2008-08-19 15:55 . 2008-08-19 15:55 <DIR> d-------- C:\Documents

2008-08-19 15:32 . 2008-08-19 15:32 <DIR> d-------- C:\Documents and Settings\Hege Fremmerlid\Programdata\Nero

2008-08-19 15:09 . 2008-06-14 19:36 272,256 --------- C:\WINDOWS\system32\drivers\bthport.sys

2008-08-19 15:09 . 2008-06-14 19:36 272,256 --------- C:\WINDOWS\system32\dllcache\bthport.sys

2008-08-19 15:06 . 2008-08-19 15:06 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Kaspersky Lab Setup Files

2008-08-19 14:57 . 2008-05-08 16:02 203,136 --------- C:\WINDOWS\system32\dllcache\rmcast.sys

2008-08-19 14:56 . 2008-08-19 14:56 <DIR> d---s---- C:\Documents and Settings\Hege Fremmerlid\UserData

2008-08-19 14:50 . 2008-04-11 21:06 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll

2008-08-19 14:50 . 2008-07-07 22:29 253,952 --------- C:\WINDOWS\system32\dllcache\es.dll

2008-08-19 14:50 . 2008-06-24 18:46 74,240 --------- C:\WINDOWS\system32\dllcache\mscms.dll

2008-08-19 14:09 . 2008-08-19 14:09 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

2008-08-19 14:03 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-08-19 13:59 . 2008-08-19 13:59 <DIR> d-------- C:\Documents and Settings\Hege Fremmerlid\Programdata\Desktopicon

2008-08-19 13:58 . 2008-08-19 13:58 244 --ah----- C:\sqmnoopt04.sqm

2008-08-19 13:58 . 2008-08-19 13:58 232 --ah----- C:\sqmdata04.sqm

2008-08-19 13:55 . 2008-08-19 13:55 244 --ah----- C:\sqmnoopt03.sqm

2008-08-19 13:55 . 2008-08-19 13:55 232 --ah----- C:\sqmdata03.sqm

2008-08-19 13:51 . 2008-08-19 13:51 244 --ah----- C:\sqmnoopt02.sqm

2008-08-19 13:51 . 2008-08-19 13:51 244 --ah----- C:\sqmnoopt01.sqm

2008-08-19 13:51 . 2008-08-19 13:51 232 --ah----- C:\sqmdata02.sqm

2008-08-19 13:51 . 2008-08-19 13:51 232 --ah----- C:\sqmdata01.sqm

2008-08-19 13:41 . 2008-05-07 07:12 1,291,264 --------- C:\WINDOWS\system32\dllcache\quartz.dll

2008-08-19 13:39 . 2008-05-01 16:38 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll

2008-08-19 13:22 . 2008-08-22 00:14 <DIR> d-------- C:\Documents and Settings\Hege Fremmerlid\Programdata\uTorrent

2008-08-19 13:18 . 2005-12-07 10:35 47,104 --a------ C:\WINDOWS\system32\WACntlPnl.cpl

2008-08-19 13:14 . 2008-08-19 13:59 <DIR> dr------- C:\Documents and Settings\Hege Fremmerlid\Start-meny

2008-08-19 13:14 . 2006-04-25 08:28 <DIR> d--h----- C:\Documents and Settings\Hege Fremmerlid\Skrivere

2008-08-19 13:14 . 2008-08-22 10:02 <DIR> d-------- C:\Documents and Settings\Hege Fremmerlid\Skrivebord

2008-08-19 13:14 . 2008-08-22 10:02 <DIR> dr-h----- C:\Documents and Settings\Hege Fremmerlid\Programdata

2008-08-19 13:14 . 2008-08-20 20:36 <DIR> dr------- C:\Documents and Settings\Hege Fremmerlid\Mine dokumenter

2008-08-19 13:14 . 2008-08-19 21:32 <DIR> d--h----- C:\Documents and Settings\Hege Fremmerlid\Maler

2008-08-19 13:14 . 2008-08-22 10:04 <DIR> d--h----- C:\Documents and Settings\Hege Fremmerlid\Lokale innstillinger

2008-08-19 13:14 . 2008-08-20 20:36 <DIR> dr------- C:\Documents and Settings\Hege Fremmerlid\Favoritter

2008-08-19 13:14 . 2006-04-25 08:28 <DIR> d--h----- C:\Documents and Settings\Hege Fremmerlid\AndrMask

2008-08-19 13:14 . 2008-08-22 00:43 <DIR> d-------- C:\Documents and Settings\Hege Fremmerlid

2008-08-19 13:12 . 2008-08-19 21:32 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Programdata\Symantec

2008-08-19 12:59 . 2008-04-13 20:45 32,128 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

2008-08-19 12:59 . 2008-04-14 18:22 21,504 --a------ C:\WINDOWS\system32\hidserv.dll

2008-08-19 12:59 . 2001-10-06 13:36 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys

2008-08-19 12:59 . 2008-04-13 20:45 10,368 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

2008-08-18 17:48 . 2008-08-18 17:48 <DIR> d-------- C:\WINDOWS\Sun

2008-08-17 16:32 . 2008-08-21 20:43 <DIR> d-------- C:\Programfiler\eMule

2008-08-16 19:39 . 2008-08-16 19:39 <DIR> d-------- C:\Programfiler\Windows Desktop Search

2008-08-16 18:55 . 2008-08-16 18:55 <DIR> d-------- C:\WINDOWS\l2schemas

2008-08-16 18:50 . 2008-08-16 18:56 <DIR> d-------- C:\WINDOWS\ServicePackFiles

2008-08-16 18:38 . 2008-08-20 18:11 <DIR> d-------- C:\WINDOWS\EHome

2008-08-16 16:48 . 2008-08-17 20:55 <DIR> dr-h----- C:\Documents and Settings\Hege G Fremmerlid\Siste

2008-08-13 14:32 . 2008-08-13 14:32 17,408 -ra------ C:\WINDOWS\system32\SZIO5.dll

2008-08-13 14:31 . 2008-08-13 14:31 262,144 -ra------ C:\WINDOWS\system32\SZBase5.dll

2008-08-12 20:35 . 2008-08-12 20:35 <DIR> d-------- C:\Programfiler\iPod

2008-08-11 13:22 . 2008-08-11 13:22 39,680 -ra------ C:\WINDOWS\system32\drivers\SZKG.sys

2008-08-06 17:56 . 2008-08-06 17:56 364,544 -ra------ C:\WINDOWS\system32\IS3DBA5.dll

2008-08-06 17:56 . 2008-08-06 17:56 126,976 -ra------ C:\WINDOWS\system32\IS3HTUI5.dll

2008-08-06 17:55 . 2008-08-06 17:55 372,736 -ra------ C:\WINDOWS\system32\IS3UI5.dll

2008-08-06 17:55 . 2008-08-06 17:55 61,440 -ra------ C:\WINDOWS\system32\IS3Hks5.dll

2008-08-06 17:55 . 2008-08-06 17:55 23,040 -ra------ C:\WINDOWS\system32\IS3XDat5.dll

2008-08-06 17:54 . 2008-08-06 17:54 212,992 -ra------ C:\WINDOWS\system32\IS3Win325.dll

2008-08-06 17:54 . 2008-08-06 17:54 94,208 -ra------ C:\WINDOWS\system32\IS3Inet5.dll

2008-08-06 17:54 . 2008-08-06 17:54 90,112 -ra------ C:\WINDOWS\system32\IS3Svc5.dll

2008-08-06 17:51 . 2008-08-06 17:51 708,608 -ra------ C:\WINDOWS\system32\IS3Base5.dll

2008-07-29 20:21 . 2008-07-29 20:21 218,376 --a------ C:\WINDOWS\system32\klogon.dll

2008-07-29 20:20 . 2008-07-29 20:20 24,774 --a------ C:\WINDOWS\system32\drivers\klopp.dat

2008-07-22 20:39 . 2008-07-22 20:39 81,420 --------- C:\WINDOWS\system32\dllcache\apps.chm

2008-07-22 20:36 . 2008-07-22 20:36 232,262 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-22 07:58 --------- d-----w C:\Documents and Settings\All Users\Programdata\STOPzilla!

2008-08-22 07:57 --------- d-----w C:\Documents and Settings\All Users\Programdata\Kaspersky Lab

2008-08-21 17:24 --------- d-----w C:\Programfiler\Picasa2

2008-08-21 17:24 --------- d-----w C:\Programfiler\Google

2008-08-20 21:17 --------- d-----w C:\Programfiler\Microsoft Silverlight

2008-08-20 19:03 --------- d-----w C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy

2008-08-20 18:58 --------- d-----w C:\Programfiler\Fellesfiler\Adobe

2008-08-20 18:53 --------- d-----w C:\Documents and Settings\All Users\Programdata\SITEguard

2008-08-20 12:29 --------- d-----w C:\Programfiler\Opera

2008-08-20 11:53 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-08-19 19:39 --------- d-----w C:\Programfiler\Sonic

2008-08-19 19:38 --------- d-----w C:\Programfiler\Microsoft Works

2008-08-19 19:37 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2008-08-19 19:36 --------- d-----w C:\Programfiler\Hewlett-Packard

2008-08-19 19:36 --------- d-----w C:\Programfiler\Fellesfiler\Tjenester

2008-08-19 19:36 --------- d-----w C:\Programfiler\Fellesfiler\TiVo Shared

2008-08-19 19:35 --------- d-----w C:\Programfiler\Fellesfiler\SureThing Shared

2008-08-19 19:35 --------- d-----w C:\Programfiler\Fellesfiler\Sonic Shared

2008-08-19 19:35 --------- d-----w C:\Programfiler\Fellesfiler\LightScribe

2008-08-19 19:35 --------- d-----w C:\Programfiler\Fellesfiler\InstallShield

2008-08-19 19:35 --------- d-----w C:\Programfiler\Elektroniske tjenester

2008-08-19 19:35 --------- d-----w C:\Programfiler\EasyBits

2008-08-19 19:32 --------- d-----w C:\Documents and Settings\All Users\Programdata\Sonic

2008-08-19 15:32 --------- d-----w C:\Programfiler\Unlocker

2008-08-19 14:04 16,294 ----a-w C:\Programfiler\Fellesfiler\opiquwehod._dl

2008-08-19 12:54 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared

2008-08-19 12:54 --------- d-----w C:\Documents and Settings\All Users\Programdata\Symantec

2008-08-19 12:34 --------- d-----w C:\Programfiler\uTorrent

2008-08-19 12:10 --------- d-----w C:\Programfiler\Windows Live

2008-08-19 12:05 --------- d-----w C:\Documents and Settings\All Users\Programdata\WLInstaller

2008-08-19 12:03 --------- d-----w C:\Programfiler\Java

2008-08-19 11:34 --------- d-----w C:\Programfiler\STOPzilla!

2008-08-19 10:59 --------- d-----w C:\Programfiler\HPQ

2008-08-16 15:46 --------- d-----w C:\Programfiler\Spybot - Search & Destroy

2008-08-13 15:12 --------- d-----w C:\Documents and Settings\All Users\Programdata\Microsoft Help

2008-08-13 07:19 --------- d-----w C:\Programfiler\Apple Software Update

2008-08-13 07:18 --------- d-----w C:\Programfiler\iTunes

2008-08-12 18:32 --------- d-----w C:\Programfiler\QuickTime

2008-07-21 16:34 121,872 ----a-w C:\WINDOWS\system32\drivers\kl1.sys

2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll

2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll

2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe

2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe

2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll

2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll

2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll

2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll

2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll

2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll

2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll

2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll

2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll

2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll

2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll

2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll

2008-07-12 12:59 --------- d-----w C:\Programfiler\Network Stumbler

2008-07-07 20:29 253,952 ----a-w C:\WINDOWS\system32\es.dll

2008-06-26 08:15 618,496 ------w C:\WINDOWS\system32\dllcache\urlmon.dll

2008-06-26 08:15 1,499,136 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll

2008-06-24 16:46 74,240 ----a-w C:\WINDOWS\system32\mscms.dll

2008-06-23 15:12 665,600 ----a-w C:\WINDOWS\system32\wininet.dll

2008-06-23 15:12 665,600 ------w C:\WINDOWS\system32\dllcache\wininet.dll

2008-06-23 15:12 3,088,384 ------w C:\WINDOWS\system32\dllcache\mshtml.dll

2008-06-22 18:33 --------- d-----w C:\Documents and Settings\All Users\Programdata\DVD Shrink

2008-06-20 17:49 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 17:49 246,784 ------w C:\WINDOWS\system32\dllcache\mswsock.dll

2008-06-20 17:49 147,968 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll

2008-06-20 11:51 361,600 ------w C:\WINDOWS\system32\dllcache\tcpip.sys

2008-06-20 11:40 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys

2008-06-20 11:08 225,856 ------w C:\WINDOWS\system32\dllcache\tcpip6.sys

2008-05-26 20:21 1,582,592 ------w C:\WINDOWS\system32\tquery.dll

2008-05-26 20:21 1,418,240 ------w C:\WINDOWS\system32\mssrch.dll

2008-05-26 20:19 97,792 ------w C:\WINDOWS\system32\UncCplExt.dll

2008-05-26 20:19 273,408 ------w C:\WINDOWS\system32\oeph.dll

2008-05-26 20:19 2,048 ------w C:\WINDOWS\system32\UncRes.dll

2008-05-26 20:19 143,872 ------w C:\WINDOWS\system32\UncDMS.dll

2008-05-26 20:19 131,072 ------w C:\WINDOWS\system32\UncPH.dll

2008-05-26 20:19 11,264 ------w C:\WINDOWS\system32\oephRes.dll

2008-05-26 20:19 108,032 ------w C:\WINDOWS\system32\UncNE.dll

2008-05-26 20:18 71,680 ------w C:\WINDOWS\system32\propdefs.dll

2008-05-26 20:18 56,320 ------w C:\WINDOWS\system32\xmlfilter.dll

2008-05-26 20:18 44,032 ------w C:\WINDOWS\system32\msstrc.dll

2008-05-26 20:18 439,808 ------w C:\WINDOWS\system32\searchindexer.exe

2008-05-26 20:18 38,400 ------w C:\WINDOWS\system32\rtffilt.dll

2008-05-26 20:18 350,208 ------w C:\WINDOWS\system32\mssph.dll

2008-05-26 20:18 231,936 ------w C:\WINDOWS\system32\msshsq.dll

2008-05-26 20:18 203,776 ------w C:\WINDOWS\system32\mssphtb.dll

2008-05-26 20:18 184,832 ------w C:\WINDOWS\system32\searchprotocolhost.exe

2008-05-26 20:17 87,552 ------w C:\WINDOWS\system32\searchfilterhost.exe

2008-05-26 20:17 87,552 ------w C:\WINDOWS\system32\mssitlb.dll

2008-05-26 20:17 754,176 ------w C:\WINDOWS\system32\propsys.dll

2008-05-26 20:17 60,416 ------w C:\WINDOWS\system32\msscntrs.dll

2008-05-26 20:17 34,816 ------w C:\WINDOWS\system32\msscb.dll

2008-05-26 20:17 32,768 ------w C:\WINDOWS\system32\mssprxy.dll

2008-05-26 20:17 301,568 ------w C:\WINDOWS\system32\srchadmin.dll

2008-05-26 20:17 11,776 ------w C:\WINDOWS\system32\msshooks.dll

2008-05-26 19:59 18,904 ------w C:\WINDOWS\system32\structuredqueryschematrivial.bin

2008-05-26 19:59 106,605 ------w C:\WINDOWS\system32\structuredqueryschema.bin

.

 

((((((((((((((((((((((((((((( snapshot@2008-08-20_21.51.07.14 )))))))))))))))))))))))))))))))))))))))))

.

- 2006-10-18 20:47:16 414,208 -c----w C:\WINDOWS\$NtUninstallKB929399$\msscp.dll

+ 2006-10-18 19:47:16 414,208 -c----w C:\WINDOWS\$NtUninstallKB929399$\msscp.dll

- 2005-06-28 09:23:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe

+ 2005-06-28 08:23:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe

- 2005-06-28 09:23:54 371,424 -c----w C:\WINDOWS\$NtUninstallKB929399$\spuninst\updspapi.dll

+ 2005-06-28 08:23:54 371,424 -c----w C:\WINDOWS\$NtUninstallKB929399$\spuninst\updspapi.dll

- 2005-06-28 09:23:30 214,752 -c----w C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe

+ 2005-06-28 08:23:30 214,752 -c----w C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe

- 2005-06-28 09:23:54 371,424 -c----w C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\updspapi.dll

+ 2005-06-28 08:23:54 371,424 -c----w C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\updspapi.dll

- 2006-10-18 20:47:20 10,834,432 -c----w C:\WINDOWS\$NtUninstallKB936782_WMP11$\wmp.dll

+ 2006-10-18 19:47:20 10,834,432 -c----w C:\WINDOWS\$NtUninstallKB936782_WMP11$\wmp.dll

- 2005-06-28 09:23:30 214,752 -c----w C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe

+ 2005-06-28 08:23:30 214,752 -c----w C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe

- 2005-06-28 09:23:54 371,424 -c----w C:\WINDOWS\$NtUninstallKB939683$\spuninst\updspapi.dll

+ 2005-06-28 08:23:54 371,424 -c----w C:\WINDOWS\$NtUninstallKB939683$\spuninst\updspapi.dll

- 2006-11-15 09:45:30 315,904 -c----w C:\WINDOWS\$NtUninstallKB939683$\unregmp2.exe

+ 2006-11-15 08:45:30 315,904 -c----w C:\WINDOWS\$NtUninstallKB939683$\unregmp2.exe

- 2006-11-15 08:45:30 315,904 ----a-w C:\WINDOWS\inf\unregmp2.exe

+ 2007-06-27 13:54:18 317,440 ----a-w C:\WINDOWS\inf\unregmp2.exe

- 2008-08-19 12:09:13 29,926 ----a-r C:\WINDOWS\Installer\{D70A63D1-2F54-4713-8AE6-BBD28D1A62E6}\MsblIco.Exe

+ 2008-08-21 18:16:03 29,926 ----a-r C:\WINDOWS\Installer\{D70A63D1-2F54-4713-8AE6-BBD28D1A62E6}\MsblIco.Exe

- 2003-02-20 12:09:46 57,344 ----a-w C:\WINDOWS\Microsoft.NET\Framework\NETFXSBS10.exe

+ 2005-09-23 05:28:52 72,704 ----a-w C:\WINDOWS\Microsoft.NET\Framework\NETFXSBS10.exe

- 2003-02-20 12:09:32 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp10.dll

+ 2005-09-23 05:28:52 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp10.dll

- 2003-02-20 11:43:50 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll

+ 2005-09-23 05:28:52 86,528 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll

+ 2005-09-23 05:01:16 609,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe

+ 2005-09-23 04:29:48 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1025.dll

+ 2005-09-23 04:32:24 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1028.dll

+ 2005-09-23 04:34:10 82,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1029.dll

+ 2005-09-23 04:34:12 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1030.dll

+ 2005-09-23 04:34:44 85,504 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1031.dll

+ 2005-09-23 04:36:24 87,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1032.dll

+ 2005-09-23 01:46:14 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1033.dll

+ 2005-09-23 04:38:26 81,408 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1035.dll

+ 2005-09-23 04:38:52 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1036.dll

+ 2005-09-23 04:40:30 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1037.dll

+ 2005-09-23 04:40:32 83,968 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1038.dll

+ 2005-09-23 04:40:56 84,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1040.dll

+ 2005-09-23 04:42:58 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1041.dll

+ 2005-09-23 04:44:58 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1042.dll

+ 2005-09-23 04:46:38 83,456 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1043.dll

+ 2005-09-23 04:46:38 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1044.dll

+ 2005-09-23 04:46:40 83,456 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1045.dll

+ 2005-09-23 04:47:04 82,432 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1046.dll

+ 2005-09-23 04:47:30 82,432 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1049.dll

+ 2005-09-23 04:47:32 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1053.dll

+ 2005-09-23 04:47:32 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1055.dll

+ 2005-09-23 04:30:18 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.2052.dll

+ 2005-09-23 04:47:06 84,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.2070.dll

+ 2005-09-23 04:29:50 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.3076.dll

+ 2005-09-23 04:36:48 85,504 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.3082.dll

+ 2005-09-23 05:57:06 245,408 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\unicows.dll

+ 2005-09-23 05:28:38 83,456 ----a-w C:\WINDOWS\system32\dfshim.dll

- 2006-10-18 19:47:16 414,208 ----a-w C:\WINDOWS\system32\dllcache\msscp.dll

+ 2006-12-04 14:21:50 414,720 ----a-w C:\WINDOWS\system32\dllcache\msscp.dll

- 2006-11-15 08:45:30 315,904 ----a-w C:\WINDOWS\system32\dllcache\unregmp2.exe

+ 2007-06-27 13:54:18 317,440 ----a-w C:\WINDOWS\system32\dllcache\unregmp2.exe

- 2006-10-18 19:47:18 222,208 ----a-w C:\WINDOWS\system32\dllcache\WMASF.dll

+ 2007-10-25 07:28:30 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll

- 2006-10-18 19:47:20 10,834,432 ----a-w C:\WINDOWS\system32\dllcache\wmp.dll

+ 2007-06-11 21:51:12 10,834,944 ----a-w C:\WINDOWS\system32\dllcache\wmp.dll

- 2005-04-25 00:03:00 20,640 ----a-w C:\WINDOWS\system32\drivers\pxhelp20.sys

+ 2008-02-23 02:38:33 43,872 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys

+ 2006-01-30 08:00:00 28,672 ----a-w C:\WINDOWS\system32\IMF32.DLL

- 2004-07-14 21:34:06 16,896 ----a-w C:\WINDOWS\system32\mscorier.dll

+ 2005-09-23 05:28:52 150,016 ----a-w C:\WINDOWS\system32\mscorier.dll

- 2003-02-20 12:09:14 106,496 ----a-w C:\WINDOWS\system32\mscories.dll

+ 2005-09-23 05:28:52 74,240 ----a-w C:\WINDOWS\system32\mscories.dll

- 2006-10-18 19:47:16 414,208 ----a-w C:\WINDOWS\system32\msscp.dll

+ 2006-12-04 14:21:50 414,720 ----a-w C:\WINDOWS\system32\msscp.dll

- 2008-08-20 19:20:11 53,098 ----a-w C:\WINDOWS\system32\perfc009.dat

+ 2008-08-22 08:01:29 53,098 ----a-w C:\WINDOWS\system32\perfc009.dat

- 2008-08-20 19:20:11 69,170 ----a-w C:\WINDOWS\system32\perfc014.dat

+ 2008-08-22 08:01:29 69,170 ----a-w C:\WINDOWS\system32\perfc014.dat

- 2008-08-20 19:20:11 380,684 ----a-w C:\WINDOWS\system32\perfh009.dat

+ 2008-08-22 08:01:29 380,684 ----a-w C:\WINDOWS\system32\perfh009.dat

- 2008-08-20 19:20:11 406,098 ----a-w C:\WINDOWS\system32\perfh014.dat

+ 2008-08-22 08:01:29 406,098 ----a-w C:\WINDOWS\system32\perfh014.dat

- 2005-10-24 12:09:48 409,600 ----a-w C:\WINDOWS\system32\Px.dll

+ 2006-09-27 21:53:22 514,808 ------w C:\WINDOWS\system32\Px.dll

- 2005-10-18 23:01:00 438,272 ----a-w C:\WINDOWS\system32\pxdrv.dll

+ 2006-09-27 21:53:22 477,944 ------w C:\WINDOWS\system32\pxdrv.dll

+ 2006-09-27 21:53:22 68,344 ------w C:\WINDOWS\system32\pxhpinst.exe

- 2005-10-24 12:08:44 172,032 ----a-w C:\WINDOWS\system32\PxMas.dll

+ 2006-09-27 21:53:22 183,032 ------w C:\WINDOWS\system32\PxMas.dll

- 2005-10-24 12:08:10 339,968 ----a-w C:\WINDOWS\system32\PxWave.dll

+ 2006-09-27 21:53:23 379,640 ------w C:\WINDOWS\system32\PxWave.dll

+ 2006-01-30 08:00:00 28,672 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\IMF32.DLL

+ 2006-01-30 08:00:00 36,864 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\IMFNT5.DLL

+ 2006-01-30 08:00:00 49,152 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\IMFPRINT.DLL

+ 2006-01-30 08:00:00 26,624 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\QDPRINT.DLL

+ 2006-01-30 08:00:00 77,824 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\SD32.DLL

+ 2006-01-30 08:00:00 61,440 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\SDDM32.DLL

+ 2006-01-30 08:00:00 122,880 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\SDDMUI.DLL

+ 2006-01-30 08:00:00 241,664 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\SDhp1018.DLL

+ 2006-01-30 08:00:00 36,864 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\SDIMF32.DLL

+ 2006-01-30 08:00:00 28,672 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\SDNT5UI.DLL

+ 2006-01-30 08:00:00 5,632 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\SDNTUM4.DLL

+ 2006-01-30 08:00:00 221,184 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\SR32.DLL

+ 2006-01-30 08:00:00 737,280 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\SUhp1018.DLL

+ 2006-01-30 08:00:00 241,664 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\SUXML.DLL

+ 2006-01-30 08:00:00 106,496 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\VSHP1018.DLL

+ 2006-01-30 08:00:00 1,568,768 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\XERCES-C.DLL

+ 2006-01-30 08:00:00 40,960 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\ZGDI32.DLL

+ 2006-01-30 08:00:00 45,105 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\ZJBIG.DLL

+ 2006-01-30 08:00:00 102,400 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\ZLhp1018.DLL

+ 2006-01-30 08:00:00 28,672 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\ZLM.DLL

+ 2006-01-30 08:00:00 442,368 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\ZSHP1018.EXE

+ 2006-01-30 08:00:00 86,016 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\ZSPOOL.DLL

+ 2006-01-30 08:00:00 40,960 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\ZSPOOL32.EXE

+ 2006-01-30 08:00:00 24,576 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\ZTAG32.DLL

+ 2006-01-30 08:00:00 147,456 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\ZUNINST.EXE

+ 2006-01-30 08:00:00 28,672 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_la10dc\IMF32.DLL

+ 2006-01-30 08:00:00 36,864 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_la10dc\IMFNT5.DLL

+ 2006-01-30 08:00:00 49,152 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_la10dc\IMFPRINT.DLL

+ 2006-01-30 08:00:00 26,624 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_la10dc\QDPRINT.DLL

+ 2006-01-30 08:00:00 77,824 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_la10dc\SD32.DLL

+ 2006-01-30 08:00:00 61,440 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_la10dc\SDDM32.DLL

+ 2006-01-30 08:00:00 122,880 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_la10dc\SDDMUI.DLL

+ 2006-01-30 08:00:00 241,664 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_la10dc\SDhp1018.DLL

+ 2006-01-30 08:00:00 36,864 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_la10dc\SDIMF32.DLL

+ 2006-01-30 08:00:00 28,672 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_la10dc\SDNT5UI.DLL

+ 2006-01-30 08:00:00 5,632 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_la10dc\SDNTUM4.DLL

+ 2006-01-30 08:00:00 221,184 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_la10dc\SR32.DLL

+ 2006-01-30 08:00:00 737,280 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_la10dc\SUhp1018.DLL

+ 2006-01-30 08:00:00 241,664 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_la10dc\SUXML.DLL

+ 2006-01-30 08:00:00 106,496 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_la10dc\VSHP1018.DLL

+ 2006-01-30 08:00:00 1,568,768 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_la10dc\XERCES-C.DLL

+ 2006-01-30 08:00:00 40,960 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_la10dc\ZGDI32.DLL

+ 2006-01-30 08:00:00 45,105 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_la10dc\ZJBIG.DLL

+ 2006-01-30 08:00:00 102,400 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_la10dc\ZLhp1018.DLL

+ 2006-01-30 08:00:00 28,672 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_la10dc\ZLM.DLL

+ 2006-01-30 08:00:00 442,368 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_la10dc\ZSHP1018.EXE

+ 2006-01-30 08:00:00 86,016 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_la10dc\ZSPOOL.DLL

+ 2006-01-30 08:00:00 40,960 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_la10dc\ZSPOOL32.EXE

+ 2006-01-30 08:00:00 24,576 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_la10dc\ZTAG32.DLL

+ 2006-01-30 08:00:00 147,456 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_la10dc\ZUNINST.EXE

+ 2006-01-30 08:00:00 49,152 ----a-w C:\WINDOWS\system32\spool\prtprocs\w32x86\IMFPRINT.DLL

+ 2006-01-30 08:00:00 106,496 ----a-w C:\WINDOWS\system32\VSHP1018.DLL

- 2005-08-11 23:00:00 28,672 ----a-w C:\WINDOWS\system32\VXBLOCK.dll

+ 2006-09-27 21:53:23 39,672 ------w C:\WINDOWS\system32\VXBLOCK.dll

- 2006-10-18 19:47:18 222,208 ----a-w C:\WINDOWS\system32\WMASF.dll

+ 2007-10-25 07:28:30 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll

- 2006-10-18 19:47:20 10,834,432 ----a-w C:\WINDOWS\system32\wmp.dll

+ 2007-06-11 21:51:12 10,834,944 ----a-w C:\WINDOWS\system32\wmp.dll

+ 2006-01-30 08:00:00 102,400 ----a-w C:\WINDOWS\system32\ZLhp1018.DLL

+ 2006-01-30 08:00:00 28,672 ----a-w C:\WINDOWS\system32\ZLM.DLL

+ 2006-01-30 08:00:00 442,368 ----a-w C:\WINDOWS\system32\ZSHP1018.EXE

+ 2006-01-30 08:00:00 86,016 ----a-w C:\WINDOWS\system32\ZSPOOL.DLL

+ 2006-01-30 08:00:00 24,576 ----a-w C:\WINDOWS\system32\ZTAG32.DLL

+ 2005-09-23 05:29:16 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcm80.dll

+ 2005-09-23 05:29:16 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll

+ 2005-09-23 05:29:16 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVP"="C:\Programfiler\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-07-29 20:20 206088]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"SpybotDeletingB9090"="command" [X]

"SpybotDeletingD6274"="del" [X]

"SpybotDeletingB7578"="command" [X]

"SpybotDeletingD8486"="del" [X]

"SpybotDeletingB8534"="command" [X]

"SpybotDeletingD24"="del" [X]

 

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

Windows Search.lnk - C:\Programfiler\Windows Desktop Search\WindowsSearch.exe [2008-05-26 22:19:14 123904]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Programfiler\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 22:19 304128]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]

"SynTPEnh"=C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

"HP Software Update"=C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe"

"QPService"="C:\Programfiler\HP\QuickPlay\QPService.exe"

"eabconfg.cpl"=C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe /Start

"Cpqset"=C:\Programfiler\HPQ\Default Settings\cpqset.exe

"RecGuard"=C:\Windows\SMINST\RecGuard.exe

"hpWirelessAssistant"=C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

"NeroFilterCheck"=C:\Programfiler\Fellesfiler\Nero\Lib\NeroCheck.exe

"NBKeyScan"="C:\Programfiler\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

"buritos"=buritos.exe

"BM1323c2df"=Rundll32.exe "C:\WINDOWS\system32\mpfatejg.dll",s

"ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe"

"Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"SynTPStart"=C:\Programfiler\Synaptics\SynTP\SynTPStart.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"FirewallOverride"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programfiler\\uTorrent\\uTorrent.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

 

R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29]

R0 szkg5;szkg;C:\WINDOWS\system32\DRIVERS\szkg.sys [2008-08-11 13:22]

R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-08-22 15:06]

R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 19:02]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 18:06]

 

*Newly Created Service* - CATCHME

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-22 10:05:30

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-08-22 10:06:46

ComboFix-quarantined-files.txt 2008-08-22 08:06:15

ComboFix2.txt 2008-08-20 19:51:35

 

Pre-Run: 16,739,516,416 byte ledig

Post-Run: 16,785,559,552 byte ledig

 

488 --- E O F --- 2008-08-21 16:25:35

Lenke til kommentar
norbat

norbat

Skrevet
Skrevet

Ser fint ut dette :)

 

Du kan rydde bort en liten ting vha et nytt cfscript med følgende innhold:

 

Registry::

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]

"BM1323c2df"=-

 

Dra fila på nytt over combofix.

Trenger ingen ny logg.

 

Etterpå kan du godt fjerne combofix ved å skrive combofix /u i kjør-feltet (start->kjør).

Dette vil også nullstille systemgjenopprettingen slik at du ikke blir infisert ved en evt. gjenoppretting senere.

 

Surf trygt.

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
Gå til emneliste

  • Hvem er aktive   0 medlemmer

    • Ingen innloggede medlemmer aktive
×
×
  • Opprett ny...