Tech Support Forum banner
Status
Not open for further replies.
1 - 3 of 3 Posts

·
Registered
Joined
·
4 Posts
Discussion Starter · #1 ·
Hey, i have a virus of some kind on my computer, i suspect it is a trojan. I have repeatedly, using avast!, tryed to remove the virus, though it appears not to work.

Sorry, but i can't attach anything, the DDS wouldn't run, and half an our into the GMER scan, the computer crashed.

I got the virus by downloading a file, i clicked it, it created 3 weird shortcuts on my desktop, and suddenly my computer runs slow and when i open programs, it often shuts them down.

By the way, i'm running Windows Xp and i do not at the moment have access to a Windows Install Disk.

What should i do?

Thanks.

-Cazz
 

·
Registered
Joined
·
4 Posts
Discussion Starter · #3 ·
I apologize for "bumping" the thread, but i just got GMER and DDS to work, so i'd like to update with the newest info, since i thought it would be helpful.


DDS (Ver_09-12-01.01) - NTFSx86
Run by Casper1 at 18:50:08,09 on 08-12-2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.45.1030.18.510.27 [GMT 1:00]

AV: avast! antivirus 4.8.1201 [VPS 090331-0] *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
SVCHOST.EXE
SVCHOST.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\av_md.exe
C:\WINDOWS\System32\reader_s.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\programmer\valve\steam\steam.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Skype\Phone\Skype.exe
SVCHOST.EXE
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Documents and Settings\Casper1\reader_s.exe
C:\Documents and Settings\Casper1\av_md.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\FastNetSrv.exe
C:\Programmer\3Com\Launcher.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Microsoft Office\Office14\OfficeSAS\officeSASscheduler.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\Rainmeter\Rainmeter.exe
C:\Program Files\ObjectDock\ObjectDock.exe
C:\Programmer\Microsoft Office\Office14\OfficeSAS\OfficeSAS.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
svchost.exe "C:\WINDOWS\system32\4zm.exe"
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\3Com\LanSupportService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmer\Fælles filer\3Com\AllWirelessLansService.exe
C:\PROGRA~1\3Com\WLANMA~1\Activate.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
svchost.exe C:\WINDOWS\TEMP\VRT8.tmp
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\29.tmp
C:\WINDOWS\system32\30.tmp
C:\WINDOWS\TEMP\0.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Casper1\Skrivebord\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page = hxxp://g.msn.dk/0SEDADK/SAOS01?FORM=TOOLBR
uDefault_Page_URL = hxxp://www.euro.dell.com/
uSearch Bar = hxxp://g.msn.dk/0SEDADK/SAOS01?FORM=TOOLBR
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://g.msn.dk/0SEDADK/SAOS01?FORM=TOOLBR
mWinlogon: Taskman=c:\recycler\s-1-5-21-8716899148-8071544417-668868253-4138\yv8g67.exe
uWinlogon: Shell=explorer.exe,c:\recycler\s-1-5-21-8716899148-8071544417-668868253-4138\yv8g67.exe
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\programmer\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Hjælp til tilmelding til Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programmer\fælles filer\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\programmer\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\programmer\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\programmer\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programmer\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programmer\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\programmer\google\google toolbar\GoogleToolbar_32.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\programmer\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Steam] "c:\programmer\valve\steam\steam.exe" -silent
uRun: [MSMSGS] "c:\programmer\messenger\msmsgs.exe" /background
uRun: [Skype] "c:\programmer\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Google Update] "c:\documents and settings\casper1\lokale indstillinger\application data\google\update\GoogleUpdate.exe" /c
uRun: [shccde] c:\windows\system32\winssled.exe
uRun: [cximddl] c:\windows\system32\ldfrmmd.exe
uRun: [qaswww] c:\windows\system32\jdsuml.exe
uRun: [reader_s] c:\documents and settings\casper1\reader_s.exe
uRun: [av_md] c:\documents and settings\casper1\av_md.exe
uRun: [sqlpdro] c:\windows\system32\providd.exe
mRun: [21801] c:\windows\system32\30.tmp.exe
mRun: [Regedit32] c:\windows\system32\regedit.exe
mRun: [reader_s] c:\windows\system32\reader_s.exe
mRun: [av_md] c:\windows\system32\av_md.exe
mRunOnce: [WIAWizardMenu] RUNDLL32.EXE c:\windows\system32\sti_ci.dll,WiaCreateWizardMenu
dRun: [av_md] .\29.tmp
StartupFolder: c:\docume~1\casper1\menuen~1\progra~1\start\rainme~1.lnk - c:\programmer\rainmeter\Rainmeter.exe
StartupFolder: c:\docume~1\casper1\menuen~1\progra~1\start\stardo~1.lnk - c:\program files\objectdock\ObjectDock.exe
StartupFolder: c:\docume~1\alluse~1\menuen~1\progra~1\start\3comla~1.lnk - c:\programmer\3com\Launcher.exe
StartupFolder: c:\docume~1\alluse~1\menuen~1\progra~1\start\office~1.lnk - c:\programmer\microsoft office\office14\officesas\officeSASscheduler.exe
IE: E&ksporter til Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmer\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\programmer\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\programmer\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\programmer\fælles filer\microsoft shared\office14\MSOXMLMF.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: FencesShlExt Class: {1984dd45-52cf-49cd-ab77-18f378fea264} - c:\programmer\stardock\fences\FencesMenu.dll
mASetup: {6EB3542A-9A3E-ADA8-2D85-D0521B0DED76} - c:\windows\system32:Ubuntu.exe
IFEO: 1.exe - c:\windows\system32\ahui.exe
IFEO: servises.exe - c:\windows\system32\ahui.exe
IFEO: sys64_nov.exe - c:\windows\system32\ahui.exe

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\casper1\applic~1\mozilla\firefox\profiles\jbyf3atm.default\
FF - plugin: c:\documents and settings\casper1\lokale indstillinger\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\programmer\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000

============= SERVICES / DRIVERS ===============

R0 protect;protect;c:\windows\system32\drivers\protect.sys [2009-12-8 18944]
R1 SSHDRV79;SSHDRV79;c:\windows\system32\drivers\SSHDRV79.sys [2005-4-22 75264]
R1 SSHDRV85;SSHDRV85;c:\windows\system32\drivers\SSHDRV85.sys [2005-11-18 78848]
R1 unpr;Unprotector;c:\windows\system32\drivers\unpr.sys [2009-12-6 4096]
R2 Automatisk LiveUpdate-planlægning;Automatisk LiveUpdate-planlægning;c:\programmer\symantec\liveupdate\AluSchedulerSvc.exe [2006-9-28 100032]
R2 BtwSrv;BtwSrv;c:\windows\system32\svchost.exe -k netsvcs [2004-8-27 34304]
R2 ccEvtMgr;Symantec Event Manager;c:\programmer\fælles filer\symantec shared\CCEVTMGR.EXE [2006-1-6 198304]
R2 ccSetMgr;Symantec Settings Manager;c:\programmer\fælles filer\symantec shared\CCSETMGR.EXE [2006-1-6 181920]
R2 fastnetsrv;fastnetsrv Service;c:\windows\system32\FastNetSrv.exe [2004-8-27 67584]
R3 AllWirelessLansService;3Com Wireless LAN Support;c:\programmer\fælles filer\3com\AllWirelessLansService.exe [2005-4-19 143360]
R3 LanSupportService;3Com LAN Support;c:\programmer\fælles filer\3com\LanSupportService.exe [2005-4-19 245760]
R3 WLD675;3Com 3CRDAG675 Wireless LAN PCI Adapter;c:\windows\system32\drivers\wld675f.sys [2005-4-19 328032]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswfsblk.sys --> c:\windows\system32\drivers\aswFsBlk.sys [?]
S2 avast! Antivirus;avast! Antivirus;"c:\programmer\alwil software\avast4\ashserv.exe" --> c:\programmer\alwil software\avast4\ashServ.exe [?]
S2 NlaSamSs;NLA (Network Location Awareness) NlaSamSs;c:\windows\system32\4zm.exe srv --> c:\windows\system32\4zm.exe srv [?]
S3 avast! Mail Scanner;avast! Mail Scanner;"c:\programmer\alwil software\avast4\ashmaisv.exe" /service --> c:\programmer\alwil software\avast4\ashMaiSv.exe [?]
S3 avast! Web Scanner;avast! Web Scanner;"c:\programmer\alwil software\avast4\ashwebsv.exe" /service --> c:\programmer\alwil software\avast4\ashWebSv.exe [?]
S3 ccPwdSvc;Symantec Password Validation;c:\programmer\fælles filer\symantec shared\CCPWDSVC.EXE [2006-1-6 79520]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\casper1\lokale~1\temp\iade.tmp --> c:\docume~1\casper1\lokale~1\temp\IADE.tmp [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-1-25 42000]
S3 osppsvc;Office Software Protection Platform;c:\programmer\fælles filer\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2009-9-26 4639136]
S3 oUltraf;oUltraf;\??\c:\docume~1\casper1\lokale~1\temp\oultraf.sys --> c:\docume~1\casper1\lokale~1\temp\oUltraf.sys [?]
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [2009-1-8 32000]

=============== Created Last 30 ================

2009-12-08 17:48:02 1 ----a-w- c:\documents and settings\casper1\oashdihasidhasuidhiasdhiashdiuasdhasd
2009-12-08 17:46:57 18944 ----a-w- c:\windows\system32\30.tmp
2009-12-08 17:46:54 27475 ----a-w- c:\windows\system32\29.tmp
2009-12-08 17:46:50 101376 ----a-w- c:\windows\system32\F.tmp
2009-12-08 17:46:47 172 ----a-w- c:\windows\system32\B.tmp
2009-12-08 17:46:46 155648 ----a-w- c:\windows\system32\nmklo.dll
2009-12-08 17:46:45 577536 ----a-w- c:\windows\system32\bupxtjxlc
2009-12-08 17:46:41 189440 ----a-w- c:\windows\system32\cooper.mine
2009-12-08 17:46:16 64000 --sh--r- c:\windows\system32\providd.exe
2009-12-08 13:52:57 18944 ----a-w- c:\windows\system32\28.tmp
2009-12-08 13:52:55 101376 ----a-w- c:\windows\system32\25.tmp
2009-12-08 13:52:47 27476 ----a-w- c:\windows\system32\8.tmp
2009-12-08 13:52:45 172 ----a-w- c:\windows\system32\7.tmp
2009-12-08 13:49:03 18944 ----a-w- c:\windows\system32\14.tmp
2009-12-08 13:49:01 101376 ----a-w- c:\windows\system32\10.tmp
2009-12-08 13:49:00 27476 ----a-w- c:\windows\system32\E.tmp
2009-12-08 13:48:59 172 ----a-w- c:\windows\system32\D.tmp
2009-12-08 13:45:28 32256 ----a-w- c:\windows\system32\1298,574.exe
2009-12-08 13:45:19 744 ----a-w- c:\windows\system32\6975,672.exe
2009-12-08 13:45:11 32768 ----a-w- c:\windows\system32\msncuxqg.dll
2009-12-08 13:44:57 47360 ----a-w- c:\windows\system32\av_md.exe
2009-12-08 13:44:57 47360 ----a-w- c:\documents and settings\casper1\av_md.exe
2009-12-08 13:44:56 18944 ----a-w- c:\windows\system32\27.tmp
2009-12-08 13:44:54 71168 ----a-w- c:\windows\system32\reader_s.exe
2009-12-08 13:44:54 71168 ----a-w- c:\documents and settings\casper1\reader_s.exe
2009-12-08 13:44:54 101376 ----a-w- c:\windows\system32\26.tmp
2009-12-08 13:44:52 27477 ----a-w- c:\windows\system32\22.tmp
2009-12-08 13:44:52 172 ----a-w- c:\windows\system32\20.tmp
2009-12-08 13:44:45 32 --s-a-w- c:\windows\system32\4167311857.dat
2009-12-08 13:44:41 18944 ---ha-w- c:\windows\system32\drivers\protect.sys
2009-12-08 13:44:11 0 d-----w- c:\programmer\Protection System
2009-12-08 13:44:11 0 ----a-w- c:\windows\SC.INS
2009-12-08 13:44:11 0 ----a-w- c:\windows\sc.exe
2009-12-08 13:43:53 65024 --sh--r- c:\windows\system32\jdsuml.exe
2009-12-08 13:43:51 68096 --sh--r- c:\windows\system32\ldfrmmd.exe
2009-12-08 13:43:51 65024 --sh--r- c:\windows\system32\winssled.exe
2009-12-07 20:42:24 22824620 ----a-w- c:\windows\service.exe
2009-12-07 20:01:27 18944 ----a-w- c:\windows\system32\C.tmp
2009-12-07 20:01:25 99328 ----a-w- c:\windows\system32\A.tmp
2009-12-07 20:01:24 27477 ----a-w- c:\windows\system32\9.tmp
2009-12-07 20:01:15 260 ----a-w- c:\windows\system32\6.tmp
2009-12-07 19:35:53 18944 ----a-w- c:\windows\system32\1C.tmp
2009-12-07 19:35:51 99328 ----a-w- c:\windows\system32\1B.tmp
2009-12-07 19:35:49 27475 ----a-w- c:\windows\system32\1A.tmp
2009-12-07 19:35:44 212 ----a-w- c:\windows\system32\13.tmp
2009-12-07 19:35:41 32256 ----a-w- c:\windows\system32\6510,213.exe
2009-12-07 19:35:31 744 ----a-w- c:\windows\system32\5601,313.exe
2009-12-07 18:57:46 0 d-----w- c:\docume~1\casper1\applic~1\Malwarebytes
2009-12-07 18:57:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-07 18:57:38 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-07 18:57:38 0 d-----w- c:\programmer\Malwarebytes' Anti-Malware
2009-12-07 18:57:38 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-12-06 16:11:01 98 ----a-w- C:\bnhs56c108.bat
2009-12-06 16:09:19 18944 ----a-w- c:\windows\system32\19.tmp
2009-12-06 16:09:16 744 ----a-w- c:\windows\system32\4261,438.exe
2009-12-06 16:09:13 106496 ----a-w- c:\windows\system32\18.tmp
2009-12-06 16:09:01 102 ----a-w- c:\windows\system32\244703.BAT
2009-12-06 16:08:52 132 ----a-w- c:\windows\system32\12.tmp
2009-12-06 16:08:43 40448 ----a-w- c:\windows\bnhs56c.com
2009-12-06 16:07:30 4096 ----a-w- c:\windows\system32\drivers\unpr.sys
2009-12-04 14:17:26 18944 ----a-w- c:\windows\system32\5.tmp
2009-12-04 14:17:03 172 ----a-w- c:\windows\system32\2.tmp
2009-12-04 14:17:03 0 ----a-w- c:\windows\system32\3.tmp
2009-12-04 14:00:11 18944 ----a-w- c:\windows\system32\40.tmp
2009-12-04 13:59:54 0 ----a-w- c:\windows\system32\3E.tmp
2009-12-04 13:59:33 0 ----a-w- c:\windows\system32\3D.tmp
2009-12-04 13:59:25 172 ----a-w- c:\windows\system32\3C.tmp
2009-12-04 06:16:52 100 ----a-w- C:\bukg108.bat
2009-12-04 06:16:31 32256 ----a-w- c:\windows\system32\8789,266.exe
2009-12-04 06:15:32 31744 ----a-w- c:\windows\system32\2C.tmp
2009-12-04 06:15:31 18944 ------w- c:\windows\system32\2B.tmp
2009-12-04 06:15:28 800 ----a-w- c:\windows\system32\737,7261.exe
2009-12-04 06:15:08 0 ----a-w- c:\windows\system32\23.tmp
2009-12-04 06:15:02 216 ----a-w- c:\windows\system32\1F.tmp
2009-12-03 14:38:01 31744 ----a-w- c:\windows\system32\3F.tmp
2009-12-03 14:37:53 97792 ----a-w- c:\windows\system32\38.tmp
2009-12-03 14:37:41 216 ----a-w- c:\windows\system32\2D.tmp
2009-12-03 14:21:02 31744 ----a-w- c:\windows\system32\24.tmp
2009-12-03 14:20:43 97792 ----a-w- c:\windows\system32\21.tmp
2009-12-03 14:20:30 216 ----a-w- c:\windows\system32\1D.tmp
2009-12-02 18:21:27 4608 ----a-w- c:\windows\system32\drivers\ipsys.sys
2009-12-02 18:11:33 31744 ----a-w- c:\windows\system32\1E.tmp
2009-12-02 18:11:01 216 ----a-w- c:\windows\system32\17.tmp
2009-12-02 18:06:52 0 d-----w- c:\windows\system32\wbem\Repository
2009-12-02 18:04:19 136 ----a-w- c:\windows\system32\ikhcore(2).cfg
2009-12-02 17:57:10 32 --s-a-w- c:\windows\system32\863311651.dat
2009-12-02 17:56:29 0 ----a-w- c:\windows\system32\16.tmp
2009-12-02 17:56:26 31744 ----a-w- c:\windows\system32\15.tmp
2009-12-02 17:43:30 4 ----a-w- c:\documents and settings\casper1\proxy_port
2009-12-02 16:18:17 31744 ----a-w- c:\windows\system32\11.tmp
2009-12-02 15:52:25 93 ----a-w- C:\12779523.bat
2009-12-02 15:43:43 53248 ----a-w- c:\windows\system32\5596,364.exe
2009-12-02 15:43:12 0 ----a-w- c:\windows\system32\59.tmp
2009-12-02 15:43:09 31744 ----a-w- c:\windows\system32\57.tmp
2009-12-02 15:43:06 624 ----a-w- c:\windows\system32\4247,095.exe
2009-12-02 15:43:04 32768 ----a-w- c:\windows\system32\kzp.4e
2009-12-02 15:43:03 65024 ----a-w- c:\windows\system32\rth.gde
2009-12-02 15:43:02 216 ----a-w- c:\windows\system32\53.tmp
2009-12-02 15:42:22 182912 ----a-w- c:\windows\system32\dllcache\ndis.sys
2009-12-02 15:41:55 360320 ----a-w- c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
2009-12-02 15:41:33 0 d-----w- c:\programmer\ecobar
2009-12-02 15:41:27 4 ----a-w- c:\docume~1\casper1\applic~1\avdrn.dat
2009-12-01 16:29:59 0 d-----w- c:\programmer\LimeWire
2009-11-24 15:16:13 0 d-----w- c:\programmer\Adobe Photoshop CS3
2009-11-23 18:37:01 0 d-----w- c:\programmer\Microsoft Synchronization Services
2009-11-23 18:35:14 0 d-----w- c:\documents and settings\all users\Microsoft
2009-11-23 18:35:13 0 d-----w- c:\programmer\Microsoft SQL Server Compact Edition
2009-11-23 18:29:11 0 d-----w- c:\programmer\Microsoft Analysis Services
2009-11-23 17:45:51 0 d-----w- c:\docume~1\casper1\applic~1\Rainmeter
2009-11-23 17:40:32 0 d-----w- c:\docume~1\casper1\applic~1\Stardock
2009-11-23 17:40:10 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{A87EB928-0C6C-4071-AEF1-59E32BAEDF1B}
2009-11-23 17:37:36 0 d-----w- c:\programmer\Rainmeter
2009-11-17 18:15:54 0 d-----w- c:\docume~1\casper1\applic~1\mIRC

==================== Find3M ====================

2009-12-08 17:47:03 147616 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-12-08 17:47:03 147616 ----a-w- c:\windows\system32\dllcache\atapi.sys
2009-12-07 20:11:39 1054208 ----a-w- c:\windows\explorer.exe
2009-12-06 16:07:09 360320 ----a-w- c:\windows\system32\drivers\TCPIP.SYS
2009-12-06 16:07:09 360320 ----a-w- c:\windows\system32\dllcache\TCPIP.SYS
2009-12-03 14:27:33 86016 --s---w- c:\windows\system32\4zm.exe
2009-12-03 14:27:33 34304 ----a-w- c:\windows\system32\SVCHOST.EXE
2009-12-03 14:20:23 577536 ----a-w- c:\windows\system32\user32.DLL
2009-12-03 14:20:23 37888 ----a-w- c:\windows\system32\wincert.dll
2009-12-03 14:20:23 32256 ----a-w- c:\windows\system32\curslib.dll
2009-12-02 18:19:36 83026 ----a-w- c:\windows\system32\PERFC006.DAT
2009-12-02 18:19:36 457360 ----a-w- c:\windows\system32\PERFH006.DAT
2009-12-02 16:23:05 81920 --sh--w- c:\windows\system32\4z.exe
2009-12-02 16:23:05 34304 ----a-w- c:\windows\system32\SVCHOST(3).EXE
2009-12-02 15:42:22 212480 ----a-w- c:\windows\system32\drivers\NDIS.SYS
2009-10-21 04:07:57 3598336 ----a-w- c:\windows\system32\dllcache\mshtml.dll
2009-09-26 02:32:10 1205080 ----a-w- c:\windows\system32\FM20.DLL
2009-09-26 02:32:08 31600 ----a-w- c:\windows\system32\FM20ENU.DLL
2009-09-11 14:35:44 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 14:35:44 133632 ------w- c:\windows\system32\dllcache\msv1_0.dll

============= FINISH: 18:50:53,51 ===============
 

Attachments

1 - 3 of 3 Posts
Status
Not open for further replies.
Top