Notifikationer

Markér alle som læst Log ud

daki Juniormester

09. marts 2009 - 18:02 Der er 22 kommentarer og
2 løsninger

Check af logfiler efter scanning af computer

Jeg har lige - så godt som jeg nu kan - renset en computer med Malwarebytes og ccleaner.

Og her jeg så en log fra hijackthis og Malwarebytes, lige for at være helt sikker :-)

/dan

----------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:46:52, on 09-03-2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programmer\fælles filer\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\Dit.exe
C:\Programmer\Home Cinema\PowerCinema\PCMService.exe
C:\WINDOWS\VM_STI.EXE
C:\Programmer\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Programmer\Windows Media Player\WMPNSCFG.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Fælles filer\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\DitExp.exe
C:\Programmer\Fælles filer\Teleca Shared\Generic.exe
C:\Programmer\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Microsoft LifeCam\MSCamS32.exe
C:\Programmer\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\RealVNC\VNC4\WinVNC4.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Documents and Settings\Claus Dalgaard.PC02\Skrivebord\hijackthis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmer\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmer\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmer\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar2.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmer\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programmer\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE USB PC Web Camera
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programmer\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [LifeCam] "C:\Programmer\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [Stupid Data Dart Wave] C:\Documents and Settings\All Users\Application Data\flag ace stupid data\test bib.exe
O4 - HKLM\..\Run: [Windows UDP's Control Service] wswc.exe
O4 - HKLM\..\RunServices: [Internet Explorer Server] C:\WINDOWS\IEXPLORE.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [mess comp] C:\DOCUME~1\CLAUSD~1.PC0\APPLIC~1\LISTSP~1\partsecond.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmer\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunServices: [Internet Explorer Server] C:\WINDOWS\IEXPLORE.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10a.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.msn.dk
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1109362865250
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1566B515-0628-4120-8BAF-A072DBBF5C1A}: NameServer = 192.168.1.1,194.239.134.83
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E4E2D6E-88D6-439B-B3AC-23AD199407CD}: NameServer = 192.168.1.1,194.239.134.83
O17 - HKLM\System\CS1\Services\Tcpip\..\{1566B515-0628-4120-8BAF-A072DBBF5C1A}: NameServer = 192.168.1.1,194.239.134.83
O17 - HKLM\System\CS2\Services\Tcpip\..\{1566B515-0628-4120-8BAF-A072DBBF5C1A}: NameServer = 192.168.1.1,194.239.134.83
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programmer\fælles filer\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programmer\Fælles filer\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Programmer\RealVNC\VNC4\WinVNC4.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 9206 bytes
-----------
-----------
Malwarebytes' Anti-Malware 1.34
Database version: 1827
Windows 5.1.2600 Service Pack 2

08-03-2009 21:56:31
mbam-log-2009-03-08 (21-56-31).txt

Skan type: Fuldstændig skanning (C:\|D:\|E:\|)
Objekter skannet: 230650
Tid tilbagelagt: 1 hour(s), 33 minute(s), 48 second(s)

Inficerede Hukommelses Processer: 8
Inficerede Hukommelses Moduler: 1
Inficerede Registeringsdatabase Nøgler: 1
Inficerede Registeringsdatabase Værdier: 8
Inficerede Registeringsdatabase Filer: 10
Inficerede Mapper: 0
Inficerede Filer: 38

Inficerede Hukommelses Processer:
C:\WINDOWS\fxstaller.exe (Backdoor.Bot) -> Unloaded process successfully.
C:\WINDOWS\system32\lssas.exe (Backdoor.Bot) -> Unloaded process successfully.
C:\WINDOWS\wswc.exe (Backdoor.Bot) -> Unloaded process successfully.
C:\WINDOWS\IEXPLORE.exe (Backdoor.Bot) -> Unloaded process successfully.
C:\WINDOWS\system32\ntdll64.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\system32\mdm.exe (Backdoor.Bot) -> Unloaded process successfully.
C:\WINDOWS\system32\frmwrk32.exe (Trojan.FakeAlert) -> Unloaded process successfully.
C:\WINDOWS\system32\csrs.exe (Heuristics.Reserved.Word.Exploit) -> Unloaded process successfully.

Inficerede Hukommelses Moduler:
C:\WINDOWS\Temp\ntdll64.dll (Trojan.FakeAlert) -> Delete on reboot.

Inficerede Registeringsdatabase Nøgler:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{28abc5c0-4fcb-11cf-aax5-81cx1c635612} (Trojan.Agent) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Værdier:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\local security authority service (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\internet explorer server (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\internet explorer server (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Client Server Runtime Process (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows UDP Control Center (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\microsoft visual debuger (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\microsoft visual debuger (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Framework Windows (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Filer:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://www.postarticles.net) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Inficerede Mapper:
(Ingen mistænkelige filer fundet)

Inficerede Filer:
C:\WINDOWS\fxstaller.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lssas.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\wswc.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\IEXPLORE.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\wmplayer32.exe (Trojan.Agent) -> Delete on reboot.
C:\am.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\ci.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\nana.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\pap.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\topsite.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Claus Dalgaard.PC02\Lokale indstillinger\Temp\IXP000.TMP\DSC000.EXE (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Claus Dalgaard.PC02\Lokale indstillinger\Temp\IXP001.TMP\buriminewpck.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Claus Dalgaard.PC02\Lokale indstillinger\Temp\IXP002.TMP\buriminewpck.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Claus Dalgaard.PC02\Lokale indstillinger\Temp\IXP003.TMP\buriminewpck.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Claus Dalgaard.PC02\Lokale indstillinger\Temporary Internet Files\Content.IE5\0DSBRR5V\russian[1].exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Claus Dalgaard.PC02\Lokale indstillinger\Temporary Internet Files\Content.IE5\0DSBRR5V\pap[1].jpg (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Claus Dalgaard.PC02\Lokale indstillinger\Temporary Internet Files\Content.IE5\0DSBRR5V\am[1].exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{69C28582-99AA-4AEC-B073-AC1CC121FD9A}\RP172\A0555981.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{69C28582-99AA-4AEC-B073-AC1CC121FD9A}\RP172\A0556980.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{69C28582-99AA-4AEC-B073-AC1CC121FD9A}\RP173\A0556982.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{69C28582-99AA-4AEC-B073-AC1CC121FD9A}\RP173\A0557982.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekalmkvtbqx.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ntdll64.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\csrs.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mdm.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\warning.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ahtn.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\frmwrk32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Claus Dalgaard.PC02\Lokale indstillinger\Temp\ntdll64.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ntdll64.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\Documents and Settings\Claus Dalgaard.PC02\Lokale indstillinger\Temp\mousehook.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\Temp\mousehook.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekaiuwnmyul.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekanioewyid.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekaowkswbot.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\senekavvsnkolt.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\drivers\seneka.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\senekawprrvklt.sys (Trojan.Agent) -> Quarantined and deleted successfully.
-----------

Synes godt om

Computer Hjælp (Gratis) Mester

09. marts 2009 - 19:17 #1

Hvis det endelig skal være så skal det være en frisk HiJackThis LOG efter Malwarebytes's kørsel... Der virker til at være _masser_ af 'snavs'/banditter tilbage som Malwarebytes's burde have nappet !!

---------
Desuden ->

-- Hent Combofix fra et af disse links, og gem den på dit skrivebord:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe

-- Kør så combofix.exe, som du hentede tidligere, og følg anvisningerne.
Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind.

Synes godt om

Computer Hjælp (Gratis) Mester

09. marts 2009 - 19:20 #2

Er der nogen grund til at du mangler M$ ServicePack3 ? + efterfølgende MANGE opdateringer fra WindowsUdate ?

Jeg synes ikke at kunne spore nogen form for Sikkerhedsprogram ???

Synes godt om

daki Juniormester

09. marts 2009 - 21:23 #3

1. hijackthis er kørt efter malwarebytes'
2. Combofix kørt - log nederst.
3. SP3 installeret - det havde jeg ikke set :-)
3. AVG 8.5 installeret - Der var selvfølgelig ikke installeret et sikkerhedsprogram :-(

/dan

----------
ComboFix 09-03-06.02 - Claus Dalgaard 2009-03-09 19:41:43.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1030.18.511.208 [GMT 1:00]
Kører fra: c:\documents and settings\Claus Dalgaard.PC02\Skrivebord\ComboFix.exe
FW: Norman Personal Firewall v. 1.4 *disabled*
.

((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\restore\S-1-5-21-1482476501-1644491937-682003330-1013
c:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini
c:\windows\system32\init32.exe
c:\windows\system32\tmp.reg
c:\windows\system32\uniq.tll
c:\windows\system32\win32hlp.cnf
c:\windows\system32\winlogon2.exe

----- BITS: Mulige inficerede internetsteder -----

hxxp://83.91.17.76:8530
[COLOR=RED] c:\windows\system32\userinit.exe . . . er inficeret!![/COLOR]

.
((((((((((((((((((((((((((((((((((((((( Drivers/Tjenester )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_seneka

((((((((((((((((((((((((((((( Filer skabt fra 2009-02-09 til 2009-03-09 )))))))))))))))))))))))))))))))))))
.

2009-02-23 11:01 . 2004-08-26 17:53 159,232 --a------ c:\windows\system32\ptpusd.dll
2009-02-23 11:01 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2009-02-23 11:01 . 2004-08-03 22:58 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2009-02-23 11:01 . 2001-10-04 17:07 5,632 --a------ c:\windows\system32\ptpusb.dll
2009-02-16 15:57 . 2009-02-16 15:57 <DIR> d-------- c:\programmer\Barbie(TM)
2009-02-11 16:20 . 2009-02-11 16:20 28,160 --a------ C:\nan.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-08 18:57 --------- d-----w c:\programmer\Malwarebytes' Anti-Malware
2009-02-22 15:33 714 ----a-w c:\documents and settings\Claus Dalgaard.PC02\Application Data\wklnhst.dat
2009-02-16 15:04 --------- d-----w c:\documents and settings\All Users\Application Data\Barbie Fashion Show
2009-02-15 10:38 --------- d-----w c:\documents and settings\Claus Dalgaard.PC02\Application Data\Skype
2009-02-11 15:20 --------- d-----w c:\documents and settings\Claus Dalgaard.PC02\Application Data\skypePM
2009-02-11 09:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 09:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-02-01 15:31 --------- d-----w c:\documents and settings\Claus Dalgaard.PC02\Application Data\List Spam Tick
2009-02-01 15:31 --------- d-----w c:\documents and settings\All Users\Application Data\flag ace stupid data
2009-02-01 15:30 --------- d-----w c:\programmer\List Spam Tick
2009-01-29 18:27 --------- d-----w c:\documents and settings\Claus Dalgaard.PC02\Application Data\Malwarebytes
2009-01-29 18:27 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-29 18:26 --------- d-----w c:\programmer\CCleaner
2009-01-26 15:09 --------- d-----w c:\documents and settings\Claus Dalgaard.PC02\Application Data\Windows Live Writer
2009-01-26 13:32 --------- d-----w c:\programmer\Windows Live
2009-01-26 13:32 --------- d-----w c:\programmer\Microsoft
2009-01-26 13:31 --------- d-----w c:\programmer\Microsoft Sync Framework
2009-01-26 13:29 --------- d-----w c:\programmer\MSN Messenger
2009-01-26 13:29 --------- d-----w c:\programmer\Microsoft SQL Server Compact Edition
2009-01-26 13:28 --------- d-----w c:\programmer\Windows Live SkyDrive
2009-01-26 13:12 --------- d-----w c:\programmer\Fælles filer\Windows Live
2009-01-17 19:16 --------- d-----w c:\programmer\Microsoft LifeCam
2003-08-15 03:13 40,960 ----a-w c:\programmer\Uninstall_PCM.exe
.

------- Sigcheck -------

2009-02-12 08:24 104960 49227f58e1f82432ce02383a94d91801 c:\windows\system32\userinit.exe
2009-02-12 08:24 104960 49227f58e1f82432ce02383a94d91801 c:\windows\system32\dllcache\userinit.exe
.
((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-27 15360]
"swg"="c:\programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 68856]
"Skype"="c:\programmer\Skype\Phone\Skype.exe" [2008-09-29 21755688]
"mess comp"="c:\docume~1\CLAUSD~1.PC0\APPLIC~1\LISTSP~1\partsecond.exe" [2009-02-01 593920]
"WMPNSCFG"="c:\programmer\Windows Media Player\WMPNSCFG.exe" [2006-11-15 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-03 344064]
"PCMService"="c:\programmer\Home Cinema\PowerCinema\PCMService.exe" [2004-09-03 81920]
"BigDogPath"="c:\windows\VM_STI.EXE" [2005-02-28 53248]
"Sony Ericsson PC Suite"="c:\programmer\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"LifeCam"="c:\programmer\Microsoft LifeCam\LifeExp.exe" [2008-08-04 160800]
"Stupid Data Dart Wave"="c:\documents and settings\All Users\Application Data\flag ace stupid data\test bib.exe" [2009-03-09 868352]
"Dit"="Dit.exe" [2002-08-28 c:\windows\Dit.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-27 15360]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\explorer.exe,"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Adobe Reader Hurtigstart.lnk]
path=c:\documents and settings\All Users\Menuen Start\Programmer\Start\Adobe Reader Hurtigstart.lnk
backup=c:\windows\pss\Adobe Reader Hurtigstart.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Claus Dalgaard^Menuen Start^Programmer^Start^Registration Heroes of Might & Magic 5 - Hammers of Fate.LNK]
path=c:\documents and settings\Claus Dalgaard\Menuen Start\Programmer\Start\Registration Heroes of Might & Magic 5 - Hammers of Fate.LNK
backup=c:\windows\pss\Registration Heroes of Might & Magic 5 - Hammers of Fate.LNKStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Claus Dalgaard^Menuen Start^Programmer^Start^Registration Heroes of Might & Magic 5.LNK]
path=c:\documents and settings\Claus Dalgaard\Menuen Start\Programmer\Start\Registration Heroes of Might & Magic 5.LNK
backup=c:\windows\pss\Registration Heroes of Might & Magic 5.LNKStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Claus Dalgaard^Menuen Start^Programmer^Start^UltimateZip Quick Start.lnk]
path=c:\documents and settings\Claus Dalgaard\Menuen Start\Programmer\Start\UltimateZip Quick Start.lnk
backup=c:\windows\pss\UltimateZip Quick Start.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArtoNotifier]
--a------ 2006-05-23 15:42 668672 c:\programmer\Arto\Notifier\ArtoNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2006-06-26 10:34 614960 c:\programmer\Logitech\QuickCam10\QuickCam10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-02-13 19:29 35328 c:\programmer\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
--a------ 2004-05-18 03:30 543232 c:\windows\zHotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRISMSTA.EXE]
--a------ 2003-08-04 14:54 215552 c:\windows\system32\PRISMSTA.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Programmer\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Programmer\\NetMeeting\\Conf.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmer\\Valve\\hl.exe"=
"c:\\Documents and Settings\\Claus Dalgaard.PC02\\Skrivebord\\CS 1.6 lan2\\hl.exe"=
"c:\\Programmer\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Programmer\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Programmer\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Programmer\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmer\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmer\\Skype\\Phone\\Skype.exe"=

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-01-26 55136]
R2 SeaPort;SeaPort;c:\programmer\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-04 226640]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2005-02-24 945152]
R3 PRISM_A00;PRISM 802.11g Driver;c:\windows\system32\drivers\PRISMA00.sys [2003-09-10 362688]
S3 fsssvc;Windows Live Family Safety;c:\programmer\Windows Live\Family Safety\fsssvc.exe [2008-12-08 533344]
S3 jnv4_mib;jnv4_mib;\??\c:\docume~1\CLAUSD~1\LOKALE~1\Temp\jnv4_mib.sys --> c:\docume~1\CLAUSD~1\LOKALE~1\Temp\jnv4_mib.sys [?]
S3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [2009-01-17 33808]
S3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;c:\windows\system32\drivers\PhTVTune.sys [2005-02-25 24704]
S3 SUSCOM;Susteen Serial port driver;c:\windows\system32\drivers\SUSCOM.SYS [2002-10-22 40448]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{117b8b16-5ed6-11dc-9c6e-000c76743ec6}]
\Shell\AutoRun\command - h:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\wmplayer32.exe
\Shell\open\command - h:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\wmplayer32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4bf24d70-0191-11de-9edb-000c76743ec6}]
\Shell\AutoRun\command - h:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\wmplayer32.exe
\Shell\open\command - h:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\wmplayer32.exe
.
Indhold af mappen 'Planlagte Opgaver'

2009-03-09 c:\windows\Tasks\A5B9163D918E8E8D.job
- c:\docume~1\clausd~1\applic~1\listsp~1\MAPI FIRST MEMO.exe [2008-11-09 12:14]

2009-03-09 c:\windows\Tasks\AF16FEF291857D82.job
- c:\docume~1\clausd~1.pc0\applic~1\listsp~1\MAPI FIRST MEMO.exe [2009-02-01 16:31]
.
- - - - TOMME GENVEJE FJERNET - - - -

HKCU-RunServices-Internet Explorer Server - c:\windows\IEXPLORE.exe
HKLM-Run-Cmaudio - cmicnfg.cpl
HKLM-Run-Windows UDP's Control Service - wswc.exe
HKLM-RunServices-Internet Explorer Server - c:\windows\IEXPLORE.exe
MSConfigStartUp-Norman ZANDA - c:\programmer\Norman\npm\bin\ZLH.EXE
MSConfigStartUp-NPCTray - c:\programmer\Norman\npc\bin\npc_tray.exe
MSConfigStartUp-Steam - c:\programmer\Steam\Steam.exe
MSConfigStartUp-swg - c:\programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.com/
TCP: {1566B515-0628-4120-8BAF-A072DBBF5C1A} = 192.168.1.1,194.239.134.83
TCP: {4E4E2D6E-88D6-439B-B3AC-23AD199407CD} = 192.168.1.1,194.239.134.83
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-09 19:45:31
Windows 5.1.2600 Service Pack 2 NTFS

scanner skjulte processer ...

scanner skjulte autostarter ...

scanner skjulte filer ...

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'winlogon.exe'(580)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\programmer\Fælles filer\Logitech\LVMVFM\LVPrcSrv.exe
c:\windows\system32\ati2evxx.exe
c:\programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
c:\programmer\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\rundll32.exe
c:\programmer\Internet Explorer\iexplore.exe
c:\programmer\Fælles filer\Teleca Shared\CapabilityManager.exe
c:\programmer\Internet Explorer\iexplore.exe
c:\windows\DitExp.exe
c:\programmer\Fælles filer\Teleca Shared\Generic.exe
c:\programmer\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
c:\programmer\RealVNC\VNC4\winvnc4.exe
c:\programmer\Windows Media Player\wmpnetwk.exe
c:\progra~1\COMMON~1\X10\Common\X10nets.exe
.
**************************************************************************
.
Gennemført tid: 2009-03-09 19:49:15 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2009-03-09 18:49:11

Pre-Kørsel: 71.451.013.120 byte ledig
Post-Kørsel: 71,729,061,888 byte ledig

WindowsXP-KB310994-SP2-Home-BootDisk-DAN.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

212
-----------

Synes godt om

f-arn Guru

09. marts 2009 - 22:21 #4

Hvis du har lagt sp3 på skal vi ha en ny combolog, så vi kan se hvor mange infektioner der har overlevet.

Synes godt om

daki Juniormester

10. marts 2009 - 23:05 #5

Ny log fra Combofix.

/dan

----------
ComboFix 09-03-10.01 - Claus Dalgaard 2009-03-10 22:38:45.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1030.18.511.230 [GMT 1:00]
Kører fra: c:\documents and settings\Claus Dalgaard.PC02\Skrivebord\hijackthis\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
FW: Norman Personal Firewall v. 1.4 *disabled*
.

((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Forrige Kørsel -------
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\restore\S-1-5-21-1482476501-1644491937-682003330-1013
c:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini
c:\windows\system32\init32.exe
c:\windows\system32\tmp.reg
c:\windows\system32\uniq.tll
c:\windows\system32\win32hlp.cnf
c:\windows\system32\winlogon2.exe

[COLOR=RED] c:\windows\system32\userinit.exe . . . er inficeret!![/COLOR]

.
((((((((((((((((((((((((((((((((((((((( Drivers/Tjenester )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_seneka

((((((((((((((((((((((((((((( Filer skabt fra 2009-02-10 til 2009-03-10 )))))))))))))))))))))))))))))))))))
.

2009-03-09 22:00 . 2009-03-09 22:00 <DIR> d--h----- C:\$AVG8.VAULT$
2009-03-09 21:56 . 2009-03-09 21:56 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-03-09 21:56 . 2009-03-09 21:56 107,912 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-03-09 21:56 . 2009-03-09 21:56 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-03-09 21:55 . 2009-03-10 22:13 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-03-09 21:54 . 2009-03-09 21:54 <DIR> d-------- c:\programmer\Windows Resource Kits
2009-03-09 21:54 . 2009-03-09 21:54 <DIR> d-------- c:\programmer\AVG
2009-03-09 21:54 . 2009-03-09 21:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-03-09 21:51 . 2009-03-09 22:02 11,542,528 --a------ c:\windows\sectest.db
2009-03-09 20:50 . 2009-03-09 20:54 <DIR> d-------- c:\windows\ServicePackFiles
2009-03-09 20:43 . 2006-12-28 12:01 19,569 --a------ c:\windows\003038_.tmp
2009-03-09 20:38 . 2009-03-09 20:38 <DIR> d-------- c:\windows\EHome
2009-03-09 19:55 . 2008-10-16 14:08 31,768 --a------ c:\windows\system32\wucltui.dll.mui
2009-03-09 19:55 . 2008-10-16 14:08 27,672 --a------ c:\windows\system32\wuapi.dll.mui
2009-03-09 19:55 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuaucpl.cpl.mui
2009-03-09 19:55 . 2008-10-16 14:07 18,968 --a------ c:\windows\system32\wuaueng.dll.mui
2009-02-23 11:01 . 2004-08-26 17:53 159,232 --a------ c:\windows\system32\ptpusd.dll
2009-02-23 11:01 . 2008-04-13 11:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2009-02-23 11:01 . 2001-10-04 17:07 5,632 --a------ c:\windows\system32\ptpusb.dll
2009-02-16 15:57 . 2009-02-16 15:57 <DIR> d-------- c:\programmer\Barbie(TM)
2009-02-11 16:20 . 2009-02-11 16:20 28,160 --a------ C:\nan.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-09 21:02 --------- d-----w c:\programmer\Google
2009-03-08 18:57 --------- d-----w c:\programmer\Malwarebytes' Anti-Malware
2009-02-22 15:33 714 ----a-w c:\documents and settings\Claus Dalgaard.PC02\Application Data\wklnhst.dat
2009-02-16 15:04 --------- d-----w c:\documents and settings\All Users\Application Data\Barbie Fashion Show
2009-02-15 10:38 --------- d-----w c:\documents and settings\Claus Dalgaard.PC02\Application Data\Skype
2009-02-11 15:20 --------- d-----w c:\documents and settings\Claus Dalgaard.PC02\Application Data\skypePM
2009-02-11 09:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 09:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-02-01 15:31 --------- d-----w c:\documents and settings\Claus Dalgaard.PC02\Application Data\List Spam Tick
2009-02-01 15:31 --------- d-----w c:\documents and settings\All Users\Application Data\flag ace stupid data
2009-02-01 15:30 --------- d-----w c:\programmer\List Spam Tick
2009-01-29 18:27 --------- d-----w c:\documents and settings\Claus Dalgaard.PC02\Application Data\Malwarebytes
2009-01-29 18:27 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-29 18:26 --------- d-----w c:\programmer\CCleaner
2009-01-26 15:09 --------- d-----w c:\documents and settings\Claus Dalgaard.PC02\Application Data\Windows Live Writer
2009-01-26 13:32 --------- d-----w c:\programmer\Windows Live
2009-01-26 13:32 --------- d-----w c:\programmer\Microsoft
2009-01-26 13:31 --------- d-----w c:\programmer\Microsoft Sync Framework
2009-01-26 13:29 --------- d-----w c:\programmer\MSN Messenger
2009-01-26 13:29 --------- d-----w c:\programmer\Microsoft SQL Server Compact Edition
2009-01-26 13:28 --------- d-----w c:\programmer\Windows Live SkyDrive
2009-01-26 13:12 --------- d-----w c:\programmer\Fælles filer\Windows Live
2009-01-17 19:16 --------- d-----w c:\programmer\Microsoft LifeCam
2003-08-15 03:13 40,960 ----a-w c:\programmer\Uninstall_PCM.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-03-09_19.48.25.53 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-10-04 14:05:26 39,424 ------w c:\windows\AppPatch\acadproc.dll
+ 2008-04-14 08:05:20 39,424 ----a-w c:\windows\AppPatch\acadproc.dll
- 2004-08-27 12:00:00 1,852,416 ----a-w c:\windows\AppPatch\AcGenral.dll
+ 2008-04-14 08:05:20 1,852,928 ----a-w c:\windows\AppPatch\acgenral.dll
- 2004-08-27 12:00:00 450,048 ----a-w c:\windows\AppPatch\AcLayers.dll
+ 2008-04-14 08:05:20 451,072 ----a-w c:\windows\AppPatch\aclayers.dll
- 2004-08-27 12:00:00 137,728 ----a-w c:\windows\AppPatch\AcLua.dll
+ 2008-04-14 08:05:20 141,312 ----a-w c:\windows\AppPatch\aclua.dll
- 2004-08-27 12:00:00 244,736 ----a-w c:\windows\AppPatch\AcSpecfc.dll
+ 2008-04-14 08:05:20 245,248 ----a-w c:\windows\AppPatch\acspecfc.dll
- 2004-08-27 12:00:00 116,224 ----a-w c:\windows\AppPatch\AcXtrnal.dll
+ 2008-04-14 08:05:20 116,224 ----a-w c:\windows\AppPatch\acxtrnal.dll
- 2007-06-13 13:22:35 1,034,240 ----a-w c:\windows\explorer.exe
+ 2008-04-14 08:05:50 1,034,752 ----a-w c:\windows\explorer.exe
- 2004-08-27 12:00:00 34,816 ----a-w c:\windows\Help\sniffpol.dll
+ 2008-04-14 08:05:32 34,816 ----a-w c:\windows\Help\sniffpol.dll
- 2004-08-27 12:00:00 33,280 ----a-w c:\windows\Help\sstub.dll
+ 2008-04-14 08:05:38 33,280 ----a-w c:\windows\Help\sstub.dll
- 2004-08-27 12:00:00 279,040 ----a-w c:\windows\Help\tshoot.dll
+ 2008-04-14 08:05:38 279,040 ----a-w c:\windows\Help\tshoot.dll
- 2005-05-26 23:22:01 10,752 ----a-w c:\windows\hh.exe
+ 2008-04-14 08:05:52 10,752 ----a-w c:\windows\hh.exe
- 2004-08-27 12:00:00 220,160 ----a-w c:\windows\ime\mscandui.dll
+ 2008-04-14 08:05:26 220,160 ----a-w c:\windows\ime\mscandui.dll
- 2004-08-27 12:00:00 130,048 ----a-w c:\windows\ime\SOFTKBD.DLL
+ 2008-04-14 08:05:32 130,048 ----a-w c:\windows\ime\softkbd.dll
- 2004-08-27 12:00:00 62,976 ----a-w c:\windows\ime\SPGRMR.dll
+ 2008-04-13 08:43:20 62,976 ----a-w c:\windows\ime\spgrmr.dll
- 2004-08-27 12:00:00 271,872 ----a-w c:\windows\ime\SPTIP.dll
+ 2008-04-14 08:05:38 271,872 ----a-w c:\windows\ime\sptip.dll
+ 2008-01-18 07:13:10 2,247 ------w c:\windows\Installer\tsclientmsitrans\tscdsbl.bat
+ 2007-12-12 02:33:52 18,917 ------w c:\windows\Installer\tsclientmsitrans\tscinst.vbs
+ 2007-10-30 02:06:48 13,801 ------w c:\windows\Installer\tsclientmsitrans\tscuinst.vbs
+ 2008-04-14 08:05:10 25,600 ------w c:\windows\Installer\tsclientmsitrans\tscupdc.dll
- 2004-08-27 12:00:00 24,064 ----a-w c:\windows\msagent\agentanm.dll
+ 2008-04-14 08:05:20 24,064 ----a-w c:\windows\msagent\agentanm.dll
- 2004-08-27 12:00:00 214,016 ----a-w c:\windows\msagent\agentctl.dll
+ 2008-04-14 08:05:20 214,016 ----a-w c:\windows\msagent\agentctl.dll
- 2006-10-12 14:04:27 42,496 ----a-w c:\windows\msagent\agentdp2.dll
+ 2008-04-14 08:05:20 42,496 ----a-w c:\windows\msagent\agentdp2.dll
- 2007-03-09 13:47:53 57,344 ----a-w c:\windows\msagent\agentdpv.dll
+ 2008-04-14 08:05:20 57,344 ----a-w c:\windows\msagent\agentdpv.dll
- 2004-08-27 12:00:00 49,152 ----a-w c:\windows\msagent\agentmpx.dll
+ 2008-04-14 08:05:20 49,152 ----a-w c:\windows\msagent\agentmpx.dll
- 2004-08-27 12:00:00 24,064 ----a-w c:\windows\msagent\agentpsh.dll
+ 2008-04-14 08:05:20 24,064 ----a-w c:\windows\msagent\agentpsh.dll
- 2004-08-27 12:00:00 44,032 ----a-w c:\windows\msagent\agentsr.dll
+ 2008-04-14 08:05:20 44,032 ----a-w c:\windows\msagent\agentsr.dll
- 2006-10-12 11:09:53 256,512 ----a-w c:\windows\msagent\agentsvr.exe
+ 2008-04-14 08:05:44 256,512 ----a-w c:\windows\msagent\agentsvr.exe
- 2004-08-27 12:00:00 24,064 ----a-w c:\windows\msagent\agtintl.dll
+ 2008-04-14 08:05:20 24,064 ----a-w c:\windows\msagent\agtintl.dll
- 2004-08-27 12:00:00 19,456 ----a-w c:\windows\msagent\intl\agt0405.dll
+ 2007-04-02 10:26:00 19,456 ----a-w c:\windows\msagent\intl\agt0405.dll
- 2004-08-27 12:00:00 19,456 ----a-w c:\windows\msagent\intl\agt0406.dll
+ 2007-04-02 10:26:00 19,456 ----a-w c:\windows\msagent\intl\agt0406.dll
- 2004-08-27 12:00:00 21,504 ----a-w c:\windows\msagent\intl\agt0407.dll
+ 2007-04-02 10:26:02 21,504 ----a-w c:\windows\msagent\intl\agt0407.dll
- 2004-08-27 12:00:00 22,016 ----a-w c:\windows\msagent\intl\agt0408.dll
+ 2007-04-02 10:26:02 22,016 ----a-w c:\windows\msagent\intl\agt0408.dll
- 2004-08-27 12:00:00 19,456 ----a-w c:\windows\msagent\intl\agt0409.dll
+ 2008-04-13 09:32:30 19,968 ----a-w c:\windows\msagent\intl\agt0409.dll
- 2004-08-27 12:00:00 19,456 ----a-w c:\windows\msagent\intl\agt040b.dll
+ 2007-04-02 10:26:02 19,456 ----a-w c:\windows\msagent\intl\agt040b.dll
- 2004-08-27 12:00:00 21,504 ----a-w c:\windows\msagent\intl\agt040c.dll
+ 2007-04-02 10:26:02 21,504 ----a-w c:\windows\msagent\intl\agt040c.dll
- 2004-08-27 12:00:00 19,968 ----a-w c:\windows\msagent\intl\agt040e.dll
+ 2007-04-02 10:26:02 19,968 ----a-w c:\windows\msagent\intl\agt040e.dll
- 2004-08-27 12:00:00 20,992 ----a-w c:\windows\msagent\intl\agt0410.dll
+ 2007-04-02 10:26:02 20,992 ----a-w c:\windows\msagent\intl\agt0410.dll
- 2004-08-27 12:00:00 20,992 ----a-w c:\windows\msagent\intl\agt0413.dll
+ 2007-04-02 10:26:02 20,992 ----a-w c:\windows\msagent\intl\agt0413.dll
- 2004-08-27 12:00:00 19,456 ----a-w c:\windows\msagent\intl\agt0414.dll
+ 2007-04-02 10:26:02 19,456 ----a-w c:\windows\msagent\intl\agt0414.dll
- 2004-08-27 12:00:00 19,456 ----a-w c:\windows\msagent\intl\agt0415.dll
+ 2007-04-02 10:26:02 19,456 ----a-w c:\windows\msagent\intl\agt0415.dll
- 2004-08-27 12:00:00 20,480 ----a-w c:\windows\msagent\intl\agt0416.dll
+ 2007-04-02 10:26:02 20,480 ----a-w c:\windows\msagent\intl\agt0416.dll
- 2004-08-27 12:00:00 19,456 ----a-w c:\windows\msagent\intl\agt0419.dll
+ 2007-04-02 10:26:02 19,456 ----a-w c:\windows\msagent\intl\agt0419.dll
- 2004-08-27 12:00:00 19,456 ----a-w c:\windows\msagent\intl\agt041d.dll
+ 2007-04-02 10:26:02 19,456 ----a-w c:\windows\msagent\intl\agt041d.dll
- 2004-08-27 12:00:00 19,456 ----a-w c:\windows\msagent\intl\agt041f.dll
+ 2007-04-02 10:26:02 19,456 ----a-w c:\windows\msagent\intl\agt041f.dll
- 2004-08-27 12:00:00 20,992 ----a-w c:\windows\msagent\intl\agt0816.dll
+ 2007-04-02 10:26:04 20,992 ----a-w c:\windows\msagent\intl\agt0816.dll
- 2004-08-27 12:00:00 20,480 ----a-w c:\windows\msagent\intl\agt0c0a.dll
+ 2007-04-02 10:26:04 20,480 ----a-w c:\windows\msagent\intl\agt0c0a.dll
- 2004-08-27 12:00:00 39,936 ----a-w c:\windows\msagent\mslwvtts.dll
+ 2008-04-14 08:05:28 39,936 ----a-w c:\windows\msagent\mslwvtts.dll
- 2006-06-02 19:32:32 33,792 ------w c:\windows\network diagnostic\custsat.dll
+ 2008-04-14 08:05:20 33,792 ------w c:\windows\network diagnostic\custsat.dll
- 2006-10-10 12:44:50 557,568 ------w c:\windows\network diagnostic\xpnetdiag.exe
+ 2008-04-13 10:53:34 558,080 ------w c:\windows\network diagnostic\xpnetdiag.exe
- 2004-08-27 12:00:00 69,632 ----a-w c:\windows\NOTEPAD.EXE
+ 2008-04-14 08:05:58 69,632 ----a-w c:\windows\notepad.exe
- 2004-08-27 12:00:00 768,512 ----a-w c:\windows\pchealth\helpctr\binaries\HelpCtr.exe
+ 2008-04-14 08:05:52 769,024 ----a-w c:\windows\pchealth\helpctr\binaries\helpctr.exe
- 2004-08-27 12:00:00 743,936 ----a-w c:\windows\pchealth\helpctr\binaries\HelpSvc.exe
+ 2008-04-14 08:05:52 744,448 ----a-w c:\windows\pchealth\helpctr\binaries\helpsvc.exe
- 2004-08-27 12:00:00 18,944 ----a-w c:\windows\pchealth\helpctr\binaries\HscUpd.exe
+ 2008-04-14 08:05:52 18,432 ----a-w c:\windows\pchealth\helpctr\binaries\hscupd.exe
- 2004-08-27 12:00:00 158,720 ----a-w c:\windows\pchealth\helpctr\binaries\msconfig.exe
+ 2008-04-14 08:05:56 170,496 ----a-w c:\windows\pchealth\helpctr\binaries\msconfig.exe
- 2004-08-27 12:00:00 377,344 ----a-w c:\windows\pchealth\helpctr\binaries\msinfo.dll
+ 2008-04-14 08:05:28 377,856 ----a-w c:\windows\pchealth\helpctr\binaries\msinfo.dll
- 2004-08-27 12:00:00 102,400 ----a-w c:\windows\pchealth\helpctr\binaries\pchshell.dll
+ 2008-04-14 08:05:32 102,912 ----a-w c:\windows\pchealth\helpctr\binaries\pchshell.dll
- 2004-08-27 12:00:00 38,912 ----a-w c:\windows\pchealth\helpctr\binaries\pchsvc.dll
+ 2008-04-14 08:05:32 38,400 ----a-w c:\windows\pchealth\helpctr\binaries\pchsvc.dll
- 2005-02-25 04:31:44 76,487 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
+ 2009-03-09 19:56:37 76,487 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
- 2005-02-25 19:04:12 2,666 ----a-w c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
+ 2009-03-09 19:56:37 2,972 ----a-w c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
- 2004-08-27 12:00:00 151,040 ----a-w c:\windows\pchealth\UploadLB\Binaries\UploadM.exe
+ 2008-04-14 08:06:06 151,040 ----a-w c:\windows\pchealth\UploadLB\Binaries\uploadm.exe
- 2004-08-27 12:00:00 151,552 ----a-w c:\windows\PeerNet\sqldb20.dll
+ 2008-04-14 08:05:38 151,552 ----a-w c:\windows\PeerNet\sqldb20.dll
- 2004-08-27 12:00:00 462,848 ----a-w c:\windows\PeerNet\sqlqp20.dll
+ 2008-04-14 08:05:38 462,848 ----a-w c:\windows\PeerNet\sqlqp20.dll
- 2004-08-27 12:00:00 110,592 ----a-w c:\windows\PeerNet\sqlse20.dll
+ 2008-04-14 08:05:38 110,592 ----a-w c:\windows\PeerNet\sqlse20.dll
- 2004-08-27 12:00:00 150,528 ----a-w c:\windows\regedit.exe
+ 2008-04-14 08:06:02 150,528 ----a-w c:\windows\regedit.exe
+ 2008-04-13 10:46:20 53,376 ------w c:\windows\ServicePackFiles\i386\1394bus.sys
+ 2008-04-13 10:40:52 12,288 ------w c:\windows\ServicePackFiles\i386\4mmdat.sys
+ 2008-04-13 10:46:22 48,128 ------w c:\windows\ServicePackFiles\i386\61883.sys
+ 2008-04-14 08:05:20 100,352 ------w c:\windows\ServicePackFiles\i386\6to4svc.dll
+ 2008-04-13 08:36:02 231,552 ------w c:\windows\ServicePackFiles\i386\ac97ali.sys
+ 2008-04-13 08:36:08 84,480 ------w c:\windows\ServicePackFiles\i386\ac97via.sys
+ 2008-04-14 08:05:20 39,424 ------w c:\windows\ServicePackFiles\i386\acadproc.dll
+ 2008-04-14 08:05:42 186,880 ------w c:\windows\ServicePackFiles\i386\accwiz.exe
+ 2008-04-14 08:05:20 1,852,928 ------w c:\windows\ServicePackFiles\i386\acgenral.dll
+ 2008-04-14 08:05:20 451,072 ------w c:\windows\ServicePackFiles\i386\aclayers.dll
+ 2008-04-14 08:05:20 141,312 ------w c:\windows\ServicePackFiles\i386\aclua.dll
+ 2008-04-14 08:05:20 117,760 ------w c:\windows\ServicePackFiles\i386\aclui.dll
+ 2008-04-14 07:34:28 188,032 ------w c:\windows\ServicePackFiles\i386\acpi.sys
+ 2008-04-14 08:05:20 245,248 ------w c:\windows\ServicePackFiles\i386\acspecfc.dll
+ 2008-04-14 08:05:20 193,536 ------w c:\windows\ServicePackFiles\i386\activeds.dll
+ 2008-04-14 08:05:42 4,096 ------w c:\windows\ServicePackFiles\i386\actmovie.exe
+ 2008-04-14 08:05:20 98,304 ------w c:\windows\ServicePackFiles\i386\actxprxy.dll
+ 2008-04-14 08:05:20 116,224 ------w c:\windows\ServicePackFiles\i386\acxtrnal.dll
+ 2008-04-14 08:05:20 20,540 ------w c:\windows\ServicePackFiles\i386\admin.dll
+ 2008-04-14 08:05:44 16,439 ------w c:\windows\ServicePackFiles\i386\admin.exe
+ 2008-04-13 08:36:02 10,880 ------w c:\windows\ServicePackFiles\i386\admjoy.sys
+ 2008-04-14 08:05:20 61,440 ------w c:\windows\ServicePackFiles\i386\admparse.dll
+ 2008-04-14 08:05:20 175,616 ------w c:\windows\ServicePackFiles\i386\adsldp.dll
+ 2008-04-14 08:05:20 143,360 ------w c:\windows\ServicePackFiles\i386\adsldpc.dll
+ 2008-04-14 08:05:20 68,096 ------w c:\windows\ServicePackFiles\i386\adsmsext.dll
+ 2008-04-14 08:05:20 263,680 ------w c:\windows\ServicePackFiles\i386\adsnt.dll
+ 2008-04-14 08:05:20 4,255 ------w c:\windows\ServicePackFiles\i386\adv01nt5.dll
+ 2008-04-14 08:05:20 3,967 ------w c:\windows\ServicePackFiles\i386\adv02nt5.dll
+ 2008-04-14 08:05:20 3,615 ------w c:\windows\ServicePackFiles\i386\adv05nt5.dll
+ 2008-04-14 08:05:20 3,647 ------w c:\windows\ServicePackFiles\i386\adv07nt5.dll
+ 2008-04-14 08:05:20 3,135 ------w c:\windows\ServicePackFiles\i386\adv08nt5.dll
+ 2008-04-14 08:05:20 3,711 ------w c:\windows\ServicePackFiles\i386\adv09nt5.dll
+ 2008-04-14 08:05:20 3,775 ------w c:\windows\ServicePackFiles\i386\adv11nt5.dll
+ 2008-04-14 08:05:20 682,496 ------w c:\windows\ServicePackFiles\i386\advapi32.dll
+ 2008-04-14 08:05:20 101,376 ------w c:\windows\ServicePackFiles\i386\advpack.dll
+ 2008-04-13 08:39:24 142,592 ------w c:\windows\ServicePackFiles\i386\aec.sys
+ 2008-04-13 11:19:24 138,112 ------w c:\windows\ServicePackFiles\i386\afd.sys
+ 2008-04-14 08:05:20 24,064 ------w c:\windows\ServicePackFiles\i386\agentanm.dll
+ 2008-04-14 08:05:20 214,016 ------w c:\windows\ServicePackFiles\i386\agentctl.dll
+ 2008-04-14 08:05:20 42,496 ------w c:\windows\ServicePackFiles\i386\agentdp2.dll
+ 2008-04-14 08:05:20 57,344 ------w c:\windows\ServicePackFiles\i386\agentdpv.dll
+ 2008-04-14 08:05:20 49,152 ------w c:\windows\ServicePackFiles\i386\agentmpx.dll
+ 2008-04-14 08:05:20 24,064 ------w c:\windows\ServicePackFiles\i386\agentpsh.dll
+ 2008-04-14 08:05:20 44,032 ------w c:\windows\ServicePackFiles\i386\agentsr.dll
+ 2008-04-14 08:05:44 256,512 ------w c:\windows\ServicePackFiles\i386\agentsvr.exe
+ 2008-04-13 10:36:40 42,368 ------w c:\windows\ServicePackFiles\i386\agp440.sys
+ 2008-04-13 10:36:40 44,928 ------w c:\windows\ServicePackFiles\i386\agpcpq.sys
+ 2007-04-02 10:26:00 19,456 ------w c:\windows\ServicePackFiles\i386\agt0401.dll
+ 2007-04-02 10:26:00 19,456 ------w c:\windows\ServicePackFiles\i386\agt0404.dll
+ 2007-04-02 10:26:00 19,456 ------w c:\windows\ServicePackFiles\i386\agt0405.dll
+ 2007-04-02 10:26:00 19,456 ------w c:\windows\ServicePackFiles\i386\agt0406.dll
+ 2007-04-02 10:26:02 21,504 ------w c:\windows\ServicePackFiles\i386\agt0407.dll
+ 2007-04-02 10:26:02 22,016 ------w c:\windows\ServicePackFiles\i386\agt0408.dll
+ 2008-04-13 09:32:30 19,968 ------w c:\windows\ServicePackFiles\i386\agt0409.dll
+ 2007-04-02 10:26:02 19,456 ------w c:\windows\ServicePackFiles\i386\agt040b.dll
+ 2007-04-02 10:26:02 21,504 ------w c:\windows\ServicePackFiles\i386\agt040c.dll
+ 2007-04-02 10:26:02 19,456 ------w c:\windows\ServicePackFiles\i386\agt040d.dll
+ 2007-04-02 10:26:02 19,968 ------w c:\windows\ServicePackFiles\i386\agt040e.dll
+ 2007-04-02 10:26:02 20,992 ------w c:\windows\ServicePackFiles\i386\agt0410.dll
+ 2007-04-02 10:26:02 19,456 ------w c:\windows\ServicePackFiles\i386\agt0411.dll
+ 2007-04-02 10:26:02 19,456 ------w c:\windows\ServicePackFiles\i386\agt0412.dll
+ 2007-04-02 10:26:02 20,992 ------w c:\windows\ServicePackFiles\i386\agt0413.dll
+ 2007-04-02 10:26:02 19,456 ------w c:\windows\ServicePackFiles\i386\agt0414.dll
+ 2007-04-02 10:26:02 19,456 ------w c:\windows\ServicePackFiles\i386\agt0415.dll
+ 2007-04-02 10:26:02 20,480 ------w c:\windows\ServicePackFiles\i386\agt0416.dll
+ 2007-04-02 10:26:02 19,456 ------w c:\windows\ServicePackFiles\i386\agt0419.dll
+ 2007-04-02 10:26:02 19,456 ------w c:\windows\ServicePackFiles\i386\agt041d.dll
+ 2007-04-02 10:26:02 19,456 ------w c:\windows\ServicePackFiles\i386\agt041f.dll
+ 2007-04-02 10:26:04 19,456 ------w c:\windows\ServicePackFiles\i386\agt0804.dll
+ 2007-04-02 10:26:04 20,992 ------w c:\windows\ServicePackFiles\i386\agt0816.dll
+ 2007-04-02 10:26:04 20,480 ------w c:\windows\ServicePackFiles\i386\agt0c0a.dll
+ 2008-04-14 08:05:20 24,064 ------w c:\windows\ServicePackFiles\i386\agtintl.dll
+ 2008-04-14 08:05:44 98,304 ------w c:\windows\ServicePackFiles\i386\ahui.exe
+ 2008-04-14 08:05:44 44,544 ------w c:\windows\ServicePackFiles\i386\alg.exe
+ 2008-04-13 10:36:40 42,752 ------w c:\windows\ServicePackFiles\i386\alim1541.sys
+ 2008-04-14 08:05:20 17,408 ------w c:\windows\ServicePackFiles\i386\alrsvc.dll
+ 2008-04-13 10:36:40 43,008 ------w c:\windows\ServicePackFiles\i386\amdagp.sys
+ 2008-04-14 07:35:34 41,216 ------w c:\windows\ServicePackFiles\i386\amdk6.sys
+ 2008-04-14 07:35:36 41,600 ------w c:\windows\ServicePackFiles\i386\amdk7.sys
+ 2008-04-14 08:05:20 70,656 ------w c:\windows\ServicePackFiles\i386\amstream.dll
+ 2008-04-13 08:35:30 36,224 ------w c:\windows\ServicePackFiles\i386\an983.sys
+ 2008-04-14 08:05:20 125,952 ------w c:\windows\ServicePackFiles\i386\apphelp.dll
+ 2008-04-14 08:05:20 332,800 ------w c:\windows\ServicePackFiles\i386\aqueue.dll
+ 2008-04-13 10:51:26 60,800 ------w c:\windows\ServicePackFiles\i386\arp1394.sys
+ 2008-04-14 08:05:20 65,024 ------w c:\windows\ServicePackFiles\i386\asycfilt.dll
+ 2008-04-13 10:57:28 14,336 ------w c:\windows\ServicePackFiles\i386\asyncmac.sys
+ 2008-04-14 08:05:44 25,088 ------w c:\windows\ServicePackFiles\i386\at.exe
+ 2008-04-13 10:40:32 96,512 ------w c:\windows\ServicePackFiles\i386\atapi.sys
+ 2008-04-13 08:34:18 56,623 ------w c:\windows\ServicePackFiles\i386\ati1btxx.sys
+ 2008-04-13 08:34:18 11,615 ------w c:\windows\ServicePackFiles\i386\ati1mdxx.sys
+ 2008-04-13 08:34:18 12,047 ------w c:\windows\ServicePackFiles\i386\ati1pdxx.sys
+ 2008-04-13 08:34:18 30,671 ------w c:\windows\ServicePackFiles\i386\ati1raxx.sys
+ 2008-04-13 08:34:18 63,663 ------w c:\windows\ServicePackFiles\i386\ati1rvxx.sys
+ 2008-04-13 08:34:18 26,367 ------w c:\windows\ServicePackFiles\i386\ati1snxx.sys
+ 2008-04-13 08:34:18 21,343 ------w c:\windows\ServicePackFiles\i386\ati1ttxx.sys
+ 2008-04-13 08:34:18 36,463 ------w c:\windows\ServicePackFiles\i386\ati1tuxx.sys
+ 2008-04-13 08:34:20 29,455 ------w c:\windows\ServicePackFiles\i386\ati1xbxx.sys
+ 2008-04-13 08:34:20 34,735 ------w c:\windows\ServicePackFiles\i386\ati1xsxx.sys
+ 2008-04-14 08:05:20 229,376 ------w c:\windows\ServicePackFiles\i386\ati2cqag.dll
+ 2008-04-14 08:05:20 201,728 ------w c:\windows\ServicePackFiles\i386\ati2dvag.dll
+ 2008-04-14 08:05:20 377,984 ------w c:\windows\ServicePackFiles\i386\ati2dvaa.dll
+ 2008-04-14 07:36:22 701,440 ------w c:\windows\ServicePackFiles\i386\ati2mtag.sys
+ 2008-04-14 07:36:20 327,040 ------w c:\windows\ServicePackFiles\i386\ati2mtaa.sys
+ 2008-04-14 08:05:20 870,784 ------w c:\windows\ServicePackFiles\i386\ati3d1ag.dll
+ 2008-04-14 08:05:20 1,057,760 ------w c:\windows\ServicePackFiles\i386\ati3d2ag.dll
+ 2008-04-14 08:05:20 1,888,992 ------w c:\windows\ServicePackFiles\i386\ati3duag.dll
+ 2008-04-13 08:34:18 57,856 ------w c:\windows\ServicePackFiles\i386\atinbtxx.sys
+ 2008-04-13 08:34:18 13,824 ------w c:\windows\ServicePackFiles\i386\atinmdxx.sys
+ 2008-04-13 08:34:18 14,336 ------w c:\windows\ServicePackFiles\i386\atinpdxx.sys
+ 2008-04-13 08:34:18 52,224 ------w c:\windows\ServicePackFiles\i386\atinraxx.sys
+ 2008-04-13 08:34:18 104,960 ------w c:\windows\ServicePackFiles\i386\atinrvxx.sys
+ 2008-04-13 08:34:18 28,672 ------w c:\windows\ServicePackFiles\i386\atinsnxx.sys
+ 2008-04-13 08:34:18 13,824 ------w c:\windows\ServicePackFiles\i386\atinttxx.sys
+ 2008-04-13 08:34:18 73,216 ------w c:\windows\ServicePackFiles\i386\atintuxx.sys
+ 2008-04-13 08:34:20 31,744 ------w c:\windows\ServicePackFiles\i386\atinxbxx.sys
+ 2008-04-13 08:34:20 63,488 ------w c:\windows\ServicePackFiles\i386\atinxsxx.sys
+ 2008-04-14 08:05:20 32,768 ------w c:\windows\ServicePackFiles\i386\ativtmxx.dll
+ 2008-04-14 08:05:20 516,768 ------w c:\windows\ServicePackFiles\i386\ativvaxx.dll
+ 2008-04-14 08:05:20 58,880 ------w c:\windows\ServicePackFiles\i386\atl.dll
+ 2008-04-14 08:05:44 11,776 ------w c:\windows\ServicePackFiles\i386\atmadm.exe
+ 2008-04-13 10:51:26 59,904 ------w c:\windows\ServicePackFiles\i386\atmarpc.sys
+ 2008-04-14 08:03:42 285,696 ------w c:\windows\ServicePackFiles\i386\atmfd.dll
+ 2008-04-13 10:51:32 55,808 ------w c:\windows\ServicePackFiles\i386\atmlane.sys
+ 2008-04-14 08:05:20 30,208 ------w c:\windows\ServicePackFiles\i386\atmlib.dll
+ 2008-04-14 08:05:44 12,288 ------w c:\windows\ServicePackFiles\i386\attrib.exe
+ 2008-04-14 08:05:20 21,183 ------w c:\windows\ServicePackFiles\i386\atv01nt5.dll
+ 2008-04-14 08:05:20 11,359 ------w c:\windows\ServicePackFiles\i386\atv02nt5.dll
+ 2008-04-14 08:05:20 25,471 ------w c:\windows\ServicePackFiles\i386\atv04nt5.dll
+ 2008-04-14 08:05:20 14,143 ------w c:\windows\ServicePackFiles\i386\atv06nt5.dll
+ 2008-04-14 08:05:20 17,279 ------w c:\windows\ServicePackFiles\i386\atv10nt5.dll
+ 2008-04-14 08:05:20 42,496 ------w c:\windows\ServicePackFiles\i386\audiosrv.dll
+ 2008-04-14 08:05:44 14,336 ------w c:\windows\ServicePackFiles\i386\auditusr.exe
+ 2008-04-14 08:05:20 20,540 ------w c:\windows\ServicePackFiles\i386\author.dll
+ 2008-04-14 08:05:44 16,439 ------w c:\windows\ServicePackFiles\i386\author.exe
+ 2008-04-14 08:05:20 62,464 ------w c:\windows\ServicePackFiles\i386\authz.dll
+ 2008-04-14 08:05:44 601,600 ------w c:\windows\ServicePackFiles\i386\autochk.exe
+ 2008-04-14 08:05:44 615,424 ------w c:\windows\ServicePackFiles\i386\autoconv.exe
+ 2008-04-14 08:05:44 593,408 ------w c:\windows\ServicePackFiles\i386\autofmt.exe
+ 2008-04-14 08:05:44 11,264 ------w c:\windows\ServicePackFiles\i386\autolfn.exe
+ 2008-04-13 10:46:22 38,912 ------w c:\windows\ServicePackFiles\i386\avc.sys
+ 2008-04-13 10:46:08 13,696 ------w c:\windows\ServicePackFiles\i386\avcstrm.sys
+ 2008-04-14 08:05:20 85,504 ------w c:\windows\ServicePackFiles\i386\avifil32.dll
+ 2008-04-14 08:05:20 233,472 ------w c:\windows\ServicePackFiles\i386\azroles.dll
+ 2008-04-14 08:05:20 52,736 ------w c:\windows\ServicePackFiles\i386\basesrv.dll
+ 2008-04-14 08:05:20 29,184 ------w c:\windows\ServicePackFiles\i386\batmeter.dll
+ 2008-04-14 08:05:20 8,704 ------w c:\windows\ServicePackFiles\i386\batt.dll
+ 2008-04-13 10:36:34 14,208 ------w c:\windows\ServicePackFiles\i386\battc.sys
+ 2008-04-13 10:46:22 11,776 ------w c:\windows\ServicePackFiles\i386\bdasup.sys
+ 2008-04-14 08:05:20 17,408 ------w c:\windows\ServicePackFiles\i386\bidispl.dll
+ 2008-04-14 08:05:20 8,192 ------w c:\windows\ServicePackFiles\i386\bitsprx2.dll
+ 2008-04-14 08:05:20 7,168 ------w c:\windows\ServicePackFiles\i386\bitsprx3.dll
+ 2008-04-14 08:05:20 7,168 ------w c:\windows\ServicePackFiles\i386\bitsprx4.dll
+ 2008-04-14 08:05:44 71,680 ------w c:\windows\ServicePackFiles\i386\blastcln.exe
+ 2008-04-13 10:53:24 71,552 ------w c:\windows\ServicePackFiles\i386\bridge.sys
+ 2008-04-14 07:37:44 65,536 ------w c:\windows\ServicePackFiles\i386\browselc.dll
+ 2008-04-14 08:05:20 77,824 ------w c:\windows\ServicePackFiles\i386\browser.dll
+ 2008-04-14 08:05:20 1,025,024 ------w c:\windows\ServicePackFiles\i386\browseui.dll
+ 2008-04-14 08:05:20 78,336 ------w c:\windows\ServicePackFiles\i386\browsewm.dll
+ 2008-04-14 08:05:20 20,992 ------w c:\windows\ServicePackFiles\i386\bthci.dll
+ 2008-04-13 10:46:34 17,024 ------w c:\windows\ServicePackFiles\i386\bthenum.sys
+ 2008-04-13 10:46:34 37,888 ------w c:\windows\ServicePackFiles\i386\bthmodem.sys
+ 2008-04-13 10:51:36 101,120 ------w c:\windows\ServicePackFiles\i386\bthpan.sys
+ 2008-04-14 07:37:54 273,152 ------w c:\windows\ServicePackFiles\i386\bthport.sys
+ 2008-04-13 10:46:32 36,480 ------w c:\windows\ServicePackFiles\i386\bthprint.sys
+ 2008-04-14 08:05:20 30,208 ------w c:\windows\ServicePackFiles\i386\bthserv.dll
+ 2008-04-13 10:46:30 18,944 ------w c:\windows\ServicePackFiles\i386\bthusb.sys
+ 2008-04-14 08:05:20 50,688 ------w c:\windows\ServicePackFiles\i386\btpanui.dll
+ 2008-04-14 08:05:20 218,112 ------w c:\windows\ServicePackFiles\i386\c_g18030.dll
+ 2008-04-14 08:05:20 60,416 ------w c:\windows\ServicePackFiles\i386\cabinet.dll
+ 2008-04-14 08:05:20 84,992 ------w c:\windows\ServicePackFiles\i386\cabview.dll
+ 2008-04-14 08:05:46 19,968 ------w c:\windows\ServicePackFiles\i386\cacls.exe
+ 2008-04-14 08:05:20 385,024 ------w c:\windows\ServicePackFiles\i386\callcont.dll
+ 2008-04-14 08:05:20 121,856 ------w c:\windows\ServicePackFiles\i386\camext30.dll
+ 2008-04-14 08:05:20 50,688 ------w c:\windows\ServicePackFiles\i386\camocx.dll
+ 2008-04-14 08:05:20 151,040 ------w c:\windows\ServicePackFiles\i386\capesnpn.dll
+ 2008-04-14 08:05:20 226,304 ------w c:\windows\ServicePackFiles\i386\catsrv.dll
+ 2008-04-14 08:05:20 85,504 ------w c:\windows\ServicePackFiles\i386\catsrvps.dll
+ 2008-04-14 08:05:20 625,664 ------w c:\windows\ServicePackFiles\i386\catsrvut.dll
+ 2008-04-13 10:46:24 17,024 ------w c:\windows\ServicePackFiles\i386\ccdecode.sys
+ 2008-04-13 11:14:22 63,744 ------w c:\windows\ServicePackFiles\i386\cdfs.sys
+ 2008-04-14 08:05:20 151,552 ------w c:\windows\ServicePackFiles\i386\cdfview.dll
+ 2008-04-14 08:05:20 66,560 ------w c:\windows\ServicePackFiles\i386\cdm.dll
+ 2008-04-14 08:05:20 2,091,520 ------w c:\windows\ServicePackFiles\i386\cdosys.dll
+ 2008-04-13 10:40:48 62,976 ------w c:\windows\ServicePackFiles\i386\cdrom.sys
+ 2008-04-14 08:05:20 198,144 ------w c:\windows\ServicePackFiles\i386\certcli.dll
+ 2008-04-14 08:05:20 460,288 ------w c:\windows\ServicePackFiles\i386\certmgr.dll
+ 2008-04-14 08:05:20 38,912 ------w c:\windows\ServicePackFiles\i386\cfgbkend.dll
+ 2008-04-14 08:03:44 16,896 ------w c:\windows\ServicePackFiles\i386\cfgmgr32.dll
+ 2008-04-14 08:05:46 188,480 ------w c:\windows\ServicePackFiles\i386\cfgwiz.exe
+ 2008-04-14 08:05:20 15,423 ------w c:\windows\ServicePackFiles\i386\ch7xxnt5.dll
+ 2008-04-13 10:41:00 8,192 ------w c:\windows\ServicePackFiles\i386\changer.sys
+ 2008-04-14 08:05:20 148,480 ------w c:\windows\ServicePackFiles\i386\cic.dll
+ 2008-04-14 08:05:20 1,358,848 ------w c:\windows\ServicePackFiles\i386\cimwin32.dll
+ 2008-04-14 08:05:20 69,120 ------w c:\windows\ServicePackFiles\i386\ciodm.dll
+ 2008-04-14 08:05:46 5,632 ------w c:\windows\ServicePackFiles\i386\cisvc.exe
+ 2008-04-13 11:16:24 49,536 ------w c:\windows\ServicePackFiles\i386\classpnp.sys
+ 2008-04-14 08:05:20 110,592 ------w c:\windows\ServicePackFiles\i386\clbcatex.dll
+ 2008-04-14 08:05:20 498,688 ------w c:\windows\ServicePackFiles\i386\clbcatq.dll
+ 2008-04-14 08:05:46 64,512 ------w c:\windows\ServicePackFiles\i386\cleanmgr.exe
+ 2008-04-14 08:05:20 77,824 ------w c:\windows\ServicePackFiles\i386\cliconfg.dll
+ 2008-04-14 08:05:46 20,480 ------w c:\windows\ServicePackFiles\i386\cliconfg.exe
+ 2008-04-14 08:05:46 103,424 ------w c:\windows\ServicePackFiles\i386\clipbrd.exe
+ 2008-04-14 08:05:46 33,280 ------w c:\windows\ServicePackFiles\i386\clipsrv.exe
+ 2008-04-14 08:05:20 58,368 ------w c:\windows\ServicePackFiles\i386\clusapi.dll
+ 2008-04-13 10:36:38 13,952 ------w c:\windows\ServicePackFiles\i386\cmbatt.sys
+ 2008-04-14 08:05:20 15,872 ------w c:\windows\ServicePackFiles\i386\cmcfg32.dll
+ 2008-04-14 08:05:46 391,680 ------w c:\windows\ServicePackFiles\i386\cmd.exe
+ 2008-04-14 08:05:20 346,624 ------w c:\windows\ServicePackFiles\i386\cmdial32.dll
+ 2008-04-14 08:05:46 25,600 ------w c:\windows\ServicePackFiles\i386\cmdl32.exe
+ 2008-04-14 08:05:46 39,936 ------w c:\windows\ServicePackFiles\i386\cmmon32.exe
+ 2008-04-14 08:05:20 186,368 ------w c:\windows\ServicePackFiles\i386\cmprops.dll
+ 2008-04-14 08:05:20 13,312 ------w c:\windows\ServicePackFiles\i386\cmsetacl.dll
+ 2008-04-14 08:05:46 64,000 ------w c:\windows\ServicePackFiles\i386\cmstp.exe
+ 2008-04-14 08:05:20 40,448 ------w c:\windows\ServicePackFiles\i386\cmutil.dll
+ 2008-04-14 08:05:20 48,640 ------w c:\windows\ServicePackFiles\i386\cnbjmon.dll
+ 2008-04-14 08:05:20 81,408 ------w c:\windows\ServicePackFiles\i386\cnbjmon2.dll
+ 2008-04-13 08:44:18 17,920 ------w c:\windows\ServicePackFiles\i386\cobramsg.dll
+ 2008-04-14 08:05:20 60,416 ------w c:\windows\ServicePackFiles\i386\colbact.dll
+ 2008-04-14 08:05:20 28,160 ------w c:\windows\ServicePackFiles\i386\comaddin.dll
+ 2008-04-14 08:05:20 195,072 ------w c:\windows\ServicePackFiles\i386\comadmin.dll
+ 2008-04-14 08:05:20 617,472 ------w c:\windows\ServicePackFiles\i386\comctl32.dll
+ 2008-04-14 08:05:20 279,040 ------w c:\windows\ServicePackFiles\i386\comdlg32.dll
+ 2008-04-14 08:05:20 252,928 ------w c:\windows\ServicePackFiles\i386\compatui.dll
+ 2008-04-13 10:36:38 10,240 ------w c:\windows\ServicePackFiles\i386\compbatt.sys
+ 2008-04-14 08:05:20 229,376 ------w c:\windows\ServicePackFiles\i386\compstui.dll
+ 2008-04-14 08:05:20 97,792 ------w c:\windows\ServicePackFiles\i386\comrepl.dll
+ 2008-04-14 08:05:46 9,728 ------w c:\windows\ServicePackFiles\i386\comrepl.exe
+ 2008-04-14 08:05:46 6,144 ------w c:\windows\ServicePackFiles\i386\comrereg.exe
+ 2008-04-14 08:05:20 804,352 ------w c:\windows\ServicePackFiles\i386\comres.dll
+ 2008-04-14 08:05:20 274,944 ------w c:\windows\ServicePackFiles\i386\comsetup.dll
+ 2008-04-14 08:05:20 167,424 ------w c:\windows\ServicePackFiles\i386\comsnap.dll
+ 2008-04-14 08:05:20 1,267,200 ------w c:\windows\ServicePackFiles\i386\comsvcs.dll
+ 2008-04-14 08:03:46 539,648 ------w c:\windows\ServicePackFiles\i386\comuid.dll
+ 2008-04-14 08:05:46 1,032,192 ------w c:\windows\ServicePackFiles\i386\conf.exe
+ 2008-04-14 08:05:20 45,056 ------w c:\windows\ServicePackFiles\i386\confmrsl.dll
+ 2008-04-14 08:05:20 358,400 ------w c:\windows\ServicePackFiles\i386\confmsp.dll
+ 2008-04-14 08:05:46 27,648 ------w c:\windows\ServicePackFiles\i386\conime.exe
+ 2008-04-14 08:05:20 35,328 ------w c:\windows\ServicePackFiles\i386\corpol.dll
+ 2008-04-14 08:05:20 12,800 ------w c:\windows\ServicePackFiles\i386\credssp.dll
+ 2008-04-14 08:05:20 164,352 ------w c:\windows\ServicePackFiles\i386\credui.dll
+ 2008-04-14 07:41:32 40,576 ------w c:\windows\ServicePackFiles\i386\crusoe.sys
+ 2008-04-14 08:05:20 602,112 ------w c:\windows\ServicePackFiles\i386\crypt32.dll
+ 2008-04-14 08:05:20 74,752 ------w c:\windows\ServicePackFiles\i386\cryptdlg.dll
+ 2008-04-14 08:05:20 33,280 ------w c:\windows\ServicePackFiles\i386\cryptdll.dll
+ 2008-04-14 08:05:20 54,272 ------w c:\windows\ServicePackFiles\i386\cryptext.dll
+ 2008-04-14 08:05:20 64,512 ------w c:\windows\ServicePackFiles\i386\cryptnet.dll
+ 2008-04-14 08:05:20 62,464 ------w c:\windows\ServicePackFiles\i386\cryptsvc.dll
+ 2008-04-14 08:05:20 517,632 ------w c:\windows\ServicePackFiles\i386\cryptui.dll
+ 2008-04-14 08:05:20 101,888 ------w c:\windows\ServicePackFiles\i386\cscdll.dll
+ 2008-04-14 08:05:46 139,264 ------w c:\windows\ServicePackFiles\i386\cscript.exe
+ 2008-04-14 08:05:20 329,728 ------w c:\windows\ServicePackFiles\i386\cscui.dll
+ 2008-04-14 08:05:20 32,256 ------w c:\windows\ServicePackFiles\i386\csrsrv.dll
+ 2008-04-14 08:05:46 6,144 ------w c:\windows\ServicePackFiles\i386\csrss.exe
+ 2008-04-14 08:05:46 15,360 ------w c:\windows\ServicePackFiles\i386\ctfmon.exe
+ 2008-04-14 08:05:20 250,880 ------w c:\windows\ServicePackFiles\i386\ctmasetp.dll
+ 2008-04-14 08:05:20 33,792 ------w c:\windows\ServicePackFiles\i386\custsat.dll
+ 2008-04-13 08:36:04 48,640 ------w c:\windows\ServicePackFiles\i386\cwrwdm.sys
+ 2008-04-14 08:05:20 1,179,648 ------w c:\windows\ServicePackFiles\i386\d3d8.dll
+ 2008-04-14 08:05:20 8,192 ------w c:\windows\ServicePackFiles\i386\d3d8thk.dll
+ 2008-04-14 08:05:20 1,689,088 ------w c:\windows\ServicePackFiles\i386\d3d9.dll
+ 2008-04-14 08:05:20 824,320 ------w c:\windows\ServicePackFiles\i386\d3dim700.dll
+ 2008-04-14 08:05:20 1,056,256 ------w c:\windows\ServicePackFiles\i386\danim.dll
+ 2008-01-19 03:04:50 554,008 ------w c:\windows\ServicePackFiles\i386\dao360.dll
+ 2008-04-14 08:05:20 54,272 ------w c:\windows\ServicePackFiles\i386\dataclen.dll
+ 2008-04-14 08:05:20 165,376 ------w c:\windows\ServicePackFiles\i386\datime.dll
+ 2008-04-14 08:05:20 25,600 ------w c:\windows\ServicePackFiles\i386\davclnt.dll
+ 2008-04-14 08:05:20 640,000 ------w c:\windows\ServicePackFiles\i386\dbghelp.dll
+ 2008-04-14 08:05:20 24,576 ------w c:\windows\ServicePackFiles\i386\dbmsrpcn.dll
+ 2008-04-14 08:05:20 110,592 ------w c:\windows\ServicePackFiles\i386\dbnetlib.dll
+ 2008-04-14 08:05:20 28,672 ------w c:\windows\ServicePackFiles\i386\dbnmpntw.dll
+ 2008-04-14 08:20:36 1,804 ------w c:\windows\ServicePackFiles\i386\dcache.bin
+ 2008-04-14 08:05:20 40,960 ------w c:\windows\ServicePackFiles\i386\dcap32.dll
+ 2008-04-14 08:05:20 8,704 ------w c:\windows\ServicePackFiles\i386\dciman32.dll
+ 2008-04-14 08:05:46 6,144 ------w c:\windows\ServicePackFiles\i386\dcomcnfg.exe
+ 2008-04-14 08:05:46 30,720 ------w c:\windows\ServicePackFiles\i386\ddeshare.exe
+ 2008-04-14 08:05:20 279,552 ------w c:\windows\ServicePackFiles\i386\ddraw.dll
+ 2008-04-14 08:05:20 27,136 ------w c:\windows\ServicePackFiles\i386\ddrawex.dll
+ 2008-04-14 08:05:46 25,088 ------w c:\windows\ServicePackFiles\i386\defrag.exe
+ 2008-04-14 08:05:20 59,904 ------w c:\windows\ServicePackFiles\i386\devenum.dll
+ 2008-04-14 08:05:20 282,624 ------w c:\windows\ServicePackFiles\i386\devmgr.dll
+ 2008-04-14 08:05:48 82,944 ------w c:\windows\ServicePackFiles\i386\dfrgfat.exe
+ 2008-04-14 08:05:48 105,472 ------w c:\windows\ServicePackFiles\i386\dfrgntfs.exe
+ 2008-04-14 08:05:20 39,424 ------w c:\windows\ServicePackFiles\i386\dfrgsnap.dll
+ 2008-04-14 08:05:22 124,416 ------w c:\windows\ServicePackFiles\i386\dfrgui.dll
+ 2008-04-14 08:05:22 28,672 ------w c:\windows\ServicePackFiles\i386\dfsshlex.dll
+ 2008-04-14 08:05:22 112,128 ------w c:\windows\ServicePackFiles\i386\dgnet.dll
+ 2008-04-14 08:05:22 126,976 ------w c:\windows\ServicePackFiles\i386\dhcpcsvc.dll
+ 2008-04-14 08:05:22 394,752 ------w c:\windows\ServicePackFiles\i386\dhcpmon.dll
+ 2008-04-14 08:05:22 48,640 ------w c:\windows\ServicePackFiles\i386\dhcpqec.dll
+ 2008-04-14 08:05:48 542,720 ------w c:\windows\ServicePackFiles\i386\dialer.exe
+ 2008-04-14 08:05:48 87,040 ------w c:\windows\ServicePackFiles\i386\diantz.exe
+ 2008-04-14 08:05:22 68,608 ------w c:\windows\ServicePackFiles\i386\digest.dll
+ 2008-04-14 08:05:22 19,456 ------w c:\windows\ServicePackFiles\i386\dimsntfy.dll
+ 2008-04-14 08:05:22 39,936 ------w c:\windows\ServicePackFiles\i386\dimsroam.dll
+ 2008-04-14 08:05:22 161,792 ------w c:\windows\ServicePackFiles\i386\dinput.dll
+ 2008-04-14 08:05:22 184,832 ------w c:\windows\ServicePackFiles\i386\dinput8.dll
+ 2008-04-14 08:05:22 86,528 ------w c:\windows\ServicePackFiles\i386\directdb.dll
+ 2008-04-13 10:40:48 36,352 ------w c:\windows\ServicePackFiles\i386\disk.sys
+ 2008-04-14 08:05:22 1,504,256 ------w c:\windows\ServicePackFiles\i386\diskcopy.dll
+ 2008-04-13 10:40:46 14,208 ------w c:\windows\ServicePackFiles\i386\diskdump.sys
+ 2008-04-14 08:05:48 163,840 ------w c:\windows\ServicePackFiles\i386\diskpart.exe
+ 2008-04-14 08:05:22 32,768 ------w c:\windows\ServicePackFiles\i386\dispex.dll
+ 2008-04-14 08:05:48 5,120 ------w c:\windows\ServicePackFiles\i386\dllhost.exe
+ 2008-04-13 10:40:52 8,320 ------w c:\windows\ServicePackFiles\i386\dlttape.sys
+ 2008-04-14 08:05:48 225,280 ------w c:\windows\ServicePackFiles\i386\dmadmin.exe
+ 2008-04-14 08:05:22 28,672 ------w c:\windows\ServicePackFiles\i386\dmband.dll
+ 2008-04-14 07:43:06 800,000 ------w c:\windows\ServicePackFiles\i386\dmboot.sys
+ 2008-04-14 08:05:22 61,440 ------w c:\windows\ServicePackFiles\i386\dmcompos.dll
+ 2008-04-14 08:05:22 285,184 ------w c:\windows\ServicePackFiles\i386\dmdlgs.dll
+ 2008-04-14 08:05:22 200,704 ------w c:\windows\ServicePackFiles\i386\dmdskmgr.dll
+ 2008-04-14 08:05:22 181,248 ------w c:\windows\ServicePackFiles\i386\dmime.dll
+ 2008-04-14 07:43:10 153,600 ------w c:\windows\ServicePackFiles\i386\dmio.sys
+ 2008-04-14 08:05:22 35,840 ------w c:\windows\ServicePackFiles\i386\dmloader.dll
+ 2008-04-14 08:05:48 15,872 ------w c:\windows\ServicePackFiles\i386\dmremote.exe
+ 2008-04-14 08:05:22 82,432 ------w c:\windows\ServicePackFiles\i386\dmscript.dll
+ 2008-04-14 08:05:22 23,552 ------w c:\windows\ServicePackFiles\i386\dmserver.dll
+ 2008-04-14 08:05:22 105,984 ------w c:\windows\ServicePackFiles\i386\dmstyle.dll
+ 2008-04-14 08:05:22 103,424 ------w c:\windows\ServicePackFiles\i386\dmsynth.dll
+ 2008-04-14 08:05:22 104,448 ------w c:\windows\ServicePackFiles\i386\dmusic.dll
+ 2008-04-13 10:45:02 52,864 ------w c:\windows\ServicePackFiles\i386\dmusic.sys
+ 2008-04-14 08:05:22 52,224 ------w c:\windows\ServicePackFiles\i386\dmutil.dll
+ 2008-04-14 08:05:22 147,968 ------w c:\windows\ServicePackFiles\i386\dnsapi.dll
+ 2008-04-14 08:05:22 45,568 ------w c:\windows\ServicePackFiles\i386\dnsrslvr.dll
+ 2008-04-14 08:05:22 48,128 ------w c:\windows\ServicePackFiles\i386\docprop2.dll
+ 2008-04-13 08:54:54 53,904 ------w c:\windows\ServicePackFiles\i386\dosx.exe
+ 2008-04-14 08:05:22 26,624 ------w c:\windows\ServicePackFiles\i386\dot3api.dll
+ 2008-04-14 08:05:22 59,904 ------w c:\windows\ServicePackFiles\i386\dot3cfg.dll
+ 2008-04-14 08:05:22 39,936 ------w c:\windows\ServicePackFiles\i386\dot3clnt.dll
+ 2008-04-14 08:05:22 9,216 ------w c:\windows\ServicePackFiles\i386\dot3dlg.dll
+ 2008-04-14 08:05:22 56,832 ------w c:\windows\ServicePackFiles\i386\dot3msm.dll
+ 2008-04-14 08:05:22 132,608 ------w c:\windows\ServicePackFiles\i386\dot3svc.dll
+ 2008-04-14 08:05:22 651,264 ------w c:\windows\ServicePackFiles\i386\dot3ui.dll
+ 2008-04-13 10:39:48 206,976 ------w c:\windows\ServicePackFiles\i386\dot4.sys
+ 2008-04-14 07:36:08 103,424 ------w c:\windows\ServicePackFiles\i386\dpcdll.dll
+ 2008-04-14 08:05:48 29,696 ------w c:\windows\ServicePackFiles\i386\dplaysvr.exe
+ 2008-04-14 08:05:22 229,888 ------w c:\windows\ServicePackFiles\i386\dplayx.dll
+ 2008-04-14 08:05:22 23,552 ------w c:\windows\ServicePackFiles\i386\dpmodemx.dll
+ 2008-04-14 08:03:50 3,072 ------w c:\windows\ServicePackFiles\i386\dpnaddr.dll
+ 2008-04-14 08:05:22 375,296 ------w c:\windows\ServicePackFiles\i386\dpnet.dll
+ 2008-04-14 08:05:22 35,328 ------w c:\windows\ServicePackFiles\i386\dpnhpast.dll
+ 2008-04-14 08:05:22 60,928 ------w c:\windows\ServicePackFiles\i386\dpnhupnp.dll
+ 2008-04-14 08:03:50 3,072 ------w c:\windows\ServicePackFiles\i386\dpnlobby.dll
+ 2008-04-14 08:05:48 18,432 ------w c:\windows\ServicePackFiles\i386\dpnsvr.exe
+ 2008-04-14 08:05:22 21,504 ------w c:\windows\ServicePackFiles\i386\dpvacm.dll
+ 2008-04-14 08:05:22 212,480 ------w c:\windows\ServicePackFiles\i386\dpvoice.dll
+ 2008-04-14 08:05:48 83,456 ------w c:\windows\ServicePackFiles\i386\dpvsetup.exe
+ 2008-04-14 08:05:22 116,736 ------w c:\windows\ServicePackFiles\i386\dpvvox.dll
+ 2008-04-14 08:05:22 57,856 ------w c:\windows\ServicePackFiles\i386\dpwsockx.dll
+ 2008-04-13 10:45:16 60,160 ------w c:\windows\ServicePackFiles\i386\drmk.sys
+ 2008-04-13 10:45:14 2,944 ------w c:\windows\ServicePackFiles\i386\drmkaud.sys
+ 2008-04-14 08:05:22 14,336 ------w c:\windows\ServicePackFiles\i386\drprov.dll
+ 2007-04-02 06:05:22 4,656 ------w c:\windows\ServicePackFiles\i386\ds16gt.dll
+ 2008-04-14 08:05:22 16,384 ------w c:\windows\ServicePackFiles\i386\ds32gt.dll
+ 2008-04-14 08:05:22 181,248 ------w c:\windows\ServicePackFiles\i386\dsdmo.dll
+ 2008-04-14 08:05:22 71,680 ------w c:\windows\ServicePackFiles\i386\dsdmoprp.dll
+ 2008-04-14 08:05:22 93,184 ------w c:\windows\ServicePackFiles\i386\dskquota.dll
+ 2008-04-14 08:05:22 156,672 ------w c:\windows\ServicePackFiles\i386\dskquoui.dll
+ 2008-04-14 08:05:22 367,616 ------w c:\windows\ServicePackFiles\i386\dsound.dll
+ 2008-04-14 08:05:22 1,293,824 ------w c:\windows\ServicePackFiles\i386\dsound3d.dll
+ 2008-04-14 08:05:22 143,872 ------w c:\windows\ServicePackFiles\i386\dsprop.dll
+ 2008-04-14 07:44:10 4,096 ------w c:\windows\ServicePackFiles\i386\dsprpres.dll
+ 2008-04-14 08:05:22 239,616 ------w c:\windows\ServicePackFiles\i386\dsquery.dll
+ 2008-04-14 08:05:22 51,712 ------w c:\windows\ServicePackFiles\i386\dssec.dll
+ 2008-04-13 09:37:58 138,752 ------w c:\windows\ServicePackFiles\i386\dssenh.dll
+ 2008-04-14 08:05:22 113,152 ------w c:\windows\ServicePackFiles\i386\dsuiext.dll
+ 2008-04-14 08:05:22 19,456 ------w c:\windows\ServicePackFiles\i386\dswave.dll
+ 2008-04-14 08:05:48 10,752 ------w c:\windows\ServicePackFiles\i386\dumprep.exe
+ 2008-04-14 08:05:22 304,128 ------w c:\windows\ServicePackFiles\i386\duser.dll
+ 2008-04-14 08:05:48 17,920 ------w c:\windows\ServicePackFiles\i386\dvdupgrd.exe
+ 2008-04-14 08:05:48 180,224 ------w c:\windows\ServicePackFiles\i386\dwwin.exe
+ 2008-04-14 08:05:22 619,008 ------w c:\windows\ServicePackFiles\i386\dx7vb.dll
+ 2008-04-14 08:05:22 1,227,264 ------w c:\windows\ServicePackFiles\i386\dx8vb.dll
+ 2008-04-14 08:05:48 1,298,432 ------w c:\windows\ServicePackFiles\i386\dxdiag.exe
+ 2008-04-14 08:05:22 2,113,536 ------w c:\windows\ServicePackFiles\i386\dxdiagn.dll
+ 2008-04-13 10:38:30 71,168 ------w c:\windows\ServicePackFiles\i386\dxg.sys
+ 2008-04-14 08:05:22 357,888 ------w c:\windows\ServicePackFiles\i386\dxtmsft.dll
+ 2008-04-14 08:05:22 205,312 ------w c:\windows\ServicePackFiles\i386\dxtrans.dll
+ 2008-04-14 08:05:22 30,720 ------w c:\windows\ServicePackFiles\i386\eapolqec.dll
+ 2008-04-14 08:05:22 184,832 ------w c:\windows\ServicePackFiles\i386\eapp3hst.dll
+ 2008-04-14 08:05:22 126,976 ------w c:\windows\ServicePackFiles\i386\eappcfg.dll
+ 2008-04-14 08:05:22 94,208 ------w c:\windows\ServicePackFiles\i386\eappgnui.dll
+ 2008-04-14 08:05:22 181,248 ------w c:\windows\ServicePackFiles\i386\eapphost.dll
+ 2008-04-14 08:05:22 40,960 ------w c:\windows\ServicePackFiles\i386\eappprxy.dll
+ 2008-04-14 08:05:22 59,392 ------w c:\windows\ServicePackFiles\i386\eapqec.dll
+ 2008-04-14 08:05:22 33,792 ------w c:\windows\ServicePackFiles\i386\eapsvc.dll
+ 2008-04-14 08:05:22 175,616 ------w c:\windows\ServicePackFiles\i386\ediskeer.dll
+ 2008-04-14 08:05:22 184,320 ------w c:\windows\ServicePackFiles\i386\els.dll
+ 2008-04-14 08:05:22 20,480 ------w c:\windows\ServicePackFiles\i386\encapi.dll
+ 2008-04-14 08:05:22 186,880 ------w c:\windows\ServicePackFiles\i386\encdec.dll
+ 2008-04-14 07:36:16 40,960 ------w c:\windows\ServicePackFiles\i386\ep9res.dll
+ 2008-04-14 07:36:18 120,832 ------w c:\windows\ServicePackFiles\i386\epcl5res.dll
+ 2008-04-14 08:05:22 23,040 ------w c:\windows\ServicePackFiles\i386\ersvc.dll
+ 2008-04-14 08:05:22 246,272 ------w c:\windows\ServicePackFiles\i386\es.dll
+ 2008-04-14 08:05:22 1,082,368 ------w c:\windows\ServicePackFiles\i386\esent.dll
+ 2008-04-14 08:05:22 247,808 ------w c:\windows\ServicePackFiles\i386\esscli.dll
+ 2008-04-13 08:36:06 137,088 ------w c:\windows\ServicePackFiles\i386\essm2e.sys
+ 2008-04-14 08:05:50 194,048 ------w c:\windows\ServicePackFiles\i386\eudcedit.exe
+ 2008-04-14 08:05:22 56,320 ------w c:\windows\ServicePackFiles\i386\eventlog.dll
+ 2008-04-14 08:05:22 108,544 ------w c:\windows\ServicePackFiles\i386\evntagnt.dll
+ 2008-04-14 08:05:50 25,600 ------w c:\windows\ServicePackFiles\i386\evntcmd.exe
+ 2008-04-14 08:05:22 21,504 ------w c:\windows\ServicePackFiles\i386\evntrprv.dll
+ 2008-04-14 08:05:50 92,672 ------w c:\windows\ServicePackFiles\i386\evntwin.exe
+ 2008-04-14 08:05:50 1,034,752 ------w c:\windows\ServicePackFiles\i386\explorer.exe
+ 2008-04-14 08:05:22 380,445 ------w c:\windows\ServicePackFiles\i386\expsrv.dll
+ 2008-04-14 08:05:22 55,808 ------w c:\windows\ServicePackFiles\i386\extmgr.dll
+ 2008-04-14 08:05:50 24,064 ------w c:\windows\ServicePackFiles\i386\extrac32.exe
+ 2008-04-14 08:05:22 125,952 ------w c:\windows\ServicePackFiles\i386\exts.dll
+ 2008-04-14 08:03:54 7,168 ------w c:\windows\ServicePackFiles\i386\f3ahvoas.dll
+ 2008-04-13 11:14:30 143,744 ------w c:\windows\ServicePackFiles\i386\fastfat.sys
+ 2008-04-14 08:05:22 472,064 ------w c:\windows\ServicePackFiles\i386\fastprox.dll
+ 2008-04-14 08:05:22 80,384 ------w c:\windows\ServicePackFiles\i386\faultrep.dll
+ 2008-04-14 08:05:50 20,992 ------w c:\windows\ServicePackFiles\i386\faxpatch.exe
+ 2008-04-13 10:40:26 27,392 ------w c:\windows\ServicePackFiles\i386\fdc.sys
+ 2008-04-14 08:05:22 21,504 ------w c:\windows\ServicePackFiles\i386\feclient.dll
+ 2008-04-14 08:05:22 337,920 ------w c:\windows\ServicePackFiles\i386\filemgmt.dll
+ 2008-04-14 08:05:50 27,648 ------w c:\windows\ServicePackFiles\i386\findstr.exe
+ 2008-04-14 07:36:56 44,544 ------w c:\windows\ServicePackFiles\i386\fips.sys
+ 2008-04-14 08:05:22 88,064 ------w c:\windows\ServicePackFiles\i386\fldrclnr.dll
+ 2008-04-13 10:40:26 20,480 ------w c:\windows\ServicePackFiles\i386\flpydisk.sys
+ 2008-04-14 08:05:22 16,896 ------w c:\windows\ServicePackFiles\i386\fltlib.dll
+ 2008-04-14 08:05:50 23,040 ------w c:\windows\ServicePackFiles\i386\fltmc.exe
+ 2008-04-13 10:33:00 129,792 ------w c:\windows\ServicePackFiles\i386\fltmgr.sys
+ 2008-04-14 08:05:22 384,512 ------w c:\windows\ServicePackFiles\i386\fontext.dll
+ 2008-04-14 08:05:22 80,896 ------w c:\windows\ServicePackFiles\i386\fontsub.dll
+ 2008-04-14 08:05:50 21,504 ------w c:\windows\ServicePackFiles\i386\fontview.exe
+ 2008-04-14 08:05:50 7,680 ------w c:\windows\ServicePackFiles\i386\forcedos.exe
+ 2008-04-13 08:35:32 34,173 ------w c:\windows\ServicePackFiles\i386\forehe.sys
+ 2008-04-14 08:06:10 29,696 ------w c:\windows\ServicePackFiles\i386\format.com
+ 2008-04-14 08:05:22 32,828 ------w c:\windows\ServicePackFiles\i386\fp40ext.dll
+ 2008-04-14 08:05:22 184,435 ------w c:\windows\ServicePackFiles\i386\fp4amsft.dll
+ 2008-04-14 08:05:22 82,035 ------w c:\windows\ServicePackFiles\i386\fp4anscp.dll
+ 2008-04-14 08:05:22 147,513 ------w c:\windows\ServicePackFiles\i386\fp4apws.dll
+ 2008-04-14 08:05:22 49,210 ------w c:\windows\ServicePackFiles\i386\fp4areg.dll
+ 2008-04-14 08:05:22 102,509 ------w c:\windows\ServicePackFiles\i386\fp4atxt.dll
+ 2008-04-14 08:05:22 618,605 ------w c:\windows\ServicePackFiles\i386\fp4autl.dll
+ 2008-04-14 08:05:22 41,020 ------w c:\windows\ServicePackFiles\i386\fp4avnb.dll
+ 2008-04-14 08:05:22 32,826 ------w c:\windows\ServicePackFiles\i386\fp4avss.dll
+ 2008-04-14 08:05:22 49,212 ------w c:\windows\ServicePackFiles\i386\fp4awebs.dll
+ 2008-04-14 08:05:22 876,653 ------w c:\windows\ServicePackFiles\i386\fp4awel.dll
+ 2008-04-14 08:05:50 15,120 ------w c:\windows\ServicePackFiles\i386\fp98sadm.exe
+ 2008-04-14 08:05:50 109,840 ------w c:\windows\ServicePackFiles\i386\fp98swin.exe
+ 2008-04-14 08:05:50 24,632 ------w c:\windows\ServicePackFiles\i386\fpadmcgi.exe
+ 2008-04-14 08:05:22 20,541 ------w c:\windows\ServicePackFiles\i386\fpadmdll.dll
+ 2008-04-14 08:05:50 188,494 ------w c:\windows\ServicePackFiles\i386\fpcount.exe
+ 2008-04-14 08:05:22 94,208 ------w c:\windows\ServicePackFiles\i386\fpencode.dll
+ 2008-04-14 08:05:22 20,541 ------w c:\windows\ServicePackFiles\i386\fpexedll.dll
+ 2008-04-14 08:05:22 598,071 ------w c:\windows\ServicePackFiles\i386\fpmmc.dll
+ 2008-04-13 07:37:26 208,896 ------w c:\windows\ServicePackFiles\i386\fpmmcsat.dll
+ 2008-04-14 08:05:50 20,538 ------w c:\windows\ServicePackFiles\i386\fpremadm.exe
+ 2008-04-14 08:05:50 28,728 ------w c:\windows\ServicePackFiles\i386\fpsrvadm.exe
+ 2008-04-14 08:03:56 9,344 ------w c:\windows\ServicePackFiles\i386\framebuf.dll
+ 2008-04-14 08:05:22 185,344 ------w c:\windows\ServicePackFiles\i386\framedyn.dll
+ 2008-04-14 08:05:50 193,024 ------w c:\windows\ServicePackFiles\i386\fsquirt.exe
+ 2008-04-14 08:05:50 44,032 ------w c:\windows\ServicePackFiles\i386\ftp.exe
+ 2008-04-14 08:05:22 60,416 ------w c:\windows\ServicePackFiles\i386\fwcfg.dll
+ 2008-04-14 08:05:22 451,584 ------w c:\windows\ServicePackFiles\i386\fxsapi.dll
+ 2008-04-14 08:05:50 142,848 ------w c:\windows\ServicePackFiles\i386\fxsclnt.exe
+ 2008-04-14 08:05:22 72,192 ------w c:\windows\ServicePackFiles\i386\fxscom.dll
+ 2008-04-14 08:05:22 285,184 ------w c:\windows\ServicePackFiles\i386\fxscomex.dll
+ 2008-04-14 08:05:50 232,448 ------w c:\windows\ServicePackFiles\i386\fxscover.exe
+ 2008-04-14 08:05:22 26,624 ------w c:\windows\ServicePackFiles\i386\fxsdrv.dll
+ 2008-04-14 08:05:22 57,344 ------w c:\windows\ServicePackFiles\i386\fxsevent.dll
+ 2008-04-14 08:05:22 23,552 ------w c:\windows\ServicePackFiles\i386\fxsext32.dll
+ 2008-04-14 08:05:22 23,552 ------w c:\windows\ServicePackFiles\i386\fxsmon.dll
+ 2008-04-14 08:05:22 132,608 ------w c:\windows\ServicePackFiles\i386\fxsocm.dll
+ 2008-04-14 08:05:22 8,704 ------w c:\windows\ServicePackFiles\i386\fxsperf.dll
+ 2008-04-14 08:03:58 6,656 ------w c:\windows\ServicePackFiles\i386\fxsres.dll
+ 2008-04-14 08:05:22 562,176 ------w c:\windows\ServicePackFiles\i386\fxsst.dll
+ 2008-04-14 08:05:52 268,288 ------w c:\windows\ServicePackFiles\i386\fxssvc.exe
+ 2008-04-14 08:05:22 246,272 ------w c:\windows\ServicePackFiles\i386\fxst30.dll
+ 2008-04-14 08:05:22 397,312 ------w c:\windows\ServicePackFiles\i386\fxstiff.dll
+ 2008-04-14 08:05:22 154,624 ------w c:\windows\ServicePackFiles\i386\fxsui.dll
+ 2008-04-14 08:05:22 193,536 ------w c:\windows\ServicePackFiles\i386\fxswzrd.dll
+ 2008-04-14 08:05:22 400,384 ------w c:\windows\ServicePackFiles\i386\fxsxp32.dll
+ 2008-04-13 10:36:42 46,464 ------w c:\windows\ServicePackFiles\i386\gagp30kx.sys
+ 2008-04-13 10:45:30 10,624 ------w c:\windows\ServicePackFiles\i386\gameenum.sys
+ 2008-04-13 10:45:34 59,136 ------w c:\windows\ServicePackFiles\i386\gckernel.sys
+ 2008-04-14 08:05:22 285,184 ------w c:\windows\ServicePackFiles\i386\gdi32.dll
+ 2008-04-14 08:05:22 123,392 ------w c:\windows\ServicePackFiles\i386\glu32.dll
+ 2008-04-13 09:38:00 101,888 ------w c:\windows\ServicePackFiles\i386\gpkcsp.dll
+ 2008-04-14 07:38:16 9,728 ------w c:\windows\ServicePackFiles\i386\gpkrsrc.dll
+ 2008-04-14 08:05:52 39,424 ------w c:\windows\ServicePackFiles\i386\grpconv.exe
+ 2008-04-14 07:38:20 28,416 ------w c:\windows\ServicePackFiles\i386\grserial.sys
+ 2008-04-14 08:05:22 133,632 ------w c:\windows\ServicePackFiles\i386\guitrn.dll
+ 2008-04-14 08:05:22 115,200 ------w c:\windows\ServicePackFiles\i386\guitrna.dll
+ 2008-04-14 08:05:22 57,344 ------w c:\windows\ServicePackFiles\i386\h323cc.dll
+ 2008-04-14 08:05:22 614,912 ------w c:\windows\ServicePackFiles\i386\h323msp.dll
+ 2008-04-13 10:31:34 105,344 ------w c:\windows\ServicePackFiles\i386\hal.dll
+ 2008-04-13 10:31:28 81,152 ------w c:\windows\ServicePackFiles\i386\halacpi.dll
+ 2008-04-13 10:31:30 150,528 ------w c:\windows\ServicePackFiles\i386\halapic.dll
+ 2008-04-13 10:31:30 134,400 ------w c:\windows\ServicePackFiles\i386\halmacpi.dll
+ 2008-04-13 10:31:34 152,576 ------w c:\windows\ServicePackFiles\i386\halmps.dll
+ 2008-04-13 10:31:32 77,696 ------w c:\windows\ServicePackFiles\i386\halsp.dll
+ 2008-04-13 10:31:30 131,840 ------w c:\windows\ServicePackFiles\i386\halaacpi.dll
+ 2008-04-14 08:05:22 7,168 ------w c:\windows\ServicePackFiles\i386\hccoin.dll
+ 2008-04-13 08:36:06 144,384 ------w c:\windows\ServicePackFiles\i386\hdaudbus.sys
+ 2008-04-14 08:05:52 15,872 ------w c:\windows\ServicePackFiles\i386\help.exe
+ 2008-04-14 08:05:52 769,024 ------w c:\windows\ServicePackFiles\i386\helpctr.exe
+ 2008-04-14 08:05:52 744,448 ------w c:\windows\ServicePackFiles\i386\helpsvc.exe
+ 2008-04-14 08:05:52 10,752 ------w c:\windows\ServicePackFiles\i386\hh.exe
+ 2008-04-14 08:05:22 41,472 ------w c:\windows\ServicePackFiles\i386\hhsetup.dll
+ 2008-04-14 08:05:22 20,992 ------w c:\windows\ServicePackFiles\i386\hid.dll
+ 2008-04-13 10:36:40 20,352 ------w c:\windows\ServicePackFiles\i386\hidbatt.sys
+ 2008-04-14 07:38:54 25,728 ------w c:\windows\ServicePackFiles\i386\hidbth.sys
+ 2008-04-13 10:45:28 36,864 ------w c:\windows\ServicePackFiles\i386\hidclass.sys
+ 2008-04-13 10:45:28 19,200 ------w c:\windows\ServicePackFiles\i386\hidir.sys
+ 2008-04-13 10:45:24 24,960 ------w c:\windows\ServicePackFiles\i386\hidparse.sys
+ 2008-04-14 08:05:22 21,504 ------w c:\windows\ServicePackFiles\i386\hidserv.dll
+ 2008-04-13 10:45:28 10,368 ------w c:\windows\ServicePackFiles\i386\hidusb.sys
+ 2008-04-14 08:05:22 72,704 ------w c:\windows\ServicePackFiles\i386\hlink.dll
+ 2008-04-14 08:05:22 38,912 ------w c:\windows\ServicePackFiles\i386\hmmapi.dll
+ 2008-04-14 08:05:22 346,112 ------w c:\windows\ServicePackFiles\i386\hnetcfg.dll
+ 2008-04-14 08:05:22 332,288 ------w c:\windows\ServicePackFiles\i386\hnetwiz.dll
+ 2008-04-14 08:05:22 39,936 ------w c:\windows\ServicePackFiles\i386\hostmib.dll
+ 2008-04-14 08:05:22 144,384 ------w c:\windows\ServicePackFiles\i386\hotplug.dll
+ 2008-04-14 08:05:22 10,752 ------w c:\windows\ServicePackFiles\i386\hpcjrr.dll
+ 2008-04-14 08:05:22 10,240 ------w c:\windows\ServicePackFiles\i386\hpcjrrps.dll
+ 2008-04-14 08:05:22 87,552 ------w c:\windows\ServicePackFiles\i386\hpfud50.dll
+ 2008-04-14 08:05:52 18,432 ------w c:\windows\ServicePackFiles\i386\hscupd.exe
+ 2008-04-13 10:23:50 220,032 ------w c:\windows\ServicePackFiles\i386\hsfbs2s2.sys
+ 2008-04-14 08:05:22 32,285 ------w c:\windows\ServicePackFiles\i386\hsfcisp2.dll
+ 2008-04-13 10:23:52 685,056 ------w c:\windows\ServicePackFiles\i386\hsfcxts2.sys
+ 2008-04-13 10:23:54 1,041,536 ------w c:\windows\ServicePackFiles\i386\hsfdpsp2.sys
+ 2008-04-13 10:53:54 264,832 ------w c:\windows\ServicePackFiles\i386\http.sys
+ 2008-04-14 08:05:22 24,576 ------w c:\windows\ServicePackFiles\i386\httpapi.dll
+ 2008-04-14 08:05:22 41,984 ------w c:\windows\ServicePackFiles\i386\htui.dll
+ 2008-04-14 08:05:22 350,208 ------w c:\windows\ServicePackFiles\i386\hypertrm.dll
+ 2008-04-13 10:41:24 8,576 ------w c:\windows\ServicePackFiles\i386\i2omgmt.sys
+ 2008-04-13 10:41:24 18,560 ------w c:\windows\ServicePackFiles\i386\i2omp.sys
+ 2008-04-14 07:39:40 52,864 ------w c:\windows\ServicePackFiles\i386\i8042prt.sys
+ 2008-04-14 08:05:22 702,845 ------w c:\windows\ServicePackFiles\i386\i81xdnt5.dll
+ 2008-04-13 08:34:28 161,020 ------w c:\windows\ServicePackFiles\i386\i81xnt5.sys
+ 2008-04-14 08:05:22 119,808 ------w c:\windows\ServicePackFiles\i386\iasrad.dll
+ 2008-04-14 08:05:22 80,384 ------w c:\windows\ServicePackFiles\i386\iccvid.dll
+ 2008-04-14 08:05:22 254,976 ------w c:\windows\ServicePackFiles\i386\icm32.dll
+ 2008-04-14 08:04:04 3,584 ------w c:\windows\ServicePackFiles\i386\icmp.dll
+ 2008-04-13 08:44:30 2,560 ------w c:\windows\ServicePackFiles\i386\iconlib.dll
+ 2008-04-14 08:05:22 61,440 ------w c:\windows\ServicePackFiles\i386\icwconn.dll
+ 2008-04-14 08:05:52 215,552 ------w c:\windows\ServicePackFiles\i386\icwconn1.exe
+ 2008-04-14 08:05:52 86,016 ------w c:\windows\ServicePackFiles\i386\icwconn2.exe
+ 2008-04-14 08:05:22 73,728 ------w c:\windows\ServicePackFiles\i386\icwdial.dll
+ 2008-04-14 08:05:22 32,768 ------w c:\windows\ServicePackFiles\i386\icwdl.dll
+ 2008-04-14 08:05:22 172,032 ------w c:\windows\ServicePackFiles\i386\icwhelp.dll
+ 2008-04-14 08:05:22 65,536 ------w c:\windows\ServicePackFiles\i386\icwphbk.dll
+ 2008-04-14 08:05:52 24,576 ------w c:\windows\ServicePackFiles\i386\icwrmind.exe
+ 2008-04-14 08:05:22 49,152 ------w c:\windows\ServicePackFiles\i386\icwutil.dll
+ 2008-04-14 08:05:22 11,264 ------w c:\windows\ServicePackFiles\i386\icaapi.dll
+ 2008-04-14 08:05:22 121,344 ------w c:\windows\ServicePackFiles\i386\idq.dll
+ 2008-04-14 08:05:52 34,304 ------w c:\windows\ServicePackFiles\i386\ie4uinit.exe
+ 2008-04-14 08:05:22 143,360 ------w c:\windows\ServicePackFiles\i386\ieakeng.dll
+ 2008-04-14 08:05:22 219,648 ------w c:\windows\ServicePackFiles\i386\ieaksie.dll
+ 2008-04-14 08:05:22 323,584 ------w c:\windows\ServicePackFiles\i386\iedkcs32.dll
+ 2008-04-14 08:05:52 18,432 ------w c:\windows\ServicePackFiles\i386\iedw.exe
+ 2008-04-14 08:05:22 81,920 ------w c:\windows\ServicePackFiles\i386\ieencode.dll
+ 2008-04-14 08:05:22 251,904 ------w c:\windows\ServicePackFiles\i386\iepeers.dll
+ 2008-04-14 08:05:22 48,640 ------w c:\windows\ServicePackFiles\i386\iernonce.dll
+ 2008-04-14 08:05:22 62,976 ------w c:\windows\ServicePackFiles\i386\iesetup.dll
+ 2008-04-14 08:05:52 93,184 ------w c:\windows\ServicePackFiles\i386\iexplore.exe
+ 2008-04-14 08:05:52 114,688 ------w c:\windows\ServicePackFiles\i386\iexpress.exe
+ 2008-04-14 08:05:22 138,240 ------w c:\windows\ServicePackFiles\i386\ifmon.dll
+ 2008-04-14 08:05:22 8,192 ------w c:\windows\ServicePackFiles\i386\igmpagnt.dll
+ 2008-04-14 08:05:22 506,880 ------w c:\windows\ServicePackFiles\i386\iis.dll
+ 2008-04-14 08:05:22 81,920 ------w c:\windows\ServicePackFiles\i386\ils.dll
+ 2008-04-14 08:05:22 144,384 ------w c:\windows\ServicePackFiles\i386\imagehlp.dll
+ 2008-04-14 08:05:52 150,528 ------w c:\windows\ServicePackFiles\i386\imapi.exe
+ 2008-04-13 10:41:00 42,112 ------w c:\windows\ServicePackFiles\i386\imapi.sys
+ 2008-04-14 08:05:22 36,921 ------w c:\windows\ServicePackFiles\i386\imeshare.dll
+ 2008-04-14 08:05:22 35,840 ------w c:\windows\ServicePackFiles\i386\imgutil.dll
+ 2008-04-14 08:05:22 110,080 ------w c:\windows\ServicePackFiles\i386\imm32.dll
+ 2008-04-14 08:05:22 125,952 ------w c:\windows\ServicePackFiles\i386\imsinsnt.dll
+ 2008-04-14 08:05:22 278,528 ------w c:\windows\ServicePackFiles\i386\inetcfg.dll
+ 2008-04-14 08:05:22 691,712 ------w c:\windows\ServicePackFiles\i386\inetcomm.dll
+ 2008-04-14 08:05:22 32,768 ------w c:\windows\ServicePackFiles\i386\inetmib1.dll
+ 2008-04-14 08:05:22 75,264 ------w c:\windows\ServicePackFiles\i386\inetpp.dll
+ 2008-04-14 08:05:22 15,872 ------w c:\windows\ServicePackFiles\i386\inetppui.dll
+ 2008-04-14 07:40:50 49,152 ------w c:\windows\ServicePackFiles\i386\inetres.dll
+ 2008-04-14 08:05:52 20,480 ------w c:\windows\ServicePackFiles\i386\inetwiz.exe
+ 2008-04-14 08:05:24 147,456 ------w c:\windows\ServicePackFiles\i386\initpki.dll
+ 2008-04-14 08:05:24 124,416 ------w c:\windows\ServicePackFiles\i386\input.dll
+ 2008-04-14 08:05:24 96,768 ------w c:\windows\ServicePackFiles\i386\inseng.dll
+ 2008-04-14 07:41:10 5,504 ------w c:\windows\ServicePackFiles\i386\intelide.sys
+ 2008-04-14 07:41:10 40,192 ------w c:\windows\ServicePackFiles\i386\intelppm.sys
+ 2008-04-13 10:53:36 36,608 ------w c:\windows\ServicePackFiles\i386\ip6fw.sys
+ 2008-04-14 08:05:52 57,344 ------w c:\windows\ServicePackFiles\i386\ipconfig.exe
+ 2008-04-14 08:03:54 103,424 ------w c:\windows\ServicePackFiles\i386\ipevldpc.dll
+ 2008-04-14 08:03:52 24,064 ------w c:\windows\ServicePackFiles\i386\ipevlpid.dll
+ 2008-04-14 08:05:24 95,232 ------w c:\windows\ServicePackFiles\i386\iphlpapi.dll
+ 2008-04-13 10:57:08 20,864 ------w c:\windows\ServicePackFiles\i386\ipinip.sys
+ 2008-04-14 08:05:24 158,208 ------w c:\windows\ServicePackFiles\i386\ipmontr.dll
+ 2008-04-13 10:57:16 152,832 ------w c:\windows\ServicePackFiles\i386\ipnat.sys
+ 2008-04-14 08:05:24 331,776 ------w c:\windows\ServicePackFiles\i386\ipnathlp.dll
+ 2008-04-14 08:05:24 339,456 ------w c:\windows\ServicePackFiles\i386\ippromon.dll
+ 2008-04-14 08:05:24 35,840 ------w c:\windows\ServicePackFiles\i386\iprip.dll
+ 2008-04-14 08:05:24 177,152 ------w c:\windows\ServicePackFiles\i386\iprtrmgr.dll
+ 2008-04-13 11:19:44 75,264 ------w c:\windows\ServicePackFiles\i386\ipsec.sys
+ 2008-04-14 08:05:24 352,256 ------w c:\windows\ServicePackFiles\i386\ipsecsnp.dll
+ 2008-04-14 08:05:24 184,320 ------w c:\windows\ServicePackFiles\i386\ipsecsvc.dll
+ 2008-04-14 08:04:40 102,912 ------w c:\windows\ServicePackFiles\i386\ipseldpc.dll
+ 2008-04-14 08:03:52 24,064 ------w c:\windows\ServicePackFiles\i386\ipselpid.dll
+ 2008-04-14 08:05:24 385,536 ------w c:\windows\ServicePackFiles\i386\ipsmsnap.dll
+ 2008-04-14 08:05:52 53,248 ------w c:\windows\ServicePackFiles\i386\ipv6.exe
+ 2008-04-14 08:05:24 60,416 ------w c:\windows\ServicePackFiles\i386\ipv6mon.dll
+ 2008-04-14 08:05:52 23,552 ------w c:\windows\ServicePackFiles\i386\ipxroute.exe
+ 2008-04-14 08:05:24 22,016 ------w c:\windows\ServicePackFiles\i386\ipxwan.dll
+ 2008-04-14 08:05:24 120,320 ------w c:\windows\ServicePackFiles\i386\ir41_qc.dll
+ 2008-04-14 08:05:24 338,432 ------w c:\windows\ServicePackFiles\i386\ir41_qcx.dll
+ 2008-04-14 08:05:24 755,200 ------w c:\windows\ServicePackFiles\i386\ir50_32.dll
+ 2008-04-14 08:05:24 200,192 ------w c:\windows\ServicePackFiles\i386\ir50_qc.dll
+ 2008-04-14 08:05:24 183,808 ------w c:\windows\ServicePackFiles\i386\ir50_qcx.dll
+ 2008-04-13 10:54:38 88,192 ------w c:\windows\ServicePackFiles\i386\irda.sys
+ 2008-04-13 10:54:30 11,264 ------w c:\windows\ServicePackFiles\i386\irenum.sys
+ 2008-04-14 08:05:52 152,064 ------w c:\windows\ServicePackFiles\i386\irftp.exe
+ 2008-04-14 08:

Synes godt om

daki Juniormester

10. marts 2009 - 23:08 #6

+ 2008-04-14 08:05:24 28,160 ------w c:\windows\ServicePackFiles\i386\irmon.dll
+ 2008-04-14 07:42:00 37,504 ------w c:\windows\ServicePackFiles\i386\isapnp.sys
+ 2008-04-14 08:04:34 105,984 ------w c:\windows\ServicePackFiles\i386\isdpc.dll
+ 2008-04-14 08:04:48 105,984 ------w c:\windows\ServicePackFiles\i386\isendpc.dll
+ 2008-04-14 08:04:48 24,064 ------w c:\windows\ServicePackFiles\i386\isenpid.dll
+ 2008-04-14 08:05:24 81,920 ------w c:\windows\ServicePackFiles\i386\isign32.dll
+ 2008-04-14 08:04:34 24,064 ------w c:\windows\ServicePackFiles\i386\ispid.dll
+ 2008-04-14 08:05:24 32,768 ------w c:\windows\ServicePackFiles\i386\isrdbg32.dll
+ 2008-04-14 08:05:24 155,136 ------w c:\windows\ServicePackFiles\i386\itircl.dll
+ 2008-04-14 08:05:24 138,240 ------w c:\windows\ServicePackFiles\i386\itss.dll
+ 2008-04-14 08:05:24 191,488 ------w c:\windows\ServicePackFiles\i386\iuengine.dll
+ 2008-04-14 08:05:24 54,784 ------w c:\windows\ServicePackFiles\i386\ixsso.dll
+ 2008-04-14 08:05:24 47,616 ------w c:\windows\ServicePackFiles\i386\iyuv_32.dll
+ 2008-04-14 08:05:24 163,840 ------w c:\windows\ServicePackFiles\i386\jgdw400.dll
+ 2008-04-14 08:05:24 27,648 ------w c:\windows\ServicePackFiles\i386\jgpl400.dll
+ 2008-04-14 08:05:24 512,000 ------w c:\windows\ServicePackFiles\i386\jscript.dll
+ 2008-04-14 08:05:24 15,872 ------w c:\windows\ServicePackFiles\i386\jsproxy.dll
+ 2008-04-14 08:04:12 6,144 ------w c:\windows\ServicePackFiles\i386\kbd101.dll
+ 2008-04-14 08:04:12 6,144 ------w c:\windows\ServicePackFiles\i386\kbd106.dll
+ 2008-04-14 08:04:12 6,144 ------w c:\windows\ServicePackFiles\i386\kbd106n.dll
+ 2008-04-14 08:04:12 6,144 ------w c:\windows\ServicePackFiles\i386\kbdax2.dll
+ 2008-04-14 08:04:12 6,144 ------w c:\windows\ServicePackFiles\i386\kbdbhc.dll
+ 2008-04-14 07:42:30 24,832 ------w c:\windows\ServicePackFiles\i386\kbdclass.sys
+ 2008-04-14 08:04:12 7,168 ------w c:\windows\ServicePackFiles\i386\kbdfi1.dll
+ 2008-04-14 07:42:30 14,720 ------w c:\windows\ServicePackFiles\i386\kbdhid.sys
+ 2008-04-14 08:04:12 7,168 ------w c:\windows\ServicePackFiles\i386\kbdibm02.dll
+ 2008-04-14 08:04:12 6,144 ------w c:\windows\ServicePackFiles\i386\kbdinbe1.dll
+ 2008-04-14 08:04:12 6,144 ------w c:\windows\ServicePackFiles\i386\kbdinben.dll
+ 2008-04-14 08:04:12 6,656 ------w c:\windows\ServicePackFiles\i386\kbdinmal.dll
+ 2008-04-14 08:04:12 6,144 ------w c:\windows\ServicePackFiles\i386\kbdiultn.dll
+ 2008-04-14 08:04:12 6,656 ------w c:\windows\ServicePackFiles\i386\kbdlk41a.dll
+ 2008-04-14 08:04:12 6,144 ------w c:\windows\ServicePackFiles\i386\kbdlk41j.dll
+ 2008-04-14 08:04:12 5,632 ------w c:\windows\ServicePackFiles\i386\kbdmaori.dll
+ 2008-04-14 08:04:12 6,144 ------w c:\windows\ServicePackFiles\i386\kbdmlt47.dll
+ 2008-04-14 08:04:12 6,144 ------w c:\windows\ServicePackFiles\i386\kbdmlt48.dll
+ 2008-04-14 08:04:12 7,168 ------w c:\windows\ServicePackFiles\i386\kbdnec.dll
+ 2008-04-14 08:04:12 6,144 ------w c:\windows\ServicePackFiles\i386\kbdnepr.dll
+ 2008-04-14 08:04:12 7,168 ------w c:\windows\ServicePackFiles\i386\kbdno1.dll
+ 2008-04-14 08:04:12 6,144 ------w c:\windows\ServicePackFiles\i386\kbdpash.dll
+ 2008-04-14 08:04:12 7,680 ------w c:\windows\ServicePackFiles\i386\kbdsmsfi.dll
+ 2008-04-14 08:04:12 7,680 ------w c:\windows\ServicePackFiles\i386\kbdsmsno.dll
+ 2008-04-14 08:04:12 7,168 ------w c:\windows\ServicePackFiles\i386\kbdukx.dll
+ 2008-04-13 10:31:36 7,424 ------w c:\windows\ServicePackFiles\i386\kd1394.dll
+ 2008-04-14 08:05:24 184,832 ------w c:\windows\ServicePackFiles\i386\kdcsvc.dll
+ 2008-04-14 08:05:24 49,152 ------w c:\windows\ServicePackFiles\i386\kdsui.dll
+ 2008-04-14 08:05:24 253,952 ------w c:\windows\ServicePackFiles\i386\kdsusd.dll
+ 2008-04-14 08:05:24 299,520 ------w c:\windows\ServicePackFiles\i386\kerberos.dll
+ 2008-04-14 08:05:24 1,006,080 ------w c:\windows\ServicePackFiles\i386\kernel32.dll
+ 2008-04-13 08:50:56 42,537 ------w c:\windows\ServicePackFiles\i386\keyboard.sys
+ 2008-04-14 08:05:24 152,064 ------w c:\windows\ServicePackFiles\i386\keymgr.dll
+ 2008-04-13 10:45:10 172,416 ------w c:\windows\ServicePackFiles\i386\kmixer.sys
+ 2008-04-14 08:05:24 61,440 ------w c:\windows\ServicePackFiles\i386\kmsvc.dll
+ 2008-04-14 08:04:12 102,912 ------w c:\windows\ServicePackFiles\i386\knperdpc.dll
+ 2008-04-14 08:04:12 24,064 ------w c:\windows\ServicePackFiles\i386\knperpid.dll
+ 2008-04-14 08:04:12 102,912 ------w c:\windows\ServicePackFiles\i386\knprodpc.dll
+ 2008-04-14 08:04:12 24,576 ------w c:\windows\ServicePackFiles\i386\knpropid.dll
+ 2008-04-14 08:05:24 8,192 ------w c:\windows\ServicePackFiles\i386\koc.dll
+ 2008-04-14 08:04:12 102,912 ------w c:\windows\ServicePackFiles\i386\kperdpc.dll
+ 2008-04-14 08:04:12 24,064 ------w c:\windows\ServicePackFiles\i386\kperpid.dll
+ 2008-04-14 08:04:12 102,912 ------w c:\windows\ServicePackFiles\i386\kprodpc.dll
+ 2008-04-14 08:04:12 24,576 ------w c:\windows\ServicePackFiles\i386\kpropid.dll
+ 2008-04-13 08:53:26 92,128 ------w c:\windows\ServicePackFiles\i386\krnl386.exe
+ 2008-04-14 08:05:24 24,576 ------w c:\windows\ServicePackFiles\i386\krnlprov.dll
+ 2008-04-13 11:16:38 141,056 ------w c:\windows\ServicePackFiles\i386\ks.sys
+ 2008-04-13 10:31:44 92,288 ------w c:\windows\ServicePackFiles\i386\ksecdd.sys
+ 2008-04-14 08:05:24 4,096 ------w c:\windows\ServicePackFiles\i386\ksuser.dll
+ 2008-04-14 08:05:24 37,376 ------w c:\windows\ServicePackFiles\i386\l2store.dll
+ 2008-04-14 08:03:44 97,792 ------w c:\windows\ServicePackFiles\i386\lang\chtmbx.dll
+ 2008-04-14 08:03:44 56,320 ------w c:\windows\ServicePackFiles\i386\lang\chtskdic.dll
+ 2008-04-14 08:03:44 173,568 ------w c:\windows\ServicePackFiles\i386\lang\chtskf.dll
+ 2008-04-14 08:03:44 198,656 ------w c:\windows\ServicePackFiles\i386\lang\cintime.dll
+ 2008-04-13 08:43:40 480,256 ------w c:\windows\ServicePackFiles\i386\lang\cintsetp.exe
+ 2008-04-13 08:43:34 57,399 ------w c:\windows\ServicePackFiles\i386\lang\cplexe.exe
+ 2008-04-14 08:04:04 13,463,552 ------w c:\windows\ServicePackFiles\i386\lang\hwxjpn.dll
+ 2008-04-14 08:04:06 106,496 ------w c:\windows\ServicePackFiles\i386\lang\imekrcic.dll
+ 2008-04-14 08:04:06 86,016 ------w c:\windows\ServicePackFiles\i386\lang\imekrmbx.dll
+ 2008-04-14 08:04:06 811,064 ------w c:\windows\ServicePackFiles\i386\lang\imjp81k.dll
+ 2008-04-14 08:04:06 368,696 ------w c:\windows\ServicePackFiles\i386\lang\imjpcic.dll
+ 2008-04-14 08:04:06 716,856 ------w c:\windows\ServicePackFiles\i386\lang\imjpcus.dll
+ 2008-04-14 08:04:06 81,976 ------w c:\windows\ServicePackFiles\i386\lang\imjpdct.dll
+ 2008-04-13 08:43:46 307,257 ------w c:\windows\ServicePackFiles\i386\lang\imjpdct.exe
+ 2008-04-13 08:43:48 155,705 ------w c:\windows\ServicePackFiles\i386\lang\imjpdsvr.exe
+ 2008-04-13 08:43:50 196,665 ------w c:\windows\ServicePackFiles\i386\lang\imjpinst.exe
+ 2008-04-13 08:43:52 208,952 ------w c:\windows\ServicePackFiles\i386\lang\imjpmig.exe
+ 2008-04-13 08:44:00 233,527 ------w c:\windows\ServicePackFiles\i386\lang\imjprw.exe
+ 2008-04-13 08:44:02 262,200 ------w c:\windows\ServicePackFiles\i386\lang\imjputy.exe
+ 2008-04-14 08:04:06 274,489 ------w c:\windows\ServicePackFiles\i386\lang\imjputyc.dll
+ 2008-04-14 08:04:06 102,456 ------w c:\windows\ServicePackFiles\i386\lang\imlang.dll
+ 2008-04-13 08:43:38 59,392 ------w c:\windows\ServicePackFiles\i386\lang\imscinst.exe
+ 2008-04-14 08:04:06 315,455 ------w c:\windows\ServicePackFiles\i386\lang\imskf.dll
+ 2008-04-14 08:04:34 15,872 ------w c:\windows\ServicePackFiles\i386\lang\padrs404.dll
+ 2008-04-14 08:04:34 15,360 ------w c:\windows\ServicePackFiles\i386\lang\padrs804.dll
+ 2008-04-14 08:04:34 175,104 ------w c:\windows\ServicePackFiles\i386\lang\pintlcsa.dll
+ 2008-04-14 08:04:34 53,760 ------w c:\windows\ServicePackFiles\i386\lang\pintlcsd.dll
+ 2008-04-13 08:43:38 70,144 ------w c:\windows\ServicePackFiles\i386\lang\pintlphr.exe
+ 2008-04-14 08:04:34 67,584 ------w c:\windows\ServicePackFiles\i386\lang\pmigrate.dll
+ 2008-04-13 08:43:52 44,032 ------w c:\windows\ServicePackFiles\i386\lang\tintlphr.exe
+ 2008-04-13 08:43:54 455,168 ------w c:\windows\ServicePackFiles\i386\lang\tintsetp.exe
+ 2008-04-14 08:04:50 10,240 ------w c:\windows\ServicePackFiles\i386\lang\tmigrate.dll
+ 2008-04-14 08:04:52 76,288 ------w c:\windows\ServicePackFiles\i386\lang\uniime.dll
+ 2008-04-14 08:04:54 426,041 ------w c:\windows\ServicePackFiles\i386\lang\voicepad.dll
+ 2008-04-14 08:04:54 86,073 ------w c:\windows\ServicePackFiles\i386\lang\voicesub.dll
+ 2008-04-13 10:40:28 34,688 ------w c:\windows\ServicePackFiles\i386\lbrtfdc.sys
+ 2008-04-14 08:05:54 677,888 ------w c:\windows\ServicePackFiles\i386\lhmstsc.exe
+ 2008-04-14 08:05:24 2,061,824 ------w c:\windows\ServicePackFiles\i386\lhmstscx.dll
+ 2008-04-14 08:05:24 423,936 ------w c:\windows\ServicePackFiles\i386\licdll.dll
+ 2008-04-14 08:05:24 22,016 ------w c:\windows\ServicePackFiles\i386\licmgr10.dll
+ 2008-04-14 08:05:24 58,880 ------w c:\windows\ServicePackFiles\i386\licwmi.dll
+ 2008-04-14 08:05:24 19,968 ------w c:\windows\ServicePackFiles\i386\linkinfo.dll
+ 2008-04-14 08:05:24 13,824 ------w c:\windows\ServicePackFiles\i386\lmhsvc.dll
+ 2008-04-14 08:05:24 33,792 ------w c:\windows\ServicePackFiles\i386\lmmib2.dll
+ 2008-04-14 08:05:24 399,872 ------w c:\windows\ServicePackFiles\i386\lmrt.dll
+ 2008-04-14 08:05:24 98,304 ------w c:\windows\ServicePackFiles\i386\loadperf.dll
+ 2008-04-14 08:05:24 222,208 ------w c:\windows\ServicePackFiles\i386\localsec.dll
+ 2008-04-14 08:05:24 344,064 ------w c:\windows\ServicePackFiles\i386\localspl.dll
+ 2008-04-14 08:05:24 11,776 ------w c:\windows\ServicePackFiles\i386\localui.dll
+ 2008-04-14 08:05:54 75,264 ------w c:\windows\ServicePackFiles\i386\locator.exe
+ 2008-04-14 08:05:24 19,968 ------w c:\windows\ServicePackFiles\i386\log.dll
+ 2008-04-14 08:05:54 60,416 ------w c:\windows\ServicePackFiles\i386\logman.exe
+ 2008-04-14 08:06:10 220,672 ------w c:\windows\ServicePackFiles\i386\logon.scr
+ 2008-04-14 08:05:54 515,072 ------w c:\windows\ServicePackFiles\i386\logonui.exe
+ 2008-04-14 08:05:24 23,040 ------w c:\windows\ServicePackFiles\i386\lpdsvc.dll
+ 2008-04-14 08:05:24 22,016 ------w c:\windows\ServicePackFiles\i386\lpk.dll
+ 2008-04-14 08:05:24 10,240 ------w c:\windows\ServicePackFiles\i386\lprhelp.dll
+ 2008-04-14 08:05:24 19,456 ------w c:\windows\ServicePackFiles\i386\lprmon.dll
+ 2008-04-14 08:05:24 729,600 ------w c:\windows\ServicePackFiles\i386\lsasrv.dll
+ 2008-04-14 08:05:54 13,312 ------w c:\windows\ServicePackFiles\i386\lsass.exe
+ 2008-04-14 07:43:44 606,812 ------w c:\windows\ServicePackFiles\i386\ltmdmnt.sys
+ 2008-04-14 07:43:46 421,248 ------w c:\windows\ServicePackFiles\i386\ltmdmntt.sys
+ 2008-04-13 10:40:54 7,040 ------w c:\windows\ServicePackFiles\i386\ltotape.sys
+ 2008-04-13 08:39:14 20,864 ------w c:\windows\ServicePackFiles\i386\lwadihid.sys
+ 2008-04-14 08:05:54 73,216 ------w c:\windows\ServicePackFiles\i386\magnify.exe
+ 2008-04-14 08:05:54 57,344 ------w c:\windows\ServicePackFiles\i386\makecab.exe
+ 2008-04-14 08:05:24 14,336 ------w c:\windows\ServicePackFiles\i386\mcastmib.dll
+ 2008-04-14 08:05:24 84,992 ------w c:\windows\ServicePackFiles\i386\mciavi32.dll
+ 2008-04-14 08:05:24 35,328 ------w c:\windows\ServicePackFiles\i386\mciqtz32.dll
+ 2008-04-14 08:05:24 23,040 ------w c:\windows\ServicePackFiles\i386\mciseq.dll
+ 2008-04-14 08:05:24 23,552 ------w c:\windows\ServicePackFiles\i386\mciwave.dll
+ 2008-04-14 08:05:24 118,784 ------w c:\windows\ServicePackFiles\i386\mdminst.dll
+ 2008-04-14 08:05:26 86,016 ------w c:\windows\ServicePackFiles\i386\mdmxsdk.dll
+ 2008-04-13 10:23:58 11,868 ------w c:\windows\ServicePackFiles\i386\mdmxsdk.sys
+ 2008-04-13 10:41:22 26,112 ------w c:\windows\ServicePackFiles\i386\memstpci.sys
+ 2008-04-13 10:36:42 63,744 ------w c:\windows\ServicePackFiles\i386\mf.sys
+ 2008-04-14 08:05:26 40,960 ------w c:\windows\ServicePackFiles\i386\mf3216.dll
+ 2008-04-14 08:05:26 927,504 ------w c:\windows\ServicePackFiles\i386\mfc40u.dll
+ 2008-04-14 08:05:26 1,028,096 ------w c:\windows\ServicePackFiles\i386\mfc42.dll
+ 2007-04-02 19:14:48 981,760 ------w c:\windows\ServicePackFiles\i386\mfc42u.dll
+ 2008-04-14 08:05:26 22,528 ------w c:\windows\ServicePackFiles\i386\mfcsubs.dll
+ 2008-04-14 08:05:26 14,848 ------w c:\windows\ServicePackFiles\i386\mgmtapi.dll
+ 2008-04-14 08:05:26 18,944 ------w c:\windows\ServicePackFiles\i386\midimap.dll
+ 2008-04-14 08:05:26 274,432 ------w c:\windows\ServicePackFiles\i386\migism.dll
+ 2008-04-14 08:05:26 261,120 ------w c:\windows\ServicePackFiles\i386\migisma.dll
+ 2008-04-14 08:05:26 60,928 ------w c:\windows\ServicePackFiles\i386\miglibnt.dll
+ 2008-04-14 08:05:54 103,936 ------w c:\windows\ServicePackFiles\i386\migload.exe
+ 2008-04-14 08:05:54 7,680 ------w c:\windows\ServicePackFiles\i386\migregdb.exe
+ 2008-04-14 08:05:54 246,784 ------w c:\windows\ServicePackFiles\i386\migwiz.exe
+ 2008-04-14 08:05:54 241,152 ------w c:\windows\ServicePackFiles\i386\migwiza.exe
+ 2008-04-14 08:05:26 29,696 ------w c:\windows\ServicePackFiles\i386\mimefilt.dll
+ 2008-04-14 08:05:26 586,240 ------w c:\windows\ServicePackFiles\i386\mlang.dll
+ 2008-04-14 08:05:54 1,414,656 ------w c:\windows\ServicePackFiles\i386\mmc.exe
+ 2008-04-14 08:05:26 184,320 ------w c:\windows\ServicePackFiles\i386\mmc30.dll
+ 2008-04-14 08:05:26 15,872 ------w c:\windows\ServicePackFiles\i386\mmc30r.dll
+ 2008-04-14 08:05:26 164,864 ------w c:\windows\ServicePackFiles\i386\mmcbase.dll
+ 2008-04-14 08:05:26 397,312 ------w c:\windows\ServicePackFiles\i386\mmcex.dll
+ 2008-04-14 08:05:26 36,864 ------w c:\windows\ServicePackFiles\i386\mmcexr.dll
+ 2008-04-14 08:05:26 106,496 ------w c:\windows\ServicePackFiles\i386\mmcfxc.dll
+ 2008-04-14 08:05:26 4,608 ------w c:\windows\ServicePackFiles\i386\mmcfxcr.dll
+ 2008-04-14 08:05:26 1,873,920 ------w c:\windows\ServicePackFiles\i386\mmcndmgr.dll
+ 2008-04-14 08:05:54 33,792 ------w c:\windows\ServicePackFiles\i386\mmcperf.exe
+ 2008-04-14 08:05:26 61,440 ------w c:\windows\ServicePackFiles\i386\mmcshext.dll
+ 2008-04-14 08:05:26 17,920 ------w c:\windows\ServicePackFiles\i386\mmfutil.dll
+ 2008-04-14 07:34:30 68,976 ------w c:\windows\ServicePackFiles\i386\mmsystem.dll
+ 2008-04-14 08:05:26 34,560 ------w c:\windows\ServicePackFiles\i386\mnmdd.dll
+ 2008-04-14 08:05:54 32,768 ------w c:\windows\ServicePackFiles\i386\mnmsrvc.exe
+ 2008-04-14 08:05:26 207,872 ------w c:\windows\ServicePackFiles\i386\mobsync.dll
+ 2008-04-14 08:05:54 143,872 ------w c:\windows\ServicePackFiles\i386\mobsync.exe
+ 2008-04-14 07:34:34 30,336 ------w c:\windows\ServicePackFiles\i386\modem.sys
+ 2008-04-14 08:05:26 154,112 ------w c:\windows\ServicePackFiles\i386\modemui.dll
+ 2008-04-14 08:05:54 16,896 ------w c:\windows\ServicePackFiles\i386\mofcomp.exe
+ 2008-04-14 08:05:26 124,416 ------w c:\windows\ServicePackFiles\i386\mofd.dll
+ 2008-04-14 08:06:10 16,896 ------w c:\windows\ServicePackFiles\i386\more.com
+ 2008-04-13 08:45:32 216,064 ------w c:\windows\ServicePackFiles\i386\moricons.dll
+ 2008-04-14 07:34:40 23,296 ------w c:\windows\ServicePackFiles\i386\mouclass.sys
+ 2008-04-13 10:39:48 42,368 ------w c:\windows\ServicePackFiles\i386\mountmgr.sys
+ 2008-04-14 08:05:56 3,558,912 ------w c:\windows\ServicePackFiles\i386\moviemk.exe
+ 2008-04-13 10:46:24 15,232 ------w c:\windows\ServicePackFiles\i386\mpe.sys
+ 2008-04-14 08:05:56 123,904 ------w c:\windows\ServicePackFiles\i386\mplay32.exe
+ 2008-04-14 08:05:26 59,904 ------w c:\windows\ServicePackFiles\i386\mpr.dll
+ 2008-04-14 08:05:26 87,040 ------w c:\windows\ServicePackFiles\i386\mprapi.dll
+ 2008-04-14 08:05:26 53,248 ------w c:\windows\ServicePackFiles\i386\mprdim.dll
+ 2008-04-13 10:32:46 180,608 ------w c:\windows\ServicePackFiles\i386\mrxdav.sys
+ 2008-04-13 11:17:02 456,576 ------w c:\windows\ServicePackFiles\i386\mrxsmb.sys
+ 2008-04-14 08:05:26 71,680 ------w c:\windows\ServicePackFiles\i386\msacm32.dll
+ 2008-04-14 08:05:26 331,776 ------w c:\windows\ServicePackFiles\i386\msadce.dll
+ 2008-02-01 02:33:26 20,480 ------w c:\windows\ServicePackFiles\i386\msadcer.dll
+ 2008-04-14 08:05:26 61,440 ------w c:\windows\ServicePackFiles\i386\msadcf.dll
+ 2008-02-01 02:33:26 16,384 ------w c:\windows\ServicePackFiles\i386\msadcfr.dll
+ 2008-04-14 08:05:26 143,360 ------w c:\windows\ServicePackFiles\i386\msadco.dll
+ 2008-02-01 02:33:26 16,384 ------w c:\windows\ServicePackFiles\i386\msadcor.dll
+ 2008-04-14 08:05:26 53,248 ------w c:\windows\ServicePackFiles\i386\msadcs.dll
+ 2008-04-14 08:05:26 155,648 ------w c:\windows\ServicePackFiles\i386\msadds.dll
+ 2008-02-01 02:33:28 24,576 ------w c:\windows\ServicePackFiles\i386\msaddsr.dll
+ 2008-02-01 02:33:28 28,672 ------w c:\windows\ServicePackFiles\i386\msader15.dll
+ 2008-04-14 08:05:26 536,576 ------w c:\windows\ServicePackFiles\i386\msado15.dll
+ 2008-04-14 08:05:26 180,224 ------w c:\windows\ServicePackFiles\i386\msadomd.dll
+ 2008-04-14 08:05:26 57,344 ------w c:\windows\ServicePackFiles\i386\msador15.dll
+ 2008-04-14 08:05:26 200,704 ------w c:\windows\ServicePackFiles\i386\msadox.dll
+ 2008-04-14 08:05:26 57,344 ------w c:\windows\ServicePackFiles\i386\msadrh15.dll
+ 2008-04-14 08:04:18 3,584 ------w c:\windows\ServicePackFiles\i386\msafd.dll
+ 2008-04-14 08:05:26 86,016 ------w c:\windows\ServicePackFiles\i386\msapsspc.dll
+ 2008-04-14 08:05:26 57,344 ------w c:\windows\ServicePackFiles\i386\msasn1.dll
+ 2008-04-14 08:05:26 220,160 ------w c:\windows\ServicePackFiles\i386\mscandui.dll
+ 2008-04-14 08:05:26 73,728 ------w c:\windows\ServicePackFiles\i386\mscms.dll
+ 2008-04-14 08:05:26 69,632 ------w c:\windows\ServicePackFiles\i386\msconf.dll
+ 2008-04-14 08:05:56 170,496 ------w c:\windows\ServicePackFiles\i386\msconfig.exe
+ 2007-04-02 12:01:08 116,288 ------w c:\windows\ServicePackFiles\i386\msconv97.dll
+ 2008-04-13 09:26:08 12,288 ------w c:\windows\ServicePackFiles\i386\mscpx32r.dll
+ 2008-04-14 08:05:26 36,864 ------w c:\windows\ServicePackFiles\i386\mscpxl32.dll
+ 2008-04-14 08:05:26 297,984 ------w c:\windows\ServicePackFiles\i386\msctf.dll
+ 2008-04-14 08:05:26 68,608 ------w c:\windows\ServicePackFiles\i386\msctfp.dll
+ 2008-04-14 08:05:26 4,096 ------w c:\windows\ServicePackFiles\i386\msdadc.dll
+ 2008-04-14 08:05:26 118,784 ------w c:\windows\ServicePackFiles\i386\msdadiag.dll
+ 2008-04-14 08:05:26 4,096 ------w c:\windows\ServicePackFiles\i386\msdaenum.dll
+ 2008-04-14 08:05:26 4,096 ------w c:\windows\ServicePackFiles\i386\msdaer.dll
+ 2008-04-14 08:05:26 532,480 ------w c:\windows\ServicePackFiles\i386\msdaipp.dll
+ 2008-04-14 08:05:26 233,472 ------w c:\windows\ServicePackFiles\i386\msdaora.dll
+ 2008-02-01 02:33:28 16,384 ------w c:\windows\ServicePackFiles\i386\msdaorar.dll
+ 2008-04-14 08:05:26 77,824 ------w c:\windows\ServicePackFiles\i386\msdaosp.dll
+ 2008-02-01 02:33:28 16,384 ------w c:\windows\ServicePackFiles\i386\msdaprsr.dll
+ 2008-04-14 08:05:26 200,704 ------w c:\windows\ServicePackFiles\i386\msdaprst.dll
+ 2008-04-14 08:05:26 204,800 ------w c:\windows\ServicePackFiles\i386\msdaps.dll
+ 2008-04-14 08:05:26 118,784 ------w c:\windows\ServicePackFiles\i386\msdarem.dll
+ 2008-02-01 02:33:28 16,384 ------w c:\windows\ServicePackFiles\i386\msdaremr.dll
+ 2008-04-14 08:05:26 151,552 ------w c:\windows\ServicePackFiles\i386\msdart.dll
+ 2008-04-14 08:05:26 4,096 ------w c:\windows\ServicePackFiles\i386\msdasc.dll
+ 2008-04-14 08:05:26 315,392 ------w c:\windows\ServicePackFiles\i386\msdasql.dll
+ 2008-02-01 02:33:28 16,384 ------w c:\windows\ServicePackFiles\i386\msdasqlr.dll
+ 2008-04-14 08:05:26 94,208 ------w c:\windows\ServicePackFiles\i386\msdatl3.dll
+ 2008-04-14 08:05:26 20,480 ------w c:\windows\ServicePackFiles\i386\msdatt.dll
+ 2008-04-14 08:05:26 4,096 ------w c:\windows\ServicePackFiles\i386\msdaurl.dll
+ 2008-04-14 08:05:26 36,864 ------w c:\windows\ServicePackFiles\i386\msdfmap.dll
+ 2008-04-14 08:05:26 14,336 ------w c:\windows\ServicePackFiles\i386\msdmo.dll
+ 2008-04-14 08:05:56 6,144 ------w c:\windows\ServicePackFiles\i386\msdtc.exe
+ 2008-04-14 08:05:26 58,880 ------w c:\windows\ServicePackFiles\i386\msdtclog.dll
+ 2008-04-14 08:05:26 427,008 ------w c:\windows\ServicePackFiles\i386\msdtcprx.dll
+ 2008-04-14 08:05:26 90,112 ------w c:\windows\ServicePackFiles\i386\msdtcstp.dll
+ 2008-04-14 08:05:26 956,928 ------w c:\windows\ServicePackFiles\i386\msdtctm.dll
+ 2008-04-14 08:05:26 161,792 ------w c:\windows\ServicePackFiles\i386\msdtcuiu.dll
+ 2008-04-13 10:46:10 51,200 ------w c:\windows\ServicePackFiles\i386\msdv.sys
+ 2007-04-02 04:47:44 518,944 ------w c:\windows\ServicePackFiles\i386\msexch40.dll
+ 2007-04-02 04:48:00 326,432 ------w c:\windows\ServicePackFiles\i386\msexcl40.dll
+ 2008-04-13 10:32:40 19,072 ------w c:\windows\ServicePackFiles\i386\msfs.sys
+ 2008-04-14 08:05:26 539,136 ------w c:\windows\ServicePackFiles\i386\msftedit.dll
+ 2008-04-14 08:05:26 998,400 ------w c:\windows\ServicePackFiles\i386\msgina.dll
+ 2008-04-13 10:56:34 35,072 ------w c:\windows\ServicePackFiles\i386\msgpc.sys
+ 2008-04-14 08:05:26 3,166,208 ------w c:\windows\ServicePackFiles\i386\msgr3en.dll
+ 2008-04-14 08:05:26 15,360 ------w c:\windows\ServicePackFiles\i386\msgrocm.dll
+ 2008-04-14 08:05:26 82,944 ------w c:\windows\ServicePackFiles\i386\msgsc.dll
+ 2008-04-13 09:30:30 180,224 ------w c:\windows\ServicePackFiles\i386\msgslang.dll
+ 2008-04-14 08:05:26 33,792 ------w c:\windows\ServicePackFiles\i386\msgsvc.dll
+ 2008-04-14 08:06:10 188,416 ------w c:\windows\ServicePackFiles\i386\msh261.drv
+ 2008-04-14 08:06:10 294,912 ------w c:\windows\ServicePackFiles\i386\msh263.drv
+ 2008-04-14 08:05:56 29,184 ------w c:\windows\ServicePackFiles\i386\mshta.exe
+ 2008-04-14 08:05:26 3,066,880 ------w c:\windows\ServicePackFiles\i386\mshtml.dll
+ 2008-04-14 08:05:26 449,024 ------w c:\windows\ServicePackFiles\i386\mshtmled.dll
+ 2008-04-14 07:36:50 57,344 ------w c:\windows\ServicePackFiles\i386\mshtmler.dll
+ 2008-04-14 08:05:28 2,843,136 ------w c:\windows\ServicePackFiles\i386\msi.dll
+ 2008-04-14 08:05:28 51,712 ------w c:\windows\ServicePackFiles\i386\msident.dll
+ 2008-04-14 08:05:28 6,656 ------w c:\windows\ServicePackFiles\i386\msidle.dll
+ 2008-04-14 08:05:28 249,344 ------w c:\windows\ServicePackFiles\i386\msieftp.dll
+ 2008-04-14 08:05:56 78,848 ------w c:\windows\ServicePackFiles\i386\msiexec.exe
+ 2008-04-14 08:05:28 271,360 ------w c:\windows\ServicePackFiles\i386\msihnd.dll
+ 2008-04-14 08:05:28 4,608 ------w c:\windows\ServicePackFiles\i386\msimg32.dll
+ 2008-04-14 08:05:56 60,416 ------w c:\windows\ServicePackFiles\i386\msimn.exe
+ 2008-04-13 07:39:44 884,736 ------w c:\windows\ServicePackFiles\i386\msimsg.dll
+ 2008-04-14 08:05:28 159,232 ------w c:\windows\ServicePackFiles\i386\msimtf.dll
+ 2008-04-14 08:05:28 377,856 ------w c:\windows\ServicePackFiles\i386\msinfo.dll
+ 2008-04-13 10:54:30 22,016 ------w c:\windows\ServicePackFiles\i386\msircomm.sys
+ 2008-04-14 08:05:56 40,960 ------w c:\windows\ServicePackFiles\i386\msiregmv.exe
+ 2008-04-14 08:05:28 15,360 ------w c:\windows\ServicePackFiles\i386\msisip.dll
+ 2007-10-22 01:30:52 1,516,568 ------w c:\windows\ServicePackFiles\i386\msjet40.dll
+ 2007-04-02 04:49:22 355,112 ------w c:\windows\ServicePackFiles\i386\msjetol1.dll
+ 2008-02-01 02:33:28 174,880 ------w c:\windows\ServicePackFiles\i386\msjint40.dll
+ 2008-04-14 08:05:28 102,400 ------w c:\windows\ServicePackFiles\i386\msjro.dll
+ 2007-04-02 04:49:34 60,192 ------w c:\windows\ServicePackFiles\i386\msjter40.dll
+ 2007-04-02 04:49:38 248,608 ------w c:\windows\ServicePackFiles\i386\msjtes40.dll
+ 2008-04-13 10:39:54 7,552 ------w c:\windows\ServicePackFiles\i386\mskssrv.sys
+ 2008-04-14 08:05:28 25,088 ------w c:\windows\ServicePackFiles\i386\mslbui.dll
+ 2007-04-02 04:49:52 219,936 ------w c:\windows\ServicePackFiles\i386\msltus40.dll
+ 2008-04-14 08:05:28 39,936 ------w c:\windows\ServicePackFiles\i386\mslwvtts.dll
+ 2008-04-14 08:05:56 1,695,232 ------w c:\windows\ServicePackFiles\i386\msmsgs.exe
+ 2008-04-14 08:05:28 290,816 ------w c:\windows\ServicePackFiles\i386\msnsspc.dll
+ 2008-04-14 08:05:28 122,368 ------w c:\windows\ServicePackFiles\i386\msobcomm.dll
+ 2008-04-14 08:05:28 16,384 ------w c:\windows\ServicePackFiles\i386\msobdl.dll
+ 2008-04-14 08:05:28 565,760 ------w c:\windows\ServicePackFiles\i386\msobmain.dll
+ 2008-04-14 08:05:28 30,720 ------w c:\windows\ServicePackFiles\i386\msobshel.dll
+ 2008-04-14 08:05:28 19,456 ------w c:\windows\ServicePackFiles\i386\msobweb.dll
+ 2008-04-14 08:05:28 1,314,816 ------w c:\windows\ServicePackFiles\i386\msoe.dll
+ 2008-04-14 08:05:28 252,928 ------w c:\windows\ServicePackFiles\i386\msoeacct.dll
+ 2008-04-14 07:41:34 2,494,464 ------w c:\windows\ServicePackFiles\i386\msoeres.dll
+ 2008-04-14 08:05:28 105,984 ------w c:\windows\ServicePackFiles\i386\msoert2.dll
+ 2008-04-14 08:05:56 29,184 ------w c:\windows\ServicePackFiles\i386\msoobe.exe
+ 2008-02-01 02:33:30 24,576 ------w c:\windows\ServicePackFiles\i386\msorc32r.dll
+ 2008-04-14 08:05:28 143,360 ------w c:\windows\ServicePackFiles\i386\msorcl32.dll
+ 2008-04-14 08:05:58 344,576 ------w c:\windows\ServicePackFiles\i386\mspaint.exe
+ 2008-04-14 08:05:28 29,696 ------w c:\windows\ServicePackFiles\i386\mspatcha.dll
+ 2007-04-02 04:50:06 355,104 ------w c:\windows\ServicePackFiles\i386\mspbde40.dll
+ 2008-04-13 10:39:52 5,376 ------w c:\windows\ServicePackFiles\i386\mspclock.sys
+ 2008-04-13 10:39:52 4,992 ------w c:\windows\ServicePackFiles\i386\mspqm.sys
+ 2008-04-13 08:23:32 48,128 ------w c:\windows\ServicePackFiles\i386\msprivs.dll
+ 2008-04-14 08:05:28 146,432 ------w c:\windows\ServicePackFiles\i386\msrating.dll
+ 2007-04-02 04:50:28 432,928 ------w c:\windows\ServicePackFiles\i386\msrd2x40.dll
+ 2007-04-02 04:50:44 322,336 ------w c:\windows\ServicePackFiles\i386\msrd3x40.dll
+ 2007-04-02 04:51:06 559,904 ------w c:\windows\ServicePackFiles\i386\msrepl40.dll
+ 2008-04-14 08:05:28 11,264 ------w c:\windows\ServicePackFiles\i386\msrle32.dll
+ 2008-04-14 08:05:28 134,656 ------w c:\windows\ServicePackFiles\i386\mssap.dll
+ 2008-04-14 08:05:28 155,136 ------w c:\windows\ServicePackFiles\i386\mssha.dll
+ 2008-04-14 07:42:02 77,824 ------w c:\windows\ServicePackFiles\i386\msshamsg.dll
+ 2008-04-13 10:36:48 15,488 ------w c:\windows\ServicePackFiles\i386\mssmbios.sys
+ 2008-04-14 08:05:28 274,432 ------w c:\windows\ServicePackFiles\i386\mst120.dll
+ 2008-04-14 08:05:28 57,344 ------w c:\windows\ServicePackFiles\i386\mst123.dll
+ 2008-04-13 10:46:10 49,024 ------w c:\windows\ServicePackFiles\i386\mstape.sys
+ 2008-04-14 08:05:28 275,968 ------w c:\windows\ServicePackFiles\i386\mstask.dll
+ 2008-04-13 10:39:52 5,504 ------w c:\windows\ServicePackFiles\i386\mstee.sys
+ 2007-04-02 04:51:28 264,992 ------w c:\windows\ServicePackFiles\i386\mstext40.dll
+ 2008-04-14 08:05:28 532,480 ------w c:\windows\ServicePackFiles\i386\mstime.dll
+ 2008-04-14 08:05:58 12,288 ------w c:\windows\ServicePackFiles\i386\mstinit.exe
+ 2008-04-14 08:05:28 116,224 ------w c:\windows\ServicePackFiles\i386\mstlsapi.dll
+ 2008-04-14 08:05:28 195,584 ------w c:\windows\ServicePackFiles\i386\msutb.dll
+ 2008-04-14 08:05:28 132,608 ------w c:\windows\ServicePackFiles\i386\msv1_0.dll
+ 2008-04-14 08:05:28 1,384,479 ------w c:\windows\ServicePackFiles\i386\msvbvm60.dll
+ 2008-04-14 08:05:28 57,344 ------w c:\windows\ServicePackFiles\i386\msvcirt.dll
+ 2008-04-14 08:05:28 413,696 ------w c:\windows\ServicePackFiles\i386\msvcp60.dll
+ 2008-04-14 08:05:28 343,040 ------w c:\windows\ServicePackFiles\i386\msvcrt.dll
+ 2008-04-13 10:30:48 61,440 ------w c:\windows\ServicePackFiles\i386\msvcrt40.dll
+ 2008-04-14 08:05:28 121,856 ------w c:\windows\ServicePackFiles\i386\msvfw32.dll
+ 2008-04-14 08:05:28 1,432,064 ------w c:\windows\ServicePackFiles\i386\msvidctl.dll
+ 2008-04-14 08:05:28 72,704 ------w c:\windows\ServicePackFiles\i386\msw3prt.dll
+ 2007-04-02 04:51:48 838,432 ------w c:\windows\ServicePackFiles\i386\mswdat10.dll
+ 2008-04-14 08:05:28 204,288 ------w c:\windows\ServicePackFiles\i386\mswebdvd.dll
+ 2008-04-14 08:05:28 246,784 ------w c:\windows\ServicePackFiles\i386\mswsock.dll
+ 2007-07-18 07:30:00 621,344 ------w c:\windows\ServicePackFiles\i386\mswstr10.dll
+ 2008-04-14 08:05:28 24,576 ------w c:\windows\ServicePackFiles\i386\msxactps.dll
+ 2007-04-02 04:52:02 355,104 ------w c:\windows\ServicePackFiles\i386\msxbde40.dll
+ 2008-04-14 08:05:28 506,368 ------w c:\windows\ServicePackFiles\i386\msxml.dll
+ 2008-04-14 08:05:28 701,440 ------w c:\windows\ServicePackFiles\i386\msxml2.dll
+ 2008-04-14 08:05:28 1,104,896 ------w c:\windows\ServicePackFiles\i386\msxml3.dll
+ 2008-04-14 08:05:28 16,896 ------w c:\windows\ServicePackFiles\i386\msyuv.dll
+ 2008-04-13 10:23:42 126,686 ------w c:\windows\ServicePackFiles\i386\mtlmnt5.sys
+ 2008-04-13 10:23:40 1,309,184 ------w c:\windows\ServicePackFiles\i386\mtlstrm.sys
+ 2008-04-14 08:05:58 119,808 ------w c:\windows\ServicePackFiles\i386\mtstocom.exe
+ 2008-04-14 08:05:28 66,560 ------w c:\windows\ServicePackFiles\i386\mtxclu.dll
+ 2008-04-14 08:05:28 30,720 ------w c:\windows\ServicePackFiles\i386\mtxdm.dll
+ 2008-04-14 08:05:28 4,096 ------w c:\windows\ServicePackFiles\i386\mtxex.dll
+ 2008-04-14 08:05:28 34,304 ------w c:\windows\ServicePackFiles\i386\mtxlegih.dll
+ 2008-04-14 08:05:28 91,648 ------w c:\windows\ServicePackFiles\i386\mtxoci.dll
+ 2008-04-14 08:05:28 1,737,856 ------w c:\windows\ServicePackFiles\i386\mtxparhd.dll
+ 2008-04-13 08:34:28 452,736 ------w c:\windows\ServicePackFiles\i386\mtxparhm.sys
+ 2008-04-13 11:17:06 105,344 ------w c:\windows\ServicePackFiles\i386\mup.sys
+ 2008-04-13 10:43:56 12,672 ------w c:\windows\ServicePackFiles\i386\mutohpen.sys
+ 2008-04-14 08:05:28 90,624 ------w c:\windows\ServicePackFiles\i386\mydocs.dll
+ 2008-04-13 10:46:26 85,248 ------w c:\windows\ServicePackFiles\i386\nabtsfec.sys
+ 2008-04-14 08:05:28 221,184 ------w c:\windows\ServicePackFiles\i386\nac.dll
+ 2008-04-14 08:05:28 30,208 ------w c:\windows\ServicePackFiles\i386\napipsec.dll
+ 2008-04-14 08:05:28 196,096 ------w c:\windows\ServicePackFiles\i386\napmontr.dll
+ 2008-04-14 08:05:58 176,640 ------w c:\windows\ServicePackFiles\i386\napstat.exe
+ 2008-04-14 08:05:58 54,272 ------w c:\windows\ServicePackFiles\i386\narrator.exe
+ 2008-04-14 08:05:28 36,352 ------w c:\windows\ServicePackFiles\i386\ncobjapi.dll
+ 2008-04-14 08:05:28 47,104 ------w c:\windows\ServicePackFiles\i386\ncprov.dll
+ 2008-04-14 08:05:28 9,728 ------w c:\windows\ServicePackFiles\i386\ncpsres.dll
+ 2008-04-14 08:05:28 17,920 ------w c:\windows\ServicePackFiles\i386\nddeapi.dll
+ 2008-04-14 08:05:58 4,096 ------w c:\windows\ServicePackFiles\i386\nddeapir.exe
+ 2008-04-14 08:05:28 19,456 ------w c:\windows\ServicePackFiles\i386\nddenb32.dll
+ 2008-04-13 11:20:38 182,656 ------w c:\windows\ServicePackFiles\i386\ndis.sys
+ 2008-04-13 10:46:24 10,880 ------w c:\windows\ServicePackFiles\i386\ndisip.sys
+ 2008-04-14 08:05:28 57,344 ------w c:\windows\ServicePackFiles\i386\ndisnpp.dll
+ 2008-04-13 10:57:28 10,112 ------w c:\windows\ServicePackFiles\i386\ndistapi.sys
+ 2008-04-13 10:56:00 14,592 ------w c:\windows\ServicePackFiles\i386\ndisuio.sys
+ 2008-04-13 11:20:44 91,520 ------w c:\windows\ServicePackFiles\i386\ndiswan.sys
+ 2008-04-13 10:57:30 40,576 ------w c:\windows\ServicePackFiles\i386\ndproxy.sys
+ 2008-04-14 08:05:58 42,496 ------w c:\windows\ServicePackFiles\i386\net.exe
+ 2008-04-14 08:05:58 124,928 ------w c:\windows\ServicePackFiles\i386\net1.exe
+ 2008-04-14 08:05:28 337,408 ------w c:\windows\ServicePackFiles\i386\netapi32.dll
+ 2008-04-13 10:56:04 34,688 ------w c:\windows\ServicePackFiles\i386\netbios.sys
+ 2008-04-13 11:21:02 162,816 ------w c:\windows\ServicePackFiles\i386\netbt.sys
+ 2008-04-14 08:05:28 625,152 ------w c:\windows\ServicePackFiles\i386\netcfgx.dll
+ 2008-04-14 08:05:58 112,640 ------w c:\windows\ServicePackFiles\i386\netdde.exe
+ 2008-04-14 08:05:28 139,776 ------w c:\windows\ServicePackFiles\i386\netid.dll
+ 2008-04-14 08:05:28 407,040 ------w c:\windows\ServicePackFiles\i386\netlogon.dll
+ 2008-04-14 08:05:28 198,144 ------w c:\windows\ServicePackFiles\i386\netman.dll
+ 2008-04-14 08:05:28 77,312 ------w c:\windows\ServicePackFiles\i386\netoc.dll
+ 2008-04-14 08:05:28 877,568 ------w c:\windows\ServicePackFiles\i386\netplwiz.dll
+ 2008-04-14 08:05:28 11,776 ------w c:\windows\ServicePackFiles\i386\netrap.dll
+ 2008-04-14 08:09:02 331,264 ------w c:\windows\ServicePackFiles\i386\netsetup.exe
+ 2008-04-14 08:05:58 87,040 ------w c:\windows\ServicePackFiles\i386\netsh.exe
+ 2008-04-14 08:05:30 1,710,080 ------w c:\windows\ServicePackFiles\i386\netshell.dll
+ 2008-04-14 08:05:58 37,376 ------w c:\windows\ServicePackFiles\i386\netstat.exe
+ 2008-04-14 08:05:30 80,896 ------w c:\windows\ServicePackFiles\i386\netui0.dll
+ 2008-04-14 08:05:30 245,760 ------w c:\windows\ServicePackFiles\i386\netui1.dll
+ 2008-04-14 07:44:00 132,695 ------w c:\windows\ServicePackFiles\i386\netwlan5.sys
+ 2008-04-14 08:05:30 248,320 ------w c:\windows\ServicePackFiles\i386\newdev.dll
+ 2008-04-13 10:51:26 61,824 ------w c:\windows\ServicePackFiles\i386\nic1394.sys
+ 2008-04-14 08:05:30 98,304 ------w c:\windows\ServicePackFiles\i386\nlhtml.dll
+ 2008-04-14 08:05:30 229,376 ------w c:\windows\ServicePackFiles\i386\nmas.dll
+ 2008-04-14 08:05:30 28,672 ------w c:\windows\ServicePackFiles\i386\nmasnt.dll
+ 2008-04-14 08:05:30 81,920 ------w c:\windows\ServicePackFiles\i386\nmchat.dll
+ 2008-04-14 08:05:30 77,824 ------w c:\windows\ServicePackFiles\i386\nmcom.dll
+ 2008-04-14 08:05:30 151,552 ------w c:\windows\ServicePackFiles\i386\nmft.dll
+ 2008-04-14 08:05:30 28,672 ------w c:\windows\ServicePackFiles\i386\nmmkcert.dll
+ 2008-04-13 10:53:10 40,320 ------w c:\windows\ServicePackFiles\i386\nmnt.sys
+ 2008-04-14 08:05:30 167,936 ------w c:\windows\ServicePackFiles\i386\nmoldwb.dll
+ 2008-04-14 08:05:30 188,416 ------w c:\windows\ServicePackFiles\i386\nmwb.dll
+ 2008-04-14 08:05:58 69,632 ------w c:\windows\ServicePackFiles\i386\notepad.exe
+ 2008-04-13 10:32:40 30,848 ------w c:\windows\ServicePackFiles\i386\npfs.sys
+ 2008-04-14 08:05:58 15,360 ------w c:\windows\ServicePackFiles\i386\nppagent.exe
+ 2008-04-14 08:05:30 55,296 ------w c:\windows\ServicePackFiles\i386\npptools.dll
+ 2008-04-13 10:54:38 28,672 ------w c:\windows\ServicePackFiles\i386\nscirda.sys
+ 2008-04-14 08:05:58 76,800 ------w c:\windows\ServicePackFiles\i386\nslookup.exe
+ 2008-04-13 08:43:04 47,564 ------w c:\windows\ServicePackFiles\i386\ntdetect.com
+ 2008-04-14 08:05:06 710,656 ------w c:\windows\ServicePackFiles\i386\ntdll.dll
+ 2008-04-14 08:05:30 67,072 ------w c:\windows\ServicePackFiles\i386\ntdsapi.dll
+ 2008-04-14 08:05:30 212,992 ------w c:\windows\ServicePackFiles\i386\ntevt.dll
+ 2008-04-13 11:15:54 574,976 ------w c:\windows\ServicePackFiles\i386\ntfs.sys
+ 2008-04-13 08:49:48 33,920 ------w c:\windows\ServicePackFiles\i386\ntio.sys
+ 2008-04-13 08:49:44 34,560 ------w c:\windows\ServicePackFiles\i386\ntio404.sys
+ 2008-04-13 08:49:40 35,648 ------w c:\windows\ServicePackFiles\i386\ntio411.sys
+ 2008-04-13 08:49:44 35,424 ------w c:\windows\ServicePackFiles\i386\ntio412.sys
+ 2008-04-13 08:49:42 34,560 ------w c:\windows\ServicePackFiles\i386\ntio804.sys
+ 2008-04-14 07:44:54 2,147,840 ------w c:\windows\ServicePackFiles\i386\ntkrnlmp.exe
+ 2008-04-14 07:45:00 2,068,480 ------w c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
+ 2008-04-14 07:45:06 2,026,496 ------w c:\windows\ServicePackFiles\i386\ntkrpamp.exe
+ 2008-04-14 08:05:30 44,032 ------w c:\windows\ServicePackFiles\i386\ntlanman.dll
+ 2008-04-14 08:05:30 8,192 ------w c:\windows\ServicePackFiles\i386\ntlsapi.dll
+ 2008-04-14 08:05:30 119,296 ------w c:\windows\ServicePackFiles\i386\ntmarta.dll
+ 2008-04-14 08:05:30 40,960 ------w c:\windows\ServicePackFiles\i386\ntmsapi.dll
+ 2008-04-14 08:05:30 179,712 ------w c:\windows\ServicePackFiles\i386\ntmsdba.dll
+ 2008-04-14 08:05:30 488,448 ------w c:\windows\ServicePackFiles\i386\ntmsmgr.dll
+ 2008-04-14 08:05:30 435,712 ------w c:\windows\ServicePackFiles\i386\ntmssvc.dll
+ 2008-04-13 10:23:42 180,360 ------w c:\windows\ServicePackFiles\i386\ntmtlfax.sys
+ 2008-04-14 08:05:30 62,976 ------w c:\windows\ServicePackFiles\i386\ntoc.dll
+ 2008-04-14 07:45:22 2,191,616 ------w c:\windows\ServicePackFiles\i386\ntoskrnl.exe
+ 2008-04-14 08:05:30 91,136 ------w c:\windows\ServicePackFiles\i386\ntprint.dll
+ 2008-04-14 08:05:30 143,872 ------w c:\windows\ServicePackFiles\i386\ntshrui.dll
+ 2008-04-14 08:05:58 420,864 ------w c:\windows\ServicePackFiles\i386\ntvdm.exe
+ 2008-04-14 08:05:30 15,360 ------w c:\windows\ServicePackFiles\i386\ntvdmd.dll
+ 2008-04-14 08:05:30 4,274,816 ------w c:\windows\ServicePackFiles\i386\nv4_disp.dll
+ 2008-04-13 08:34:32 1,897,408 ------w c:\windows\ServicePackFiles\i386\nv4_mini.sys
+ 2008-04-13 10:56:08 88,320 ------w c:\windows\ServicePackFiles\i386\nwlnkipx.sys
+ 2008-04-14 08:05:30 142,848 ------w c:\windows\ServicePackFiles\i386\nwprovau.dll
+ 2008-04-14 08:05:30 270,848 ------w c:\windows\ServicePackFiles\i386\oakley.dll
+ 2008-04-14 08:05:30 286,720 ------w c:\windows\ServicePackFiles\i386\objsel.dll
+ 2008-04-13 10:40:26 454,144 ------w c:\windows\ServicePackFiles\i386\obrs0406.dll
+ 2008-04-14 08:05:32 96,768 ------w c:\windows\ServicePackFiles\i386\occache.dll
+ 2008-04-14 08:05:32 15,872 ------w c:\windows\ServicePackFiles\i386\ocgen.dll
+ 2008-04-14 08:05:32 68,096 ------w c:\windows\ServicePackFiles\i386\ocmanage.dll
+ 2008-04-14 08:05:32 17,408 ------w c:\windows\ServicePackFiles\i386\ocmsn.dll
+ 2007-04-02 06:05:22 26,224 ------w c:\windows\ServicePackFiles\i386\odbc16gt.dll
+ 2008-04-14 08:05:32 249,856 ------w c:\windows\ServicePackFiles\i386\odbc32.dll
+ 2008-04-14 08:05:32 16,384 ------w c:\windows\ServicePackFiles\i386\odbc32gt.dll
+ 2008-04-14 08:06:00 32,768 ------w c:\windows\ServicePackFiles\i386\odbcad32.exe
+ 2008-04-14 08:05:32 24,576 ------w c:\windows\ServicePackFiles\i386\odbcbcp.dll
+ 2008-04-14 08:05:32 135,168 ------w c:\windows\ServicePackFiles\i386\odbcconf.dll
+ 2008-04-14 08:06:00 69,632 ------w c:\windows\ServicePackFiles\i386\odbcconf.exe
+ 2008-04-14 08:05:32 106,496 ------w c:\windows\ServicePackFiles\i386\odbccp32.dll
+ 2008-04-14 08:05:32 65,536 ------w c:\windows\ServicePackFiles\i386\odbccr32.dll
+ 2008-04-14 08:05:32 65,536 ------w c:\windows\ServicePackFiles\i386\odbccu32.dll
+ 2007-07-18 07:30:04 98,304 ------w c:\windows\ServicePackFiles\i386\odbcint.dll
+ 2008-04-14 08:04:32 57,375 ------w c:\windows\ServicePackFiles\i386\odbcji32.dll
+ 2008-04-14 08:05:32 278,559 ------w c:\windows\ServicePackFiles\i386\odbcjt32.dll
+ 2008-04-13 09:26:06 12,288 ------w c:\windows\ServicePackFiles\i386\odbcp32r.dll
+ 2008-04-14 08:05:32 147,456 ------w c:\windows\ServicePackFiles\i386\odbctrac.dll
+ 2008-04-14 08:05:32 20,511 ------w c:\windows\ServicePackFiles\i386\oddbse32.dll
+ 2008-04-14 08:05:32 20,510 ------w c:\windows\ServicePackFiles\i386\odexl32.dll
+ 2008-04-14 08:05:32 20,510 ------w c:\windows\ServicePackFiles\i386\odfox32.dll
+ 2008-04-14 08:05:32 20,510 ------w c:\windows\ServicePackFiles\i386\odpdx32.dll
+ 2008-04-14 08:05:32 20,511 ------w c:\windows\ServicePackFiles\i386\odtext32.dll
+ 2008-04-14 08:05:32 104,448 ------w c:\windows\ServicePackFiles\i386\oeimport.dll
+ 2008-04-14 08:06:00 60,416 ------w c:\windows\ServicePackFiles\i386\oemig50.exe
+ 2008-04-14 08:05:32 35,328 ------w c:\windows\ServicePackFiles\i386\oemiglib.dll
+ 2008-04-14 08:05:32 192,000 ------w c:\windows\ServicePackFiles\i386\offfilt.dll
+ 2008-04-13 10:46:20 61,696 ------w c:\windows\ServicePackFiles\i386\ohci1394.sys
+ 2008-04-14 08:05:32 1,287,168 ------w c:\windows\ServicePackFiles\i386\ole32.dll
+ 2008-04-14 08:05:32 551,936 ------w c:\windows\ServicePackFiles\i386\oleaut32.dll
+ 2008-04-14 08:05:32 74,752 ------w c:\windows\ServicePackFiles\i386\olecli32.dll
+ 2008-04-14 08:05:32 37,376 ------w c:\windows\ServicePackFiles\i386\olecnv32.dll
+ 2008-04-14 08:05:32 487,424 ------w c:\windows\ServicePackFiles\i386\oledb32.dll
+ 2008-04-14 08:05:32 69,632 ------w c:\windows\ServicePackFiles\i386\oledb32r.dll
+ 2008-04-14 08:05:32 122,880 ------w c:\windows\ServicePackFiles\i386\oledlg.dll
+ 2008-04-14 08:05:32 108,032 ------w c:\windows\ServicePackFiles\i386\oleprn.dll
+ 2008-04-14 08:05:32 84,992 ------w c:\windows\ServicePackFiles\i386\olepro32.dll
+ 2008-04-14 08:05:32 144,896 ------w c:\windows\ServicePackFiles\i386\onex.dll
+ 2008-04-14 08:06:00 51,712 ------w c:\windows\ServicePackFiles\i386\oobebaln.exe
+ 2008-04-14 08:05:32 713,728 ------w c:\windows\ServicePackFiles\i386\opengl32.dll
+ 2008-04-13 10:32:34 166,912 ------w c:\windows\ServicePackFiles\i386\oschoice.exe
+ 2008-04-14 08:06:00 215,552 ------w c:\windows\ServicePackFiles\i386\osk.exe
+ 2008-04-13 10:31:50 230,912 ------w c:\windows\ServicePackFiles\i386\osloader.exe
+ 2008-04-14 08:05:32 67,584 ------w c:\windows\ServicePackFiles\i386\osuninst.dll
+ 2008-04-14 08:05:32 153,600 ------w c:\windows\ServicePackFiles\i386\p2p.dll
+ 2008-04-14 08:05:32 105,472 ------w c:\windows\ServicePackFiles\i386\p2pgasvc.dll
+ 2008-04-14 08:05:32 313,856 ------w c:\windows\ServicePackFiles\i386\p2pgraph.dll
+ 2008-04-14 08:05:32 115,712 ------w c:\windows\ServicePackFiles\i386\p2pnetsh.dll
+ 2008-04-14 08:05:32 554,496 ------w c:\windows\ServicePackFiles\i386\p2psvc.dll
+ 2008-04-14 07:46:14 46,592 ------w c:\windows\ServicePackFiles\i386\p3.sys
+ 2008-04-14 08:06:00 58,880 ------w c:\windows\ServicePackFiles\i386\packager.exe
+ 2008-04-14 07:46:16 80,256 ------w c:\windows\ServicePackFiles\i386\parport.sys
+ 2008-04-13 10:40:50 19,712 ------w c:\windows\ServicePackFiles\i386\partmgr.sys
+ 2008-04-14 08:05:32 67,584 ------w c:\windows\ServicePackFiles\i386\pautoenr.dll
+ 2008-04-13 08:35:34 29,502 ------w c:\windows\ServicePackFiles\i386\pca200e.sys
+ 2008-04-14 08:05:32 102,912 ------w c:\windows\ServicePackFiles\i386\pchshell.dll
+ 2008-04-14 08:05:32 38,400 ------w c:\windows\ServicePackFiles\i386\pchsvc.dll
+ 2008-04-14 07:46:18 68,096 ------w c:\windows\ServicePackFiles\i386\pci.sys
+ 2008-04-13 10:40:30 24,960 ------w c:\windows\ServicePackFiles\i386\pciidex.sys
+ 2007-05-15 00:08:12 288,768 ------w c:\windows\ServicePackFiles\i386\pcl4res.dll
+ 2007-05-15 00:08:14 1,058,816 ------w c:\windows\ServicePackFiles\i386\pcl5eres.dll
+ 2007-05-15 00:08:16 1,057,280 ------w c:\windows\ServicePackFiles\i386\pcl5ures.dll
+ 2007-05-15 00:08:16 207,872 ------w c:\windows\ServicePackFiles\i386\pclxl.dll
+ 2008-04-14 07:46:22 120,320 ------w c:\windows\ServicePackFiles\i386\pcmcia.sys
+ 2008-04-13 08:12:44 169,984 ------w c:\windows\ServicePackFiles\i386\pcx500.sys
+ 2008-04-14 08:05:32 284,672 ------w c:\windows\ServicePackFiles\i386\pdh.dll
+ 2008-04-14 08:05:32 40,448 ------w c:\windows\ServicePackFiles\i386\perfctrs.dll
+ 2008-04-14 08:05:32 26,624 ------w c:\windows\ServicePackFiles\i386\perfdisk.dll
+ 2008-04-14 08:06:00 15,872 ------w c:\windows\ServicePackFiles\i386\perfmon.exe
+ 2008-04-14 08:05:32 17,920 ------w c:\windows\ServicePackFiles\i386\perfnet.dll
+ 2008-04-14 08:05:32 25,600 ------w c:\windows\ServicePackFiles\i386\perfos.dll
+ 2008-04-14 08:05:32 35,328 ------w c:\windows\ServicePackFiles\i386\perfproc.dll
+ 2008-04-13 10:44:30 27,904 ------w c:\windows\ServicePackFiles\i386\perm2.sys
+ 2008-04-14 08:04:34 211,584 ------w c:\windows\ServicePackFiles\i386\perm2dll.dll
+ 2008-04-13 10:44:32 28,032 ------w c:\windows\ServicePackFiles\i386\perm3.sys
+ 2008-04-14 08:04:34 259,328 ------w c:\windows\ServicePackFiles\i386\perm3dd.dll
+ 2008-04-14 08:05:32 171,520 ------w c:\windows\ServicePackFiles\i386\photowiz.dll
+ 2008-04-14 08:05:32 35,328 ------w c:\windows\ServicePackFiles\i386\pid.dll
+ 2008-04-13 10:35:24 24,064 ------w c:\windows\ServicePackFiles\i386\pidgen.dll
+ 2008-04-14 08:06:00 282,112 ------w c:\windows\ServicePackFiles\i386\pinball.exe
+ 2008-04-14 08:06:00 18,432 ------w c:\windows\ServicePackFiles\i386\ping.exe
+ 2008-04-14 08:05:32 15,360 ------w c:\windows\ServicePackFiles\i386\pjlmon.dll
+ 2008-04-14 08:05:32 44,544 ------w c:\windows\ServicePackFiles\i386\plotter.dll
+ 2008-04-14 08:05:32 53,248 ------w c:\windows\ServicePackFiles\i386\plotui.dll
+ 2008-04-14 08:05:32 412,160 ------w c:\windows\ServicePackFiles\i386\pmh.dll
+ 2008-04-14 08:05:32 39,424 ------w c:\windows\ServicePackFiles\i386\pngfilt.dll
+ 2008-04-14 08:05:32 58,880 ------w c:\windows\ServicePackFiles\i386\pnrpnsp.dll
+ 2008-04-14 08:05:32 105,472 ------w c:\windows\ServicePackFiles\i386\polstore.dll
+ 2008-04-13 11:19:42 146,048 ------w c:\windows\ServicePackFiles\i386\portcls.sys
+ 2008-04-14 08:06:00 49,152 ------w c:\windows\ServicePackFiles\i386\powercfg.exe
+ 2008-04-13 10:40:58 8,832 ------w c:\windows\ServicePackFiles\i386\powerfil.sys
+ 2008-04-14 08:05:32 17,408 ------w c:\windows\ServicePackFiles\i386\powrprof.dll
+ 2008-04-13 10:41:02 17,664 ------w c:\windows\ServicePackFiles\i386\ppa3.sys
+ 2008-04-14 08:05:32 564,736 ------w c:\windows\ServicePackFiles\i386\printui.dll
+ 2008-04-14 07:36:24 39,680 ------w c:\windows\ServicePackFiles\i386\processr.sys
+ 2008-04-14 08:05:32 27,648 ------w c:\windows\ServicePackFiles\i386\profmap.dll
+ 2008-04-14 08:06:00 109,568 ------w c:\windows\ServicePackFiles\i386\progman.exe
+ 2008-04-14 08:06:00 50,688 ------w c:\windows\ServicePackFiles\i386\proquota.exe
+ 2008-04-14 08:05:32 237,056 ------w c:\windows\ServicePackFiles\i386\provthrd.dll
+ 2008-04-14 08:06:00 10,240 ------w c:\windows\ServicePackFiles\i386\proxycfg.exe
+ 2008-04-14 08:05:32 728,576 ------w c:\windows\ServicePackFiles\i386\ps5ui.dll
+ 2008-04-14 08:05:32 23,040 ------w c:\windows\ServicePackFiles\i386\psapi.dll
+ 2008-04-14 08:05:32 97,280 ------w c:\windows\ServicePackFiles\i386\psbase.dll
+ 2008-04-13 10:56:40 69,120 ------w c:\windows\ServicePackFiles\i386\psched.sys
+ 2008-04-14 08:05:32 543,232 ------w c:\windows\ServicePackFiles\i386\pscript5.dll
+ 2008-04-14 08:05:32 363,520 ------w c:\windows\ServicePackFiles\i386\psisdecd.dll
+ 2008-04-14 08:05:32 43,520 ------w c:\windows\ServicePackFiles\i386\pstorec.dll
+ 2008-04-14 08:05:32 34,304 ------w c:\windows\ServicePackFiles\i386\pstorsvc.dll
+ 2008-04-14 08:05:32 159,232 ------w c:\windows\ServicePackFiles\i386\ptpusd.dll
+ 2008-04-14 08:05:32 150,528 ------w c:\windows\ServicePackFiles\i386\qagent.dll
+ 2008-04-14 08:05:32 292,352 ------w c:\windows\ServicePackFiles\i386\qagentrt.dll
+ 2008-04-14 08:05:32 237,568 ------w c:\windows\ServicePackFiles\i386\qasf.dll
+ 2008-04-14 08:05:32 192,512 ------w c:\windows\ServicePackFiles\i386\qcap.dll
+ 2008-04-14 08:05:32 62,464 ------w c:\windows\ServicePackFiles\i386\qcliprov.dll
+ 2008-04-14 08:05:32 279,040 ------w c:\windows\ServicePackFiles\i386\qdv.dll
+ 2008-04-14 08:05:32 386,560 ------w c:\windows\ServicePackFiles\i386\qdvd.dll
+ 2008-04-14 08:05:32 562,688 ------w c:\windows\ServicePackFiles\i386\qedit.dll
+ 2008-04-13 09:21:34 733,696 ------w c:\windows\ServicePackFiles\i386\qedwipes.dll
+ 2008-04-13 10:40:54 6,016 ------w c:\windows\ServicePackFiles\i386\qic157.sys
+ 2008-04-14 08:05:32 409,088 ------w c:\windows\ServicePackFiles\i386\qmgr.dll
+ 2008-04-14 08:05:32 18,944 ------w c:\windows\ServicePackFiles\i386\qmgrprxy.dll
+ 2008-04-14 08:06:00 20,480 ------w c:\windows\ServicePackFiles\i386\qprocess.exe
+ 2008-04-14 08:05:32 1,292,288 ------w c:\windows\ServicePackFiles\i386\quartz.dll
+ 2008-04-14 08:05:32 1,438,720 ------w c:\windows\ServicePackFiles\i386\query.dll
+ 2008-04-14 08:05:32 76,800 ------w c:\windows\ServicePackFiles\i386\qutil.dll
+ 2008-04-14 08:05:32 43,520 ------w c:\windows\ServicePackFiles\i386\racpldlg.dll
+ 2008-04-13 10:41:24 20,736 ------w c:\windows\ServicePackFiles\i386\ramdisk.sys
+ 2008-04-14 08:05:32 7,680 ------w c:\windows\ServicePackFiles\i386\rasadhlp.dll
+ 2008-04-14 08:05:32 237,056 ------w c:\windows\ServicePackFiles\i386\rasapi32.dll
+ 2008-04-14 08:05:32 88,576 ------w c:\windows\ServicePackFiles\i386\rasauto.dll
+ 2008-04-14 08:05:32 79,872 ------w c:\windows\ServicePackFiles\i386\raschap.dll
+ 2008-04-14 08:05:32 668,160 ------w c:\windows\ServicePackFiles\i386\rasdlg.dll
+ 2008-04-13 11:19:44 51,328 ------w c:\windows\ServicePackFiles\i386\rasl2tp.sys
+ 2008-04-14 08:05:32 61,440 ------w c:\windows\ServicePackFiles\i386\rasman.dll
+ 2008-04-14 08:05:32 186,368 ------w c:\windows\ServicePackFiles\i386\rasmans.dll
+ 2008-04-14 08:06:00 56,832 ------w c:\windows\ServicePackFiles\i386\rasphone.exe
+ 2008-04-14 08:05:32 210,944 ------w c:\windows\ServicePackFiles\i386\rasppp.dll
+ 2008-04-13 10:57:34 41,472 ------w c:\windows\ServicePackFiles\i386\raspppoe.sys
+ 2008-04-13 11:19:50 48,384 ------w c:\windows\ServicePackFiles\i386\raspptp.sys
+ 2008-04-14 08:05:32 61,952 ------w c:\windows\ServicePackFiles\i386\rasqec.dll
+ 2008-04-14 08:05:32 16,384 ------w c:\windows\ServicePackFiles\i386\rassapi.dll
+ 2008-04-14 08:05:32 58,368 ------w c:\windows\ServicePackFiles\i386\rastapi.dll
+ 2008-04-14 08:05:32 150,528 ------w c:\windows\ServicePackFiles\i386\rastls.dll
+ 2008-04-14 08:05:32 102,400 ------w c:\windows\ServicePackFiles\i386\rcbdyctl.dll
+ 2008-04-14 08:06:00 35,840 ------w c:\windows\ServicePackFiles\i386\rcimlby.exe
+ 2008-04-14 08:06:00 22,016 ------w c:\windows\ServicePackFiles\i386\rcp.exe
+ 2008-04-13 11:28:40 175,744 ------w c:\windows\ServicePackFiles\i386\rdbss.sys
+ 2008-04-14 08:05:32 147,968 ------w c:\windows\ServicePackFiles\i386\rdchost.dll
+ 2008-04-14 08:06:00 62,976 ------w c:\windows\ServicePackFiles\i386\rdpclip.exe
+ 2008-04-14 08:06:32 92,424 ------w c:\windows\ServicePackFiles\i386\rdpdd.dll
+ 2008-04-13 10:32:52 196,224 ------w c:\windows\ServicePackFiles\i386\rdpdr.sys
+ 2008-04-14 08:05:32 19,968 ------w c:\windows\ServicePackFiles\i386\rdpsnd.dll
+ 2008-04-14 08:06:32 139,656 ------w c:\windows\ServicePackFiles\i386\rdpwd.sys
+ 2008-04-14 08:06:32 87,176 ------w c:\windows\ServicePackFiles\i386\rdpwsx.dll
+ 2008-04-14 08:06:00 13,824 ------w c:\windows\ServicePackFiles\i386\rdsaddin.exe
+ 2008-04-14 08:06:00 67,072 ------w c:\windows\ServicePackFiles\i386\rdshost.exe
+ 2008-04-13 10:23:44 13,776 ------w c:\windows\ServicePackFiles\i386\recagent.sys
+ 2008-04-14 07:37:46 58,112 ------w c:\windows\ServicePackFiles\i386\redbook.sys
+ 2008-04-13 08:52:34 3,338 ------w c:\windows\ServicePackFiles\i386\redir.exe
+ 2008-04-14 08:06:00 54,272 ------w c:\windows\ServicePackFiles\i386\reg.exe
+ 2008-04-14 08:05:32 49,664 ------w c:\windows\ServicePackFiles\i386\regapi.dll
+ 2008-04-14 08:06:02 150,528 ------w c:\windows\ServicePackFiles\i386\regedit.exe
+ 2008-04-14 08:05:32 59,904 ------w c:\windows\ServicePackFiles\i386\regsvc.dll
+ 2008-04-14 08:06:02 11,776 ------w c:\windows\ServicePackFiles\i386\regsvr32.exe
+ 2008-04-14 08:05:32 397,824 ------w c:\windows\ServicePackFiles\i386\regwizc.dll
+ 2008-04-14 08:05:32 60,928 ------w c:\windows\ServicePackFiles\i386\remotepg.dll
+ 2008-04-14 08:05:32 178,176 ------w c:\windows\ServicePackFiles\i386\repdrvfs.dll
+ 2008-04-14 08:05:32 58,880 ------w c:\windows\ServicePackFiles\i386\resutils.dll
+ 2008-04-14 08:06:02 14,336 ------w c:\windows\ServicePackFiles\i386\rexec.exe
+ 2008-04-13 10:46:34 59,136 ------w c:\windows\ServicePackFiles\i386\rfcomm.sys
+ 2008-04-14 08:05:32 290,304 ------w c:\windows\ServicePackFiles\i386\rhttpaa.dll
+ 2008-04-14 08:05:32 123,904 ------w c:\windows\ServicePackFiles\i386\riafres.dll
+ 2008-04-14 08:05:32 12,288 ------w c:\windows\ServicePackFiles\i386\riafui1.dll
+ 2008-04-14 08:05:32 12,288 ------w c:\windows\ServicePackFiles\i386\riafui2.dll
+ 2008-04-14 08:05:32 433,664 ------w c:\windows\ServicePackFiles\i386\riched20.dll
+ 2008-04-13 10:55:10 202,624 ------w c:\windows\ServicePackFiles\i386\rmcast.sys
+ 2008-04-13 10:56:50 30,592 ------w c:\windows\ServicePackFiles\i386\rndismp.sys
+ 2008-04-13 10:56:50 30,592 ------w c:\windows\ServicePackFiles\i386\rndismpx.sys
+ 2008-04-14 07:38:30 79,104 ------w c:\windows\ServicePackFiles\i386\rocket.sys
+ 2008-04-14 08:05:32 584,704 ------w c:\windows\ServicePackFiles\i386\rpcrt4.dll
+ 2008-04-14 08:05:32 399,360 ------w c:\windows\ServicePackFiles\i386\rpcss.dll
+ 2008-04-14 08:05:32 61,440 ------w c:\windows\ServicePackFiles\i386\rrcm.dll
+ 2008-04-13 09:37:58 208,384 ------w c:\windows\ServicePackFiles\i386\rsaenh.dll
+ 2008-04-14 08:06:02 15,360 ------w c:\windows\ServicePackFiles\i386\rsh.exe
+ 2008-04-14 08:05:32 40,448 ------w c:\windows\ServicePackFiles\i386\rshx32.dll
+ 2008-04-14 08:05:32 18,944 ------w c:\windows\ServicePackFiles\i386\rsmps.dll
+ 2008-04-14 08:06:02 381,952 ------w c:\windows\ServicePackFiles\i386\rstrui.exe
+ 2008-04-14 08:05:32 92,672 ------w c:\windows\ServicePackFiles\i386\rsvpsp.dll
+ 2008-04-14 08:06:02 77,824 ------w c:\windows\ServicePackFiles\i386\rtcshare.exe
+ 2008-04-14 08:05:32 31,744 ------w c:\windows\ServicePackFiles\i386\rtipxmib.dll
+ 2008-04-13 08:35:40 20,992 ------w c:\windows\ServicePackFiles\i386\rtl8139.sys
+ 2008-04-14 08:05:32 44,032 ------w c:\windows\ServicePackFiles\i386\rtutils.dll
+ 2008-04-14 08:06:02 33,280 ------w c:\windows\ServicePackFiles\i386\rundll32.exe
+ 2008-04-14 08:06:02 14,336 ------w c:\windows\ServicePackFiles\i386\runonce.exe
+ 2008-04-14 08:05:32 27,648 ------w c:\windows\ServicePackFiles\i386\rw001ext.dll
+ 2008-04-14 08:05:32 29,184 ------w c:\windows\ServicePackFiles\i386\rw330ext.dll
+ 2008-04-14 08:05:32 28,160 ------w c:\windows\ServicePackFiles\i386\rw430ext.dll
+ 2008-04-14 08:05:32 29,696 ------w c:\windows\ServicePackFiles\i386\rw450ext.dll
+ 2008-04-14 08:05:32 397,056 ------w c:\windows\ServicePackFiles\i386\s3gnb.dll
+ 2008-04-13 08:34:34 166,912 ------w c:\windows\ServicePackFiles\i386\s3gnbm.sys
+ 2008-04-14 08:05:32 43,520 ------w c:\windows\ServicePackFiles\i386\safrcdlg.dll
+ 2008-04-14 08:05:32 29,696 ------w c:\windows\ServicePackFiles\i386\safrdm.dll
+ 2008-04-14 08:05:32 45,568 ------w c:\windows\ServicePackFiles\i386\safrslv.dll
+ 2008-04-14 08:05:32 64,000 ------w c:\windows\ServicePackFiles\i386\samlib.dll
+ 2008-04-14 08:05:32 426,496 ------w c:\windows\ServicePackFiles\i386\samsrv.dll
+ 2008-04-14 08:05:32 741,376 ------w c:\windows\ServicePackFiles\i386\sapi.dll
+ 2008-04-14 08:06:02 13,312 ------w c:\windows\ServicePackFiles\i386\savedump.exe
+ 2008-04-14 08:05:32 270,848 ------w c:\windows\ServicePackFiles\i386\sbe.dll
+ 2008-04-14 08:05:32 159,232 ------w c:\windows\ServicePackFiles\i386\sbeio.dll
+ 2008-04-13 10:40:50 43,904 ------w c:\windows\ServicePackFiles\i386\sbp2port.sys
+ 2008-04-14 08:05:32 69,632 ------w c:\windows\ServicePackFiles\i386\scarddlg.dll
+ 2008-04-14 08:06:02 97,280 ------w c:\windows\ServicePackFiles\i386\scardsvr.exe
+ 2008-04-13 09:38:00 169,984 ------w c:\windows\ServicePackFiles\i386\sccbase.dll
+ 2008-04-14 08:05:32 171,008 ------w c:\windows\ServicePackFiles\i386\sccsccp.dll
+ 2008-04-14 08:05:32 186,368 ------w c:\windows\ServicePackFiles\i386\scecli.dll
+ 2008-04-14 08:05:32 324,096 ------w c:\windows\ServicePackFiles\i386\scesrv.dll
+ 2008-04-14 08:05:32 144,384 ------w c:\windows\ServicePackFiles\i386\schannel.dll
+ 2008-04-14 08:05:32 192,512 ------w c:\windows\ServicePackFiles\i386\schedsvc.dll
+ 2008-04-14 08:05:32 22,016 ------w c:\windows\ServicePackFiles\i386\sclgntfy.dll
+ 2008-04-14 08:06:02 36,352 ------w c:\windows\ServicePackFiles\i386\scrcons.exe
+ 2008-04-14 08:05:32 216,064 ------w c:\windows\ServicePackFiles\i386\script.dll
+ 2008-04-14 08:05:32 199,680 ------w c:\windows\ServicePackFiles\i386\scripta.dll
+ 2008-04-14 08:06:10 9,216 ------w c:\windows\ServicePackFiles\i386\scrnsave.scr
+ 2008-04-14 08:05:32 180,224 ------w c:\windows\ServicePackFiles\i386\scrobj.dll
+ 2008-04-14 08:05:32 172,032 ------w c:\windows\ServicePackFiles\i386\scrrun.dll
+ 2008-04-13 10:40:32 96,384 ------w c:\windows\ServicePackFiles\i386\scsiport.sys
+ 2008-04-13 10:45:34 11,520 ------w c:\windows\ServicePackFiles\i386\scsiscan.sys
+ 2008-04-14 08:06:02 77,824 ------w c:\windows\ServicePackFiles\i386\sdbinst.exe
+ 2008-04-13 10:36:46 79,232 ------w c:\windows\ServicePackFiles\i386\sdbus.sys
+ 2008-04-14 08:05:32 29,184 ------w c:\windows\ServicePackFiles\i386\sdhcinst.dll
+ 2008-04-13 08:39:16 20,480 ------w c:\windows\ServicePackFiles\i386\secdrv.sys
+ 2008-04-14 08:05:32 18,944 ------w c:\windows\ServicePackFiles\i386\seclogon.dll
+ 2006-12-30 18:27:08 4,569 ------w c:\windows\ServicePackFiles\i386\secupd.dat
+ 2008-04-14 08:05:32 56,320 ------w c:\windows\ServicePackFiles\i386\secur32.dll
+ 2008-04-14 08:05:32 5,632 ------w c:\windows\ServicePackFiles\i386\security.dll
+ 2008-04-14 08:05:32 29,696 ------w c:\windows\ServicePackFiles\i386\sendcmsg.dll
+ 2008-04-14 08:05:32 55,296 ------w c:\windows\ServicePackFiles\i386\sendmail.dll
+ 2008-04-14 08:05:32 39,424 ------w c:\windows\ServicePackFiles\i386\sens.dll
+ 2008-04-14 08:05:32 7,168 ------w c:\windows\ServicePackFiles\i386\sensapi.dll
+ 2008-04-13 10:40:14 15,744 ------w c:\windows\ServicePackFiles\i386\serenum.sys
+ 2008-04-14 07:39:54 64,768 ------w c:\windows\ServicePackFiles\i386\serial.sys
+ 2008-04-14 08:05:32 56,320 ------w c:\windows\ServicePackFiles\i386\servdeps.dll
+ 2008-04-14 08:06:02 108,544 ------w c:\windows\ServicePackFiles\i386\services.exe
+ 2008-04-14 08:06:02 141,824 ------w c:\windows\ServicePackFiles\i386\sessmgr.exe
+ 2008-04-14 08:06:02 31,744 ------w c:\windows\ServicePackFiles\i386\sethc.exe
+ 2008-04-14 08:06:02 23,040 ------w c:\windows\ServicePackFiles\i386\setup.exe
+ 2008-04-14 08:06:02 73,216 ------w c:\windows\ServicePackFiles\i386\setup50.exe
+ 2008-04-14 08:05:32 995,328 ------w c:\windows\ServicePackFiles\i386\setupapi.dll
+ 2008-04-14 08:06:02 32,768 ------w c:\windows\ServicePackFiles\i386\setupn.exe
+ 2008-04-14 08:05:32 101,888 ------w c:\windows\ServicePackFiles\i386\setupqry.dll
+ 2008-04-14 08:05:32 5,120 ------w c:\windows\ServicePackFiles\i386\sfc.dll
+ 2008-04-14 08:05:32 140,288 ------w c:\windows\ServicePackFiles\i386\sfc_os.dll
+ 2008-04-14 08:05:32 1,571,840 ------w c:\windows\ServicePackFiles\i386\sfcfiles.dll
+ 2008-04-13 10:40:48 11,904 ------w c:\windows\ServicePackFiles\i386\sffdisk.sys
+ 2008-04-13 10:40:50 10,240 ------w c:\windows\ServicePackFiles\i386\sffp_mmc.sys
+ 2008-04-13 10:40:48 11,008 ------w c:\windows\ServicePackFiles\i386\sffp_sd.sys
+ 2008-04-13 10:40:50 11,392 ------w c:\windows\ServicePackFiles\i386\sfloppy.sys
+ 2008-04-14 07:40:28 559,104 ------w c:\windows\ServicePackFiles\i386\shdoclc.dll
+ 2008-04-14 08:05:32 1,499,136 ------w c:\windows\ServicePackFiles\i386\shdocvw.dll
+ 2008-04-14 08:05:32 8,472,576 ------w c:\windows\ServicePackFiles\i386\shell32.dll
+ 2008-04-14 08:05:32 25,088 ------w c:\windows\ServicePackFiles\i386\shfolder.dll
+ 2008-04-14 08:05:32 68,096 ------w c:\windows\ServicePackFiles\i386\shgina.dll
+ 2008-04-14 08:05:32 65,024 ------w c:\windows\ServicePackFiles\i386\shimeng.dll
+ 2008-04-14 08:05:32 438,784 ------w c:\windows\ServicePackFiles\i386\shimgvw.dll
+ 2008-04-14 08:05:32 474,112 ------w c:\windows\ServicePackFiles\i386\shlwapi.dll
+ 2008-04-14 08:06:02 45,056 ------w c:\windows\ServicePackFiles\i386\shmgrate.exe
+ 2008-04-14 08:06:04 77,824 ------w c:\windows\ServicePackFiles\i386\shrpubw.exe
+ 2008-04-14 08:05:32 27,136 ------w c:\windows\ServicePackFiles\i386\shscrap.dll
+ 2008-04-14 08:05:32 135,168 ------w c:\windows\ServicePackFiles\i386\shsvcs.dll
+ 2008-04-14 08:05:32 20,536 ------w c:\windows\ServicePackFiles\i386\shtml.dll
+ 2008-04-14 08:06:04 16,437 ------w c:\windows\ServicePackFiles\i386\shtml.exe
+ 2008-04-14 08:06:04 19,968 ------w c:\windows\ServicePackFiles\i386\shutdown.exe
+ 2008-04-14 08:05:32 13,824 ------w c:\windows\ServicePackFiles\i386\sigtab.dll
+ 2008-04-14 08:06:04 70,144 ------w c:\windows\ServicePackFiles\i386\sigverif.exe
+ 2008-04-14 08:05:32 3,901 ------w c:\windows\ServicePackFiles\i386\siint5.dll
+ 2008-04-13 10:36:40 40,960 ------w c:\windows\ServicePackFiles\i386\sisagp.sys
+ 2008-04-13 08:35:40 32,768 ------w c:\windows\ServicePackFiles\i386\sisnic.sys
+ 2008-04-14 08:06:04 26,112 ------w c:\windows\ServicePackFiles\i386\skeys.exe
+ 2008-04-13 08:35:40 63,547 ------w c:\windows\ServicePackFiles\i386\sla30nd5.sys
+ 2008-04-14 08:05:32 25,088 ------w c:\windows\ServicePackFiles\i386\slayerxp.dll
+ 2008-04-13 09:38:00 306,176 ------w c:\windows\ServicePackFiles\i386\slbcsp.dll
+ 2008-04-14 08:05:32 98,304 ------w c:\windows\ServicePackFiles\i386\slbiop.dll
+ 2008-04-14 08:05:32 73,832 ------w c:\windows\ServicePackFiles\i386\slcoinst.dll
+ 2008-04-14 08:05:32 286,792 ------w c:\windows\ServicePackFiles\i386\slextspk.dll
+ 2008-04-14 08:05:32 188,508 ------w c:\windows\ServicePackFiles\i386\slgen.dll
+ 2008-04-13 10:46:24 11,136 ------w c:\windows\ServicePackFiles\i386\slip.sys
+ 2008-04-13 10:23:44 129,535 ------w c:\windows\ServicePackFiles\i386\slnt7554.sys
+ 2008-04-13 10:23:46 404,990 ------w c:\windows\ServicePackFiles\i386\slntamr.sys
+ 2008-04-13 10:23:48 95,424 ------w c:\windows\ServicePackFiles\i386\slnthal.sys
+ 2008-04-14 08:06:04 32,866 ------w c:\windows\ServicePackFiles\i386\slrundll.exe
+ 2008-04-14 08:06:04 73,796 ------w c:\windows\ServicePackFiles\i386\slserv.exe
+ 2008-04-13 10:23:48 13,240 ------w c:\windows\ServicePackFiles\i386\slwdmsup.sys
+ 2008-04-13 10:36:36 5,888 ------w c:\windows\ServicePackFiles\i386\smbali.sys
+ 2008-04-13 10:36:34 16,000 ------w c:\windows\ServicePackFiles\i386\smbbatt.sys
+ 2008-04-13 10:36:34 6,912 ------w c:\windows\ServicePackFiles\i386\smbclass.sys
+ 2008-04-14 08:06:04 8,192 ------w c:\windows\ServicePackFiles\i386\smbinst.exe
+ 2008-04-14 08:06:04 236,544 ------w c:\windows\ServicePackFiles\i386\smi2smir.exe
+ 2008-04-14 08:05:32 364,032 ------w c:\windows\ServicePackFiles\i386\smlogcfg.dll
+ 2008-04-14 08:06:04 90,624 ------w c:\windows\ServicePackFiles\i386\smlogsvc.exe
+ 2008-04-14 08:06:04 50,688 ------w c:\windows\ServicePackFiles\i386\smss.exe
+ 2008-04-14 08:05:32 460,288 ------w c:\windows\ServicePackFiles\i386\smtpsvc.dll
+ 2008-04-14 08:06:04 131,584 ------w c:\windows\ServicePackFiles\i386\sndrec32.exe
+ 2008-04-14 08:05:32 34,816 ------w c:\windows\ServicePackFiles\i386\sniffpol.dll
+ 2008-04-14 08:06:04 33,280 ------w c:\windows\ServicePackFiles\i386\snmp.exe
+ 2008-04-14 08:05:32 18,944 ------w c:\windows\ServicePackFiles\i386\snmpapi.dll
+ 2008-04-14 08:05:32 259,072 ------w c:\windows\ServicePackFiles\i386\snmpcl.dll
+ 2008-04-14 08:05:32 358,400 ------w c:\windows\ServicePackFiles\i386\snmpincl.dll
+ 2008-04-14 08:05:32 6,144 ------w c:\windows\ServicePackFiles\i386\snmpmib.dll
+ 2008-04-14 08:05:32 188,416 ------w c:\windows\ServicePackFiles\i386\snmpsmir.dll
+ 2008-04-14 08:05:32 182,784 ------w c:\windows\ServicePackFiles\i386\snmpsnap.dll
+ 2008-04-14 08:05:32 39,936 ------w c:\windows\ServicePackFiles\i386\snmpthrd.dll
+ 2008-04-14 08:06:04 8,704 ------w c:\windows\ServicePackFiles\i386\snmptrap.exe
+ 2008-04-14 08:05:32 130,048 ------w c:\windows\ServicePackFiles\i386\softkbd.dll
+ 2008-04-13 10:40:54 7,552 ------w c:\windows\ServicePackFiles\i386\sonyait.sys
+ 2008-04-13 10:46:08 25,344 ------w c:\windows\ServicePackFiles\i386\sonydcam.sys
+ 2008-04-14 08:06:04 25,088 ------w c:\windows\ServicePackFiles\i386\sort.exe
+ 2008-04-14 08:06:04 7,680 ------w c:\windows\ServicePackFiles\i386\spdwnwxp.exe
+ 2008-04-13 08:43:20 62,976 ------w c:\windows\ServicePackFiles\i386\spgrmr.dll
+ 2008-04-14 08:06:04 538,624 ------w c:\windows\ServicePackFiles\i386\spider.exe
+ 2008-04-13 10:45:08 6,272 ------w c:\windows\ServicePackFiles\i386\splitter.sys
+ 2008-04-14 08:06:04 11,264 ------w c:\windows\ServicePackFiles\i386\spnpinst.exe
+ 2008-04-14 08:05:32 75,264 ------w c:\windows\ServicePackFiles\i386\spoolss.dll
+ 2008-04-14 08:06:04 57,856 ------w c:\windows\ServicePackFiles\i386\spoolsv.exe
+ 2008-04-13 10:35:10 192,000 ------w c:\windows\ServicePackFiles\i386\sprs0406.dll
+ 2008-04-13 10:36:08 2,935,808 ------w c:\windows\ServicePackFiles\i386\sprt0406.dll
+ 2008-04-13 10:39:06 721,920 ------w c:\windows\ServicePackFiles\i386\spru0406.dll
+ 2008-04-14 08:05:38 271,872 ------w c:\windows\ServicePackFiles\i386\sptip.dll
+ 2008-04-14 08:06:04 20,992 ------w c:\windows\ServicePackFiles\i386\spupdwxp.exe
+ 2008-04-14 08:05:38 151,552 ------w c:\windows\ServicePackFiles\i386\sqldb20.dll
+ 2008-04-14 08:05:38 528,384 ------w c:\windows\ServicePackFiles\i386\sqloledb.dll
+ 2008-04-14 08:05:38 462,848 ------w c:\windows\ServicePackFiles\i386\sqlqp20.dll
+ 2008-04-14 08:05:38 110,592 ------w c:\windows\ServicePackFiles\i386\sqlse20.dll
+ 2008-04-14 08:05:38 442,368 ------w c:\windows\ServicePackFiles\i386\sqlsrv32.dl

Synes godt om

daki Juniormester

10. marts 2009 - 23:11 #7

osv, osv.

-- Snapshot sat til dags dato --
.
((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 68856]
"Skype"="c:\programmer\Skype\Phone\Skype.exe" [2008-09-29 21755688]
"mess comp"="c:\docume~1\CLAUSD~1.PC0\APPLIC~1\LISTSP~1\partsecond.exe" [2009-02-01 593920]
"WMPNSCFG"="c:\programmer\Windows Media Player\WMPNSCFG.exe" [2006-11-15 204288]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Internet Explorer Server"="c:\windows\IEXPLORE.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-03 344064]
"PCMService"="c:\programmer\Home Cinema\PowerCinema\PCMService.exe" [2004-09-03 81920]
"BigDogPath"="c:\windows\VM_STI.EXE" [2005-02-28 53248]
"Sony Ericsson PC Suite"="c:\programmer\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"LifeCam"="c:\programmer\Microsoft LifeCam\LifeExp.exe" [2008-08-04 160800]
"Stupid Data Dart Wave"="c:\documents and settings\All Users\Application Data\flag ace stupid data\test bib.exe" [2009-03-10 868352]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-09 1932568]
"Cmaudio"="cmicnfg.cpl" [BU]
"Dit"="Dit.exe" [2002-08-28 c:\windows\Dit.exe]
"Windows UDP's Control Service"="wswc.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Internet Explorer Server"="c:\windows\IEXPLORE.exe" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-09 21:56 10520 c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Adobe Reader Hurtigstart.lnk]
path=c:\documents and settings\All Users\Menuen Start\Programmer\Start\Adobe Reader Hurtigstart.lnk
backup=c:\windows\pss\Adobe Reader Hurtigstart.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Claus Dalgaard^Menuen Start^Programmer^Start^Registration Heroes of Might & Magic 5 - Hammers of Fate.LNK]
path=c:\documents and settings\Claus Dalgaard\Menuen Start\Programmer\Start\Registration Heroes of Might & Magic 5 - Hammers of Fate.LNK
backup=c:\windows\pss\Registration Heroes of Might & Magic 5 - Hammers of Fate.LNKStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Claus Dalgaard^Menuen Start^Programmer^Start^Registration Heroes of Might & Magic 5.LNK]
path=c:\documents and settings\Claus Dalgaard\Menuen Start\Programmer\Start\Registration Heroes of Might & Magic 5.LNK
backup=c:\windows\pss\Registration Heroes of Might & Magic 5.LNKStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Claus Dalgaard^Menuen Start^Programmer^Start^UltimateZip Quick Start.lnk]
path=c:\documents and settings\Claus Dalgaard\Menuen Start\Programmer\Start\UltimateZip Quick Start.lnk
backup=c:\windows\pss\UltimateZip Quick Start.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArtoNotifier]
--a------ 2006-05-23 15:42 668672 c:\programmer\Arto\Notifier\ArtoNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2006-06-26 10:34 614960 c:\programmer\Logitech\QuickCam10\QuickCam10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norman ZANDA]
c:\programmer\Norman\npm\bin\ZLH.EXE [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NPCTray]
c:\programmer\Norman\npc\bin\npc_tray.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
c:\programmer\Steam\Steam.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
c:\programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-02-13 19:29 35328 c:\programmer\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
--a------ 2004-05-18 03:30 543232 c:\windows\zHotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRISMSTA.EXE]
--a------ 2003-08-04 14:54 215552 c:\windows\system32\PRISMSTA.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Programmer\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Programmer\\NetMeeting\\Conf.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmer\\Valve\\hl.exe"=
"c:\\Documents and Settings\\Claus Dalgaard.PC02\\Skrivebord\\CS 1.6 lan2\\hl.exe"=
"c:\\Programmer\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Programmer\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Programmer\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Programmer\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmer\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmer\\Skype\\Phone\\Skype.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmer\\AVG\\AVG8\\avgemc.exe"=
"c:\\Programmer\\AVG\\AVG8\\avgupd.exe"=
"c:\\Programmer\\AVG\\AVG8\\avgnsx.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-09 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-09 107912]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-03-09 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-09 298264]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-01-26 55136]
R2 SeaPort;SeaPort;c:\programmer\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-04 226640]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2005-02-24 945152]
R3 PRISM_A00;PRISM 802.11g Driver;c:\windows\system32\drivers\PRISMA00.sys [2003-09-10 362688]
S3 fsssvc;Windows Live Family Safety;c:\programmer\Windows Live\Family Safety\fsssvc.exe [2008-12-08 533344]
S3 jnv4_mib;jnv4_mib;\??\c:\docume~1\CLAUSD~1\LOKALE~1\Temp\jnv4_mib.sys --> c:\docume~1\CLAUSD~1\LOKALE~1\Temp\jnv4_mib.sys [?]
S3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [2009-01-17 33808]
S3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;c:\windows\system32\drivers\PhTVTune.sys [2005-02-25 24704]
S3 SUSCOM;Susteen Serial port driver;c:\windows\system32\drivers\SUSCOM.SYS [2002-10-22 40448]

--- Andre Services/Drivers i Hukommelsen ---

*NewlyCreated* - GUSVC

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{117b8b16-5ed6-11dc-9c6e-000c76743ec6}]
\Shell\AutoRun\command - h:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\wmplayer32.exe
\Shell\open\command - h:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\wmplayer32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4bf24d70-0191-11de-9edb-000c76743ec6}]
\Shell\AutoRun\command - h:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\wmplayer32.exe
\Shell\open\command - h:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\wmplayer32.exe
.
Indhold af mappen 'Planlagte Opgaver'

2009-03-09 c:\windows\Tasks\A5B9163D918E8E8D.job
- c:\docume~1\clausd~1\applic~1\listsp~1\MAPI FIRST MEMO.exe []

2009-03-09 c:\windows\Tasks\AF16FEF291857D82.job
- c:\docume~1\clausd~1.pc0\applic~1\listsp~1\MAPI FIRST MEMO.exe [2009-02-01 16:31]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.com/
TCP: {1566B515-0628-4120-8BAF-A072DBBF5C1A} = 192.168.1.1,194.239.134.83
TCP: {4E4E2D6E-88D6-439B-B3AC-23AD199407CD} = 192.168.1.1,194.239.134.83
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-10 22:45:10
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ...

scanner skjulte autostarter ...

scanner skjulte filer ...

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'winlogon.exe'(592)
c:\windows\system32\Ati2evxx.dll
.
Gennemført tid: 2009-03-10 22:48:10
ComboFix-quarantined-files.txt 2009-03-10 21:48:05

Pre-Kørsel: 69,933,662,208 byte ledig
Post-Kørsel: 70,043,922,432 byte ledig

4521

Synes godt om

Computer Hjælp (Gratis) Mester

11. marts 2009 - 06:31 #8

2009-03-09 c:\windows\Tasks\A5B9163D918E8E8D.job
- c:\docume~1\clausd~1\applic~1\listsp~1\MAPI FIRST MEMO.exe []

2009-03-09 c:\windows\Tasks\AF16FEF291857D82.job
- c:\docume~1\clausd~1.pc0\applic~1\listsp~1\MAPI FIRST MEMO.exe [2009-02-01 16:31]

??? (Er det noget du kender ?)

Synes godt om

daki Juniormester

11. marts 2009 - 09:37 #9

Nej, det er det ikke..
Det er ikke min maskine, jeg hjælper bare.

/dan

Synes godt om

f-arn Guru

11. marts 2009 - 13:26 #10

karise_larry@ Fortsætter du?

Synes godt om

Computer Hjælp (Gratis) Mester

12. marts 2009 - 06:45 #11

Joooo - der er (stadig) noget infektion

Hent NoLop exe til skrivebordet:
http://www.spywareedge.net/nolop/NoLop.exe
http://www.thespykiller.co.uk/forum/index.php?action=tpmod;dl=item16

Kør den, tryk på - Search and Destroy - knappen. Så vil den scanne efter lop infektioner, og planlagte lop job´s. Hvis den finder noget, bliver du bedt om at trykke på Reboot-knappen, det gør du.

Efter genstart ligger der en en fil: C:\NoLop.txt

Kopier indholdet af den herind sammen med en frisk HiJackThis log...

Synes godt om

daki Juniormester

12. marts 2009 - 20:06 #12

Hermed log fra nolop og hijackthis

/dan

----------
NoLop! Log by Skate_Punk_21

Please Note: any existing old logs will have now been renamed to NoLop!OLD.log

Fix running from: C:\Documents and Settings\Claus Dalgaard.PC02\Skrivebord
[2009-03-12]
[19:55:01]

---Infection Files Found/Removed---
C:\WINDOWS\tasks\A5B9163D918E8E8D.job
C:\WINDOWS\tasks\AF16FEF291857D82.job

Beginning Removal...
Rebooting...

Beginning Removal...
Rebooting...

----------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:01, on 2009-03-12
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programmer\fælles filer\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\Dit.exe
C:\Programmer\Home Cinema\PowerCinema\PCMService.exe
C:\WINDOWS\VM_STI.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\DitExp.exe
C:\Programmer\Microsoft LifeCam\MSCamS32.exe
C:\Programmer\Windows Media Player\WMPNSCFG.exe
C:\Programmer\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programmer\RealVNC\VNC4\WinVNC4.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Programmer\AVG\AVG8\avgcsrvx.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Documents and Settings\Claus Dalgaard.PC02\Skrivebord\hijackthis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmer\AVG\AVG8\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmer\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmer\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmer\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmer\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmer\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmer\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmer\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programmer\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE USB PC Web Camera
O4 - HKLM\..\Run: [LifeCam] "C:\Programmer\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [Stupid Data Dart Wave] C:\Documents and Settings\All Users\Application Data\flag ace stupid data\test bib.exe
O4 - HKLM\..\Run: [Windows UDP's Control Service] wswc.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\RunServices: [Internet Explorer Server] C:\WINDOWS\IEXPLORE.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [mess comp] C:\DOCUME~1\CLAUSD~1.PC0\APPLIC~1\LISTSP~1\partsecond.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmer\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunServices: [Internet Explorer Server] C:\WINDOWS\IEXPLORE.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: NoLop.exe
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.msn.dk
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1236624819828
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1236719632343
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1566B515-0628-4120-8BAF-A072DBBF5C1A}: NameServer = 192.168.1.1,194.239.134.83
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E4E2D6E-88D6-439B-B3AC-23AD199407CD}: NameServer = 192.168.1.1,194.239.134.83
O17 - HKLM\System\CS1\Services\Tcpip\..\{1566B515-0628-4120-8BAF-A072DBBF5C1A}: NameServer = 192.168.1.1,194.239.134.83
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmer\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programmer\fælles filer\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programmer\Fælles filer\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Programmer\RealVNC\VNC4\WinVNC4.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 9932 bytes

----------

Synes godt om

Computer Hjælp (Gratis) Mester

12. marts 2009 - 20:28 #13

Hmmm... burde være nappet 'automatisk' ...

-- Hent Avenger her:
http://swandog46.geekstogo.com/avenger2/avenger.zip

-- Pak Avenger-programmet ud og dobbeltklik på avenger.exe

-- Der dukker et vindue op, hvor du skal kopiere indholdet mellem ~~~ skrift ind:

~~~~~~~~~~~~~~~~~~
Files to delete:
C:\Windows\wswc.exe
C:\WINDOWS\IEXPLORE.exe

Folders to delete:
C:\Documents and Settings\All Users\Application Data\flag ace stupid data
C:\DOCUME~1\CLAUSD~1.PC0\APPLIC~1\LISTSP~1

~~~~~~~~~~~~~~~~~~

-- Klik på EXECUTE - og la' PC'en selv genstarte.

-- Efter genstarten vil der dukke et notepad-vindue op, med en log for Avengers handlinger. Den må du gerne lægge ind i dit næste svar.

-- Kør Hijackthis, vælg "Do a system scan only", sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked.

O4 - HKLM\..\Run: [Stupid Data Dart Wave] C:\Documents and Settings\All Users\Application Data\flag ace stupid data\test bib.exe
O4 - HKLM\..\Run: [Windows UDP's Control Service] wswc.exe
O4 - HKLM\..\RunServices: [Internet Explorer Server] C:\WINDOWS\IEXPLORE.exe
O4 - HKCU\..\Run: [mess comp] C:\DOCUME~1\CLAUSD~1.PC0\APPLIC~1\LISTSP~1\partsecond.exe
O4 - HKCU\..\RunServices: [Internet Explorer Server] C:\WINDOWS\IEXPLORE.exe

O4 - Global Startup: NoLop.exe

Genstart computeren, ta' en oprydning med nævnte CCleaner og lav en ny log med Hijackthis, som du lægger herind sammen med loggen fra Avenger.

Synes godt om

daki Juniormester

12. marts 2009 - 21:05 #14

Nye logs

/dan

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Error: file "C:\Windows\wswc.exe" not found!
Deletion of file "C:\Windows\wswc.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "C:\WINDOWS\IEXPLORE.exe" not found!
Deletion of file "C:\WINDOWS\IEXPLORE.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Folder "C:\Documents and Settings\All Users\Application Data\flag ace stupid data" deleted successfully.
Folder "C:\DOCUME~1\CLAUSD~1.PC0\APPLIC~1\LISTSP~1" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

----------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:02, on 2009-03-12
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programmer\fælles filer\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\Dit.exe
C:\Programmer\Home Cinema\PowerCinema\PCMService.exe
C:\WINDOWS\VM_STI.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Programmer\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\DitExp.exe
C:\Programmer\Microsoft LifeCam\MSCamS32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Programmer\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\RealVNC\VNC4\WinVNC4.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Programmer\AVG\AVG8\avgcsrvx.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Windows Live\Toolbar\wltuser.exe
C:\Documents and Settings\Claus Dalgaard.PC02\Skrivebord\hijackthis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmer\AVG\AVG8\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmer\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmer\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmer\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmer\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmer\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmer\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmer\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programmer\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE USB PC Web Camera
O4 - HKLM\..\Run: [LifeCam] "C:\Programmer\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmer\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.msn.dk
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1236624819828
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1236719632343
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1566B515-0628-4120-8BAF-A072DBBF5C1A}: NameServer = 192.168.1.1,194.239.134.83
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E4E2D6E-88D6-439B-B3AC-23AD199407CD}: NameServer = 192.168.1.1,194.239.134.83
O17 - HKLM\System\CS1\Services\Tcpip\..\{1566B515-0628-4120-8BAF-A072DBBF5C1A}: NameServer = 192.168.1.1,194.239.134.83
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmer\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programmer\fælles filer\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programmer\Fælles filer\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Programmer\RealVNC\VNC4\WinVNC4.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 9421 bytes

Synes godt om

Computer Hjælp (Gratis) Mester

13. marts 2009 - 06:40 #15

BINGO! Du er ved at være i mål!

Hvordan kører PC'en så nu ?

PS: Hvad med at sætte InternetExplorer Startsiden til andet en Microsoft's 'reklameside' ?

Synes godt om

daki Juniormester

13. marts 2009 - 19:17 #16

Øøhh, det er da google.dk som er startsside...

Ingen irriterende popups.
Dog vil den altid foretage en chkdsk af d-drev hvergang computeren startes.

/dan

Synes godt om

Computer Hjælp (Gratis) Mester

13. marts 2009 - 20:48 #17

... lad denne CHKDSK køre helt færdig...

--------------

Der er ikke mere 'snavs' ifølge din Log...

Du er velkommen en anden gang...

Du bør rense temp med denne fil, det tager kun få sek.
http://www.spywareinfo.dk/download/cleantempxp2k.bat

Efter sådan en tur er det altid en god ide og rydde op i systemgendannelsesfilerne.
Deaktiver systemgendannelse -> http://www.spywareinfo.dk/#/tip-og-tricks/deaktiver_systemgendannelse.htm
Genstart din computer - aktiver systemgendannelse. Dette gøres samme sted, hvor du deaktiverede, denne gang skal du blot aktivere.
Det vil også være en god idé manuelt at oprette et nyt punkt, som du kan navngive, og vende tilbage til, hvis du skulle få problemer af nogen art.

Safe Surfing...

--------------

Synes godt om

fromsej Praktikant

14. marts 2009 - 09:05 #18

Hvad med denne fra seneste Combofixlog?

c:\windows\system32\userinit.exe . . . er inficeret!!

Åbn mappen med Combofix, højreklik, vælg Ny->tekstdokument, åbn tekstdokumentet, kopier følgende ind:

Killall::
Snapshot::

klik på Filer->Gem som, navngiv den CFScript, luk tekstdokumentet.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif
Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Kopier den fremkomne log herind.

Synes godt om

Computer Hjælp (Gratis) Mester

14. marts 2009 - 14:03 #19

(Forventede at den var blevet nappet
" c:\windows\system32\userinit.exe -> Quarantined and deleted successfully. " - men nu ka' jeg se at det er jo 'kun' registeringen af den fil... Dagens AHA oplevelse #2 *S*)

Synes godt om

daki Juniormester

16. marts 2009 - 19:37 #20

Hermed ny log
Forhåbentlig den sidste :-)

/dan

ComboFix 09-03-10.01 - AnnaDalgaard 2009-03-16 18:16:25.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1030.18.511.136 [GMT 1:00]
Kører fra: d:\hijackthis\ComboFix.exe
Kommandoer benyttet :: d:\hijackthis\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
FW: Norman Personal Firewall v. 1.4 *disabled*
* Dannede nyt systemgendannelsespunkt
.

((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Forrige Kørsel -------
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\restore\S-1-5-21-1482476501-1644491937-682003330-1013
c:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini
c:\windows\system32\init32.exe
c:\windows\system32\tmp.reg
c:\windows\system32\uniq.tll
c:\windows\system32\win32hlp.cnf
c:\windows\system32\winlogon2.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Tjenester )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_seneka

((((((((((((((((((((((((((((( Filer skabt fra 2009-02-16 til 2009-03-16 )))))))))))))))))))))))))))))))))))
.

2009-03-15 17:37 . 2009-03-15 17:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-03-14 16:29 . 2009-03-14 16:31 <DIR> d-------- C:\840c2023611fe22c08edf044b9
2009-03-14 16:07 . 2009-03-14 16:07 <DIR> d-------- c:\documents and settings\AnnaDalgaard\Application Data\Windows Desktop Search
2009-03-14 16:06 . 2009-03-14 16:06 <DIR> d-------- c:\windows\system32\GroupPolicy
2009-03-14 16:06 . 2009-03-14 16:06 <DIR> d-------- c:\programmer\Windows Desktop Search
2009-03-14 16:05 . 2008-03-07 18:02 192,000 -----c--- c:\windows\system32\dllcache\offfilt.dll
2009-03-14 16:05 . 2008-03-07 18:02 98,304 -----c--- c:\windows\system32\dllcache\nlhtml.dll
2009-03-14 16:05 . 2008-03-07 18:02 29,696 -----c--- c:\windows\system32\dllcache\mimefilt.dll
2009-03-14 16:05 . 2009-03-14 17:03 1,374 --a------ c:\windows\imsins.BAK
2009-03-14 15:52 . 2008-12-11 11:57 333,952 -----c--- c:\windows\system32\dllcache\srv.sys
2009-03-14 15:51 . 2008-08-14 14:25 2,191,744 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2009-03-14 15:51 . 2008-08-14 14:25 2,147,840 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-03-14 15:51 . 2008-08-14 14:25 2,068,608 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-03-14 15:51 . 2008-08-14 14:25 2,026,496 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2009-03-14 15:51 . 2008-09-04 18:17 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2009-03-14 15:51 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-03-14 15:51 . 2008-10-15 17:37 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2009-03-14 15:50 . 2008-04-11 20:05 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2009-03-14 15:50 . 2008-05-01 15:36 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll
2009-03-14 15:49 . 2008-06-14 18:35 272,256 -----c--- c:\windows\system32\dllcache\bthport.sys
2009-03-14 15:49 . 2008-05-08 15:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2009-03-13 20:34 . 2009-03-13 20:34 <DIR> d--h----- c:\documents and settings\AnnaDalgaard\Lokale indstillinger
2009-03-13 20:29 . 2009-03-12 20:15 714 --a------ c:\documents and settings\AnnaDalgaard\Application Data\wklnhst.dat
2009-03-13 20:08 . 2009-03-13 20:08 <DIR> d-------- c:\documents and settings\AnnaDalgaard\Tracing
2009-03-13 20:08 . 2009-03-13 20:29 <DIR> d-------- c:\documents and settings\AnnaDalgaard\Contacts
2009-03-13 20:08 . 2009-01-26 16:09 <DIR> d-------- c:\documents and settings\AnnaDalgaard\Application Data\Windows Live Writer
2009-03-13 20:08 . 2008-11-21 15:10 <DIR> d-------- c:\documents and settings\AnnaDalgaard\Application Data\Teleca
2009-03-13 20:08 . 2009-01-03 11:05 <DIR> d-------- c:\documents and settings\AnnaDalgaard\Application Data\Sports Interactive
2009-03-13 20:08 . 2009-03-13 20:29 <DIR> d-------- c:\documents and settings\AnnaDalgaard\Application Data\skypePM
2009-03-13 20:08 . 2009-03-13 20:29 <DIR> d-------- c:\documents and settings\AnnaDalgaard\Application Data\Skype
2009-03-13 20:08 . 2009-01-29 19:27 <DIR> d-------- c:\documents and settings\AnnaDalgaard\Application Data\Malwarebytes
2009-03-13 19:20 . 2009-03-13 20:08 <DIR> d--hs---- c:\documents and settings\AnnaDalgaard\UserData
2009-03-13 19:20 . 2009-03-14 07:22 <DIR> d-------- c:\documents and settings\AnnaDalgaard\Skrivebord
2009-03-13 19:20 . 2005-02-25 04:22 <DIR> d--h----- c:\documents and settings\AnnaDalgaard\Skabeloner
2009-03-13 19:20 . 2005-02-24 20:17 <DIR> d--h----- c:\documents and settings\AnnaDalgaard\Printere
2009-03-13 19:20 . 2005-02-24 20:17 <DIR> dr------- c:\documents and settings\AnnaDalgaard\Menuen Start
2009-03-13 19:20 . 2009-02-01 16:31 <DIR> dr------- c:\documents and settings\AnnaDalgaard\Foretrukne
2009-03-13 19:20 . 2005-02-25 20:28 <DIR> d-------- c:\documents and settings\AnnaDalgaard\Application Data\CyberLink
2009-03-13 19:20 . 2005-02-24 20:17 <DIR> d--h----- c:\documents and settings\AnnaDalgaard\Andre computere
2009-03-13 19:20 . 2009-03-13 22:03 <DIR> d-------- c:\documents and settings\AnnaDalgaard
2009-03-12 19:57 . 2009-03-12 19:59 <DIR> d-------- C:\NoLopBackups
2009-03-09 22:00 . 2009-03-15 21:51 <DIR> d--h----- C:\$AVG8.VAULT$
2009-03-09 21:56 . 2009-03-09 21:56 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-03-09 21:56 . 2009-03-09 21:56 107,912 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-03-09 21:56 . 2009-03-09 21:56 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-03-09 21:55 . 2009-03-16 16:51 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-03-09 21:54 . 2009-03-09 21:54 <DIR> d-------- c:\programmer\Windows Resource Kits
2009-03-09 21:54 . 2009-03-09 21:54 <DIR> d-------- c:\programmer\AVG
2009-03-09 21:54 . 2009-03-09 21:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-03-09 21:51 . 2009-03-09 22:02 11,542,528 --a------ c:\windows\sectest.db
2009-03-09 20:50 . 2009-03-09 20:54 <DIR> d-------- c:\windows\ServicePackFiles
2009-03-09 20:43 . 2006-12-28 12:01 19,569 --a------ c:\windows\003038_.tmp
2009-03-09 20:38 . 2009-03-09 20:38 <DIR> d-------- c:\windows\EHome
2009-03-09 19:55 . 2008-10-16 14:08 31,768 --a------ c:\windows\system32\wucltui.dll.mui
2009-03-09 19:55 . 2008-10-16 14:08 27,672 --a------ c:\windows\system32\wuapi.dll.mui
2009-03-09 19:55 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuaucpl.cpl.mui
2009-03-09 19:55 . 2008-10-16 14:07 18,968 --a------ c:\windows\system32\wuaueng.dll.mui
2009-02-23 11:01 . 2004-08-26 17:53 159,232 --a------ c:\windows\system32\ptpusd.dll
2009-02-23 11:01 . 2008-04-13 11:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2009-02-23 11:01 . 2001-10-04 17:07 5,632 --a------ c:\windows\system32\ptpusb.dll
2009-02-16 15:57 . 2009-02-16 15:57 <DIR> d-------- c:\programmer\Barbie(TM)

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-15 16:36 --------- d-----w c:\programmer\Microsoft Silverlight
2009-03-13 19:46 --------- d-----w c:\programmer\Circle Developement
2009-03-09 21:02 --------- d-----w c:\programmer\Google
2009-03-08 18:57 --------- d-----w c:\programmer\Malwarebytes' Anti-Malware
2009-02-16 15:04 --------- d-----w c:\documents and settings\All Users\Application Data\Barbie Fashion Show
2009-02-11 09:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 09:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-02-01 15:30 --------- d-----w c:\programmer\List Spam Tick
2009-01-29 18:27 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-29 18:26 --------- d-----w c:\programmer\CCleaner
2009-01-26 13:32 --------- d-----w c:\programmer\Windows Live
2009-01-26 13:32 --------- d-----w c:\programmer\Microsoft
2009-01-26 13:31 --------- d-----w c:\programmer\Microsoft Sync Framework
2009-01-26 13:29 --------- d-----w c:\programmer\MSN Messenger
2009-01-26 13:29 --------- d-----w c:\programmer\Microsoft SQL Server Compact Edition
2009-01-26 13:28 --------- d-----w c:\programmer\Windows Live SkyDrive
2009-01-26 13:12 --------- d-----w c:\programmer\Fælles filer\Windows Live
2009-01-17 19:16 --------- d-----w c:\programmer\Microsoft LifeCam
2003-08-15 03:13 40,960 ----a-w c:\programmer\Uninstall_PCM.exe
.

((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 68856]
"Skype"="c:\programmer\Skype\Phone\Skype.exe" [2008-09-29 21755688]
"WMPNSCFG"="c:\programmer\Windows Media Player\WMPNSCFG.exe" [2006-11-15 204288]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-03 344064]
"PCMService"="c:\programmer\Home Cinema\PowerCinema\PCMService.exe" [2004-09-03 81920]
"BigDogPath"="c:\windows\VM_STI.EXE" [2005-02-28 53248]
"LifeCam"="c:\programmer\Microsoft LifeCam\LifeExp.exe" [2008-08-04 160800]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-09 1932568]
"Cmaudio"="cmicnfg.cpl" [BU]
"Dit"="Dit.exe" [2002-08-28 c:\windows\Dit.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menuen Start\Programmer\Start\
Windows Search.lnk - c:\programmer\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmer\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-09 21:56 10520 c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Adobe Reader Hurtigstart.lnk]
path=c:\documents and settings\All Users\Menuen Start\Programmer\Start\Adobe Reader Hurtigstart.lnk
backup=c:\windows\pss\Adobe Reader Hurtigstart.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Claus Dalgaard^Menuen Start^Programmer^Start^Registration Heroes of Might & Magic 5 - Hammers of Fate.LNK]
path=c:\documents and settings\Claus Dalgaard\Menuen Start\Programmer\Start\Registration Heroes of Might & Magic 5 - Hammers of Fate.LNK
backup=c:\windows\pss\Registration Heroes of Might & Magic 5 - Hammers of Fate.LNKStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Claus Dalgaard^Menuen Start^Programmer^Start^Registration Heroes of Might & Magic 5.LNK]
path=c:\documents and settings\Claus Dalgaard\Menuen Start\Programmer\Start\Registration Heroes of Might & Magic 5.LNK
backup=c:\windows\pss\Registration Heroes of Might & Magic 5.LNKStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Claus Dalgaard^Menuen Start^Programmer^Start^UltimateZip Quick Start.lnk]
path=c:\documents and settings\Claus Dalgaard\Menuen Start\Programmer\Start\UltimateZip Quick Start.lnk
backup=c:\windows\pss\UltimateZip Quick Start.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArtoNotifier]
--a------ 2006-05-23 15:42 668672 c:\programmer\Arto\Notifier\ArtoNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2006-06-26 10:34 614960 c:\programmer\Logitech\QuickCam10\QuickCam10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norman ZANDA]
c:\programmer\Norman\npm\bin\ZLH.EXE [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NPCTray]
c:\programmer\Norman\npc\bin\npc_tray.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
c:\programmer\Steam\Steam.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
c:\programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-02-13 19:29 35328 c:\programmer\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
--a------ 2004-05-18 03:30 543232 c:\windows\zHotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRISMSTA.EXE]
--a------ 2003-08-04 14:54 215552 c:\windows\system32\PRISMSTA.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Programmer\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Programmer\\NetMeeting\\Conf.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmer\\Valve\\hl.exe"=
"c:\\Programmer\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Programmer\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Programmer\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Programmer\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmer\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmer\\Skype\\Phone\\Skype.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmer\\AVG\\AVG8\\avgemc.exe"=
"c:\\Programmer\\AVG\\AVG8\\avgupd.exe"=
"c:\\Programmer\\AVG\\AVG8\\avgnsx.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-09 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-09 107912]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-03-09 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-09 298264]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-01-26 55136]
R2 SeaPort;SeaPort;c:\programmer\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-04 226640]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2005-02-24 945152]
R3 PRISM_A00;PRISM 802.11g Driver;c:\windows\system32\drivers\PRISMA00.sys [2003-09-10 362688]
S3 fsssvc;Windows Live Family Safety;c:\programmer\Windows Live\Family Safety\fsssvc.exe [2008-12-08 533344]
S3 jnv4_mib;jnv4_mib;\??\c:\docume~1\CLAUSD~1\LOKALE~1\Temp\jnv4_mib.sys --> c:\docume~1\CLAUSD~1\LOKALE~1\Temp\jnv4_mib.sys [?]
S3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [2009-01-17 33808]
S3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;c:\windows\system32\drivers\PhTVTune.sys [2005-02-25 24704]
S3 SUSCOM;Susteen Serial port driver;c:\windows\system32\drivers\SUSCOM.SYS [2002-10-22 40448]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{117b8b16-5ed6-11dc-9c6e-000c76743ec6}]
\Shell\AutoRun\command - h:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\wmplayer32.exe
\Shell\open\command - h:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\wmplayer32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4bf24d70-0191-11de-9edb-000c76743ec6}]
\Shell\AutoRun\command - h:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\wmplayer32.exe
\Shell\open\command - h:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\wmplayer32.exe
.
Indhold af mappen 'Planlagte Opgaver'

2009-03-16 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 17:04]

2009-03-16 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 17:04]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.com/
TCP: {1566B515-0628-4120-8BAF-A072DBBF5C1A} = 192.168.1.1,194.239.134.83
TCP: {4E4E2D6E-88D6-439B-B3AC-23AD199407CD} = 192.168.1.1,194.239.134.83
TCP: {51E96DA9-E0CD-4415-8A25-938467F56BF3} = 192.168.1.1,194.239.134.83
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-16 18:23:55
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ...

scanner skjulte autostarter ...

scanner skjulte filer ...

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'winlogon.exe'(592)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\programmer\Fælles filer\Logitech\LVMVFM\LVPrcSrv.exe
c:\windows\system32\ati2evxx.exe
c:\programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
c:\programmer\Microsoft LifeCam\MSCamS32.exe
c:\programmer\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\programmer\RealVNC\VNC4\winvnc4.exe
c:\windows\system32\searchindexer.exe
c:\programmer\Windows Media Player\wmpnetwk.exe
c:\programmer\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\rundll32.exe
c:\windows\DitExp.exe
c:\progra~1\COMMON~1\X10\Common\X10nets.exe
.
**************************************************************************
.
Gennemført tid: 2009-03-16 18:29:56 - maskinen blev genstartet [AnnaDalgaard]
ComboFix-quarantined-files.txt 2009-03-16 17:29:50

Pre-Kørsel: 94,714,359,808 byte ledig
Post-Kørsel: 94,744,027,136 byte ledig

264

Synes godt om

fromsej Praktikant

17. marts 2009 - 10:04 #21

Åbn mappen med Combofix, højreklik, vælg Ny->tekstdokument, åbn tekstdokumentet, kopier følgende ind:

Killall::
Snapshot::
File::
c:\docume~1\CLAUSD~1\LOKALE~1\Temp\jnv4_mib.sys
Folder::
c:\programmer\List Spam Tick
Driver::
jnv4_mib

klik på Filer->Gem som, navngiv den CFScript, luk tekstdokumentet.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif
Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Kopier den fremkomne log herind.

Synes godt om

daki Juniormester

17. marts 2009 - 15:59 #22

Ny log.

/dan

ComboFix 09-03-10.01 - AnnaDalgaard 2009-03-17 15:34:35.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1030.18.511.132 [GMT 1:00]
Kører fra: d:\hijackthis\ComboFix.exe
Kommandoer benyttet :: d:\hijackthis\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
FW: Norman Personal Firewall v. 1.4 *disabled*
* Dannede nyt systemgendannelsespunkt

FILE ::
c:\docume~1\clausd~1\lokale~1\temp\jnv4_mib.sys
.

((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programmer\List Spam Tick
.
---- Forrige Kørsel -------
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\restore\S-1-5-21-1482476501-1644491937-682003330-1013
c:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini
c:\windows\system32\init32.exe
c:\windows\system32\tmp.reg
c:\windows\system32\uniq.tll
c:\windows\system32\win32hlp.cnf
c:\windows\system32\winlogon2.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Tjenester )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_seneka
-------\Legacy_JNV4_MIB
-------\Service_jnv4_mib

((((((((((((((((((((((((((((( Filer skabt fra 2009-02-17 til 2009-03-17 )))))))))))))))))))))))))))))))))))
.

2009-03-15 17:37 . 2009-03-15 17:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-03-14 16:29 . 2009-03-14 16:31 <DIR> d-------- C:\840c2023611fe22c08edf044b9
2009-03-14 16:07 . 2009-03-14 16:07 <DIR> d-------- c:\documents and settings\AnnaDalgaard\Application Data\Windows Desktop Search
2009-03-14 16:06 . 2009-03-14 16:06 <DIR> d-------- c:\windows\system32\GroupPolicy
2009-03-14 16:06 . 2009-03-14 16:06 <DIR> d-------- c:\programmer\Windows Desktop Search
2009-03-14 16:05 . 2008-03-07 18:02 192,000 -----c--- c:\windows\system32\dllcache\offfilt.dll
2009-03-14 16:05 . 2008-03-07 18:02 98,304 -----c--- c:\windows\system32\dllcache\nlhtml.dll
2009-03-14 16:05 . 2008-03-07 18:02 29,696 -----c--- c:\windows\system32\dllcache\mimefilt.dll
2009-03-14 16:05 . 2009-03-14 17:03 1,374 --a------ c:\windows\imsins.BAK
2009-03-14 15:52 . 2008-12-11 11:57 333,952 -----c--- c:\windows\system32\dllcache\srv.sys
2009-03-14 15:51 . 2008-08-14 14:25 2,191,744 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2009-03-14 15:51 . 2008-08-14 14:25 2,147,840 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-03-14 15:51 . 2008-08-14 14:25 2,068,608 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-03-14 15:51 . 2008-08-14 14:25 2,026,496 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2009-03-14 15:51 . 2008-09-04 18:17 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2009-03-14 15:51 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-03-14 15:51 . 2008-10-15 17:37 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2009-03-14 15:50 . 2008-04-11 20:05 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2009-03-14 15:50 . 2008-05-01 15:36 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll
2009-03-14 15:49 . 2008-06-14 18:35 272,256 -----c--- c:\windows\system32\dllcache\bthport.sys
2009-03-14 15:49 . 2008-05-08 15:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2009-03-13 20:34 . 2009-03-13 20:34 <DIR> d--h----- c:\documents and settings\AnnaDalgaard\Lokale indstillinger
2009-03-13 20:29 . 2009-03-12 20:15 714 --a------ c:\documents and settings\AnnaDalgaard\Application Data\wklnhst.dat
2009-03-13 20:08 . 2009-03-13 20:08 <DIR> d-------- c:\documents and settings\AnnaDalgaard\Tracing
2009-03-13 20:08 . 2009-03-13 20:29 <DIR> d-------- c:\documents and settings\AnnaDalgaard\Contacts
2009-03-13 20:08 . 2009-01-26 16:09 <DIR> d-------- c:\documents and settings\AnnaDalgaard\Application Data\Windows Live Writer
2009-03-13 20:08 . 2008-11-21 15:10 <DIR> d-------- c:\documents and settings\AnnaDalgaard\Application Data\Teleca
2009-03-13 20:08 . 2009-01-03 11:05 <DIR> d-------- c:\documents and settings\AnnaDalgaard\Application Data\Sports Interactive
2009-03-13 20:08 . 2009-03-13 20:29 <DIR> d-------- c:\documents and settings\AnnaDalgaard\Application Data\skypePM
2009-03-13 20:08 . 2009-03-13 20:29 <DIR> d-------- c:\documents and settings\AnnaDalgaard\Application Data\Skype
2009-03-13 20:08 . 2009-01-29 19:27 <DIR> d-------- c:\documents and settings\AnnaDalgaard\Application Data\Malwarebytes
2009-03-13 19:20 . 2009-03-13 20:08 <DIR> d--hs---- c:\documents and settings\AnnaDalgaard\UserData
2009-03-13 19:20 . 2009-03-14 07:22 <DIR> d-------- c:\documents and settings\AnnaDalgaard\Skrivebord
2009-03-13 19:20 . 2005-02-25 04:22 <DIR> d--h----- c:\documents and settings\AnnaDalgaard\Skabeloner
2009-03-13 19:20 . 2005-02-24 20:17 <DIR> d--h----- c:\documents and settings\AnnaDalgaard\Printere
2009-03-13 19:20 . 2005-02-24 20:17 <DIR> dr------- c:\documents and settings\AnnaDalgaard\Menuen Start
2009-03-13 19:20 . 2009-02-01 16:31 <DIR> dr------- c:\documents and settings\AnnaDalgaard\Foretrukne
2009-03-13 19:20 . 2005-02-25 20:28 <DIR> d-------- c:\documents and settings\AnnaDalgaard\Application Data\CyberLink
2009-03-13 19:20 . 2005-02-24 20:17 <DIR> d--h----- c:\documents and settings\AnnaDalgaard\Andre computere
2009-03-13 19:20 . 2009-03-13 22:03 <DIR> d-------- c:\documents and settings\AnnaDalgaard
2009-03-12 19:57 . 2009-03-12 19:59 <DIR> d-------- C:\NoLopBackups
2009-03-09 22:00 . 2009-03-16 20:04 <DIR> d--h----- C:\$AVG8.VAULT$
2009-03-09 21:56 . 2009-03-09 21:56 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-03-09 21:56 . 2009-03-09 21:56 107,912 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-03-09 21:56 . 2009-03-09 21:56 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-03-09 21:55 . 2009-03-16 16:51 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-03-09 21:54 . 2009-03-09 21:54 <DIR> d-------- c:\programmer\Windows Resource Kits
2009-03-09 21:54 . 2009-03-09 21:54 <DIR> d-------- c:\programmer\AVG
2009-03-09 21:54 . 2009-03-09 21:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-03-09 21:51 . 2009-03-09 22:02 11,542,528 --a------ c:\windows\sectest.db
2009-03-09 20:50 . 2009-03-09 20:54 <DIR> d-------- c:\windows\ServicePackFiles
2009-03-09 20:43 . 2006-12-28 12:01 19,569 --a------ c:\windows\003038_.tmp
2009-03-09 20:38 . 2009-03-09 20:38 <DIR> d-------- c:\windows\EHome
2009-03-09 19:55 . 2008-10-16 14:08 31,768 --a------ c:\windows\system32\wucltui.dll.mui
2009-03-09 19:55 . 2008-10-16 14:08 27,672 --a------ c:\windows\system32\wuapi.dll.mui
2009-03-09 19:55 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuaucpl.cpl.mui
2009-03-09 19:55 . 2008-10-16 14:07 18,968 --a------ c:\windows\system32\wuaueng.dll.mui
2009-02-23 11:01 . 2004-08-26 17:53 159,232 --a------ c:\windows\system32\ptpusd.dll
2009-02-23 11:01 . 2008-04-13 11:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2009-02-23 11:01 . 2001-10-04 17:07 5,632 --a------ c:\windows\system32\ptpusb.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-15 16:36 --------- d-----w c:\programmer\Microsoft Silverlight
2009-03-13 19:46 --------- d-----w c:\programmer\Circle Developement
2009-03-09 21:02 --------- d-----w c:\programmer\Google
2009-03-08 18:57 --------- d-----w c:\programmer\Malwarebytes' Anti-Malware
2009-02-16 15:04 --------- d-----w c:\documents and settings\All Users\Application Data\Barbie Fashion Show
2009-02-16 14:57 --------- d-----w c:\programmer\Barbie(TM)
2009-02-11 09:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 09:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-01-29 18:27 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-29 18:26 --------- d-----w c:\programmer\CCleaner
2009-01-26 13:32 --------- d-----w c:\programmer\Windows Live
2009-01-26 13:32 --------- d-----w c:\programmer\Microsoft
2009-01-26 13:31 --------- d-----w c:\programmer\Microsoft Sync Framework
2009-01-26 13:29 --------- d-----w c:\programmer\MSN Messenger
2009-01-26 13:29 --------- d-----w c:\programmer\Microsoft SQL Server Compact Edition
2009-01-26 13:28 --------- d-----w c:\programmer\Windows Live SkyDrive
2009-01-26 13:12 --------- d-----w c:\programmer\Fælles filer\Windows Live
2009-01-17 19:16 --------- d-----w c:\programmer\Microsoft LifeCam
2003-08-15 03:13 40,960 ----a-w c:\programmer\Uninstall_PCM.exe
.

((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 68856]
"Skype"="c:\programmer\Skype\Phone\Skype.exe" [2008-09-29 21755688]
"WMPNSCFG"="c:\programmer\Windows Media Player\WMPNSCFG.exe" [2006-11-15 204288]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-03 344064]
"PCMService"="c:\programmer\Home Cinema\PowerCinema\PCMService.exe" [2004-09-03 81920]
"BigDogPath"="c:\windows\VM_STI.EXE" [2005-02-28 53248]
"LifeCam"="c:\programmer\Microsoft LifeCam\LifeExp.exe" [2008-08-04 160800]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-09 1932568]
"Cmaudio"="cmicnfg.cpl" [BU]
"Dit"="Dit.exe" [2002-08-28 c:\windows\Dit.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menuen Start\Programmer\Start\
Windows Search.lnk - c:\programmer\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmer\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-09 21:56 10520 c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Adobe Reader Hurtigstart.lnk]
path=c:\documents and settings\All Users\Menuen Start\Programmer\Start\Adobe Reader Hurtigstart.lnk
backup=c:\windows\pss\Adobe Reader Hurtigstart.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Claus Dalgaard^Menuen Start^Programmer^Start^Registration Heroes of Might & Magic 5 - Hammers of Fate.LNK]
path=c:\documents and settings\Claus Dalgaard\Menuen Start\Programmer\Start\Registration Heroes of Might & Magic 5 - Hammers of Fate.LNK
backup=c:\windows\pss\Registration Heroes of Might & Magic 5 - Hammers of Fate.LNKStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Claus Dalgaard^Menuen Start^Programmer^Start^Registration Heroes of Might & Magic 5.LNK]
path=c:\documents and settings\Claus Dalgaard\Menuen Start\Programmer\Start\Registration Heroes of Might & Magic 5.LNK
backup=c:\windows\pss\Registration Heroes of Might & Magic 5.LNKStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Claus Dalgaard^Menuen Start^Programmer^Start^UltimateZip Quick Start.lnk]
path=c:\documents and settings\Claus Dalgaard\Menuen Start\Programmer\Start\UltimateZip Quick Start.lnk
backup=c:\windows\pss\UltimateZip Quick Start.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArtoNotifier]
--a------ 2006-05-23 15:42 668672 c:\programmer\Arto\Notifier\ArtoNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2006-06-26 10:34 614960 c:\programmer\Logitech\QuickCam10\QuickCam10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norman ZANDA]
c:\programmer\Norman\npm\bin\ZLH.EXE [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NPCTray]
c:\programmer\Norman\npc\bin\npc_tray.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
c:\programmer\Steam\Steam.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
c:\programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-02-13 19:29 35328 c:\programmer\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
--a------ 2004-05-18 03:30 543232 c:\windows\zHotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRISMSTA.EXE]
--a------ 2003-08-04 14:54 215552 c:\windows\system32\PRISMSTA.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Programmer\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Programmer\\NetMeeting\\Conf.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmer\\Valve\\hl.exe"=
"c:\\Programmer\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Programmer\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Programmer\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Programmer\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmer\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmer\\Skype\\Phone\\Skype.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmer\\AVG\\AVG8\\avgemc.exe"=
"c:\\Programmer\\AVG\\AVG8\\avgupd.exe"=
"c:\\Programmer\\AVG\\AVG8\\avgnsx.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-09 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-09 107912]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-03-09 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-09 298264]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-01-26 55136]
R2 SeaPort;SeaPort;c:\programmer\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-04 226640]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2005-02-24 945152]
R3 PRISM_A00;PRISM 802.11g Driver;c:\windows\system32\drivers\PRISMA00.sys [2003-09-10 362688]
S3 fsssvc;Windows Live Family Safety;c:\programmer\Windows Live\Family Safety\fsssvc.exe [2008-12-08 533344]
S3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [2009-01-17 33808]
S3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;c:\windows\system32\drivers\PhTVTune.sys [2005-02-25 24704]
S3 SUSCOM;Susteen Serial port driver;c:\windows\system32\drivers\SUSCOM.SYS [2002-10-22 40448]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{117b8b16-5ed6-11dc-9c6e-000c76743ec6}]
\Shell\AutoRun\command - h:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\wmplayer32.exe
\Shell\open\command - h:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\wmplayer32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4bf24d70-0191-11de-9edb-000c76743ec6}]
\Shell\AutoRun\command - h:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\wmplayer32.exe
\Shell\open\command - h:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\wmplayer32.exe
.
Indhold af mappen 'Planlagte Opgaver'

2009-03-16 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 17:04]

2009-03-17 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 17:04]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.com/
TCP: {1566B515-0628-4120-8BAF-A072DBBF5C1A} = 192.168.1.1,194.239.134.83
TCP: {4E4E2D6E-88D6-439B-B3AC-23AD199407CD} = 192.168.1.1,194.239.134.83
TCP: {51E96DA9-E0CD-4415-8A25-938467F56BF3} = 192.168.1.11,194.239.134.83
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-17 15:43:06
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ...

scanner skjulte autostarter ...

scanner skjulte filer ...

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'winlogon.exe'(604)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\programmer\Fælles filer\Logitech\LVMVFM\LVPrcSrv.exe
c:\windows\system32\ati2evxx.exe
c:\programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
c:\programmer\Microsoft LifeCam\MSCamS32.exe
c:\programmer\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\programmer\RealVNC\VNC4\winvnc4.exe
c:\programmer\Windows Media Player\wmpnetwk.exe
c:\windows\system32\searchindexer.exe
c:\programmer\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\rundll32.exe
c:\windows\DitExp.exe
c:\progra~1\COMMON~1\X10\Common\X10nets.exe
.
**************************************************************************
.
Gennemført tid: 2009-03-17 15:47:41 - maskinen blev genstartet [AnnaDalgaard]
ComboFix-quarantined-files.txt 2009-03-17 14:47:36

Pre-Kørsel: 94,731,976,704 byte ledig
Post-Kørsel: 94,712,000,512 byte ledig

267

Synes godt om

fromsej Praktikant

17. marts 2009 - 18:14 #23

Din log er ren. Hvis dine problemer er væk, så er det tid til lidt oprydning. Hent denne lille fil og gem den i roden af dit C-drev (C:\SWF_oprydning.exe):

http://www.ctrlaltdel.dk/SWF_oprydning.exe

Dobbeltklik på SWF_oprydning.exe og følg vejledningen som programmet giver (de programmer vi har bedt dig om at hente, vil blive fjernet). Når programmet er færdigt med at rydde op vil Notesblok åbne en log så du kan se, hvad der er blevet fjernet.

Genstart din computer for at afslutte oprydningen....

Når det er gjort skal du rydde op i systemgendannelses filerne. Deaktiver systemgendannelse (http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=4&PN=1) - vent et par minutter - aktiver systemgendannelse. Gå herefter i Start -> Programmer -> Tilbehør -> Systemværktøjer -> Systemgendannelse og lav et systemgendannelsespunkt, så du har det at vende tilbage til, hvis noget går galt.

Du får et par gode råd om sikker surfing med på vejen:

http://www.spywarefri.dk/manualer/sikkerhedspakke.htm

God fornøjelse

Synes godt om

daki Juniormester

26. marts 2009 - 09:29 #24

Tak for hjælpen.

/dan

Synes godt om

Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Følg dette spørgsmål

Opret Preview

Se alle it-kurser fra Computerworld Kurser

IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel	Indlæg	Oprettet	Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus	22	26/11/202510:42	23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus	8	31/08/202519:08	01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus	10	03/02/202514:20	04/02/202511:05
mulig ukendt virus Af jackie18 i Virus	3	18/01/202514:07	18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus	13	18/01/202511:40	20/01/202517:53

Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten

Seneste artiklerRSS

27/12

AI er blevet forretningskritisk: Her er de fem skift, der definerer 2026

26/12

Nørgaard: Jeg har sparet MANGE penge for jer

24/12

AI-lab #17: Jeg mistede en af mine AI-superkræfter – men fandt en endnu stærkere en midt i juletravlheden

23/12

Dansk pensionskæmpe køber op i hemmelighedsfuld it-komet fra Aalborg

23/12

Vil publicere millioner af hackede sange fra Spotify: Enhver vil kunne lave sin egen version af musiktjenesten, advarer eksperter

23/12

Hackerangreb rammer dansk a-kasse med 86.000 medlemmer: Cpr-numre og personlige oplysninger i fare for misbrug

23/12

Fransk postvæsen ramt af omfattende cyberangreb midt i juleræset

23/12

Investeringerne i datacentre slår alle rekorder - så mange milliarder bruges der i år

23/12

Flygiganten Airbus vil flytte sin kritiske it-systemer til en suveræn europæisk cloud: På vej med stort udbud

23/12

Vil du have fuldt udbytte af AI, så skal du lære dette nye begreb

23/12

Film: Too rich to care

Vis flere artikler

IT-JOB

Capgemini Danmark A/S

Experienced SAP S/4HANA consultant - Financial accounting

Capgemini Danmark A/S

Open Application (Denmark)

KMD A/S

Senior Technical Consultant

BEC

Java software engineer (regular)

ABB A/S

IT Functional Analyst with ERP experience and process understanding

Vis flere jobs

Seneste spørgsmål Seneste aktivitet

20 min siden	Her er et foruminnlegg på ca. 80 ord med nyttig info om “WordPress hjemmeside”: Af Nettside Design i Webdesign
28 min siden	Skreddersydde nettsider som reflekterer bedriftens identitet Af Nettside Design i Webdesign
27/1222:02	Låse brugt iPad op Af drstein i iOS, iPhone & iPad
27/1219:21	Hvor finder jeg en oversigt over mine spørgsmål Af KurtG i Hjælp og fejl
27/1211:31	TP-Link Wifi extender opsat som accesspoint giver 50% up- og download, Af Uvanga i Wifi

White papers

IT i front: Sådan bliver netværk en strategisk driver
TDC Erhverv
Udnyt Genesys Cloud CX optimalt og styrk kundeoplevelsen
Sabio
Er I klar til at tage næste skridt på den digitale retailrejse?
TDC Erhverv
Revolutionér kundeoplevelsen med AI og automatisering
Sabio

Flere white papers »