eUnaas Skrevet 15. februar 2009 Del Skrevet 15. februar 2009 (endret) Urk. Det er ikke mange uker siden jeg hadde en heftig runde med å fjerne en rekke malware fra pcen. I går koblet jeg til PSP'en min, og boom, hunde poppup. Alt fra Viagra til billig telenor abonnoment. Musikk og andre jævelskap av lyder. Hva skjer? Jeg tror minnekortene mine har blitt smittet av ett eller annet som fucker opp pcen hver gang de puttes i. Uansett, Malewarebytes: Malwarebytes' Anti-Malware 1.34 Databaseversjon: 1763 Windows 5.1.2600 Service Pack 3 15.02.2009 14:05:57 mbam-log-2009-02-15 (14-05-57).txt Skanntype: Full Skann (C:\|E:\|H:\|) Objekter skannet: 363796 Tid tilbakelagt: 1 hour(s), 47 minute(s), 48 second(s) Minneprosesser infisert: 3 Minnemoduler infisert: 0 Registernøkler infisert: 1 Registerverdier infisert: 3 Registerfiler infisert: 0 Mapper infisert: 1 Filer infisert: 7 Minneprosesser infisert: C:\WINDOWS\system32\msmp3.exe (Trojan.Agent) -> Unloaded process successfully. C:\WINDOWS\system32\svnmgr.exe (Trojan.Agent) -> Unloaded process successfully. C:\WINDOWS\system32\svhost.exe (Trojan.Agent) -> Unloaded process successfully. Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{28abc5c0-4fcb-11cf-aax5-81cx1c635612} (Trojan.Agent) -> Quarantined and deleted successfully. Registerverdier infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msmp3 (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svnmgr (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mscupdate (Trojan.Agent) -> Quarantined and deleted successfully. Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> Quarantined and deleted successfully. Filer infisert: C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1033\conmgr.exe (Trojan.Agent) -> Delete on reboot. C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\reg32.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\hosts (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\msmp3.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\svnmgr.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\svhost.exe (Trojan.Agent) -> Delete on reboot. Combofix: ComboFix 09-02-14.01 - eUnaas 2009-02-15 14:16:33.15 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.2814.2078 [GMT 1:00] Kjører fra: c:\documents and settings\eUnaas\Skrivebord\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . H:\autorun.inf . ((((((((((((((((((((((((((((((((((((((( Drivere/Tjenester ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_BNDMSS -------\Service_BNDMSS ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-01-15 til 2009-02-15 ))))))))))))))))))))))))))))))))) . 2009-02-15 10:43 . 2009-02-15 10:43 24,888 --a------ c:\documents and settings\eUnaas\apow32.exe 2009-02-15 10:39 . 2009-02-15 10:39 28,440 --a------ c:\windows\system32\msesrv.exe 2009-02-15 10:37 . 2009-02-15 10:37 33,426 --a------ c:\windows\system32\iesrv.exe 2009-02-15 10:37 . 2009-02-15 10:37 30,792 --a------ c:\documents and settings\eUnaas\mscupdate.exe 2009-02-15 10:36 . 2009-02-15 10:36 33,872 --a------ c:\documents and settings\eUnaas\onbar2.exe 2009-02-15 10:36 . 2009-02-15 10:36 24,920 --a------ c:\windows\system32\vcmc32.exe 2009-02-15 04:41 . 2009-02-15 04:41 27,668 --a------ c:\windows\system32\wrm32.exe 2009-02-15 04:40 . 2009-02-15 10:35 30,072 --a------ c:\documents and settings\eUnaas\csrcpr.exe 2009-02-15 04:16 . 2009-02-15 04:16 <DIR> d-------- c:\documents and settings\eUnaas\Programdata\Red Kawa 2009-02-15 04:14 . 2009-02-15 04:14 <DIR> d-------- c:\programfiler\PQDVD 2009-02-15 04:05 . 2009-02-15 04:05 <DIR> d-------- c:\programfiler\Red Kawa 2009-02-15 04:05 . 2009-02-15 04:05 <DIR> d-------- c:\programfiler\AviSynth 2.5 2009-02-15 03:12 . 2009-02-15 03:12 34,030 --a------ c:\windows\system32\csrcpr.exe 2009-02-15 03:12 . 2009-02-15 03:12 28,628 --a------ c:\windows\system32\faxmgr.exe 2009-02-15 00:19 . 2009-02-15 00:19 <DIR> d-------- c:\documents and settings\eUnaas\Programdata\Lucis 2009-02-15 00:11 . 2009-02-15 00:11 41 --a------ c:\windows\ars-dat0169.conf 2009-02-14 20:18 . 2009-02-15 04:45 33,872 --a------ c:\documents and settings\eUnaas\tinymgr.exe 2009-02-14 20:16 . 2009-02-15 04:40 34,020 --a------ c:\documents and settings\eUnaas\cmgrpr.exe 2009-02-14 20:15 . 2009-02-15 10:37 33,370 --a------ c:\documents and settings\eUnaas\csrcss.exe 2009-02-14 20:15 . 2009-02-15 04:40 7,680 --a------ c:\documents and settings\eUnaas\opti.exe 2009-02-11 23:44 . 2009-02-11 23:44 <DIR> d-------- c:\windows\system32\LogFiles 2009-02-11 23:34 . 2009-02-11 23:34 <DIR> d-------- c:\programfiler\Microsoft ActiveSync 2009-02-06 08:28 . 2009-02-06 08:28 10,520 --a------ c:\windows\system32\avgrsstx.dll 2009-02-03 01:51 . 2009-02-03 01:51 <DIR> d-------- c:\documents and settings\eUnaas\Programdata\Windows Search 2009-02-03 01:49 . 2009-02-03 01:49 <DIR> d-------- c:\documents and settings\eUnaas\Programdata\Windows Desktop Search 2009-02-03 01:47 . 2009-02-03 01:47 <DIR> d-------- c:\windows\system32\GroupPolicy 2009-02-03 01:47 . 2008-03-07 18:02 192,000 -----c--- c:\windows\system32\dllcache\offfilt.dll 2009-02-03 01:47 . 2008-03-07 18:02 98,304 -----c--- c:\windows\system32\dllcache\nlhtml.dll 2009-02-03 01:47 . 2008-03-07 18:02 29,696 -----c--- c:\windows\system32\dllcache\mimefilt.dll 2009-01-31 18:24 . 2009-01-31 18:24 <DIR> d-------- c:\programfiler\Bunkspeed 2009-01-31 18:24 . 2009-01-31 18:24 <DIR> d-------- c:\documents and settings\All Users\Bunkspeed 2009-01-26 01:48 . 2009-01-26 01:48 <DIR> d-------- c:\programfiler\Navigram 2009-01-25 12:26 . 2009-01-25 12:26 <DIR> d-------- c:\programfiler\Spotify 2009-01-25 12:26 . 2009-02-15 04:37 <DIR> d-------- c:\documents and settings\eUnaas\Programdata\Spotify 2009-01-18 03:06 . 2009-01-18 03:06 <DIR> d-------- C:\WTablet . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-15 13:23 --------- d-----w c:\documents and settings\eUnaas\Programdata\WTablet 2009-02-15 09:12 --------- d-----w c:\documents and settings\All Users\Programdata\avg8 2009-02-15 09:09 --------- d-----w c:\documents and settings\eUnaas\Programdata\uTorrent 2009-02-15 03:40 17,829 ----a-w c:\windows\system32\drivers\hosts 2009-02-15 03:33 --------- d-----w c:\programfiler\Xilisoft 2009-02-15 02:59 --------- d-----w c:\programfiler\T-Splines for Rhino 2009-02-15 02:57 --------- d-----w c:\programfiler\SUPERAntiSpyware 2009-02-14 19:54 --------- d-----w c:\programfiler\Malwarebytes' Anti-Malware 2009-02-12 02:01 --------- d-----w c:\documents and settings\All Users\Programdata\Microsoft Help 2009-02-11 09:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-11 09:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-02-06 07:28 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys 2009-02-03 00:47 --------- d-----w c:\programfiler\Windows Desktop Search 2009-02-01 19:20 --------- d-----w c:\documents and settings\eUnaas\Programdata\CoreFTP 2009-01-18 17:38 --------- d-----w c:\documents and settings\eUnaas\Programdata\LimeWire 2009-01-18 02:06 --------- d-----w c:\programfiler\Sony Ericsson 2009-01-17 11:08 --------- d-----w c:\programfiler\AndreaMosaic Beta 2009-01-17 11:07 --------- d-----w c:\programfiler\ISOpen 2009-01-17 11:07 --------- d-----w c:\programfiler\HD Tune Pro 2009-01-14 20:31 --------- d-----w c:\programfiler\Windows Live SkyDrive 2009-01-14 20:31 --------- d-----w c:\programfiler\Windows Live 2009-01-14 20:31 --------- d-----w c:\programfiler\Microsoft 2009-01-14 20:28 --------- d-----w c:\programfiler\Fellesfiler\Windows Live 2009-01-02 11:03 --------- d-----w c:\documents and settings\LocalService\Programdata\WTablet 2009-01-02 10:55 --------- d-----w c:\programfiler\Tablet 2009-01-01 00:57 --------- d-----w c:\programfiler\MSBuild 2009-01-01 00:54 --------- d-----w c:\programfiler\Reference Assemblies 2009-01-01 00:48 --------- d-----w c:\documents and settings\eUnaas\Programdata\Bamboo Scribe 2008-12-31 10:28 --------- d-----w c:\programfiler\Bamboo Scribe 2.6 2008-12-31 10:27 --------- d-----w c:\programfiler\PenLauncher 2008-12-26 20:56 --------- d-----w c:\programfiler\Trend Micro 2008-12-19 17:17 --------- d-----w c:\programfiler\CCleaner 2008-12-19 10:03 --------- d-----w c:\programfiler\DivX 2008-12-16 23:54 --------- d-----w c:\programfiler\Unlocker 2008-12-11 09:11 2,749,736 ----a-w c:\windows\system32\Pen_Tablet.exe 2008-12-11 08:59 186,152 ----a-w c:\windows\system32\Pen_Tablet.dll 2008-12-11 08:50 172,840 ----a-w c:\windows\system32\Wintab32.dll 2008-12-07 19:13 410,984 ----a-w c:\windows\system32\deploytk.dll 2008-12-02 21:37 49,480 ----a-w c:\windows\system32\sirenacm.dll 2008-11-21 21:46 200,704 ----a-w c:\windows\system32\ssldivx.dll 2008-11-21 21:46 1,044,480 ----a-w c:\windows\system32\libdivx.dll 2007-03-13 22:20 35,979 ----a-w c:\programfiler\Photoshop CS3 Read Me.html . ((((((((((((((((((((((((((((( snapshot_2008-12-27_13.33.56,78 ))))))))))))))))))))))))))))))))))))))))) . + 2008-06-20 11:48:03 138,496 ----a-w c:\windows\$hf_mig$\KB951748\SP3QFE\afd.sys + 2008-06-20 17:45:13 147,968 ----a-w c:\windows\$hf_mig$\KB951748\SP3QFE\dnsapi.dll + 2008-06-20 17:45:13 246,784 ----a-w c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll + 2008-06-20 11:59:02 361,600 ----a-w c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys + 2008-06-20 11:16:44 225,856 ----a-w c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip6.sys + 2007-11-30 12:39:50 17,784 ----a-w c:\windows\$hf_mig$\KB951748\spmsg.dll + 2007-11-30 12:39:50 232,824 ----a-w c:\windows\$hf_mig$\KB951748\spuninst.exe + 2007-11-30 12:39:50 26,488 ----a-w c:\windows\$hf_mig$\KB951748\update\spcustom.dll + 2007-11-30 12:39:47 760,696 ----a-w c:\windows\$hf_mig$\KB951748\update\update.exe + 2007-11-30 12:39:48 385,912 ----a-w c:\windows\$hf_mig$\KB951748\update\updspapi.dll + 2008-04-14 07:22:00 147,968 -c----w c:\windows\$NtUninstallKB951748$\dnsapi.dll + 2008-04-14 07:22:14 246,784 -c----w c:\windows\$NtUninstallKB951748$\mswsock.dll + 2007-11-30 12:39:50 232,824 -c----w c:\windows\$NtUninstallKB951748$\spuninst\spuninst.exe + 2007-11-30 12:39:48 385,912 -c----w c:\windows\$NtUninstallKB951748$\spuninst\updspapi.dll + 2008-04-13 10:20:18 361,344 -c----w c:\windows\$NtUninstallKB951748$\tcpip.sys + 2008-04-13 10:00:04 225,664 -c----w c:\windows\$NtUninstallKB951748$\tcpip6.sys + 2009-01-01 00:54:30 151,552 ----a-w c:\windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll + 2009-01-01 00:55:03 3,915,776 ----a-w c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll + 2009-01-01 00:55:05 344,064 ----a-w c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll + 2009-01-01 00:59:43 57,344 ----a-w c:\windows\assembly\GAC_32\VJSharpCodeProvider\2.0.0.0__b03f5f7f11d50a3a\VJSharpCodeProvider.DLL + 2009-01-01 00:59:44 3,637,248 ----a-w c:\windows\assembly\GAC_32\vjslib\2.0.0.0__b03f5f7f11d50a3a\vjslib.dll + 2009-01-01 00:59:44 28,672 ----a-w c:\windows\assembly\GAC_32\vjslibcw\2.0.0.0__b03f5f7f11d50a3a\vjslibcw.dll + 2009-01-01 00:59:45 925,696 ----a-w c:\windows\assembly\GAC_32\VJSSupUILib\2.0.0.0__b03f5f7f11d50a3a\vjssupuilib.dll + 2009-01-01 00:59:45 3,411,968 ----a-w c:\windows\assembly\GAC_32\vjswfc\2.0.0.0__b03f5f7f11d50a3a\vjswfc.dll + 2009-01-01 00:59:42 9,728 ----a-w c:\windows\assembly\GAC_32\VjsWfcBrowserStubLib\2.0.0.0__b03f5f7f11d50a3a\VJSWfcBrowserStubLib.dll + 2009-01-01 00:59:46 185,856 ----a-w c:\windows\assembly\GAC_32\vjswfccw\2.0.0.0__b03f5f7f11d50a3a\vjswfccw.dll + 2009-01-01 00:59:46 1,196,032 ----a-w c:\windows\assembly\GAC_32\vjswfchtml\2.0.0.0__b03f5f7f11d50a3a\vjswfchtml.dll + 2009-01-01 00:59:42 53,248 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.VisualJSharp\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.VisualJSharp.dll + 2009-01-01 00:54:30 352,256 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll + 2009-01-01 00:55:03 593,920 ----a-w c:\windows\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll + 2009-01-01 00:55:03 32,768 ----a-w c:\windows\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll + 2009-01-01 00:55:05 184,320 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll + 2009-01-01 00:55:05 126,976 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll + 2009-01-01 00:55:05 376,832 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll + 2009-01-01 00:55:05 151,552 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll + 2009-01-01 00:55:04 4,972,544 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll + 2009-01-01 00:55:04 897,024 ----a-w c:\windows\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll + 2009-01-01 00:55:05 528,384 ----a-w c:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll + 2009-01-01 00:54:31 94,208 ----a-w c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll + 2009-01-01 00:54:31 126,976 ----a-w c:\windows\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll + 2009-01-01 00:54:31 401,408 ----a-w c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll + 2009-01-01 00:54:31 131,072 ----a-w c:\windows\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll + 2009-01-01 00:54:32 884,736 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll + 2009-01-01 00:54:35 159,744 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll + 2009-01-01 00:54:35 16,384 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll + 2009-01-01 00:54:33 5,623,808 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll + 2009-01-01 00:55:05 688,128 ----a-w c:\windows\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll + 2009-01-01 00:57:06 1,108,784 ----a-w c:\windows\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll + 2009-01-01 00:57:06 1,641,272 ----a-w c:\windows\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll + 2009-01-01 00:57:06 588,592 ----a-w c:\windows\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll + 2009-01-01 00:55:04 163,840 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll + 2009-01-01 00:55:05 372,736 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll + 2009-01-01 00:55:04 32,768 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll + 2009-01-01 00:55:04 86,016 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll + 2009-01-01 00:59:43 16,384 ----a-w c:\windows\assembly\GAC_MSIL\vjscor\2.0.0.0__b03f5f7f11d50a3a\vjscor.dll + 2009-01-01 00:59:47 12,288 ----a-w c:\windows\assembly\GAC_MSIL\vjsjbc\2.0.0.0__b03f5f7f11d50a3a\vjsjbc.dll + 2009-01-01 00:59:47 36,864 ----a-w c:\windows\assembly\GAC_MSIL\vjsvwaux\2.0.0.0__b03f5f7f11d50a3a\vjsvwaux.dll + 2009-01-01 00:55:03 1,167,360 ----a-w c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll + 2009-01-01 00:55:06 81,920 ----a-w c:\windows\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll + 2009-01-01 01:06:53 503,808 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\373d5acced35e392e1f413a69042340d\ComSvcConfig.ni.exe + 2009-01-01 01:07:04 122,880 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Vis#\483f979431f3f900899927aad3ec1abc\Microsoft.Build.VisualJSharp.ni.dll + 2009-01-01 01:06:56 1,114,112 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\019a85babfbe02cecdbb63a65d391aba\Microsoft.Transactions.Bridge.ni.dll + 2009-01-01 01:06:57 401,408 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\cb8d7b6cc6827e9f2d66c4d7ef9b5d54\Microsoft.Transactions.Bridge.Dtc.ni.dll + 2009-01-01 00:55:31 17,920 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\cd0730694ba5927a6efd32129783e1b4\Microsoft.VisualC.ni.dll + 2009-01-01 01:07:07 1,564,672 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\41bd82648d480ec304ea0c04034787bc\PresentationBuildTasks.ni.dll + 2009-01-01 00:56:03 40,448 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\9385f2c37b2e00e06ec3f57153f63a2d\PresentationCFFRasterizer.ni.dll + 2009-01-01 00:56:02 11,980,800 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7e413273e9d6710be8a39dcce2e45c2c\PresentationCore.ni.dll + 2009-01-01 00:56:56 48,640 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\599806acdd6dc0aeed19ebf9d622dcad\PresentationFontCache.ni.exe + 2009-01-01 00:56:52 552,960 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\0766df362854f0330a4a45179773657e\PresentationFramework.Luna.ni.dll + 2009-01-01 00:56:53 274,432 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8aaa2b56f733902cc1ba9d8300d2a0e3\PresentationFramework.Royale.ni.dll + 2009-01-01 00:56:51 241,664 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d87c2740add3b0f86833159ce57c71ec\PresentationFramework.Classic.ni.dll + 2009-01-01 00:56:38 14,659,584 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\de20226274a5739a4b42d8e26b546180\PresentationFramework.ni.dll + 2009-01-01 00:56:55 393,216 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e389aa7f3dd4eb1ee585724f130a79cb\PresentationFramework.Aero.ni.dll + 2009-01-01 00:56:43 1,986,560 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\f97ac4e9c402e98d2b5b7114e4fbbd2a\PresentationUI.ni.dll + 2009-01-01 00:56:48 2,416,640 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\1fe0f79dd0d47e4d1eb474f98a1949fb\ReachFramework.ni.dll + 2009-01-01 01:06:57 139,264 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\0bcc4abbe0c5c3feeda7f711304ac4a0\ServiceModelReg.ni.exe + 2009-01-01 01:06:58 286,720 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\5e3765ee346151c26a3793ddf3a8d6d7\SMDiagnostics.ni.dll + 2009-01-01 01:06:59 323,584 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\c6f33f28f5bb403981ac148da447e3c5\SMSvcHost.ni.exe + 2009-01-01 01:07:15 262,144 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\sysglobl\6a075eb8e0f13de87d1278aa8562d51e\sysglobl.ni.dll + 2009-01-01 00:55:38 163,840 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\c46625ea87db53ccf6194fe17ee05c19\System.Configuration.Install.ni.dll + 2009-01-01 00:55:37 1,183,744 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\1abdb47765d0696a2fc0a1095bac0249\System.Data.OracleClient.ni.dll + 2009-01-01 00:55:30 2,756,608 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\e59504af41afab5e04681af951d9b302\System.Data.SqlXml.ni.dll + 2009-01-01 01:06:17 241,664 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\dd8f551c39409fa95b0c22cf2ee48b65\System.IdentityModel.Selectors.ni.dll + 2009-01-01 01:06:17 978,944 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\581d8571e61ebe24154ae912624c3c9d\System.IdentityModel.ni.dll + 2009-01-01 01:06:18 417,792 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\86cd41998dc72b213d9464b56fe245b9\System.IO.Log.ni.dll + 2009-01-01 00:57:26 655,360 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\00e3750e478bac4913ee7a6c3b7cd392\System.Messaging.ni.dll + 2009-01-01 00:56:50 1,118,208 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\690a965457e274ad13f6b1f9ac2bad4e\System.Printing.ni.dll + 2009-01-01 00:55:34 815,104 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0898f6c1de8cb89413d206e3d6a3ce1d\System.Runtime.Remoting.ni.dll + 2009-01-01 00:55:35 339,968 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\1f5cf8178029f5b959a9af75cb8cfedb\System.Runtime.Serialization.Formatters.Soap.ni.dll + 2009-01-01 01:06:22 2,351,104 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\c4838d300f677f34c9d44ead84b8603b\System.Runtime.Serialization.ni.dll + 2009-01-01 01:06:52 17,354,752 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\7a2bc3302a133e235ec99193c56a0571\System.ServiceModel.ni.dll + 2009-01-01 01:07:14 2,039,808 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\d38908d5c6a11dd7dceaf9bd34adb437\System.Speech.ni.dll + 2009-01-01 00:57:13 2,994,176 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\5e0df5685ce40f838eea52a5f1454b68\System.Workflow.Activities.ni.dll + 2009-01-01 00:57:21 4,587,520 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\2689e361e42d0bb9e3d19f1ecd30c26a\System.Workflow.ComponentModel.ni.dll + 2009-01-01 00:57:25 2,093,056 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\41b6c3a0c115c43c53697efa1607fe49\System.Workflow.Runtime.ni.dll + 2009-01-01 01:07:18 483,328 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\f61803ded1c123ed9ed5849e7dcebf25\UIAutomationClient.ni.dll + 2009-01-01 01:07:20 1,118,208 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\679889309b57024e8abbe80c6c7d48bc\UIAutomationClientsideProviders.ni.dll + 2009-01-01 00:56:03 50,688 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\9865738a916ad3664dd374582b9ea873\UIAutomationProvider.ni.dll + 2009-01-01 00:56:03 196,608 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\71605ce631809dcbfba38842fdf59acf\UIAutomationTypes.ni.dll + 2009-01-01 01:07:21 33,280 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\vjscor\7bfa6c6b09e04f871b1a526ad9e61585\vjscor.ni.dll + 2009-01-01 01:07:21 139,264 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\VJSharpCodeProvider\73df69465d5ebe96d773f10211982c8b\VJSharpCodeProvider.ni.dll + 2009-01-01 01:07:22 34,816 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\vjsjbc\b225faa3a97a77ec9c83331a8918b6c4\vjsjbc.ni.dll + 2009-01-01 01:07:32 8,400,896 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\vjslib\e2f6fc2fdd03fe24d2107f0428ccd06f\vjslib.ni.dll + 2009-01-01 01:07:33 48,640 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\vjslibcw\b77559b13ba8908f71f9caacdfe9bb16\vjslibcw.ni.dll + 2009-01-01 01:07:36 2,678,784 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\VJSSupUILib\329e295461f70df062deec971da4766d\VJSSupUILib.ni.dll + 2009-01-01 01:07:37 50,688 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\vjsvwaux\573be5ea06456de2bee5f4515ec279b2\vjsvwaux.ni.dll + 2009-01-01 01:07:45 7,368,704 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\vjswfc\1217e95baac9bd94bcc27bf2151ce8c1\vjswfc.ni.dll + 2009-01-01 01:07:46 25,600 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\VjsWfcBrowserStubLib\c0840caa7e127833fb680142ede666af\VjsWfcBrowserStubLib.ni.dll + 2009-01-01 01:07:47 450,560 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\vjswfccw\adce92de1af0c3fd84200b730430b115\vjswfccw.ni.dll + 2009-01-01 01:07:51 3,633,152 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\vjswfchtml\913297423e715b760d6d54dae79e6896\vjswfchtml.ni.dll + 2009-01-01 00:55:24 3,260,416 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\50652bfd061ead84841e6c9bfffacfb1\WindowsBase.ni.dll + 2009-01-01 01:07:53 270,336 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\2c96738a6ba8ff9e88889f331590e181\WindowsFormsIntegration.ni.dll + 2009-01-01 01:07:00 380,928 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\02436080d129210828823210ce879fd8\WsatConfig.ni.exe + 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE + 2009-01-31 17:24:46 116,314 ----a-r c:\windows\Installer\{04DD2EE7-31BB-4186-9A30-447283BC26F8}\ARPPRODUCTICON.exe + 2009-01-31 17:24:46 116,314 ----a-r c:\windows\Installer\{04DD2EE7-31BB-4186-9A30-447283BC26F8}\NewShortcut311.1A357AF1_EBAE_4F3B_8305_E4716C08411C.exe + 2009-01-31 17:24:46 116,314 ----a-r c:\windows\Installer\{04DD2EE7-31BB-4186-9A30-447283BC26F8}\NewShortcut3111.1A357AF1_EBAE_4F3B_8305_E4716C08411C.exe + 2009-01-31 17:24:46 121,781 ----a-r c:\windows\Installer\{04DD2EE7-31BB-4186-9A30-447283BC26F8}\NewShortcut4_F376348958A14610A977C033A469E11C.exe + 2009-01-31 17:24:46 121,781 ----a-r c:\windows\Installer\{04DD2EE7-31BB-4186-9A30-447283BC26F8}\NewShortcut5_A6D4EE0F77AA4A4181954ECF65F6F2AC.exe + 2009-01-31 17:24:46 8,854 ----a-r c:\windows\Installer\{04DD2EE7-31BB-4186-9A30-447283BC26F8}\UNINST_Uninstall_h_CA245BFA14CB4E44A00300FC4BF30DF4.exe + 2009-01-14 20:34:21 80,395 ----a-r c:\windows\Installer\{33FE4D58-2D62-4969-8B0F-7F7ACBB7BD23}\MsblIco.Exe - 2008-12-13 02:05:59 1,165,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe + 2009-02-12 02:00:58 1,165,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe - 2008-12-13 02:05:59 20,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe + 2009-02-12 02:00:59 20,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe - 2008-12-13 02:05:59 159,504 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe + 2009-02-12 02:00:58 159,504 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe - 2008-12-13 02:05:59 184,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe + 2009-02-12 02:00:58 184,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe - 2008-12-13 02:05:59 217,864 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe + 2009-02-12 02:00:59 217,864 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe - 2008-12-13 02:05:59 18,704 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe + 2009-02-12 02:00:59 18,704 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe - 2008-12-13 02:05:59 35,088 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe + 2009-02-12 02:00:59 35,088 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe - 2008-12-13 02:05:59 845,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe + 2009-02-12 02:00:58 845,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe - 2008-12-13 02:05:59 922,384 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe + 2009-02-12 02:00:58 922,384 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe - 2008-12-13 02:05:59 272,648 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe + 2009-02-12 02:00:59 272,648 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe - 2008-12-13 02:05:59 888,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe + 2009-02-12 02:00:59 888,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe - 2008-12-13 02:05:59 1,172,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe + 2009-02-12 02:00:58 1,172,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe + 2009-02-11 22:34:29 22,486 ----a-r c:\windows\Installer\{99052DB7-9592-4522-A558-5417BBAD48EE}\ARPPRODUCTICON.exe + 2009-02-11 22:34:29 22,486 ----a-r c:\windows\Installer\{99052DB7-9592-4522-A558-5417BBAD48EE}\WCESMgrIcon.exe + 2007-05-04 19:26:06 63,488 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\vjscui.dll + 2007-05-04 19:26:06 39,424 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\vjslibui.dll + 2007-05-04 19:16:32 612,184 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package - SE\install.exe + 2007-05-04 19:09:32 80,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package - SE\install.res.1028.dll + 2007-05-04 19:09:34 85,504 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package - SE\install.res.1031.dll + 2007-05-04 18:37:56 80,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package - SE\install.res.1033.dll + 2007-05-04 19:09:40 86,016 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package - SE\install.res.1036.dll + 2007-05-04 19:09:42 84,480 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package - SE\install.res.1040.dll + 2007-05-04 19:09:46 80,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package - SE\install.res.1041.dll + 2007-05-04 19:09:48 80,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package - SE\install.res.1042.dll + 2007-05-04 19:09:50 82,944 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package - SE\install.res.1046.dll + 2007-05-04 19:09:52 82,432 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package - SE\install.res.1049.dll + 2007-05-04 19:09:30 80,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package - SE\install.res.2052.dll + 2007-05-04 19:09:38 85,504 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package - SE\install.res.3082.dll + 2007-05-04 19:35:44 245,408 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package - SE\unicows.dll + 2007-05-04 19:09:32 42,496 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package - SE\vjscustom.1028.dll + 2007-05-04 19:09:36 42,496 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package - SE\vjscustom.1031.dll + 2007-05-04 18:42:42 42,496 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package - SE\vjscustom.1033.dll + 2007-05-04 19:09:40 42,496 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package - SE\vjscustom.1036.dll + 2007-05-04 19:09:44 43,008 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package - SE\vjscustom.1040.dll + 2007-05-04 19:09:46 42,496 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package - SE\vjscustom.1041.dll + 2007-05-04 19:09:48 42,496 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package - SE\vjscustom.1042.dll + 2007-05-04 19:09:52 42,496 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package - SE\vjscustom.1046.dll + 2007-05-04 19:09:54 42,496 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package - SE\vjscustom.1049.dll + 2007-05-04 19:09:30 42,496 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package - SE\vjscustom.2052.dll + 2007-05-04 19:09:38 42,496 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package - SE\vjscustom.3082.dll + 2007-05-04 19:26:04 53,248 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.VisualJSharp.dll + 2007-05-04 19:26:04 16,208 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vjc.exe + 2007-05-04 19:26:04 1,375,232 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vjsc.dll + 2007-05-04 19:26:04 16,384 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vjscor.dll + 2007-05-04 19:26:04 57,344 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\VJSharpCodeProvider.DLL + 2007-05-04 19:26:08 12,288 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vjsjbc.dll + 2007-05-04 19:26:04 3,637,248 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vjslib.dll + 2007-05-04 19:26:04 28,672 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vjslibcw.dll + 2007-05-04 19:26:04 177,664 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vjsnativ.dll + 2007-05-04 19:26:04 925,696 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vjssupuilib.dll + 2007-05-04 19:26:08 36,864 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vjsvwaux.dll + 2007-05-04 19:26:04 3,411,968 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vjswfc.dll + 2007-05-04 19:26:04 9,728 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\VJSWfcBrowserStubLib.dll + 2007-05-04 19:26:04 185,856 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vjswfccw.dll + 2007-05-04 19:26:04 1,196,032 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vjswfchtml.dll + 2006-10-30 03:06:24 74,012 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\baseline.dat + 2006-10-30 02:25:56 99,600 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\DeleteTemp.exe + 2006-10-29 22:15:06 220,672 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\dlmgr.dll + 2006-10-29 22:17:56 1,054,720 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\gencomp.dll + 2006-10-29 22:14:26 163,328 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\HtmlLite.dll + 2006-10-30 02:25:54 194,320 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\RebootStub.exe + 2006-10-30 02:25:56 167,176 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\runmsi.exe + 2006-10-30 02:25:56 365,320 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe + 2006-10-30 02:17:12 80,384 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1025.dll + 2006-10-30 02:17:30 80,384 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1028.dll + 2006-10-30 02:17:36 86,016 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1029.dll + 2006-10-30 02:17:44 87,040 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1030.dll + 2006-10-30 02:17:50 89,600 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1031.dll + 2006-10-30 02:17:56 94,208 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1032.dll + 2006-10-30 02:18:10 82,944 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1035.dll + 2006-10-30 02:18:16 91,648 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1036.dll + 2006-10-30 02:18:22 80,384 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1037.dll + 2006-10-30 02:18:30 89,600 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1038.dll + 2006-10-30 02:18:36 88,064 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1040.dll + 2006-10-30 02:18:42 80,384 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1041.dll + 2006-10-30 02:18:48 80,384 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1042.dll + 2006-10-30 02:18:56 87,040 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1043.dll + 2006-10-30 02:19:02 83,968 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1044.dll + 2006-10-30 02:19:08 86,528 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1045.dll + 2006-10-30 02:19:14 84,480 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1046.dll + 2006-10-30 02:19:28 82,944 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1049.dll + 2006-10-30 02:19:34 83,968 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1053.dll + 2006-10-30 02:19:42 82,432 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1055.dll + 2006-10-30 02:17:24 80,384 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.2052.dll + 2006-10-30 02:19:22 90,624 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.2070.dll + 2006-10-30 02:18:02 90,112 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.3082.dll + 2006-10-29 22:15:20 80,384 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.dll + 2006-10-29 22:15:22 1,621,504 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\SITSetup.dll + 2006-10-29 22:16:52 1,139,712 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\vs_setup.dll + 2006-10-29 22:18:26 590,848 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\vs70uimgr.dll + 2006-10-29 22:20:20 541,184 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\vsbasereqs.dll + 2006-10-29 22:18:12 816,128 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\vsscenario.dll + 2006-10-30 02:17:14 98,816 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1025.dll + 2006-10-30 02:17:30 98,816 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1028.dll + 2006-10-30 02:17:38 99,840 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1029.dll + 2006-10-30 02:17:44 99,840 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1030.dll + 2006-10-30 02:17:50 102,400 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1031.dll + 2006-10-30 02:17:58 104,448 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1032.dll + 2006-10-30 02:18:10 98,816 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1035.dll + 2006-10-30 02:18:16 103,424 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1036.dll + 2006-10-30 02:18:24 98,816 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1037.dll + 2006-10-30 02:18:30 102,400 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1038.dll + 2006-10-30 02:18:36 101,376 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1040.dll + 2006-10-30 02:18:42 98,816 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1041.dll + 2006-10-30 02:18:50 98,816 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1042.dll + 2006-10-30 02:18:56 99,840 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1043.dll + 2006-10-30 02:19:02 98,816 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1044.dll + 2006-10-30 02:19:08 99,840 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1045.dll + 2006-10-30 02:19:16 99,328 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1046.dll + 2006-10-30 02:19:28 98,816 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1049.dll + 2006-10-30 02:19:36 98,816 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1053.dll + 2006-10-30 02:19:42 98,816 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1055.dll + 2006-10-30 02:17:24 98,816 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.2052.dll + 2006-10-30 02:19:22 101,376 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.2070.dll + 2006-10-30 02:18:04 102,400 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.3082.dll + 2006-10-29 22:18:36 98,816 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.dll + 2006-10-29 22:19:30 1,103,872 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapUI.dll + 2006-10-30 02:34:02 159,744 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe + 2006-10-30 02:33:58 741,376 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe + 2009-01-01 00:54:24 626,440 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\install.exe + 2009-01-01 00:54:24 80,896 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\install.res.1033.dll + 2006-10-30 02:34:00 352,256 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.dll + 2006-10-30 02:34:00 151,552 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.Dtc.dll + 2006-10-30 02:34:02 2,560 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll + 2006-10-30 02:34:02 61,440 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe + 2006-10-30 02:34:02 11,264 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceMonikerSupport.dll + 2006-10-30 02:34:00 94,208 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMDiagnostics.dll + 2006-10-30 02:34:02 122,880 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe + 2006-10-30 02:34:02 884,736 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll + 2006-10-30 02:34:02 5,623,808 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll + 2006-10-30 02:34:00 159,744 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.Install.dll + 2006-10-30 02:34:00 16,384 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll + 2006-10-30 02:34:02 143,360 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe + 2006-07-25 20:32:00 14,648 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\PerformanceCounterInstaller.exe + 2006-10-20 15:08:52 797,696 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\NaturalLanguage6.dll + 2006-10-20 15:09:02 4,874,240 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\NlsData0009.dll + 2006-10-20 13:03:40 2,628,608 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\NlsLexicons0009.dll + 2006-10-20 20:29:46 72,992 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\PenIMC.dll + 2006-10-20 20:21:24 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationCFFRasterizer.dll + 2006-10-20 20:21:24 36,864 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe + 2006-10-20 20:29:52 106,272 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll + 2006-10-20 20:21:26 897,024 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationUI.dll + 2006-10-20 20:21:26 14,848 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\XamlViewer\XamlViewer_v0300.exe + 2007-05-04 19:26:04 2,560 ----a-w c:\windows\Microsoft.NET\Framework\VJSharp\VJSharpSxS10.dll + 2007-05-04 19:26:08 94,720 ----a-w c:\windows\Microsoft.NET\Framework\VJSharp\vjshost.dll + 2007-05-04 19:26:04 68,608 ----a-w c:\windows\Microsoft.NET\Framework\VJSharp\VJSWfcHost.dll - 2000-08-31 07:00:00 28,672 ----a-w c:\windows\NIRCMD.exe + 2000-08-31 07:00:00 29,696 ----a-w c:\windows\NIRCMD.exe + 2006-12-31 02:16:36 313,344 ----a-w c:\windows\system32\avisynth.dll + 2006-11-13 16:54:34 22,824 ----a-w c:\windows\system32\ceutil.dll + 2004-05-26 12:37:34 719,872 ----a-w c:\windows\system32\devil.dll + 2008-06-20 17:49:37 147,968 -c----w c:\windows\system32\dllcache\dnsapi.dll + 2006-10-14 15:43:18 27,648 -c----w c:\windows\system32\dllcache\FilterPipelinePrintProc.dll + 2008-04-14 08:22:04 21,504 -c--a-w c:\windows\system32\dllcache\hidserv.dll + 2008-04-14 07:50:12 14,592 -c--a-w c:\windows\system32\dllcache\kbdhid.sys + 2008-04-14 07:38:02 22,912 -c--a-w c:\windows\system32\dllcache\mouclass.sys + 2001-10-06 12:36:32 12,160 -c--a-w c:\windows\system32\dllcache\mouhid.sys + 2008-06-20 17:49:37 246,784 -c----w c:\windows\system32\dllcache\mswsock.dll + 2006-10-14 15:44:44 671,744 -c----w c:\windows\system32\dllcache\PrintFilterPipelineSvc.exe - 2008-09-08 10:41:42 333,824 -c----w c:\windows\system32\dllcache\srv.sys + 2008-12-11 10:57:09 333,952 -c----w c:\windows\system32\dllcache\srv.sys + 2008-06-20 11:51:12 361,600 -c----w c:\windows\system32\dllcache\tcpip.sys + 2008-06-20 11:08:27 225,856 -c----w c:\windows\system32\dllcache\tcpip6.sys + 2006-10-14 19:21:58 580,352 -c----w c:\windows\system32\dllcache\XPSSHHDR.dll + 2006-10-14 19:22:00 1,698,048 -c----w c:\windows\system32\dllcache\XpsSvcs.dll - 2008-04-14 07:22:00 147,968 ----a-w c:\windows\system32\dnsapi.dll + 2008-06-20 17:49:37 147,968 ----a-w c:\windows\system32\dnsapi.dll - 2008-07-07 06:03:26 26,824 ----a-w c:\windows\system32\drivers\avgmfx86.sys + 2009-02-06 07:28:49 27,656 ----a-w c:\windows\system32\drivers\avgmfx86.sys + 2008-04-14 07:50:12 14,592 ----a-w c:\windows\system32\drivers\kbdhid.sys - 2008-04-14 06:38:02 22,912 ----a-w c:\windows\system32\drivers\mouclass.sys + 2008-04-14 07:38:02 22,912 ----a-w c:\windows\system32\drivers\mouclass.sys - 2001-10-09 12:00:00 12,160 ----a-w c:\windows\system32\drivers\mouhid.sys + 2001-10-06 12:36:32 12,160 ----a-w c:\windows\system32\drivers\mouhid.sys - 2008-09-08 10:41:42 333,824 ----a-w c:\windows\system32\drivers\srv.sys + 2008-12-11 10:57:09 333,952 ----a-w c:\windows\system32\drivers\srv.sys - 2008-04-13 10:20:18 361,344 ----a-w c:\windows\system32\drivers\tcpip.sys + 2008-06-20 11:51:12 361,600 ----a-w c:\windows\system32\drivers\tcpip.sys - 2008-04-13 10:00:04 225,664 ----a-w c:\windows\system32\drivers\tcpip6.sys + 2008-06-20 11:08:27 225,856 ----a-w c:\windows\system32\drivers\tcpip6.sys + 2008-10-06 09:53:24 15,656 ----a-w c:\windows\system32\drivers\wacmoumonitor.sys + 2007-02-16 09:12:36 11,312 ----a-w c:\windows\system32\drivers\wacommousefilter.sys + 2008-08-18 13:45:00 13,352 ----a-w c:\windows\system32\drivers\wacomvhid.sys + 2007-02-15 14:11:28 11,440 ----a-w c:\windows\system32\drivers\WacomVKHid.sys + 2006-10-20 20:29:46 69,408 ----a-w c:\windows\system32\dxva2.dll + 2008-03-19 14:40:12 24,064 ----a-w c:\windows\system32\ergomon.dll + 2008-03-19 14:40:14 15,872 ----a-w c:\windows\system32\ergoui.dll + 2006-10-20 20:30:00 478,496 ----a-w c:\windows\system32\evr.dll - 2008-12-14 02:14:11 7,231,488 ----a-w c:\windows\system32\FNTCACHE.DAT + 2009-01-02 11:03:35 7,231,600 ----a-w c:\windows\system32\FNTCACHE.DAT + 2008-04-14 08:22:04 21,504 ----a-w c:\windows\system32\hidserv.dll + 2006-10-30 02:33:58 556,296 ----a-w c:\windows\system32\icardagt.exe + 2006-10-30 02:33:58 9,480 ----a-w c:\windows\system32\icardres.dll + 2006-10-30 02:33:58 83,968 ----a-w c:\windows\system32\infocardapi.dll - 2008-09-03 22:55:38 4,478,680 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32.dll + 2008-03-25 03:21:18 2,889,088 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32.dll - 2008-09-03 22:55:38 233,176 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe + 2008-03-25 03:21:20 218,496 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe - 2008-12-14 01:43:32 85,020 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe + 2009-01-01 00:53:11 70,264 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe + 2006-10-20 20:30:06 1,980,704 ----a-w c:\windows\system32\milcore.dll - 2008-04-14 07:22:08 29,696 ----a-w c:\windows\system32\mimefilt.dll + 2008-03-07 17:02:08 29,696 ----a-w c:\windows\system32\mimefilt.dll - 2008-12-09 23:24:37 17,593,280 ----a-w c:\windows\system32\MRT.exe + 2009-02-03 23:21:12 21,244,864 ----a-w c:\windows\system32\MRT.exe - 2007-02-05 13:30:16 23,552 ------w c:\windows\system32\msscb.dll + 2008-05-26 21:17:44 34,816 ------w c:\windows\system32\msscb.dll - 2007-02-05 13:29:24 51,200 ------w c:\windows\system32\msscntrs.dll + 2008-05-26 21:17:26 60,416 ------w c:\windows\system32\msscntrs.dll + 2008-05-26 21:17:38 11,776 ------w c:\windows\system32\msshooks.dll - 2007-02-05 13:35:38 248,320 ------w c:\windows\system32\msshsq.dll + 2008-05-26 21:18:34 231,936 ------w c:\windows\system32\msshsq.dll - 2007-02-05 13:29:14 98,816 ------w c:\windows\system32\mssitlb.dll + 2008-05-26 21:17:26 87,552 ------w c:\windows\system32\mssitlb.dll - 2007-02-05 13:33:54 331,776 ------w c:\windows\system32\mssph.dll + 2008-05-26 21:18:26 350,208 ------w c:\windows\system32\mssph.dll - 2007-02-05 13:35:24 167,424 ------w c:\windows\system32\mssphtb.dll + 2008-05-26 21:18:56 203,776 ------w c:\windows\system32\mssphtb.dll - 2007-02-05 13:28:56 32,256 ------w c:\windows\system32\mssprxy.dll + 2008-05-26 21:17:28 32,768 ------w c:\windows\system32\mssprxy.dll - 2007-02-05 13:43:06 1,481,728 ------w c:\windows\system32\mssrch.dll + 2008-05-26 21:21:26 1,418,240 ------w c:\windows\system32\mssrch.dll - 2007-02-05 13:36:48 52,224 ------w c:\windows\system32\msstrc.dll + 2008-05-26 21:18:42 44,032 ------w c:\windows\system32\msstrc.dll - 2008-04-14 07:22:14 246,784 ----a-w c:\windows\system32\mswsock.dll + 2008-06-20 17:49:37 246,784 ----a-w c:\windows\system32\mswsock.dll - 2008-04-14 07:22:16 98,304 ----a-w c:\windows\system32\nlhtml.dll + 2008-03-07 17:02:08 98,304 ----a-w c:\windows\system32\nlhtml.dll - 2007-02-05 13:40:56 260,096 ------w c:\windows\system32\oeph.dll + 2008-05-26 21:19:36 273,408 ------w c:\windows\system32\oeph.dll - 2007-02-05 13:24:36 11,264 ------w c:\windows\system32\oephRes.dll + 2008-05-26 21:19:16 11,264 ------w c:\windows\system32\oephRes.dll - 2008-04-14 07:22:18 192,000 ----a-w c:\windows\system32\offfilt.dll + 2008-03-07 17:02:08 192,000 ----a-w c:\windows\system32\offfilt.dll - 2008-12-27 04:17:55 60,624 ----a-w c:\windows\system32\perfc009.dat + 2009-02-15 04:16:38 68,404 ----a-w c:\windows\system32\perfc009.dat - 2008-12-27 04:17:55 77,514 ----a-w c:\windows\system32\perfc014.dat + 2009-02-15 04:16:38 85,294 ----a-w c:\windows\system32\perfc014.dat - 2008-12-27 04:17:55 400,464 ----a-w c:\windows\system32\perfh009.dat + 2009-02-15 04:16:38 435,760 ----a-w c:\windows\system32\perfh009.dat - 2008-12-27 04:17:55 425,176 ----a-w c:\windows\system32\perfh014.dat + 2009-02-15 04:16:38 459,522 ----a-w c:\windows\system32\perfh014.dat + 2008-06-10 06:38:46 278,528 ----a-w c:\windows\system32\pncrt.dll + 2004-11-15 06:10:55 647,168 ----a-w c:\windows\system32\pqdvdb.dll + 2006-10-20 20:29:52 104,224 ----a-w c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll + 2006-10-20 20:29:58 344,352 ----a-w c:\windows\system32\PresentationHost.exe + 2006-10-20 20:29:46 20,768 ----a-w c:\windows\system32\PresentationHostProxy.dll + 2006-10-20 20:30:02 769,312 ----a-w c:\windows\system32\PresentationNative_v0300.dll + 2006-10-14 15:43:38 124,416 ------w c:\windows\system32\prntvpt.dll - 2007-02-05 13:32:02 65,536 ------w c:\windows\system32\propdefs.dll + 2008-05-26 21:18:08 71,680 ------w c:\windows\system32\propdefs.dll - 2007-02-05 13:28:46 733,696 ------w c:\windows\system32\propsys.dll + 2008-05-26 21:17:48 754,176 ------w c:\windows\system32\propsys.dll + 2006-11-13 16:55:10 138,024 ----a-w c:\windows\system32\rapi.dll + 2006-08-24 15:15:06 150,808 ----a-w c:\windows\system32\rgb9rast_2.dll + 2008-06-10 12:00:20 181,736 ----a-w c:\windows\system32\rmoc3260.dll - 2007-02-05 13:36:08 27,136 ------w c:\windows\system32\rtffilt.dll + 2008-05-26 21:18:32 38,400 ------w c:\windows\system32\rtffilt.dll - 2007-02-05 13:31:10 76,800 ------w c:\windows\system32\searchfilterhost.exe + 2008-05-26 21:17:56 87,552 ------w c:\windows\system32\searchfilterhost.exe - 2007-02-05 13:34:38 300,032 ------w c:\windows\system32\searchindexer.exe + 2008-05-26 21:18:44 439,808 ------w c:\windows\system32\searchindexer.exe - 2007-02-05 13:32:28 182,784 ------w c:\windows\system32\searchprotocolhost.exe + 2008-05-26 21:18:18 184,832 ------w c:\windows\system32\searchprotocolhost.exe - 2007-11-30 12:39:50 17,784 ------w c:\windows\system32\spmsg.dll + 2008-07-09 07:44:41 17,784 ------w c:\windows\system32\spmsg.dll + 2006-06-29 12:07:36 14,048 ------w c:\windows\system32\spmsg2.dll + 2006-10-14 15:43:18 751,104 ----a-w c:\windows\system32\spool\drivers\w32x86\3\mxdwdrv.dll + 2006-10-14 15:42:40 131,584 ----a-w c:\windows\system32\spool\drivers\w32x86\3\mxdwdui.dll - 2006-12-20 10:50:04 269,824 ----a-w c:\windows\system32\spool\drivers\w32x86\3\UNIDRV.DLL + 2006-10-14 15:42:18 376,320 ----a-w c:\windows\system32\spool\drivers\w32x86\3\unidrv.dll - 2006-12-20 10:43:48 197,632 ----a-w c:\windows\system32\spool\drivers\w32x86\3\UNIDRVUI.DLL + 2006-10-14 15:42:28 510,464 ----a-w c:\windows\system32\spool\drivers\w32x86\3\unidrvui.dll - 2006-12-20 10:43:46 619,520 ----a-w c:\windows\system32\spool\drivers\w32x86\3\UNIRES.DLL + 2006-10-14 15:40:36 619,008 ----a-w c:\windows\system32\spool\drivers\w32x86\3\unires.dll + 2006-10-14 19:22:00 1,698,048 ----a-w c:\windows\system32\spool\drivers\w32x86\3\XpsSvcs.dll + 2006-10-14 15:43:18 27,648 ----a-w c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll + 2006-10-14 15:44:44 671,744 ------w c:\windows\system32\spool\prtprocs\w32x86\PrintFilterPipelineSvc.exe + 2006-10-14 16:13:02 34,304 ----a-w c:\windows\system32\spool\prtprocs\x64\filterpipelineprintproc.dll + 2006-10-14 16:12:14 737,792 ----a-w c:\windows\system32\spool\XPSEP\amd64\amd64\mxdwdrv.dll + 2006-10-14 19:09:04 2,946,304 ----a-w c:\windows\system32\spool\XPSEP\amd64\amd64\xpssvcs.dll + 2006-10-14 16:12:14 737,792 ----a-w c:\windows\system32\spool\XPSEP\amd64\mxdwdrv.dll + 2006-10-14 19:09:04 2,946,304 ----a-w c:\windows\system32\spool\XPSEP\amd64\xpssvcs.dll + 2006-10-14 15:43:18 751,104 ----a-w c:\windows\system32\spool\XPSEP\i386\i386\mxdwdrv.dll + 2006-10-14 19:22:00 1,698,048 ----a-w c:\windows\system32\spool\XPSEP\i386\i386\xpssvcs.dll + 2006-10-14 15:43:18 751,104 ----a-w c:\windows\system32\spool\XPSEP\i386\mxdwdrv.dll + 2006-10-14 19:22:00 1,698,048 ----a-w c:\windows\system32\spool\XPSEP\i386\xpssvcs.dll - 2007-02-05 13:29:12 255,488 ------w c:\windows\system32\srchadmin.dll + 2008-05-26 21:17:30 301,568 ------w c:\windows\system32\srchadmin.dll - 2007-02-05 12:24:26 99,999 ------w c:\windows\system32\structuredqueryschema.bin + 2008-05-26 20:59:40 106,605 ------w c:\windows\system32\structuredqueryschema.bin - 2007-02-05 12:24:28 18,271 ------w c:\windows\system32\structuredqueryschematrivial.bin + 2008-05-26 20:59:42 18,904 ------w c:\windows\system32\structuredqueryschematrivial.bin + 2008-07-25 09:12:42 229,376 ----a-w c:\windows\system32\tbb.dll - 2007-02-05 13:42:10 1,504,768 ------w c:\windows\system32\tquery.dll + 2008-05-26 21:21:08 1,582,592 ------w c:\windows\system32\tquery.dll + 2006-10-20 20:29:54 159,008 ----a-w c:\windows\system32\UIAutomationCore.dll - 2007-02-05 13:40:58 98,304 ------w c:\windows\system32\UncCplExt.dll + 2008-05-26 21:19:20 97,792 ------w c:\windows\system32\UncCplExt.dll - 2007-02-05 13:41:06 134,656 ------w c:\windows\system32\UncDMS.dll + 2008-05-26 21:19:22 143,872 ------w c:\windows\system32\UncDMS.dll - 2007-02-05 13:41:04 108,544 ------w c:\windows\system32\UncNE.dll + 2008-05-26 21:19:28 108,032 ------w c:\windows\system32\UncNE.dll - 2007-02-05 13:41:14 122,368 ------w c:\windows\system32\UncPH.dll + 2008-05-26 21:19:28 131,072 ------w c:\windows\system32\UncPH.dll - 2007-02-05 13:24:38 2,048 ------w c:\windows\system32\UncRes.dll + 2008-05-26 21:19:26 2,048 ------w c:\windows\system32\UncRes.dll + 2008-12-11 09:12:00 159,528 ----a-w c:\windows\system32\WTablet\Pen_TabletUser.exe - 2007-02-05 13:36:06 111,104 ------w c:\windows\system32\xmlfilter.dll + 2008-05-26 21:18:34 56,320 ------w c:\windows\system32\xmlfilter.dll + 2006-10-14 19:21:58 580,352 ------w c:\windows\system32\XPSSHHDR.dll + 2006-10-14 19:22:00 1,698,048 ------w c:\windows\system32\XpsSvcs.dll + 2006-10-20 20:29:54 304,928 ----a-w c:\windows\system32\XPSViewer\XPSViewer.exe + 2009-02-15 13:23:16 16,384 ----atw c:\windows\temp\Perflib_Perfdata_264.dat . -- Snapshot resatt til dagens dato -- . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2008-12-02 3882312] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "mRouterConfig"="c:\programfiler\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe" [2006-03-02 290816] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programfiler\Fellesfiler\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136] "SUPERAntiSpyware"="c:\programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-02-01 1830128] "H/PC Connection Agent"="c:\programfiler\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\System32\igfxtray.exe" [2005-04-05 94208] "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2005-04-05 77824] "Persistence"="c:\windows\System32\igfxpers.exe" [2005-04-05 114688] "GrooveMonitor"="c:\programfiler\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2008-12-07 136600] "Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "Adobe Photo Downloader"="c:\programfiler\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe" [2008-04-01 61440] "NeroFilterCheck"="c:\programfiler\Fellesfiler\Nero\Lib\NeroCheck.exe" [2008-02-28 570664] "NBKeyScan"="c:\programfiler\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-06 1601304] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "Jet Detection"="c:\programfiler\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-20 8429568] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-20 81920] "PC Suite for Smartphones"="c:\programfiler\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" [2007-12-25 548864] "AdobeCS4ServiceManager"="c:\programfiler\Fellesfiler\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "QuickTime Task"="c:\programfiler\QuickTime\qttask.exe" [2008-11-04 413696] "iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe" [2008-11-20 290088] "Adobe Acrobat Speed Launcher"="c:\programfiler\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232] "Acrobat Assistant 8.0"="c:\programfiler\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376] "csrcpr"="c:\windows\system32\csrcpr.exe" [2009-02-15 34030] "faxmgr"="c:\windows\system32\faxmgr.exe" [2009-02-15 28628] "wrm32"="c:\windows\system32\wrm32.exe" [2009-02-15 27668] "vcmc32"="c:\windows\system32\vcmc32.exe" [2009-02-15 24920] "iesrv"="c:\windows\system32\iesrv.exe" [2009-02-15 33426] "msesrv"="c:\windows\system32\msesrv.exe" [2009-02-15 28440] "WINDVDPatch"="CTHELPER.EXE" [2002-07-02 c:\windows\system32\CTHELPER.EXE] "nwiz"="nwiz.exe" [2007-04-20 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\eUnaas\Start-meny\Programmer\Oppstart\ MagicDisc.lnk - c:\programfiler\MagicDisc\MagicDisc.exe [2008-11-01 575488] OneNote 2007 Screen Clipper og Launcher.lnk - c:\programfiler\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ Windows Search.lnk - c:\programfiler\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programfiler\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-31 21:29 356352 c:\programfiler\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-02-06 08:28 10520 c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3fhg"= mp3fhg.acm "msacm.divxa32"= divxa32.acm "VIDC.X264"= x264vfw.dll "VIDC.HFYU"= huffyuv.dll "vidc.i263"= i263_32.drv [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:90a4b489570 [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programfiler\\uTorrent\\uTorrent.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Programfiler\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Programfiler\\Intuwave\\Shared\\mRouterRuntime\\mRouterRuntime.exe"= "c:\\Programfiler\\LimeWire\\LimeWire.exe"= "c:\\Programfiler\\Sony Ericsson\\Mobile4\\Sync Manager\\DXP SyncML.exe"= "c:\\Programfiler\\AVG\\AVG8\\avgupd.exe"= "c:\\Programfiler\\Sony Ericsson\\Update Service\\Update Service.exe"= "c:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "c:\\Programfiler\\Rhinoceros 4.0\\System\\Rhino4.exe"= "c:\\Programfiler\\Autodesk\\3ds Max 2008\\3dsmax.exe"= "c:\\Programfiler\\Fellesfiler\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\Programfiler\\iTunes\\iTunes.exe"= "skp66.exe"= skp66.exe:BNDMSS "cleannt.exe"= cleannt.exe:BNDMSS "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programfiler\\Spotify\\spotify.exe"= "c:\programfiler\Microsoft ActiveSync\rapimgr.exe"= c:\programfiler\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\programfiler\Microsoft ActiveSync\wcescomm.exe"= c:\programfiler\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\programfiler\Microsoft ActiveSync\WCESMgr.exe"= c:\programfiler\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:TCP"= 5353:TCP:Adobe CSI CS4 "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-07-06 325128] R1 SASDIFSV;SASDIFSV;c:\programfiler\SUPERAntiSpyware\sasdifsv.sys [2008-11-17 8944] R1 SASKUTIL;SASKUTIL;c:\programfiler\SUPERAntiSpyware\SASKUTIL.SYS [2008-11-17 55024] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-06 298264] R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-01-02 2749736] R3 SASENUM;SASENUM;c:\programfiler\SUPERAntiSpyware\SASENUM.SYS [2008-11-17 7408] S2 HDD & SSD access service;HDD & SSD access service;c:\programfiler\Fellesfiler\BinarySense\disksvc.exe --> c:\programfiler\Fellesfiler\BinarySense\disksvc.exe [?] S3 UltraMonMirror;UltraMonMirror;c:\windows\system32\DRIVERS\UltraMonMirror.sys --> c:\windows\system32\DRIVERS\UltraMonMirror.sys [?] S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl.sys --> c:\windows\system32\Drivers\usbaapl.sys [?] S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2009-01-02 15656] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-02-10 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.google.no/ uInternet Settings,ProxyOverride = *.local IE: Append Link Target to Existing PDF - c:\programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\programfiler\CoreFTP\pftpns.dll DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} - hxxp://www.navigram.com/engine/v911/Navigram.cab DPF: {8AC7E0D3-34B8-11D5-A617-00D0B7838ECB} - hxxps://rootxtra01.hafslund.no/include/launcher/WCAFLauncher.CAB FF - ProfilePath - c:\documents and settings\eUnaas\Programdata\Mozilla\Firefox\Profiles\4a4w5d3l.default\ FF - component: c:\documents and settings\eUnaas\Programdata\Mozilla\Firefox\Profiles\4a4w5d3l.default\extensions\[email protected]\components\BkMrkExt.dll FF - plugin: c:\documents and settings\eUnaas\Lokale innstillinger\Programdata\myVRnpapi\npmyvr.dll FF - plugin: c:\programfiler\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\programfiler\Mozilla Firefox\plugins\npOGAPlugin.dll ---- FIREFOX POLICIES ---- c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-15 14:23:57 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version] "Version"=hex:ab,c3,b8,3c,f1,72,66,e2,bf,75,85,74,61,f7,79,7e,4b,62,5a,91,b6, 69,82,4e,a4,1c,13,8a,05,3e,10,88,29,ab,e2,c4,34,0d,81,f4,76,e9,ad,a5,45,1a,\ [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\run\OptionalComponents] @DACL=(02 0000) @="" [HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version] "Version"=hex:ab,c3,b8,3c,f1,72,66,e2,bf,75,85,74,61,f7,79,7e,4b,62,5a,91,b6, 69,82,4e,a4,1c,13,8a,05,3e,10,88,29,ab,e2,c4,34,0d,81,f4,76,e9,ad,a5,45,1a,\ . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(660) c:\programfiler\SUPERAntiSpyware\SASWINLO.DLL c:\programfiler\Fellesfiler\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\programfiler\Fellesfiler\Autodesk Shared\Service\AdskScSrv.exe c:\programfiler\Bonjour\mDNSResponder.exe c:\programfiler\Java\jre6\bin\jqs.exe c:\programfiler\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\IoctlSvc.exe c:\windows\system32\wdfmgr.exe c:\programfiler\AVG\AVG8\avgrsx.exe c:\windows\system32\searchindexer.exe c:\windows\system32\WTablet\Pen_TabletUser.exe c:\windows\system32\rundll32.exe c:\programfiler\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe c:\programfiler\iPod\bin\iPodService.exe c:\progra~1\MI3AA1~1\rapimgr.exe c:\programfiler\Fellesfiler\Nero\Lib\NMIndexingService.exe c:\programfiler\Fellesfiler\Teleca Shared\Generic.exe c:\programfiler\Fellesfiler\Teleca Shared\logger.exe c:\progra~1\Symbian\Shared\SYMBIA~1\SYMBIA~1.EXE c:\progra~1\Symbian\Shared\SYMBIA~1\SCBAL.exe c:\programfiler\Mozilla Firefox\firefox.exe . ************************************************************************** . Tidspunkt ferdig: 2009-02-15 14:29:59 - maskinen ble startet på nytt ComboFix-quarantined-files.txt 2009-02-15 13:29:55 ComboFix2.txt 2008-12-27 12:34:26 ComboFix3.txt 2008-12-27 04:09:46 ComboFix4.txt 2008-12-26 20:49:34 ComboFix5.txt 2009-02-15 13:15:57 Pre-Run: 7 877 275 648 byte ledig Post-Run: 8,177,868,800 byte ledig 740 --- E O F --- 2009-02-12 02:03:01 ...Jeg har nå kjørt Malewarebytes, Combofix, AVG, SuperAntiSpyware +++div diverse ganger, jeg fjerner et dusinvis av problemer hver gang, likevell, så er det problemene der etter bare noen minutter... Er det en slags smittefil som ligger og lurer ett sted? Endret 16. februar 2009 av eunaas Lenke til kommentar
norbat Skrevet 15. februar 2009 Del Skrevet 15. februar 2009 Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Post loggen. File:: c:\documents and settings\eUnaas\apow32.exe c:\windows\system32\msesrv.exe c:\windows\system32\iesrv.exe c:\documents and settings\eUnaas\mscupdate.exe c:\documents and settings\eUnaas\onbar2.exe c:\windows\system32\vcmc32.exe c:\windows\system32\wrm32.exe c:\documents and settings\eUnaas\csrcpr.exe c:\windows\system32\csrcpr.exe c:\windows\system32\faxmgr.exe c:\documents and settings\eUnaas\tinymgr.exe c:\documents and settings\eUnaas\cmgrpr.exe c:\documents and settings\eUnaas\csrcss.exe c:\documents and settings\eUnaas\opti.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "csrcpr"=- "faxmgr"- "wrm32"=- "vcmc32"- "iesrv"=- "msesrv"=- [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "skp66.exe"=- "cleannt.exe"=- Lenke til kommentar
eUnaas Skrevet 15. februar 2009 Forfatter Del Skrevet 15. februar 2009 Takker. Alle problemer virker å være løst. Brannmuren er til og med oppe å går! Lenke til kommentar
norbat Skrevet 15. februar 2009 Del Skrevet 15. februar 2009 Post den nye combofix loggen, eunaas. Lenke til kommentar
eUnaas Skrevet 16. februar 2009 Forfatter Del Skrevet 16. februar 2009 ComboFix 09-02-15.01 - eUnaas 2009-02-16 16:22:25.17 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.2814.2067 [GMT 1:00] Kjører fra: c:\documents and settings\eUnaas\Skrivebord\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) * Opprettet nytt gjenopprettingspunkt . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013 c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\reg32.exe H:\autorun.inf . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-01-16 til 2009-02-16 ))))))))))))))))))))))))))))))))) . 2009-02-15 16:16 . 2009-02-15 16:16 <DIR> d-------- c:\documents and settings\eUnaas\Programdata\HDRsoft 2009-02-15 15:55 . 2009-02-15 15:55 <DIR> d-------- c:\programfiler\PhotomatixPro3 2009-02-15 04:16 . 2009-02-15 04:16 <DIR> d-------- c:\documents and settings\eUnaas\Programdata\Red Kawa 2009-02-15 04:14 . 2009-02-15 04:14 <DIR> d-------- c:\programfiler\PQDVD 2009-02-15 04:05 . 2009-02-15 04:05 <DIR> d-------- c:\programfiler\Red Kawa 2009-02-15 04:05 . 2009-02-15 04:05 <DIR> d-------- c:\programfiler\AviSynth 2.5 2009-02-15 00:19 . 2009-02-15 00:19 <DIR> d-------- c:\documents and settings\eUnaas\Programdata\Lucis 2009-02-15 00:11 . 2009-02-15 00:11 41 --a------ c:\windows\ars-dat0169.conf 2009-02-11 23:44 . 2009-02-11 23:44 <DIR> d-------- c:\windows\system32\LogFiles 2009-02-11 23:34 . 2009-02-11 23:34 <DIR> d-------- c:\programfiler\Microsoft ActiveSync 2009-02-06 08:28 . 2009-02-06 08:28 10,520 --a------ c:\windows\system32\avgrsstx.dll 2009-02-03 01:51 . 2009-02-03 01:51 <DIR> d-------- c:\documents and settings\eUnaas\Programdata\Windows Search 2009-02-03 01:49 . 2009-02-03 01:49 <DIR> d-------- c:\documents and settings\eUnaas\Programdata\Windows Desktop Search 2009-02-03 01:47 . 2009-02-03 01:47 <DIR> d-------- c:\windows\system32\GroupPolicy 2009-02-03 01:47 . 2008-03-07 18:02 192,000 -----c--- c:\windows\system32\dllcache\offfilt.dll 2009-02-03 01:47 . 2008-03-07 18:02 98,304 -----c--- c:\windows\system32\dllcache\nlhtml.dll 2009-02-03 01:47 . 2008-03-07 18:02 29,696 -----c--- c:\windows\system32\dllcache\mimefilt.dll 2009-01-31 18:24 . 2009-01-31 18:24 <DIR> d-------- c:\programfiler\Bunkspeed 2009-01-31 18:24 . 2009-01-31 18:24 <DIR> d-------- c:\documents and settings\All Users\Bunkspeed 2009-01-26 01:48 . 2009-01-26 01:48 <DIR> d-------- c:\programfiler\Navigram 2009-01-25 12:26 . 2009-01-25 12:26 <DIR> d-------- c:\programfiler\Spotify 2009-01-25 12:26 . 2009-02-16 16:26 <DIR> d-------- c:\documents and settings\eUnaas\Programdata\Spotify 2009-01-18 03:06 . 2009-01-18 03:06 <DIR> d-------- C:\WTablet . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-15 22:01 --------- d-----w c:\documents and settings\eUnaas\Programdata\CoreFTP 2009-02-15 14:55 --------- d-----w c:\documents and settings\eUnaas\Programdata\uTorrent 2009-02-15 14:39 --------- d-----w c:\documents and settings\eUnaas\Programdata\WTablet 2009-02-15 09:12 --------- d-----w c:\documents and settings\All Users\Programdata\avg8 2009-02-15 03:40 17,829 ----a-w c:\windows\system32\drivers\hosts 2009-02-15 03:33 --------- d-----w c:\programfiler\Xilisoft 2009-02-15 02:59 --------- d-----w c:\programfiler\T-Splines for Rhino 2009-02-15 02:57 --------- d-----w c:\programfiler\SUPERAntiSpyware 2009-02-14 19:54 --------- d-----w c:\programfiler\Malwarebytes' Anti-Malware 2009-02-12 02:01 --------- d-----w c:\documents and settings\All Users\Programdata\Microsoft Help 2009-02-11 09:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-11 09:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-02-06 07:28 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys 2009-02-03 00:47 --------- d-----w c:\programfiler\Windows Desktop Search 2009-01-18 17:38 --------- d-----w c:\documents and settings\eUnaas\Programdata\LimeWire 2009-01-18 02:06 --------- d-----w c:\programfiler\Sony Ericsson 2009-01-17 11:08 --------- d-----w c:\programfiler\AndreaMosaic Beta 2009-01-17 11:07 --------- d-----w c:\programfiler\ISOpen 2009-01-17 11:07 --------- d-----w c:\programfiler\HD Tune Pro 2009-01-14 20:31 --------- d-----w c:\programfiler\Windows Live SkyDrive 2009-01-14 20:31 --------- d-----w c:\programfiler\Windows Live 2009-01-14 20:31 --------- d-----w c:\programfiler\Microsoft 2009-01-14 20:28 --------- d-----w c:\programfiler\Fellesfiler\Windows Live 2009-01-02 11:03 --------- d-----w c:\documents and settings\LocalService\Programdata\WTablet 2009-01-02 10:55 --------- d-----w c:\programfiler\Tablet 2009-01-01 00:57 --------- d-----w c:\programfiler\MSBuild 2009-01-01 00:54 --------- d-----w c:\programfiler\Reference Assemblies 2009-01-01 00:48 --------- d-----w c:\documents and settings\eUnaas\Programdata\Bamboo Scribe 2008-12-31 10:28 --------- d-----w c:\programfiler\Bamboo Scribe 2.6 2008-12-31 10:27 --------- d-----w c:\programfiler\PenLauncher 2008-12-26 20:56 --------- d-----w c:\programfiler\Trend Micro 2008-12-19 17:17 --------- d-----w c:\programfiler\CCleaner 2008-12-19 10:03 --------- d-----w c:\programfiler\DivX 2008-12-16 23:54 --------- d-----w c:\programfiler\Unlocker 2008-12-11 09:11 2,749,736 ----a-w c:\windows\system32\Pen_Tablet.exe 2008-12-11 08:59 186,152 ----a-w c:\windows\system32\Pen_Tablet.dll 2008-12-11 08:50 172,840 ----a-w c:\windows\system32\Wintab32.dll 2008-12-07 19:13 410,984 ----a-w c:\windows\system32\deploytk.dll 2008-12-02 21:37 49,480 ----a-w c:\windows\system32\sirenacm.dll 2008-11-21 21:46 200,704 ----a-w c:\windows\system32\ssldivx.dll 2008-11-21 21:46 1,044,480 ----a-w c:\windows\system32\libdivx.dll 2007-03-13 22:20 35,979 ----a-w c:\programfiler\Photoshop CS3 Read Me.html . ((((((((((((((((((((((((((((( SnapShot_2009-02-15_14.28.41.98 ))))))))))))))))))))))))))))))))))))))))) . + 2009-02-15 14:39:25 16,384 ----atw c:\windows\temp\Perflib_Perfdata_3fc.dat . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2008-12-02 3882312] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "mRouterConfig"="c:\programfiler\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe" [2006-03-02 290816] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programfiler\Fellesfiler\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136] "SUPERAntiSpyware"="c:\programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-02-01 1830128] "H/PC Connection Agent"="c:\programfiler\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\System32\igfxtray.exe" [2005-04-05 94208] "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2005-04-05 77824] "Persistence"="c:\windows\System32\igfxpers.exe" [2005-04-05 114688] "GrooveMonitor"="c:\programfiler\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2008-12-07 136600] "Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "Adobe Photo Downloader"="c:\programfiler\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe" [2008-04-01 61440] "NeroFilterCheck"="c:\programfiler\Fellesfiler\Nero\Lib\NeroCheck.exe" [2008-02-28 570664] "NBKeyScan"="c:\programfiler\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-06 1601304] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "Jet Detection"="c:\programfiler\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-20 8429568] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-20 81920] "PC Suite for Smartphones"="c:\programfiler\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" [2007-12-25 548864] "AdobeCS4ServiceManager"="c:\programfiler\Fellesfiler\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "QuickTime Task"="c:\programfiler\QuickTime\qttask.exe" [2008-11-04 413696] "iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe" [2008-11-20 290088] "Adobe Acrobat Speed Launcher"="c:\programfiler\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232] "Acrobat Assistant 8.0"="c:\programfiler\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376] "WINDVDPatch"="CTHELPER.EXE" [2002-07-02 c:\windows\system32\CTHELPER.EXE] "nwiz"="nwiz.exe" [2007-04-20 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\eUnaas\Start-meny\Programmer\Oppstart\ MagicDisc.lnk - c:\programfiler\MagicDisc\MagicDisc.exe [2008-11-01 575488] OneNote 2007 Screen Clipper og Launcher.lnk - c:\programfiler\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ Windows Search.lnk - c:\programfiler\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programfiler\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-31 21:29 356352 c:\programfiler\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-02-06 08:28 10520 c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3fhg"= mp3fhg.acm "msacm.divxa32"= divxa32.acm "VIDC.X264"= x264vfw.dll "VIDC.HFYU"= huffyuv.dll "vidc.i263"= i263_32.drv [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:90a4b489570 [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programfiler\\uTorrent\\uTorrent.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Programfiler\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Programfiler\\Intuwave\\Shared\\mRouterRuntime\\mRouterRuntime.exe"= "c:\\Programfiler\\LimeWire\\LimeWire.exe"= "c:\\Programfiler\\Sony Ericsson\\Mobile4\\Sync Manager\\DXP SyncML.exe"= "c:\\Programfiler\\AVG\\AVG8\\avgupd.exe"= "c:\\Programfiler\\Sony Ericsson\\Update Service\\Update Service.exe"= "c:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "c:\\Programfiler\\Rhinoceros 4.0\\System\\Rhino4.exe"= "c:\\Programfiler\\Autodesk\\3ds Max 2008\\3dsmax.exe"= "c:\\Programfiler\\Fellesfiler\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\Programfiler\\iTunes\\iTunes.exe"= "skp66.exe"= skp66.exe:BNDMSS "cleannt.exe"= cleannt.exe:BNDMSS "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programfiler\\Spotify\\spotify.exe"= "c:\programfiler\Microsoft ActiveSync\rapimgr.exe"= c:\programfiler\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\programfiler\Microsoft ActiveSync\wcescomm.exe"= c:\programfiler\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\programfiler\Microsoft ActiveSync\WCESMgr.exe"= c:\programfiler\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:TCP"= 5353:TCP:Adobe CSI CS4 "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-07-06 325128] R1 SASDIFSV;SASDIFSV;c:\programfiler\SUPERAntiSpyware\sasdifsv.sys [2008-11-17 8944] R1 SASKUTIL;SASKUTIL;c:\programfiler\SUPERAntiSpyware\SASKUTIL.SYS [2008-11-17 55024] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-06 298264] R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-01-02 2749736] R3 SASENUM;SASENUM;c:\programfiler\SUPERAntiSpyware\SASENUM.SYS [2008-11-17 7408] S2 HDD & SSD access service;HDD & SSD access service;c:\programfiler\Fellesfiler\BinarySense\disksvc.exe --> c:\programfiler\Fellesfiler\BinarySense\disksvc.exe [?] S3 UltraMonMirror;UltraMonMirror;c:\windows\system32\DRIVERS\UltraMonMirror.sys --> c:\windows\system32\DRIVERS\UltraMonMirror.sys [?] S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl.sys --> c:\windows\system32\Drivers\usbaapl.sys [?] S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2009-01-02 15656] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-02-10 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.google.no/ uInternet Settings,ProxyOverride = *.local IE: Append Link Target to Existing PDF - c:\programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\programfiler\CoreFTP\pftpns.dll DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} - hxxp://www.navigram.com/engine/v911/Navigram.cab DPF: {8AC7E0D3-34B8-11D5-A617-00D0B7838ECB} - hxxps://rootxtra01.hafslund.no/include/launcher/WCAFLauncher.CAB FF - ProfilePath - c:\documents and settings\eUnaas\Programdata\Mozilla\Firefox\Profiles\4a4w5d3l.default\ FF - component: c:\documents and settings\eUnaas\Programdata\Mozilla\Firefox\Profiles\4a4w5d3l.default\extensions\[email protected]\components\BkMrkExt.dll FF - plugin: c:\documents and settings\eUnaas\Lokale innstillinger\Programdata\myVRnpapi\npmyvr.dll FF - plugin: c:\programfiler\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\programfiler\Mozilla Firefox\plugins\npOGAPlugin.dll ---- FIREFOX POLICIES ---- c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-16 16:25:50 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version] "Version"=hex:ab,c3,b8,3c,f1,72,66,e2,bf,75,85,74,61,f7,79,7e,4b,62,5a,91,b6, 69,82,4e,a4,1c,13,8a,05,3e,10,88,29,ab,e2,c4,34,0d,81,f4,76,e9,ad,a5,45,1a,\ [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\run\OptionalComponents] @DACL=(02 0000) @="" [HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version] "Version"=hex:ab,c3,b8,3c,f1,72,66,e2,bf,75,85,74,61,f7,79,7e,4b,62,5a,91,b6, 69,82,4e,a4,1c,13,8a,05,3e,10,88,29,ab,e2,c4,34,0d,81,f4,76,e9,ad,a5,45,1a,\ . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(660) c:\programfiler\SUPERAntiSpyware\SASWINLO.DLL c:\programfiler\Fellesfiler\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll . Tidspunkt ferdig: 2009-02-16 16:27:43 ComboFix-quarantined-files.txt 2009-02-16 15:27:40 ComboFix2.txt 2009-02-15 14:46:57 ComboFix3.txt 2009-02-15 13:30:00 ComboFix4.txt 2008-12-27 12:34:26 ComboFix5.txt 2009-02-16 15:21:53 Pre-Run: 7 737 163 776 byte ledig Post-Run: 7,782,375,424 byte ledig 249 --- E O F --- 2009-02-12 02:03:01 Lenke til kommentar
norbat Skrevet 16. februar 2009 Del Skrevet 16. februar 2009 Lag deg en ny cfscript-fil med følgende innhold som du drar og slipper over combofix-iconet: Registry:: [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ StandardProfile\AuthorizedApplications\List] "skp66.exe"=- "cleannt.exe"=- Du trenger ikke å poste loggen. Fortell hvordan pc'n kjører. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå