Gå til innhold

Trojaner skader alle programmer, kan ikke startes. Logg og bider.

Mr.Anki

Av Mr.Anki
i IKT-drift og sikkerhet

Anbefalte innlegg

Mr.Anki

Mr.Anki

Skrevet
Skrevet (endret)

Hei,

 

Har fått en trojaner inn i systemet som jeg ikke blir kvitt. Har kjørt full skann med MBAM og fjernet det den fant, men ting blir ikke bedre. Først ble alle filene på de andre harddiskene satt som skjult, ingen programfiler fungerer.

 

Har tatt en reinstall av OS, men etter å ha kjørt Combofix og restartet maskinen vil ingenting fungere. Under kjøring av Combofix kommer AVG opp med dette bilde:

 

post-86344-0-42129500-1342025565_thumb.png

 

 

Logg fra Combofix:

 

 

 

ComboFix 12-07-11.03 - Andreas 11.07.2012 16:55:04.1.8 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.47.1033.18.20477.17745 [GMT 2:00]

Kjører fra: c:\users\Andreas\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2012-06-11 til 2012-07-11 )))))))))))))))))))))))))))))))))

.

.

2012-07-11 14:57 . 2012-07-11 14:57 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-11 02:47 . 2012-07-10 16:56 -------- d-----w- c:\windows\Panther

2012-07-10 20:39 . 2012-07-10 20:39 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-07-10 20:39 . 2012-07-10 20:39 -------- d-----w- c:\program files (x86)\Java

2012-07-10 20:29 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-07-10 20:24 . 2012-06-18 01:12 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6AE1542A-BB5F-4DB1-873F-5A4FC25CAB82}\mpengine.dll

2012-07-10 20:23 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe

2012-07-10 20:18 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2012-07-10 20:17 . 2011-11-17 06:35 395776 ----a-w- c:\windows\system32\webio.dll

2012-07-10 20:16 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys

2012-07-10 20:16 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll

2012-07-10 20:16 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll

2012-07-10 18:56 . 2012-07-10 18:56 -------- d-----w- c:\windows\SysWow64\Macromed

2012-07-10 17:33 . 2012-07-10 17:33 -------- d-----w- c:\program files (x86)\VideoLAN

2012-07-10 17:12 . 2012-07-10 17:12 -------- d-----w- c:\programdata\ATI

2012-07-10 17:12 . 2012-07-10 17:12 0 ----a-w- c:\windows\ativpsrm.bin

2012-07-10 17:10 . 2012-07-10 17:10 -------- d-----w- c:\programdata\AMD

2012-07-10 17:10 . 2012-07-10 17:10 -------- d-----w- c:\program files (x86)\AMD AVT

2012-07-10 17:10 . 2012-07-10 17:10 -------- d-----w- c:\program files (x86)\AMD APP

2012-07-10 17:10 . 2012-07-10 17:10 -------- d-----w- c:\program files\Common Files\ATI Technologies

2012-07-10 17:10 . 2012-07-10 17:10 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies

2012-07-10 17:09 . 2012-07-10 17:09 -------- d-----w- c:\program files (x86)\ATI Technologies

2012-07-10 17:09 . 2012-07-10 17:10 -------- d-----w- c:\program files\ATI Technologies

2012-07-10 17:09 . 2012-07-10 17:09 -------- d-----w- c:\program files\ATI

2012-07-10 17:08 . 2012-07-10 17:08 -------- d-----w- C:\AMD

2012-07-10 17:05 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-07-10 17:05 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-07-10 17:05 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-07-10 17:04 . 2012-07-10 17:04 -------- d-----w- c:\program files (x86)\Common Files\Skype

2012-07-10 17:04 . 2012-07-10 17:04 -------- d-----r- c:\program files (x86)\Skype

2012-07-10 17:04 . 2012-07-10 17:04 -------- d-----w- c:\programdata\Skype

2012-07-10 17:03 . 2012-07-10 17:03 -------- d-----w- c:\program files (x86)\Opera

2012-07-10 17:01 . 2012-07-10 20:38 -------- d-sh--w- c:\windows\Installer

2012-07-10 17:01 . 2012-07-11 14:51 -------- d-----w- c:\programdata\MFAData

2012-07-10 17:01 . 2012-07-10 17:01 -------- d--h--w- c:\programdata\Common Files

2012-07-10 17:01 . 2012-07-10 17:01 -------- d-----w- c:\programdata\Malwarebytes

2012-07-10 17:01 . 2012-07-10 17:01 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-07-10 17:01 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-10 16:59 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-07-10 16:59 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-07-10 16:59 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-07-10 16:59 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-07-10 16:59 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-07-10 16:59 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-07-10 16:59 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-07-10 16:59 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-07-10 16:59 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-07-10 16:56 . 2012-07-11 14:49 -------- d-----w- c:\users\Andreas

2012-07-10 16:56 . 2012-07-10 16:56 -------- d-----w- C:\Recovery

2012-07-04 06:59 . 2012-07-04 06:59 11922944 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2012-07-04 06:52 . 2012-07-04 06:52 26016256 ----a-w- c:\windows\system32\atio6axx.dll

2012-07-04 06:35 . 2012-07-04 06:35 19586048 ----a-w- c:\windows\SysWow64\atioglxx.dll

2012-07-04 06:27 . 2012-07-04 06:27 159744 ----a-w- c:\windows\system32\atiapfxx.exe

2012-07-04 06:27 . 2012-07-04 06:27 918528 ----a-w- c:\windows\SysWow64\aticfx32.dll

2012-07-04 06:25 . 2012-07-04 06:25 1081856 ----a-w- c:\windows\system32\aticfx64.dll

2012-07-04 06:21 . 2012-07-04 06:21 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll

2012-07-04 06:21 . 2012-07-04 06:21 514048 ----a-w- c:\windows\system32\atieclxx.exe

2012-07-04 06:20 . 2012-07-04 06:20 238080 ----a-w- c:\windows\system32\atiesrxx.exe

2012-07-04 06:19 . 2012-07-04 06:19 120320 ----a-w- c:\windows\system32\atitmm64.dll

2012-07-04 06:19 . 2012-07-04 06:19 21504 ----a-w- c:\windows\system32\atimuixx.dll

2012-07-04 06:19 . 2012-07-04 06:19 59392 ----a-w- c:\windows\system32\atiedu64.dll

2012-07-04 06:19 . 2012-07-04 06:19 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll

2012-07-04 06:18 . 2012-07-04 06:18 6811648 ----a-w- c:\windows\SysWow64\atidxx32.dll

2012-07-04 05:57 . 2012-07-04 05:57 7510528 ----a-w- c:\windows\system32\atidxx64.dll

2012-07-04 05:36 . 2012-07-04 05:36 1053696 ----a-w- c:\windows\system32\atiumd6v.dll

2012-07-04 05:36 . 2012-07-04 05:36 69632 ----a-w- c:\windows\system32\coinst_8.97.100.3.dll

2012-07-04 05:36 . 2012-07-04 05:36 1960960 ----a-w- c:\windows\SysWow64\atiumdmv.dll

2012-07-04 05:35 . 2012-07-04 05:35 4261376 ----a-w- c:\windows\system32\atiumd6a.dll

2012-07-04 05:35 . 2012-07-04 05:35 6245888 ----a-w- c:\windows\SysWow64\atiumdag.dll

2012-07-04 05:28 . 2012-07-04 05:28 4749312 ----a-w- c:\windows\SysWow64\atiumdva.dll

2012-07-04 05:24 . 2012-07-04 05:24 7477760 ----a-w- c:\windows\system32\atiumd64.dll

2012-07-04 05:11 . 2012-07-04 05:11 56320 ----a-w- c:\windows\system32\atimpc64.dll

2012-07-04 05:11 . 2012-07-04 05:11 56320 ----a-w- c:\windows\system32\amdpcom64.dll

2012-07-04 05:11 . 2012-07-04 05:11 535552 ----a-w- c:\windows\system32\atiadlxx.dll

2012-07-04 05:11 . 2012-07-04 05:11 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll

2012-07-04 05:11 . 2012-07-04 05:11 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll

2012-07-04 05:11 . 2012-07-04 05:11 364544 ----a-w- c:\windows\SysWow64\atiadlxy.dll

2012-07-04 05:11 . 2012-07-04 05:11 17920 ----a-w- c:\windows\system32\atig6pxx.dll

2012-07-04 05:11 . 2012-07-04 05:11 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll

2012-07-04 05:11 . 2012-07-04 05:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll

2012-07-04 05:11 . 2012-07-04 05:11 41984 ----a-w- c:\windows\system32\atig6txx.dll

2012-07-04 05:11 . 2012-07-04 05:11 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll

2012-07-04 05:10 . 2012-07-04 05:10 359936 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2012-07-04 05:10 . 2012-07-04 05:10 55296 ----a-w- c:\windows\system32\atiuxp64.dll

2012-07-04 05:09 . 2012-07-04 05:09 42496 ----a-w- c:\windows\SysWow64\atiuxpag.dll

2012-07-04 05:09 . 2012-07-04 05:09 45056 ----a-w- c:\windows\system32\atiu9p64.dll

2012-07-04 05:09 . 2012-07-04 05:09 32768 ----a-w- c:\windows\SysWow64\atiu9pag.dll

2012-07-04 05:09 . 2012-07-04 05:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2012-07-04 05:04 . 2012-07-04 05:04 51200 ----a-w- c:\windows\system32\aticalrt64.dll

2012-07-04 05:04 . 2012-07-04 05:04 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll

2012-07-04 05:04 . 2012-07-04 05:04 44544 ----a-w- c:\windows\system32\aticalcl64.dll

2012-07-04 05:04 . 2012-07-04 05:04 44544 ----a-w- c:\windows\SysWow64\aticalcl.dll

2012-07-04 05:04 . 2012-07-04 05:04 15827456 ----a-w- c:\windows\system32\aticaldd64.dll

2012-07-04 04:59 . 2012-07-04 04:59 13402112 ----a-w- c:\windows\SysWow64\aticaldd.dll

2012-07-04 00:32 . 2012-07-04 00:32 187392 ----a-w- c:\windows\system32\clinfo.exe

2012-07-04 00:32 . 2012-07-04 00:32 75264 ----a-w- c:\windows\system32\OpenVideo64.dll

2012-07-04 00:32 . 2012-07-04 00:32 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll

2012-07-04 00:31 . 2012-07-04 00:31 63488 ----a-w- c:\windows\system32\OVDecode64.dll

2012-07-04 00:31 . 2012-07-04 00:31 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll

2012-07-04 00:31 . 2012-07-04 00:31 16457216 ----a-w- c:\windows\system32\amdocl64.dll

2012-07-04 00:30 . 2012-07-04 00:30 13008384 ----a-w- c:\windows\SysWow64\amdocl.dll

2012-07-04 00:30 . 2012-07-04 00:30 54784 ----a-w- c:\windows\system32\OpenCL.dll

2012-07-04 00:30 . 2012-07-04 00:30 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-31 10:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-04-19 02:50 . 2012-04-19 02:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys

2012-04-18 17:39 . 2012-04-18 17:39 43008 ----a-w- c:\windows\system32\kdbsdk64.dll

2012-04-18 17:39 . 2012-04-18 17:39 28672 ----a-w- c:\windows\SysWow64\kdbsdk32.dll

.

.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-07-10 20:35 2074208 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-10 2074208]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-03 17417392]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-04 641704]

"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]

"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-07-10 1107552]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart

.

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-10 257696]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]

S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-04 238080]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-07-04 5160568]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]

S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]

S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-07-10 935008]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-07-04 11922944]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-07-04 359936]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]

S3 rt61x64;Linksys Wireless-G PCI Adapter Driver;c:\windows\system32\DRIVERS\WMP54Gv41x64.sys [2010-04-07 446304]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]

.

.

--- Andre tjenester/drivere lastet i minnet ---

.

*NewlyCreated* - WS2IFSL

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

.

2012-07-10 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-10 20:31]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Tilleggsskanning -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 192.168.0.1

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll

.

.

--------------------- LÅSTE REGISTERNØKLER ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Tidspunkt ferdig: 2012-07-11 17:02:47 - maskinen ble startet på nytt

ComboFix-quarantined-files.txt 2012-07-11 15:02

.

Pre-Run: 65 955 221 504 bytes free

Post-Run: 65 869 266 944 bytes free

.

- - End Of File - - 0E22DC2E04E2BBCCA25D57BBDAB632C9

 

 

Får ikke åpnet MBAM igjen og lagt ved loggen, men den fant ingenting ved full skanning..

 

 

Edit:

Etter en restart fungerer programmene igjen.

Endret av Mr.Anki
Lenke til kommentar

Videoannonse

Videoannonse
Annonse
mobile999

mobile999

Skrevet
Skrevet (endret)

Har tatt en reinstall av OS, men etter å ha kjørt Combofix og restartet maskinen vil ingenting fungere. Under kjøring av Combofix kommer AVG opp med dette bilde.

 

 

Kjør dette programmet (unhide.exe) for å få filene dine synlige igjen:

http://www.bleepingc...ownload/unhide/

 

Det er vanligvis unødvendig å kjøre Combofix etter reinnstallering av Windows. Forøvrig skal antivirus (og andre sikkerhetsprogrammer) være deaktivert når Combofix kjøres.

Endret av mobile999
Lenke til kommentar
mobile999

mobile999

Skrevet
Skrevet (endret)

Er redd de andre diskene har blitt infisert, noen andre programmer jeg bør gjøre for å forsikre meg om alt alt skadelig er borte?

Den infeksjonen som datamaskinen din har hatt her (karakteristisk skjuler filer) kalles System Check og den legger erfaringsmessig ikke inn infeksjoner på andre disker som du er bekymret for.

 

Dersom du fulgte instruksjonene til Combofix så lagret du dette programmet på skrivebordet og du avistallerer det det da med følgende kommando:

ComboFix /Uninstall

(Bruk Start->Kjør eller Windowstasten+R etc.)

 

Du kan bruke ESET Online Scanner for å for å kjøre en anti virus scanning av filene på de andre diskene.

Jeg pleier å skru av Remove found threats for senere å fjerne evt. funn manuelt (forutsetter at man lagrer loggen etter scanningen). Under Advanced Settings anbefaler jeg at følgende er aktivert:

Scan for potentially unwanted applications

Scan for potentially unsafe applications

Enable Anti-Stealth Technology

Endret av mobile999
Lenke til kommentar
Mr.Anki

Mr.Anki

Skrevet
  • Forfatter
Skrevet (endret)

Skal prøve meg på ESET Online Scanner, her er en ny Combofixlogg om det har noe for seg.

 

 

 

ComboFix 12-07-11.03 - Andreas 11.07.2012 20:01:32.2.8 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.47.1033.18.20477.18537 [GMT 2:00]

Kjører fra: c:\users\Andreas\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2012-06-11 til 2012-07-11 )))))))))))))))))))))))))))))))))

.

.

2012-07-11 18:03 . 2012-07-11 18:03 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-11 02:47 . 2012-07-10 16:56 -------- d-----w- c:\windows\Panther

2012-07-10 20:39 . 2012-07-10 20:39 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-07-10 20:39 . 2012-07-10 20:39 -------- d-----w- c:\program files (x86)\Java

2012-07-10 20:29 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-07-10 20:24 . 2012-06-18 01:12 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6AE1542A-BB5F-4DB1-873F-5A4FC25CAB82}\mpengine.dll

2012-07-10 20:23 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe

2012-07-10 20:18 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2012-07-10 20:17 . 2011-11-17 06:35 395776 ----a-w- c:\windows\system32\webio.dll

2012-07-10 20:16 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys

2012-07-10 20:16 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll

2012-07-10 20:16 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll

2012-07-10 18:56 . 2012-07-10 18:56 -------- d-----w- c:\windows\SysWow64\Macromed

2012-07-10 17:33 . 2012-07-10 17:33 -------- d-----w- c:\program files (x86)\VideoLAN

2012-07-10 17:12 . 2012-07-10 17:12 -------- d-----w- c:\programdata\ATI

2012-07-10 17:12 . 2012-07-10 17:12 0 ----a-w- c:\windows\ativpsrm.bin

2012-07-10 17:10 . 2012-07-10 17:10 -------- d-----w- c:\programdata\AMD

2012-07-10 17:10 . 2012-07-10 17:10 -------- d-----w- c:\program files (x86)\AMD AVT

2012-07-10 17:10 . 2012-07-10 17:10 -------- d-----w- c:\program files (x86)\AMD APP

2012-07-10 17:10 . 2012-07-10 17:10 -------- d-----w- c:\program files\Common Files\ATI Technologies

2012-07-10 17:10 . 2012-07-10 17:10 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies

2012-07-10 17:09 . 2012-07-10 17:09 -------- d-----w- c:\program files (x86)\ATI Technologies

2012-07-10 17:09 . 2012-07-10 17:10 -------- d-----w- c:\program files\ATI Technologies

2012-07-10 17:09 . 2012-07-10 17:09 -------- d-----w- c:\program files\ATI

2012-07-10 17:08 . 2012-07-10 17:08 -------- d-----w- C:\AMD

2012-07-10 17:05 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-07-10 17:05 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-07-10 17:05 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-07-10 17:04 . 2012-07-10 17:04 -------- d-----w- c:\program files (x86)\Common Files\Skype

2012-07-10 17:04 . 2012-07-10 17:04 -------- d-----r- c:\program files (x86)\Skype

2012-07-10 17:04 . 2012-07-10 17:04 -------- d-----w- c:\programdata\Skype

2012-07-10 17:03 . 2012-07-10 17:03 -------- d-----w- c:\program files (x86)\Opera

2012-07-10 17:01 . 2012-07-10 20:38 -------- d-sh--w- c:\windows\Installer

2012-07-10 17:01 . 2012-07-11 14:51 -------- d-----w- c:\programdata\MFAData

2012-07-10 17:01 . 2012-07-10 17:01 -------- d--h--w- c:\programdata\Common Files

2012-07-10 17:01 . 2012-07-10 17:01 -------- d-----w- c:\programdata\Malwarebytes

2012-07-10 17:01 . 2012-07-10 17:01 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-07-10 17:01 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-10 16:59 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-07-10 16:59 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-07-10 16:59 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-07-10 16:59 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-07-10 16:59 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-07-10 16:59 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-07-10 16:59 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-07-10 16:59 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-07-10 16:59 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-07-10 16:56 . 2012-07-11 14:49 -------- d-----w- c:\users\Andreas

2012-07-10 16:56 . 2012-07-10 16:56 -------- d-----w- C:\Recovery

2012-07-04 06:59 . 2012-07-04 06:59 11922944 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2012-07-04 06:52 . 2012-07-04 06:52 26016256 ----a-w- c:\windows\system32\atio6axx.dll

2012-07-04 06:35 . 2012-07-04 06:35 19586048 ----a-w- c:\windows\SysWow64\atioglxx.dll

2012-07-04 06:27 . 2012-07-04 06:27 159744 ----a-w- c:\windows\system32\atiapfxx.exe

2012-07-04 06:27 . 2012-07-04 06:27 918528 ----a-w- c:\windows\SysWow64\aticfx32.dll

2012-07-04 06:25 . 2012-07-04 06:25 1081856 ----a-w- c:\windows\system32\aticfx64.dll

2012-07-04 06:21 . 2012-07-04 06:21 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll

2012-07-04 06:21 . 2012-07-04 06:21 514048 ----a-w- c:\windows\system32\atieclxx.exe

2012-07-04 06:20 . 2012-07-04 06:20 238080 ----a-w- c:\windows\system32\atiesrxx.exe

2012-07-04 06:19 . 2012-07-04 06:19 120320 ----a-w- c:\windows\system32\atitmm64.dll

2012-07-04 06:19 . 2012-07-04 06:19 21504 ----a-w- c:\windows\system32\atimuixx.dll

2012-07-04 06:19 . 2012-07-04 06:19 59392 ----a-w- c:\windows\system32\atiedu64.dll

2012-07-04 06:19 . 2012-07-04 06:19 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll

2012-07-04 06:18 . 2012-07-04 06:18 6811648 ----a-w- c:\windows\SysWow64\atidxx32.dll

2012-07-04 05:57 . 2012-07-04 05:57 7510528 ----a-w- c:\windows\system32\atidxx64.dll

2012-07-04 05:36 . 2012-07-04 05:36 1053696 ----a-w- c:\windows\system32\atiumd6v.dll

2012-07-04 05:36 . 2012-07-04 05:36 69632 ----a-w- c:\windows\system32\coinst_8.97.100.3.dll

2012-07-04 05:36 . 2012-07-04 05:36 1960960 ----a-w- c:\windows\SysWow64\atiumdmv.dll

2012-07-04 05:35 . 2012-07-04 05:35 4261376 ----a-w- c:\windows\system32\atiumd6a.dll

2012-07-04 05:35 . 2012-07-04 05:35 6245888 ----a-w- c:\windows\SysWow64\atiumdag.dll

2012-07-04 05:28 . 2012-07-04 05:28 4749312 ----a-w- c:\windows\SysWow64\atiumdva.dll

2012-07-04 05:24 . 2012-07-04 05:24 7477760 ----a-w- c:\windows\system32\atiumd64.dll

2012-07-04 05:11 . 2012-07-04 05:11 56320 ----a-w- c:\windows\system32\atimpc64.dll

2012-07-04 05:11 . 2012-07-04 05:11 56320 ----a-w- c:\windows\system32\amdpcom64.dll

2012-07-04 05:11 . 2012-07-04 05:11 535552 ----a-w- c:\windows\system32\atiadlxx.dll

2012-07-04 05:11 . 2012-07-04 05:11 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll

2012-07-04 05:11 . 2012-07-04 05:11 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll

2012-07-04 05:11 . 2012-07-04 05:11 364544 ----a-w- c:\windows\SysWow64\atiadlxy.dll

2012-07-04 05:11 . 2012-07-04 05:11 17920 ----a-w- c:\windows\system32\atig6pxx.dll

2012-07-04 05:11 . 2012-07-04 05:11 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll

2012-07-04 05:11 . 2012-07-04 05:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll

2012-07-04 05:11 . 2012-07-04 05:11 41984 ----a-w- c:\windows\system32\atig6txx.dll

2012-07-04 05:11 . 2012-07-04 05:11 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll

2012-07-04 05:10 . 2012-07-04 05:10 359936 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2012-07-04 05:10 . 2012-07-04 05:10 55296 ----a-w- c:\windows\system32\atiuxp64.dll

2012-07-04 05:09 . 2012-07-04 05:09 42496 ----a-w- c:\windows\SysWow64\atiuxpag.dll

2012-07-04 05:09 . 2012-07-04 05:09 45056 ----a-w- c:\windows\system32\atiu9p64.dll

2012-07-04 05:09 . 2012-07-04 05:09 32768 ----a-w- c:\windows\SysWow64\atiu9pag.dll

2012-07-04 05:09 . 2012-07-04 05:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2012-07-04 05:04 . 2012-07-04 05:04 51200 ----a-w- c:\windows\system32\aticalrt64.dll

2012-07-04 05:04 . 2012-07-04 05:04 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll

2012-07-04 05:04 . 2012-07-04 05:04 44544 ----a-w- c:\windows\system32\aticalcl64.dll

2012-07-04 05:04 . 2012-07-04 05:04 44544 ----a-w- c:\windows\SysWow64\aticalcl.dll

2012-07-04 05:04 . 2012-07-04 05:04 15827456 ----a-w- c:\windows\system32\aticaldd64.dll

2012-07-04 04:59 . 2012-07-04 04:59 13402112 ----a-w- c:\windows\SysWow64\aticaldd.dll

2012-07-04 00:32 . 2012-07-04 00:32 187392 ----a-w- c:\windows\system32\clinfo.exe

2012-07-04 00:32 . 2012-07-04 00:32 75264 ----a-w- c:\windows\system32\OpenVideo64.dll

2012-07-04 00:32 . 2012-07-04 00:32 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll

2012-07-04 00:31 . 2012-07-04 00:31 63488 ----a-w- c:\windows\system32\OVDecode64.dll

2012-07-04 00:31 . 2012-07-04 00:31 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll

2012-07-04 00:31 . 2012-07-04 00:31 16457216 ----a-w- c:\windows\system32\amdocl64.dll

2012-07-04 00:30 . 2012-07-04 00:30 13008384 ----a-w- c:\windows\SysWow64\amdocl.dll

2012-07-04 00:30 . 2012-07-04 00:30 54784 ----a-w- c:\windows\system32\OpenCL.dll

2012-07-04 00:30 . 2012-07-04 00:30 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-31 10:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-04-19 02:50 . 2012-04-19 02:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys

2012-04-18 17:39 . 2012-04-18 17:39 43008 ----a-w- c:\windows\system32\kdbsdk64.dll

2012-04-18 17:39 . 2012-04-18 17:39 28672 ----a-w- c:\windows\SysWow64\kdbsdk32.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-07-11_15.01.09 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-14 04:54 . 2012-07-11 15:07 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2009-07-14 04:55 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2009-07-14 04:55 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-07-11 15:07 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2009-07-14 04:55 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-07-11 15:07 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-11-21 03:09 . 2012-07-11 18:00 15872 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-07-11 18:00 32432 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2012-07-10 16:53 . 2012-07-11 15:07 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2012-07-10 16:53 . 2012-07-10 21:07 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2012-07-10 16:53 . 2012-07-11 15:07 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2012-07-10 16:53 . 2012-07-10 21:07 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-07-10 21:07 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-07-11 15:07 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2012-07-11 15:14 . 2012-07-11 15:14 60416 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Pres#\fb4bc14964a1d415bdbe55b62ce73a52\System.Windows.Presentation.ni.dll

+ 2012-07-11 15:14 . 2012-07-11 15:14 54784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\eef76dd965ea0a8ae5fb0c734d84389c\System.Web.DynamicData.Design.ni.dll

+ 2012-07-11 15:14 . 2012-07-11 15:14 72192 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFontCac#\78f495970511b726a0ca7b8119360e25\PresentationFontCache.ni.exe

+ 2012-07-11 15:13 . 2012-07-11 15:13 33792 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.WSMan.Run#\9d57c4bbbc0b3243046fc7839da71b00\Microsoft.WSMan.Runtime.ni.dll

+ 2012-07-11 15:13 . 2012-07-11 15:13 43520 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\d6578432220dbabf2b15027681327bf8\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.ni.dll

+ 2012-07-11 15:13 . 2012-07-11 15:13 40448 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\66deb65a87750efddf62d1e0c0655352\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.ni.dll

+ 2012-07-11 15:13 . 2012-07-11 15:13 36864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\4b6402dc918e41b8de8c501f29833d91\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.ni.dll

+ 2012-07-11 15:13 . 2012-07-11 15:13 45056 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\28545d2b6a0aaef4aa168f9808603bc5\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.ni.dll

+ 2012-07-11 15:13 . 2012-07-11 15:13 70144 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\1d8a17a2c1416a8ad4d6ad2a28b4c5fd\Microsoft.Windows.Diagnosis.SDEngine.ni.dll

+ 2012-07-11 15:13 . 2012-07-11 15:13 59904 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\0abc7256549c204f39af7dcc52c9e5d5\Microsoft.Windows.Diagnosis.SDHost.ni.dll

+ 2012-07-11 15:13 . 2012-07-11 15:13 64000 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Security.#\da47c045fb26852f5f85c81daf7283ad\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop.ni.dll

+ 2012-07-11 15:13 . 2012-07-11 15:13 66048 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Security.#\470be8218256dec2c8a1a503b70feab1\Microsoft.Security.ApplicationId.PolicyManagement.XmlHelper.ni.dll

+ 2012-07-11 15:12 . 2012-07-11 15:12 65536 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\6ab0575bf49b60fd4b697d47e1754072\Microsoft.MediaCenter.iTv.Hosting.ni.dll

+ 2012-07-11 15:12 . 2012-07-11 15:12 40960 c:\windows\assembly\NativeImages_v2.0.50727_64\LoadMxf\1569a004b1f41193818e3b3777f2c73d\LoadMxf.ni.exe

+ 2012-07-11 15:12 . 2012-07-11 15:12 49664 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiUPnP\3ee98e8b2084e27d65953bbd7e362bf8\ehiUPnP.ni.dll

+ 2012-07-11 15:12 . 2012-07-11 15:12 93184 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiTVMSMusic\1cd9f92749d29b9fd61fcb1c4ae84294\ehiTVMSMusic.ni.dll

+ 2012-07-11 15:12 . 2012-07-11 15:12 28672 c:\windows\assembly\NativeImages_v2.0.50727_64\dfsvc\0811f67973c32efb2bfad62a4a2592b5\dfsvc.ni.exe

+ 2012-07-11 15:11 . 2012-07-11 15:11 33280 c:\windows\assembly\NativeImages_v2.0.50727_64\AuditPolicyGPManage#\e5caecdfb99f9de3031152786ee208d9\AuditPolicyGPManagedStubs.Interop.ni.dll

+ 2012-07-11 15:22 . 2012-07-11 15:22 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\66d750f3f8dde0cc865f921497ab3545\System.Windows.Presentation.ni.dll

+ 2012-07-11 15:22 . 2012-07-11 15:22 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\2b97ccae44726f13c418f1406180c3e8\System.Web.DynamicData.Design.ni.dll

+ 2012-07-11 15:16 . 2012-07-11 15:16 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\543b0e12423bcec010bdd2ac27c5dc04\System.ComponentModel.DataAnnotations.ni.dll

+ 2012-07-11 15:11 . 2012-07-11 15:11 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f34410ab8e82063735d876533db26c49\System.AddIn.Contract.ni.dll

+ 2012-07-11 15:16 . 2012-07-11 15:16 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\d24744f15243e28ea541a459ff7ff5d5\PresentationFontCache.ni.exe

+ 2012-07-11 15:16 . 2012-07-11 15:16 79872 c:\windows\assembly\NativeImages_v2.0.50727_32\napcrypt\87a30ba337ed55d0905f19742e2985bc\napcrypt.ni.dll

+ 2012-07-11 15:16 . 2012-07-11 15:16 17920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Run#\9f2e8e0df9ff39ad21088f1d66cfadb1\Microsoft.WSMan.Runtime.ni.dll

+ 2012-07-11 15:16 . 2012-07-11 15:16 23040 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\d797123d55bb7b823120d0a7ffbbc2a7\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.ni.dll

+ 2012-07-11 15:16 . 2012-07-11 15:16 32256 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\cb8ad29814d9e5589bd400d38e7a0b10\Microsoft.Windows.Diagnosis.SDHost.ni.dll

+ 2012-07-11 15:16 . 2012-07-11 15:16 21504 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\cb42a0f25b7608b2675080081b03f6e5\Microsoft.Windows.Diagnosis.SDEngine.ni.dll

+ 2012-07-11 15:16 . 2012-07-11 15:16 25088 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\c6e9143be5afb36345875d56b61c444f\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.ni.dll

+ 2012-07-11 15:16 . 2012-07-11 15:16 19968 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\91767cf3facefe10e00734c815e925ad\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.ni.dll

+ 2012-07-11 15:16 . 2012-07-11 15:16 27136 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\66cd99d2f576cde047074e98bd5e1848\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.ni.dll

+ 2012-07-11 15:16 . 2012-07-11 15:16 86528 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\4308e1bdc640e1c3f1ea966e84e48900\Microsoft.Windows.Diagnosis.TroubleshootingPack.ni.dll

+ 2012-07-11 15:15 . 2012-07-11 15:15 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\06fcf2fbbe38d9425fc49d935498ec93\Microsoft.Vsa.ni.dll

+ 2012-07-11 15:15 . 2012-07-11 15:15 21504 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Security.#\c8831ecadb3b99c04fdde12217e715cb\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop.ni.dll

+ 2012-07-11 15:15 . 2012-07-11 15:15 39936 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Security.#\54c9d51df5b739db67a270b421af5fde\Microsoft.Security.ApplicationId.PolicyManagement.XmlHelper.ni.dll

+ 2012-07-11 15:15 . 2012-07-11 15:15 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e3ef400b1f37e4d3b79a42a8a602ea02\Microsoft.Build.Framework.ni.dll

+ 2012-07-11 15:15 . 2012-07-11 15:15 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\2095344bf8c40f8baa94ba53a993fb4c\Microsoft.Build.Framework.ni.dll

+ 2012-07-11 15:15 . 2012-07-11 15:15 60416 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiUserXp\dc93539af5a961641a26ada75f730136\ehiUserXp.ni.dll

+ 2012-07-11 15:15 . 2012-07-11 15:15 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\53d03b0e238c77cf7e5ac88e02aecd2c\dfsvc.ni.exe

+ 2012-07-11 15:11 . 2012-07-11 15:11 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\AuditPolicyGPManage#\2ebfc41cb0193cb129521d80ec206da7\AuditPolicyGPManagedStubs.Interop.ni.dll

+ 2012-07-10 17:13 . 2012-07-11 18:00 3220 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3235054621-1967103086-923620419-1000_UserData.bin

+ 2012-07-11 18:04 . 2012-07-11 18:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-07-11 15:00 . 2012-07-11 15:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-07-11 15:07 . 2012-07-11 15:07 686280 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_262_Plugin.exe

+ 2012-07-10 20:31 . 2012-07-11 15:07 250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

+ 2012-07-10 20:31 . 2012-07-11 15:07 426184 c:\windows\SysWOW64\FlashPlayerApp.exe

+ 2012-07-11 13:04 . 2012-07-11 16:38 111690 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin

- 2009-07-14 02:36 . 2012-07-11 14:53 606992 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-07-11 18:03 606992 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2012-07-11 14:53 103370 c:\windows\system32\perfc009.dat

+ 2009-07-14 02:36 . 2012-07-11 18:03 103370 c:\windows\system32\perfc009.dat

+ 2012-07-11 15:07 . 2012-07-11 15:07 417992 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_262_Plugin.exe

+ 2009-07-14 04:46 . 2012-07-11 15:33 118184 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

- 2012-07-10 20:33 . 2012-07-11 14:59 275216 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2012-07-10 20:33 . 2012-07-11 18:03 275216 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

- 2009-07-14 05:01 . 2012-07-11 14:59 228720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-07-11 18:03 228720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2012-07-10 20:33 . 2012-07-11 18:03 949692 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3235054621-1967103086-923620419-1000-8192.dat

+ 2012-07-11 15:15 . 2012-07-11 15:15 468992 c:\windows\assembly\NativeImages_v2.0.50727_64\WsatConfig\ad7f43afb4f124acae4d503b40f591c1\WsatConfig.ni.exe

+ 2012-07-11 15:15 . 2012-07-11 15:15 329216 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsFormsIntegra#\f4d304fcbfda323997083a1f88b83719\WindowsFormsIntegration.ni.dll

+ 2012-07-11 15:13 . 2012-07-11 15:13 653312 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationClient\1f36e020c3563e0ff414f13138e238e1\UIAutomationClient.ni.dll

+ 2012-07-11 15:15 . 2012-07-11 15:15 304128 c:\windows\assembly\NativeImages_v2.0.50727_64\TaskScheduler\681410f842337dccc72eb059738c3ced\TaskScheduler.ni.dll

+ 2012-07-11 15:14 . 2012-07-11 15:14 529920 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Xml.Linq\de45d043775d8c805f6feca40d7a9ed2\System.Xml.Linq.ni.dll

+ 2012-07-11 15:14 . 2012-07-11 15:14 187392 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Routing\72b4992e45d232251a273a59eb3333d5\System.Web.Routing.ni.dll

+ 2012-07-11 15:14 . 2012-07-11 15:14 449024 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity\b905eb57b631a30c60caa4d68c186963\System.Web.Entity.ni.dll

+ 2012-07-11 15:14 . 2012-07-11 15:14 398848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity.D#\e412dfbf1aa49bbe345a02a4d23104f5\System.Web.Entity.Design.ni.dll

+ 2012-07-11 15:14 . 2012-07-11 15:14 753664 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\815769f953ebe3f84439d522c97317b8\System.Web.DynamicData.ni.dll

+ 2012-07-11 15:14 . 2012-07-11 15:14 204800 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Abstract#\c8144ee08dccdac183527e53c86aa901\System.Web.Abstractions.ni.dll

+ 2012-07-11 15:14 . 2012-07-11 15:14 916480 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Net\3b3581851a728bef36f319e9d4c72499\System.Net.ni.dll

+ 2012-07-11 15:12 . 2012-07-11 15:12 783360 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Messaging\d5d612f7d372f500e3062e3814e79d75\System.Messaging.ni.dll

+ 2012-07-11 15:14 . 2012-07-11 15:14 534016 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management.I#\599954438a668c94dd38e8e7e506ac2a\System.Management.Instrumentation.ni.dll

+ 2012-07-11 15:14 . 2012-07-11 15:14 569856 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IO.Log\fd51741bfd973ad507bbd141e98932f8\System.IO.Log.ni.dll

+ 2012-07-11 15:12 . 2012-07-11 15:12 294400 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityMode#\ef6abe121bb11bff2514bfdfb7e76b7a\System.IdentityModel.Selectors.ni.dll

+ 2012-07-11 15:14 . 2012-07-11 15:14 629760 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Service#\7c4ce1b8a2f83ef29aa6d5f126ab5b71\System.Data.Services.Design.ni.dll

+ 2012-07-11 15:14 . 2012-07-11 15:14 194560 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.DataSet#\19d1414f1ca718ce4d0c07e7305b3450\System.Data.DataSetExtensions.ni.dll

+ 2012-07-11 15:14 . 2012-07-11 15:14 132096 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ComponentMod#\9536bb262c4f1ea389d287ab669767d4\System.ComponentModel.DataAnnotations.ni.dll

+ 2012-07-11 15:11 . 2012-07-11 15:11 890880 c:\windows\assembly\NativeImages_v2.0.50727_64\System.AddIn\84262138e2e9f34c88fd282caa82baa5\System.AddIn.ni.dll

+ 2012-07-11 15:11 . 2012-07-11 15:11 156672 c:\windows\assembly\NativeImages_v2.0.50727_64\System.AddIn.Contra#\176899be7b920fb20408ff49e636a776\System.AddIn.Contract.ni.dll

+ 2012-07-11 15:14 . 2012-07-11 15:14 297984 c:\windows\assembly\NativeImages_v2.0.50727_64\sysglobl\ee0608cd62dfb37016016884fc39e425\sysglobl.ni.dll

+ 2012-07-11 15:14 . 2012-07-11 15:14 525824 c:\windows\assembly\NativeImages_v2.0.50727_64\SMSvcHost\9fa1abf006689e262527ae50d452e97e\SMSvcHost.ni.exe

+ 2012-07-11 15:12 . 2012-07-11 15:12 349184 c:\windows\assembly\NativeImages_v2.0.50727_64\SMDiagnostics\2eac9c598de3341eba5c16787c74f220\SMDiagnostics.ni.dll

+ 2012-07-11 15:13 . 2012-07-11 15:13 376832 c:\windows\assembly\NativeImages_v2.0.50727_64\SecurityAuditPolici#\0101faefdcc3274ba594e7a103ec0186\SecurityAuditPoliciesSnapIn.ni.dll

+ 2012-07-11 15:13 . 2012-07-11 15:13 855040 c:\windows\assembly\NativeImages_v2.0.50727_64\napsnap\2f1bad2fb963482a02443d5e7fece2b6\napsnap.ni.dll

+ 2012-07-11 15:13 . 2012-07-11 15:13 162816 c:\windows\assembly\NativeImages_v2.0.50727_64\napinit\bb4947f0ecc925a7bcfd129b6eec8f9b\napinit.ni.dll

+ 2012-07-11 15:13 . 2012-07-11 15:13 175104 c:\windows\assembly\NativeImages_v2.0.50727_64\naphlpr\5f0ae15f9d1cade37fbfaacff7e64bff\naphlpr.ni.dll

+ 2012-07-11 15:13 . 2012-07-11 15:13 127488 c:\windows\assembly\NativeImages_v2.0.50727_64\napcrypt\5346ceca518baf5e5fa3fed9f900f792\napcrypt.ni.dll

+ 2012-07-11 15:13 . 2012-07-11 15:13 184320 c:\windows\assembly\NativeImages_v2.0.50727_64\MSBuild\8f792883d0adad8c7beccf24aed65817\MSBuild.ni.exe

+ 2012-07-11 15:12 . 2012-07-11 15:12 417792 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCFxCommon\67240ddde494b9cc05cd732ccd099668\MMCFxCommon.ni.dll

+ 2012-07-11 15:13 . 2012-07-11 15:13 681984 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.WSMan.Man#\b78beede8a3c9720095dde4a4a162acc\Microsoft.WSMan.Management.ni.dll

+ 2012-07-11 15:13 . 2012-07-11 15:13 122368 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\83222514e209f186ad3a1c3794168bfd\Microsoft.Windows.Diagnosis.TroubleshootingPack.ni.dll

+ 2012-07-11 15:13 . 2012-07-11 15:13 105984 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Vsa\a843956bb452503139683304de4cc8f6\Microsoft.Vsa.ni.dll

+ 2012-07-11 15:13 . 2012-07-11 15:13 584192 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Transacti#\c56d6513e4b239b1b1dbe29b0588321a\Microsoft.Transactions.Bridge.Dtc.ni.dll

+ 2012-07-11 15:13 . 2012-07-11 15:13 235008 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Security.#\92f7f1c771fc7c909cf0d4da4d558105\Microsoft.Security.ApplicationId.PolicyManagement.PolicyModel.ni.dll

+ 2012-07-11 15:13 . 2012-07-11 15:13 937472 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Security.#\526a33ed761cce911ff85646c4a0ec80\Microsoft.Security.ApplicationId.Wizards.AutomaticRuleGenerationWizard.ni.dll

+ 2012-07-11 15:13 . 2012-07-11 15:13 318976 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Security.#\4ac43f1030faa080a78faf6867448fc7\Microsoft.Security.ApplicationId.PolicyManagement.Cmdlets.ni.dll

+ 2012-07-11 15:13 . 2012-07-11 15:13 275456 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Security.#\168f2d23b2652dd1a4d6eb7c8c008d51\Microsoft.Security.ApplicationId.PolicyManagement.PolicyManager.ni.dll

+ 2012-07-11 15:13 . 2012-07-11 15:13 713216 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\fb0d102ca78bd05fe7064b9e6be30fc7\Microsoft.PowerShell.ConsoleHost.ni.dll

+ 2012-07-11 15:13 . 2012-07-11 15:13 237056 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\b21fa6ff448b99a97319e18c166c03e2\Microsoft.PowerShell.Security.ni.dll

+ 2012-07-11 15:13 . 2012-07-11 15:13 999936 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\6c3fe42a14ac5b48ebd43be290973d24\Microsoft.PowerShell.GraphicalHost.ni.dll

+ 2012-07-11 15:13 . 2012-07-11 15:13 416768 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\2572e94f9d0b412cdc529c8d74fdb689\Microsoft.PowerShell.Commands.Diagnostics.ni.dll

+ 2012-07-11 15:13 . 2012-07-11 15:13 164864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\f04ccbbf5199d2b264f1b1175be44686\Microsoft.MediaCenter.Mheg.ni.dll

+ 2012-07-11 15:12 . 2012-07-11 15:12 219648 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\f015188310f7613f819fcf032f98705a\Microsoft.MediaCenter.iTv.Media.ni.dll

+ 2012-07-11 15:12 . 2012-07-11 15:12 312320 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\e29cbd30a31d3c8dae19eb17f70c4ec4\Microsoft.MediaCenter.iTv.ni.dll

+ 2012-07-11 15:12 . 2012-07-11 15:12 370176 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\6dbd502a13b5e3caae0b1f2b4847612f\Microsoft.MediaCenter.Playback.ni.dll

+ 2012-07-11 15:12 . 2012-07-11 15:12 152576 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\409dae089f2e041343cff71f822cd505\Microsoft.MediaCenter.ITVVM.ni.dll

+ 2012-07-11 15:12 . 2012-07-11 15:12 965632 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\18367b9a0b9e9261d1d9e371230af87c\Microsoft.MediaCenter.Sports.ni.dll

+ 2012-07-11 15:12 . 2012-07-11 15:12 798720 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Managemen#\803188573fb19785a94284e097c48a67\Microsoft.ManagementConsole.ni.dll

+ 2012-07-11 15:13 . 2012-07-11 15:13 399360 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.GroupPoli#\a92fbdf48c09de9c994cfea90f23af13\Microsoft.GroupPolicy.Interop.ni.dll

+ 2012-07-11 15:13 . 2012-07-11 15:13 618496 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.GroupPoli#\167a62317f33ae61ef5d7b70ba0421c3\Microsoft.GroupPolicy.AdmTmplEditor.ni.dll

+ 2012-07-11 15:13 . 2012-07-11 15:13 244736 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\d68a27daca73749e4438a47e61643c3c\Microsoft.Build.Utilities.v3.5.ni.dll

+ 2012-07-11 15:13 . 2012-07-11 15:13 198656 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\3151235c1c38db94fd44e3c6f290ff38\Microsoft.Build.Utilities.ni.dll

+ 2012-07-11 15:13 . 2012-07-11 15:13 121344 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Fra#\cf5e9b5d10682467a9e03358a6d6258f\Microsoft.Build.Framework.ni.dll

+ 2012-07-11 15:13 . 2012-07-11 15:13 142336 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Fra#\0f233d0eb396065719e83ab573a72cc5\Microsoft.Build.Framework.ni.dll

+ 2012-07-11 15:13 . 2012-07-11 15:13 294912 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Con#\2416af06edb993f98a751acb69f67016\Microsoft.Build.Conversion.v3.5.ni.dll

+ 2012-07-11 15:13 . 2012-07-11 15:13 423424 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Applicati#\9016fe60c2398dd6c3c8d8494e1a24b5\Microsoft.ApplicationId.Framework.ni.dll

+ 2012-07-11 15:13 . 2012-07-11 15:13 727040 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Applicati#\877ba3d01d6bac7d76ec8a5fede67baf\Microsoft.ApplicationId.RuleWizard.ni.dll

+ 2012-07-11 15:12 . 2012-07-11 15:12 107008 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft-Windows-H#\2e54c0c284ab2337d24b5f5d26f457e1\Microsoft-Windows-HomeGroupDiagnostic.NetListMgr.Interop.ni.dll

+ 2012-07-11 15:12 . 2012-07-11 15:12 380928 c:\windows\assembly\NativeImages_v2.0.50727_64\Mcx2Dvcs\74e4adc90675c3b1365825c7e78b5ce9\Mcx2Dvcs.ni.dll

+ 2012-07-11 15:12 . 2012-07-11 15:12 547328 c:\windows\assembly\NativeImages_v2.0.50727_64\mcupdate\4a1f9a648a3928d42b77a91666d9aa8a\mcupdate.ni.exe

+ 2012-07-11 15:12 . 2012-07-11 15:12 533504 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstoredb\40d70417c04f9ccb5fdecb5b9be5a6a3\mcstoredb.ni.dll

+ 2012-07-11 15:12 . 2012-07-11 15:12 549376 c:\windows\assembly\NativeImages_v2.0.50727_64\mcplayerinterop\4ae6ccc32dafb4e3765b9db05585bd48\mcplayerinterop.ni.dll

+ 2012-07-11 15:12 . 2012-07-11 15:12 696320 c:\windows\assembly\NativeImages_v2.0.50727_64\mcGlidHostObj\b0db345fd62a84c98fd8b0bf3c72e8bb\mcGlidHostObj.ni.dll

+ 2012-07-11 15:12 . 2012-07-11 15:12 156672 c:\windows\assembly\NativeImages_v2.0.50727_64\MCESidebarCtrl\3fc113fe40d0145cd87afca2d107bf6d\MCESidebarCtrl.ni.dll

+ 2012-07-11 15:12 . 2012-07-11 15:12 659456 c:\windows\assembly\NativeImages_v2.0.50727_64\EventViewer\bc5df15ee827e248dd6f819874a85718\EventViewer.ni.dll

+ 2012-07-11 15:12 . 2012-07-11 15:12 969216 c:\windows\assembly\NativeImages_v2.0.50727_64\ehRecObj\584d419d4c837ea19f7f450a807b0273\ehRecObj.ni.dll

+ 2012-07-11 15:12 . 2012-07-11 15:12 661504 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiWUapi\20c3505378a50f4859c9b2e7dcbb5fa2\ehiWUapi.ni.dll

+ 2012-07-11 15:12 . 2012-07-11 15:12 933888 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiwmp\2f9f48ad6496c9103043db1c21a651fd\ehiwmp.ni.dll

+ 2012-07-11 15:12 . 2012-07-11 15:12 196096 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiiTv\7998173654fa518876cc97e37b86d465\ehiiTv.ni.dll

+ 2012-07-11 15:12 . 2012-07-11 15:12 397824 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiExtens\6c97aa6908f96ac9816ce74e4f6251ac\ehiExtens.ni.dll

+ 2012-07-11 15:12 . 2012-07-11 15:12 110080 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiBmlDataCarousel\a501747a95523297a8a1f119df8b1642\ehiBmlDataCarousel.ni.dll

+ 2012-07-11 15:12 . 2012-07-11 15:12 125440 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiActivScp\880c8b97f2b065a3bbe27b7c37581d17\ehiActivScp.ni.dll

+ 2012-07-11 15:12 . 2012-07-11 15:12 389120 c:\windows\assembly\NativeImages_v2.0.50727_64\ehExtHost\08c9aa18b306aa47ddc0ae4a63b05d04\ehExtHost.ni.exe

+ 2012-07-11 15:12 . 2012-07-11 15:12 313856 c:\windows\assembly\NativeImages_v2.0.50727_64\ehCIR\ff7ef4caed03d6934669d1a39877a8ac\ehCIR.ni.dll

+ 2012-07-11 15:12 . 2012-07-11 15:12 348672 c:\windows\assembly\NativeImages_v2.0.50727_64\CustomMarshalers\b7916689137fd0bc9ba1ba5a27e2a38a\CustomMarshalers.ni.dll

+ 2012-07-11 15:11 . 2012-07-11 15:11 640000 c:\windows\assembly\NativeImages_v2.0.50727_64\ComSvcConfig\cc6e6febcd804604bf4d92d0eb8ec6ae\ComSvcConfig.ni.exe

+ 2012-07-11 15:11 . 2012-07-11 15:11 971264 c:\windows\assembly\NativeImages_v2.0.50727_64\BDATunePIA\d18719c2df1334364cac199bb9c86adf\BDATunePIA.ni.dll

+ 2012-07-11 15:22 . 2012-07-11 15:22 321024 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\9d60139fdead64a892985181d663989f\WsatConfig.ni.exe

+ 2012-07-11 15:22 . 2012-07-11 15:22 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\f2f8201dd3453250dfd9ed1afce630a0\WindowsFormsIntegration.ni.dll

+ 2012-07-11 15:16 . 2012-07-11 15:16 452096 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\779b08c46960a1824503aa6f089673fa\UIAutomationClient.ni.dll

+ 2012-07-11 15:22 . 2012-07-11 15:22 245248 c:\windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\f3e052584df9c614407da662dd3c3df3\TaskScheduler.ni.dll

+ 2012-07-11 15:22 . 2012-07-11 15:22 401408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\64de6810023adccdc56ddae13bdd6b03\System.Xml.Linq.ni.dll

+ 2012-07-11 15:22 . 2012-07-11 15:22 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\06e4119a0a3484bb0ca667a16145ce74\System.Web.Routing.ni.dll

+ 2012-07-11 15:22 . 2012-07-11 15:22 860160 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\4f13c2c06fb97f6659473f02802b377b\System.Web.Extensions.Design.ni.dll

+ 2012-07-11 15:22 . 2012-07-11 15:22 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\bc239944bca7cc6b6ddb473259183c7d\System.Web.Entity.ni.dll

+ 2012-07-11 15:22 . 2012-07-11 15:22 301568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\3701488fb9e601ebe963db25b784d684\System.Web.Entity.Design.ni.dll

+ 2012-07-11 15:22 . 2012-07-11 15:22 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\a09cc9877f51f16a4610b702155e8b70\System.Web.DynamicData.ni.dll

+ 2012-07-11 15:22 . 2012-07-11 15:22 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\c6aad1edcc51862ceb26b6b65dad1490\System.Web.Abstractions.ni.dll

+ 2012-07-11 15:22 . 2012-07-11 15:22 624128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\0b5f082230e3486412e0fa333290e85a\System.Net.ni.dll

+ 2012-07-11 15:15 . 2012-07-11 15:15 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\2b4d6976393bf5643a4ef2d8dffdf75b\System.Messaging.ni.dll

+ 2012-07-11 15:22 . 2012-07-11 15:22 330240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\8280490a2939075b726fd051d9010cc0\System.Management.Instrumentation.ni.dll

+ 2012-07-11 15:22 . 2012-07-11 15:22 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\a03191ed937f6c1dc827b53d94ea0176\System.IO.Log.ni.dll

+ 2012-07-11 15:15 . 2012-07-11 15:15 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\100d39c2f8985cb93e26feef86ba5212\System.IdentityModel.Selectors.ni.dll

+ 2012-07-11 15:22 . 2012-07-11 15:22 888320 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\4d73a7649876bb6e54a01ccbf235919b\System.DirectoryServices.AccountManagement.ni.dll

+ 2012-07-11 15:22 . 2012-07-11 15:22 462336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\e36e03067b12bc35fcc3787dc81022c8\System.Data.Services.Design.ni.dll

+ 2012-07-11 15:22 . 2012-07-11 15:22 763392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\5a29fff52e2c3d13ec15e8701027ab17\System.Data.Entity.Design.ni.dll

+ 2012-07-11 15:16 . 2012-07-11 15:16 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\940f62a5d077405e0b324422afb6ff2c\System.Data.DataSetExtensions.ni.dll

+ 2012-07-11 15:11 . 2012-07-11 15:11 634368 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\a90ec436f1d2c5cb0133a53c2e47d61a\System.AddIn.ni.dll

+ 2012-07-11 15:22 . 2012-07-11 15:22 232448 c:\windows\assembly\NativeImages_v2.0.50727_32\sysglobl\1ed79278fe139272e868e3a53d736f22\sysglobl.ni.dll

+ 2012-07-11 15:16 . 2012-07-11 15:16 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\1b0b19607668635281fa260707f4352f\SMSvcHost.ni.exe

+ 2012-07-11 15:15 . 2012-07-11 15:15 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9e7bf69d97febe4ed1a288c787e5d9ca\SMDiagnostics.ni.dll

+ 2012-07-11 15:15 . 2012-07-11 15:15 294912 c:\windows\assembly\NativeImages_v2.0.50727_32\SecurityAuditPolici#\2b9aa0cd9971fff78931f901c901f1e0\SecurityAuditPoliciesSnapIn.ni.dll

+ 2012-07-11 15:16 . 2012-07-11 15:16 723456 c:\windows\assembly\NativeImages_v2.0.50727_32\napsnap\acfafa161ea232928cb02b01c50acf1c\napsnap.ni.dll

+ 2012-07-11 15:16 . 2012-07-11 15:16 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\napinit\0abec246c5ca6ec4858bfd3ab84da0ec\napinit.ni.dll

+ 2012-07-11 15:16 . 2012-07-11 15:16 114176 c:\windows\assembly\NativeImages_v2.0.50727_32\naphlpr\e0c40329b9cdd7f141a3702d79eb4bda\naphlpr.ni.dll

+ 2012-07-11 15:16 . 2012-07-11 15:16 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\74a8b6419deb005337a1e43ec2502134\MSBuild.ni.exe

+ 2012-07-11 15:15 . 2012-07-11 15:15 287232 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\1e03b7c2539c5376f0665a4aba04efbd\MMCFxCommon.ni.dll

+ 2012-07-11 15:16 . 2012-07-11 15:16 531968 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Man#\070505350ec9daa3343b3cd2bc8cf59e\Microsoft.WSMan.Management.ni.dll

+ 2012-07-11 15:16 . 2012-07-11 15:16 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\1e639225ba30d7f182b893ddacea506b\Microsoft.Transactions.Bridge.Dtc.ni.dll

+ 2012-07-11 15:16 . 2012-07-11 15:16 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Security.#\9e50f2fb3c8157aac9508d1484fca9c5\Microsoft.Security.ApplicationId.Wizards.AutomaticRuleGenerationWizard.ni.dll

- 2012-07-11 08:37 . 2012-07-11 08:37 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Security.#\9e50f2fb3c8157aac9508d1484fca9c5\Microsoft.Security.ApplicationId.Wizards.AutomaticRuleGenerationWizard.ni.dll

+ 2012-07-11 15:15 . 2012-07-11 15:15 187392 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Security.#\8c10fabe7b25fbced5d8078481c9e9dc\Microsoft.Security.ApplicationId.PolicyManagement.PolicyManager.ni.dll

+ 2012-07-11 15:15 . 2012-07-11 15:15 157184 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Security.#\637695a13f044c7fc5a8d8779e5a64ae\Microsoft.Security.ApplicationId.PolicyManagement.PolicyModel.ni.dll

+ 2012-07-11 15:16 . 2012-07-11 15:16 210944 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Security.#\1cea81520a22da5621733cad33e75ac4\Microsoft.Security.ApplicationId.PolicyManagement.Cmdlets.ni.dll

+ 2012-07-11 15:15 . 2012-07-11 15:15 291328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\d4c36b363fcd1ca494218e74ba606e99\Microsoft.PowerShell.Commands.Diagnostics.ni.dll

+ 2012-07-11 15:15 . 2012-07-11 15:15 786432 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\ba2ca86f5d270f493501848843d2f227\Microsoft.PowerShell.Commands.Management.ni.dll

+ 2012-07-11 15:16 . 2012-07-11 15:16 729088 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\607324a312b1c6d7fbede8300e8cee91\Microsoft.PowerShell.GraphicalHost.ni.dll

+ 2012-07-11 15:16 . 2012-07-11 15:16 167424 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\1f1185444c8a12ace85ba4c2d49f41f8\Microsoft.PowerShell.Security.ni.dll

+ 2012-07-11 15:16 . 2012-07-11 15:16 515584 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\12715b7e3e89758161053520b57764b2\Microsoft.PowerShell.ConsoleHost.ni.dll

+ 2012-07-11 15:15 . 2012-07-11 15:15 561664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\622b582866fca37f113bd97ae4c6d1f6\Microsoft.ManagementConsole.ni.dll

+ 2012-07-11 15:15 . 2012-07-11 15:15 286208 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.GroupPoli#\bfb3100618f589638a8a31ab52135ca4\Microsoft.GroupPolicy.Interop.ni.dll

+ 2012-07-11 15:15 . 2012-07-11 15:15 455168 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.GroupPoli#\855b99be5878283866f6977c6dc556e8\Microsoft.GroupPolicy.AdmTmplEditor.ni.dll

+ 2012-07-11 15:15 . 2012-07-11 15:15 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\7e59b3b84ca3c61adfc0dc74a65ea177\Microsoft.Build.Utilities.v3.5.ni.dll

+ 2012-07-11 15:15 . 2012-07-11 15:15 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\07e346ee0e3f7433f2de7a72fadd6713\Microsoft.Build.Utilities.ni.dll

- 2012-07-11 08:37 . 2012-07-11 08:37 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\07e346ee0e3f7433f2de7a72fadd6713\Microsoft.Build.Utilities.ni.dll

+ 2012-07-11 15:15 . 2012-07-11 15:15 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\432160eff3b1f9301c6a74c2e647e03d\Microsoft.Build.Engine.ni.dll

+ 2012-07-11 15:15 . 2012-07-11 15:15 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\8297305de86377d0070a983d99a7f943\Microsoft.Build.Conversion.v3.5.ni.dll

+ 2012-07-11 15:15 . 2012-07-11 15:15 587776 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Applicati#\bd371ac78fe72393b9453b10e9e99d28\Microsoft.ApplicationId.RuleWizard.ni.dll

+ 2012-07-11 15:15 . 2012-07-11 15:15 316928 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Applicati#\98f7f926a9f0ad41a3773a054cc4d3a8\Microsoft.ApplicationId.Framework.ni.dll

+ 2012-07-11 15:15 . 2012-07-11 15:15 364032 c:\windows\assembly\NativeImages_v2.0.50727_32\mcstoredb\541a5bb4d0f8490e506f885a4b435566\mcstoredb.ni.dll

+ 2012-07-11 15:15 . 2012-07-11 15:15 553472 c:\windows\assembly\NativeImages_v2.0.50727_32\EventViewer\02577b78c6ed2f9bda301de888dccad8\EventViewer.ni.dll

+ 2012-07-11 15:15 . 2012-07-11 15:15 693248 c:\windows\assembly\NativeImages_v2.0.50727_32\ehRecObj\5ae5c6732ef8e7115baaeb66fd69cdd2\ehRecObj.ni.dll

+ 2012-07-11 15:15 . 2012-07-11 15:15 875520 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiVidCtl\fbfc09fefc5a4d33f9a009f0157875f0\ehiVidCtl.ni.dll

+ 2012-07-11 15:15 . 2012-07-11 15:15 442880 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiProxy\cbf3a07d3ab873b19f47d6a24f06c796\ehiProxy.ni.dll

+ 2012-07-11 15:15 . 2012-07-11 15:15 161280 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiExtens\5cc4a5672758f4732ef430b3431f47fc\ehiExtens.ni.dll

+ 2012-07-11 15:15 . 2012-07-11 15:15 254464 c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtHost32\a6b8eb80cfbdd927b2fa4ecb69fc0209\ehExtHost32.ni.exe

+ 2012-07-11 15:15 . 2012-07-11 15:15 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\626d0ac2f4ada682d7ca6c4ebf821469\CustomMarshalers.ni.dll

+ 2012-07-11 15:15 . 2012-07-11 15:15 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\3912b69593af13d0922279a063e5af66\ComSvcConfig.ni.exe

+ 2012-07-11 15:15 . 2012-07-11 15:15 621568 c:\windows\assembly\NativeImages_v2.0.50727_32\BDATunePIA\e1c3540ffb669448747187f76c6ebe82\BDATunePIA.ni.dll

+ 2012-07-11 15:07 . 2012-07-11 15:07 9459912 c:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll

+ 2012-07-11 15:07 . 2012-07-11 15:07 1535176 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe

+ 2012-07-11 15:15 . 2012-07-11 15:15 1459712 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationClients#\783df1ee260d3df406fa80afa38502d4\UIAutomationClientsideProviders.ni.dll

+ 2012-07-11 15:15 . 2012-07-11 15:15 1818112 c:\windows\assembly\NativeImages_v2.0.50727_64\System.WorkflowServ#\70cc5e8a5a3372fe0b104c1b20392cd2\System.WorkflowServices.ni.dll

+ 2012-07-11 15:14 . 2012-07-11 15:14 3336704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Mobile\af7689e8cbec5d2755497be23c30e293\System.Web.Mobile.ni.dll

+ 2012-07-11 15:14 . 2012-07-11 15:14 3044352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\768ea257d75839979b4efb2d49d653f6\System.Web.Extensions.ni.dll

+ 2012-07-11 15:14 . 2012-07-11 15:14 1155072 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\2c47bc5d426a7cf9ffef1425eda08184\System.Web.Extensions.Design.ni.dll

+ 2012-07-11 15:14 . 2012-07-11 15:14 2727936 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Speech\ca51f026916139f886519fdf6d6c73e9\System.Speech.ni.dll

+ 2012-07-11 15:14 . 2012-07-11 15:14 2312704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel#\56ee9b5f220583c1c7374a61ad904044\System.ServiceModel.Web.ni.dll

+ 2012-07-11 15:12 . 2012-07-11 15:12 3073536 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\265531568722647aab229a2cec195b3d\System.Runtime.Serialization.ni.dll

+ 2012-07-11 15:13 . 2012-07-11 15:13 1472000 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management\fd4a8227569e64d657b80483da8ffe78\System.Management.ni.dll

+ 2012-07-11 15:12 . 2012-07-11 15:12 1444352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityModel\d1f21a29e79e73b5401fae156f339f67\System.IdentityModel.ni.dll

+ 2012-07-11 15:14 . 2012-07-11 15:14 1230848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\39d16229a3d5c6e7c1594ef10758bf75\System.DirectoryServices.AccountManagement.ni.dll

+ 2012-07-11 15:14 . 2012-07-11 15:14 2805760 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Services\0679fe5f3f9164f499e50cdade962ba3\System.Data.Services.ni.dll

+ 2012-07-11 15:14 . 2012-07-11 15:14 1868288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Service#\2e9de1acfb7974cad94b747442ca325f\System.Data.Services.Client.ni.dll

+ 2012-07-11 15:14 . 2012-07-11 15:14 3480576 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Linq\2ec3d436b861d35c586b710a570e170d\System.Data.Linq.ni.dll

+ 2012-07-11 15:14 . 2012-07-11 15:14 1080320 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity.#\b7b5364bc524988f7ca5b8c20a24119d\System.Data.Entity.Design.ni.dll

+ 2012-07-11 15:13 . 2012-07-11 15:13 3315200 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Core\766ce7ee1a2e4f2a85fd90e7572f5d53\System.Core.ni.dll

+ 2012-07-11 15:14 . 2012-07-11 15:14 1530368 c:\windows\assembly\NativeImages_v2.0.50727_64\SrpUxSnapIn\78d5f2d52e06f6ea47b359bf4ceb7b65\SrpUxSnapIn.ni.dll

+ 2012-07-11 15:14 . 2012-07-11 15:14 1884160 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationBuildTa#\4fbff79b8ebf082d08c0080923ff5036\PresentationBuildTasks.ni.dll

+ 2012-07-11 15:14 . 2012-07-11 15:14 3601920 c:\windows\assembly\NativeImages_v2.0.50727_64\Narrator\ac1ba76ed19d668ce53a74593f040453\Narrator.ni.exe

+ 2012-07-11 15:13 . 2012-07-11 15:13 2327552 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCEx\df2557ab1b8e4389d846e13dc82eba57\MMCEx.ni.dll

+ 2012-07-11 15:12 . 2012-07-11 15:12 7970304 c:\windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\61812970c4743b686a67f28687e1dcb6\MIGUIControls.ni.dll

+ 2012-07-11 15:13 . 2012-07-11 15:13 2131968 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\1586ee919f86130df9771cf9b8d95d3a\Microsoft.VisualBasic.ni.dll

+ 2012-07-11 15:12 . 2012-07-11 15:12 1598976 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Transacti#\28ba52bc122353647f1b547506e2df7c\Microsoft.Transactions.Bridge.ni.dll

+ 2012-07-11 15:13 . 2012-07-11 15:13 1131008 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\f5790625975320b1ffad63b476da9132\Microsoft.PowerShell.Commands.Management.ni.dll

+ 2012-07-11 15:13 . 2012-07-11 15:13 5350912 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\ca7e936eed0de2436d87b2601ee3a20a\Microsoft.PowerShell.Editor.ni.dll

+ 2012-07-11 15:13 . 2012-07-11 15:13 2176512 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\6caa366471176a065a96d77e8ba01eeb\Microsoft.PowerShell.Commands.Utility.ni.dll

+ 2012-07-11 15:13 . 2012-07-11 15:13 2105344 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\3040e2de07177c0a6a66a49de61fdc59\Microsoft.PowerShell.GPowerShell.ni.dll

+ 2012-07-11 15:12 . 2012-07-11 15:12 1170432 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\c057be8bb6614cce013af3721fe34983\Microsoft.MediaCenter.TV.Tuners.Interop.ni.dll

+ 2012-07-11 15:12 . 2012-07-11 15:12 1516544 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\b2afc0af3d89ae00e973b4e6e9db382c\Microsoft.MediaCenter.ni.dll

+ 2012-07-11 15:13 . 2012-07-11 15:13 1508864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\73bfbdccdc1b0ae87f70a0ec594fee3c\Microsoft.MediaCenter.Bml.ni.dll

+ 2012-07-11 15:12 . 2012-07-11 15:12 1142784 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\260d83ee2128a3388051cf416d4450b0\Microsoft.MediaCenter.Shell.ni.dll

+ 2012-07-11 15:13 . 2012-07-11 15:13 3213312 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.JScript\094f6a515ca31504f96b4bad5848d692\Microsoft.JScript.ni.dll

+ 2012-07-11 15:13 . 2012-07-11 15:13 2365952 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Ink\dac69844e6333484159a4cf544190906\Microsoft.Ink.ni.dll

+ 2012-07-11 15:13 . 2012-07-11 15:13 5054976 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.GroupPoli#\2dace3e1a3fbdd679501e1c7c868ac3e\Microsoft.GroupPolicy.Reporting.ni.dll

+ 2012-07-11 15:13 . 2012-07-11 15:13 2218496 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\4b362e9e25c33e371f06403edec8849a\Microsoft.Build.Tasks.ni.dll

+ 2012-07-11 15:13 . 2012-07-11 15:13 2682880 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\33730d136a34d2f4e56a0322f49ee9b6\Microsoft.Build.Tasks.v3.5.ni.dll

+ 2012-07-11 15:13 . 2012-07-11 15:13 1137152 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\f1a0df6a86ceb708c5e50338f12b77ba\Microsoft.Build.Engine.ni.dll

+ 2012-07-11 15:13 . 2012-07-11 15:13 2544640 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\6b727c7aa69ae3e04a869908bfbae696\Microsoft.Build.Engine.ni.dll

+ 2012-07-11 15:12 . 2012-07-11 15:12 2801664 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstore\cc4844e7242c1e35d145bf2439f944c5\mcstore.ni.dll

+ 2012-07-11 15:12 . 2012-07-11 15:12 4088320 c:\windows\assembly\NativeImages_v2.0.50727_64\mcepg\596902addad034f4df2caf291b12d61d\mcepg.ni.dll

+ 2012-07-11 15:12 . 2012-07-11 15:12 2165248 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiVidCtl\dcabda0d241272e0e2f08eacbd15e0b1\ehiVidCtl.ni.dll

+ 2012-07-11 15:12 . 2012-07-11 15:12 1201664 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiProxy\0423915e377ec85d71ac216fafa77ab0\ehiProxy.ni.dll

+ 2012-07-11 15:22 . 2012-07-11 15:22 1047552 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\3b452cde57280624e1085699fe8beb03\UIAutomationClientsideProviders.ni.dll

+ 2012-07-11 15:22 . 2012-07-11 15:22 1358336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\e3e5aa45736b95804bf6bb7eca08a57b\System.WorkflowServices.ni.dll

+ 2012-07-11 15:22 . 2012-07-11 15:22 2209792 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\4a90802e36dee6e10d9bf54832cbf549\System.Web.Mobile.ni.dll

+ 2012-07-11 15:22 . 2012-07-11 15:22 2404352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\c45efc7ec92c1da8e67eb597559ec39c\System.Web.Extensions.ni.dll

+ 2012-07-11 15:22 . 2012-07-11 15:22 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\83053c3eeb3255672d84c1ddc0ce8ef3\System.Speech.ni.dll

+ 2012-07-11 15:22 . 2012-07-11 15:22 1707008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\ed560b26f2f86b3f07b7f6d384f92275\System.ServiceModel.Web.ni.dll

+ 2012-07-11 15:15 . 2012-07-11 15:15 2347008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\72a24b45e11d64eb2bc840aae9419ba5\System.Runtime.Serialization.ni.dll

+ 2012-07-11 15:15 . 2012-07-11 15:15 1051136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll

+ 2012-07-11 15:15 . 2012-07-11 15:15 8872960 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\a8495b797e6f7adddc5811a4e1f97db5\System.Management.Automation.ni.dll

+ 2012-07-11 15:15 . 2012-07-11 15:15 1083392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\2ce8210219c7123610072357358df470\System.IdentityModel.ni.dll

+ 2012-07-11 15:22 . 2012-07-11 15:22 2029568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\3285887b33030a7ce453573d3bed4e95\System.Data.Services.ni.dll

+ 2012-07-11 15:22 . 2012-07-11 15:22 1378816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\330d3ad45a00455b537047183e128def\System.Data.Services.Client.ni.dll

+ 2012-07-11 15:22 . 2012-07-11 15:22 2516992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\2fe1658f05b0a96fe25c956a31d27b06\System.Data.Linq.ni.dll

+ 2012-07-11 15:22 . 2012-07-11 15:22 9921536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\51a2589d5ee1c9c40fb6c56391570f9e\System.Data.Entity.ni.dll

+ 2012-07-11 15:15 . 2012-07-11 15:15 2297856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll

+ 2012-07-11 15:16 . 2012-07-11 15:16 1351168 c:\windows\assembly\NativeImages_v2.0.50727_32\SrpUxSnapIn\0f05778da82962003762ac22f0ab4b91\SrpUxSnapIn.ni.dll

+ 2012-07-11 15:16 . 2012-07-11 15:16 1451520 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\b3f13707cbd5d48aabaa9ef5264c8a30\PresentationBuildTasks.ni.dll

+ 2012-07-11 15:16 . 2012-07-11 15:16 2623488 c:\windows\assembly\NativeImages_v2.0.50727_32\Narrator\17add09c98fa34255142d42697db53df\Narrator.ni.exe

+ 2012-07-11 15:16 . 2012-07-11 15:16 1545216 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCEx\21abde8efab609732b2ade3f05234e79\MMCEx.ni.dll

+ 2012-07-11 15:15 . 2012-07-11 15:15 6438912 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\0e7da0df83f0619e3b0e0a7d7ee05fa3\MIGUIControls.ni.dll

+ 2012-07-11 15:16 . 2012-07-11 15:16 1670144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6c59a14a23f734093e80d6093e25302a\Microsoft.VisualBasic.ni.dll

+ 2012-07-11 15:15 . 2012-07-11 15:15 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\cd9e47effec6549cdec61eb3aef99f7c\Microsoft.Transactions.Bridge.ni.dll

+ 2012-07-11 15:16 . 2012-07-11 15:16 1681920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\99ae5f32cd1dc3618659bc3c77f2b2a9\Microsoft.PowerShell.Commands.Utility.ni.dll

+ 2012-07-11 15:16 . 2012-07-11 15:16 1704960 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\77b5496d214dd5034294b058c0bb0e8d\Microsoft.PowerShell.GPowerShell.ni.dll

+ 2012-07-11 15:16 . 2012-07-11 15:16 3724288 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\72765e5fab12761eb6d3f58180fa34d7\Microsoft.PowerShell.Editor.ni.dll

+ 2012-07-11 15:15 . 2012-07-11 15:15 6499840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\8ce1d10f94b40f054017865757552f2d\Microsoft.MediaCenter.UI.ni.dll

+ 2012-07-11 15:15 . 2012-07-11 15:15 1009664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\7fab1ec8f5ed6a55a8a73b2c590bd7cd\Microsoft.MediaCenter.ni.dll

+ 2012-07-11 15:15 . 2012-07-11 15:15 2335744 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\e3d2577e00aef6bc9b3e235eb83634f3\Microsoft.JScript.ni.dll

+ 2012-07-11 15:15 . 2012-07-11 15:15 1361408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\4d381048e3b9c0914c0f72c6aa0a599d\Microsoft.Ink.ni.dll

+ 2012-07-11 15:15 . 2012-07-11 15:15 4071424 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.GroupPoli#\efbe64bfafaaaec44b5c0e487c0b2c4a\Microsoft.GroupPolicy.Reporting.ni.dll

+ 2012-07-11 15:15 . 2012-07-11 15:15 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\3893fa9a19b52dee8b2cc424840d5d08\Microsoft.Build.Tasks.ni.dll

+ 2012-07-11 15:15 . 2012-07-11 15:15 1970176 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\1d2250044b1ecff755e26ed12f6d27cb\Microsoft.Build.Tasks.v3.5.ni.dll

+ 2012-07-11 15:15 . 2012-07-11 15:15 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\6b66f52dbd8f87e53c3c9a1de7ca5bba\Microsoft.Build.Engine.ni.dll

+ 2012-07-11 15:15 . 2012-07-11 15:15 2035712 c:\windows\assembly\NativeImages_v2.0.50727_32\mcstore\3a4e56a8d1075cf0af0619c383b3e592\mcstore.ni.dll

+ 2012-07-11 15:15 . 2012-07-11 15:15 3025920 c:\windows\assembly\NativeImages_v2.0.50727_32\mcepg\69b8de21b08c3412422c5918399ed702\mcepg.ni.dll

+ 2012-07-11 15:07 . 2012-07-11 15:07 12310216 c:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll

+ 2012-07-11 15:12 . 2012-07-11 15:12 23913984 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel\f74b2d1b8cf279ff6bfe479f79e70fe9\System.ServiceModel.ni.dll

+ 2012-07-11 15:13 . 2012-07-11 15:13 11900928 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management.A#\00c4a761d0a5cafc00f34d763fe76ac4\System.Management.Automation.ni.dll

+ 2012-07-11 15:14 . 2012-07-11 15:14 13760000 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity\daaff9fe9c85fc171d426a3cb6766dbb\System.Data.Entity.ni.dll

+ 2012-07-11 15:12 . 2012-07-11 15:12 25470976 c:\windows\assembly\NativeImages_v2.0.50727_64\ehshell\0c1f96a4136efe532bbb8eb91d3de300\ehshell.ni.dll

+ 2012-07-11 15:15 . 2012-07-11 15:15 17478656 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\107779ca2708d2b31b2e1560e47f6d15\System.ServiceModel.ni.dll

.

-- Snapshot resatt til dagens dato --

.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-07-10 20:35 2074208 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-10 2074208]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-03 17417392]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-04 641704]

"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]

"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-07-10 1107552]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart

.

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-11 250056]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]

S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-04 238080]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-07-04 5160568]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]

S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]

S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-07-10 935008]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-07-04 11922944]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-07-04 359936]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]

S3 rt61x64;Linksys Wireless-G PCI Adapter Driver;c:\windows\system32\DRIVERS\WMP54Gv41x64.sys [2010-04-07 446304]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]

.

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

.

2012-07-11 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-10 15:07]

.

.

--------- X64 Entries -----------

.

.

------- Tilleggsskanning -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 192.168.0.1

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll

.

.

--------------------- LÅSTE REGISTERNØKLER ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Tidspunkt ferdig: 2012-07-11 20:05:52 - maskinen ble startet på nytt

ComboFix-quarantined-files.txt 2012-07-11 18:05

ComboFix2.txt 2012-07-11 15:02

.

Pre-Run: 65 593 262 080 bytes free

Post-Run: 65 515 974 656 bytes free

.

- - End Of File - - 32C695D89853E435304084E4F5D8ABD8

 

Endret av Mr.Anki
Lenke til kommentar
mobile999

mobile999

Skrevet
Skrevet (endret)

Ingen filer jeg ikke vil miste, så da er det vel bare å gjøre en scan til og huke av for sletting av filer?

Det er selvfølgelig en mulighet. Vanligvis lager man et script som sletter filene, men det forutsetter som sagt at man lagrer loggen (og poster den).

 

Jeg tviler på at det eset fant ikke var der før System check infeksjonen, men kan ikke uttale meg sikkert før jeg får sett loggen.

Endret av mobile999
Lenke til kommentar
smartphone

smartphone

Skrevet
Skrevet

Hei,

 

Har fått en trojaner inn i systemet som jeg ikke blir kvitt. Har kjørt full skann med MBAM og fjernet det den fant, men ting blir ikke bedre. Først ble alle filene på de andre harddiskene satt som skjult, ingen programfiler fungerer.

 

Har tatt en reinstall av OS, men etter å ha kjørt Combofix og restartet maskinen vil ingenting fungere. Under kjøring av Combofix kommer AVG opp med dette bilde:

 

post-86344-0-42129500-1342025565_thumb.png

 

 

Logg fra Combofix:

 

 

 

ComboFix 12-07-11.03 - Andreas 11.07.2012 16:55:04.1.8 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.47.1033.18.20477.17745 [GMT 2:00]

Kjører fra: c:\users\Andreas\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2012-06-11 til 2012-07-11 )))))))))))))))))))))))))))))))))

.

.

2012-07-11 14:57 . 2012-07-11 14:57 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-11 02:47 . 2012-07-10 16:56 -------- d-----w- c:\windows\Panther

2012-07-10 20:39 . 2012-07-10 20:39 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-07-10 20:39 . 2012-07-10 20:39 -------- d-----w- c:\program files (x86)\Java

2012-07-10 20:29 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-07-10 20:24 . 2012-06-18 01:12 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6AE1542A-BB5F-4DB1-873F-5A4FC25CAB82}\mpengine.dll

2012-07-10 20:23 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe

2012-07-10 20:18 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2012-07-10 20:17 . 2011-11-17 06:35 395776 ----a-w- c:\windows\system32\webio.dll

2012-07-10 20:16 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys

2012-07-10 20:16 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll

2012-07-10 20:16 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll

2012-07-10 18:56 . 2012-07-10 18:56 -------- d-----w- c:\windows\SysWow64\Macromed

2012-07-10 17:33 . 2012-07-10 17:33 -------- d-----w- c:\program files (x86)\VideoLAN

2012-07-10 17:12 . 2012-07-10 17:12 -------- d-----w- c:\programdata\ATI

2012-07-10 17:12 . 2012-07-10 17:12 0 ----a-w- c:\windows\ativpsrm.bin

2012-07-10 17:10 . 2012-07-10 17:10 -------- d-----w- c:\programdata\AMD

2012-07-10 17:10 . 2012-07-10 17:10 -------- d-----w- c:\program files (x86)\AMD AVT

2012-07-10 17:10 . 2012-07-10 17:10 -------- d-----w- c:\program files (x86)\AMD APP

2012-07-10 17:10 . 2012-07-10 17:10 -------- d-----w- c:\program files\Common Files\ATI Technologies

2012-07-10 17:10 . 2012-07-10 17:10 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies

2012-07-10 17:09 . 2012-07-10 17:09 -------- d-----w- c:\program files (x86)\ATI Technologies

2012-07-10 17:09 . 2012-07-10 17:10 -------- d-----w- c:\program files\ATI Technologies

2012-07-10 17:09 . 2012-07-10 17:09 -------- d-----w- c:\program files\ATI

2012-07-10 17:08 . 2012-07-10 17:08 -------- d-----w- C:\AMD

2012-07-10 17:05 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-07-10 17:05 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-07-10 17:05 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-07-10 17:04 . 2012-07-10 17:04 -------- d-----w- c:\program files (x86)\Common Files\Skype

2012-07-10 17:04 . 2012-07-10 17:04 -------- d-----r- c:\program files (x86)\Skype

2012-07-10 17:04 . 2012-07-10 17:04 -------- d-----w- c:\programdata\Skype

2012-07-10 17:03 . 2012-07-10 17:03 -------- d-----w- c:\program files (x86)\Opera

2012-07-10 17:01 . 2012-07-10 20:38 -------- d-sh--w- c:\windows\Installer

2012-07-10 17:01 . 2012-07-11 14:51 -------- d-----w- c:\programdata\MFAData

2012-07-10 17:01 . 2012-07-10 17:01 -------- d--h--w- c:\programdata\Common Files

2012-07-10 17:01 . 2012-07-10 17:01 -------- d-----w- c:\programdata\Malwarebytes

2012-07-10 17:01 . 2012-07-10 17:01 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-07-10 17:01 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-10 16:59 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-07-10 16:59 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-07-10 16:59 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-07-10 16:59 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-07-10 16:59 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-07-10 16:59 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-07-10 16:59 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-07-10 16:59 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-07-10 16:59 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-07-10 16:56 . 2012-07-11 14:49 -------- d-----w- c:\users\Andreas

2012-07-10 16:56 . 2012-07-10 16:56 -------- d-----w- C:\Recovery

2012-07-04 06:59 . 2012-07-04 06:59 11922944 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2012-07-04 06:52 . 2012-07-04 06:52 26016256 ----a-w- c:\windows\system32\atio6axx.dll

2012-07-04 06:35 . 2012-07-04 06:35 19586048 ----a-w- c:\windows\SysWow64\atioglxx.dll

2012-07-04 06:27 . 2012-07-04 06:27 159744 ----a-w- c:\windows\system32\atiapfxx.exe

2012-07-04 06:27 . 2012-07-04 06:27 918528 ----a-w- c:\windows\SysWow64\aticfx32.dll

2012-07-04 06:25 . 2012-07-04 06:25 1081856 ----a-w- c:\windows\system32\aticfx64.dll

2012-07-04 06:21 . 2012-07-04 06:21 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll

2012-07-04 06:21 . 2012-07-04 06:21 514048 ----a-w- c:\windows\system32\atieclxx.exe

2012-07-04 06:20 . 2012-07-04 06:20 238080 ----a-w- c:\windows\system32\atiesrxx.exe

2012-07-04 06:19 . 2012-07-04 06:19 120320 ----a-w- c:\windows\system32\atitmm64.dll

2012-07-04 06:19 . 2012-07-04 06:19 21504 ----a-w- c:\windows\system32\atimuixx.dll

2012-07-04 06:19 . 2012-07-04 06:19 59392 ----a-w- c:\windows\system32\atiedu64.dll

2012-07-04 06:19 . 2012-07-04 06:19 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll

2012-07-04 06:18 . 2012-07-04 06:18 6811648 ----a-w- c:\windows\SysWow64\atidxx32.dll

2012-07-04 05:57 . 2012-07-04 05:57 7510528 ----a-w- c:\windows\system32\atidxx64.dll

2012-07-04 05:36 . 2012-07-04 05:36 1053696 ----a-w- c:\windows\system32\atiumd6v.dll

2012-07-04 05:36 . 2012-07-04 05:36 69632 ----a-w- c:\windows\system32\coinst_8.97.100.3.dll

2012-07-04 05:36 . 2012-07-04 05:36 1960960 ----a-w- c:\windows\SysWow64\atiumdmv.dll

2012-07-04 05:35 . 2012-07-04 05:35 4261376 ----a-w- c:\windows\system32\atiumd6a.dll

2012-07-04 05:35 . 2012-07-04 05:35 6245888 ----a-w- c:\windows\SysWow64\atiumdag.dll

2012-07-04 05:28 . 2012-07-04 05:28 4749312 ----a-w- c:\windows\SysWow64\atiumdva.dll

2012-07-04 05:24 . 2012-07-04 05:24 7477760 ----a-w- c:\windows\system32\atiumd64.dll

2012-07-04 05:11 . 2012-07-04 05:11 56320 ----a-w- c:\windows\system32\atimpc64.dll

2012-07-04 05:11 . 2012-07-04 05:11 56320 ----a-w- c:\windows\system32\amdpcom64.dll

2012-07-04 05:11 . 2012-07-04 05:11 535552 ----a-w- c:\windows\system32\atiadlxx.dll

2012-07-04 05:11 . 2012-07-04 05:11 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll

2012-07-04 05:11 . 2012-07-04 05:11 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll

2012-07-04 05:11 . 2012-07-04 05:11 364544 ----a-w- c:\windows\SysWow64\atiadlxy.dll

2012-07-04 05:11 . 2012-07-04 05:11 17920 ----a-w- c:\windows\system32\atig6pxx.dll

2012-07-04 05:11 . 2012-07-04 05:11 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll

2012-07-04 05:11 . 2012-07-04 05:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll

2012-07-04 05:11 . 2012-07-04 05:11 41984 ----a-w- c:\windows\system32\atig6txx.dll

2012-07-04 05:11 . 2012-07-04 05:11 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll

2012-07-04 05:10 . 2012-07-04 05:10 359936 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2012-07-04 05:10 . 2012-07-04 05:10 55296 ----a-w- c:\windows\system32\atiuxp64.dll

2012-07-04 05:09 . 2012-07-04 05:09 42496 ----a-w- c:\windows\SysWow64\atiuxpag.dll

2012-07-04 05:09 . 2012-07-04 05:09 45056 ----a-w- c:\windows\system32\atiu9p64.dll

2012-07-04 05:09 . 2012-07-04 05:09 32768 ----a-w- c:\windows\SysWow64\atiu9pag.dll

2012-07-04 05:09 . 2012-07-04 05:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2012-07-04 05:04 . 2012-07-04 05:04 51200 ----a-w- c:\windows\system32\aticalrt64.dll

2012-07-04 05:04 . 2012-07-04 05:04 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll

2012-07-04 05:04 . 2012-07-04 05:04 44544 ----a-w- c:\windows\system32\aticalcl64.dll

2012-07-04 05:04 . 2012-07-04 05:04 44544 ----a-w- c:\windows\SysWow64\aticalcl.dll

2012-07-04 05:04 . 2012-07-04 05:04 15827456 ----a-w- c:\windows\system32\aticaldd64.dll

2012-07-04 04:59 . 2012-07-04 04:59 13402112 ----a-w- c:\windows\SysWow64\aticaldd.dll

2012-07-04 00:32 . 2012-07-04 00:32 187392 ----a-w- c:\windows\system32\clinfo.exe

2012-07-04 00:32 . 2012-07-04 00:32 75264 ----a-w- c:\windows\system32\OpenVideo64.dll

2012-07-04 00:32 . 2012-07-04 00:32 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll

2012-07-04 00:31 . 2012-07-04 00:31 63488 ----a-w- c:\windows\system32\OVDecode64.dll

2012-07-04 00:31 . 2012-07-04 00:31 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll

2012-07-04 00:31 . 2012-07-04 00:31 16457216 ----a-w- c:\windows\system32\amdocl64.dll

2012-07-04 00:30 . 2012-07-04 00:30 13008384 ----a-w- c:\windows\SysWow64\amdocl.dll

2012-07-04 00:30 . 2012-07-04 00:30 54784 ----a-w- c:\windows\system32\OpenCL.dll

2012-07-04 00:30 . 2012-07-04 00:30 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-31 10:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-04-19 02:50 . 2012-04-19 02:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys

2012-04-18 17:39 . 2012-04-18 17:39 43008 ----a-w- c:\windows\system32\kdbsdk64.dll

2012-04-18 17:39 . 2012-04-18 17:39 28672 ----a-w- c:\windows\SysWow64\kdbsdk32.dll

.

.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-07-10 20:35 2074208 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-10 2074208]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-03 17417392]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-04 641704]

"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]

"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-07-10 1107552]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart

.

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-10 257696]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]

S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-04 238080]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-07-04 5160568]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]

S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]

S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-07-10 935008]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-07-04 11922944]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-07-04 359936]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]

S3 rt61x64;Linksys Wireless-G PCI Adapter Driver;c:\windows\system32\DRIVERS\WMP54Gv41x64.sys [2010-04-07 446304]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]

.

.

--- Andre tjenester/drivere lastet i minnet ---

.

*NewlyCreated* - WS2IFSL

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

.

2012-07-10 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-10 20:31]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Tilleggsskanning -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 192.168.0.1

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll

.

.

--------------------- LÅSTE REGISTERNØKLER ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Tidspunkt ferdig: 2012-07-11 17:02:47 - maskinen ble startet på nytt

ComboFix-quarantined-files.txt 2012-07-11 15:02

.

Pre-Run: 65 955 221 504 bytes free

Post-Run: 65 869 266 944 bytes free

.

- - End Of File - - 0E22DC2E04E2BBCCA25D57BBDAB632C9

 

 

Får ikke åpnet MBAM igjen og lagt ved loggen, men den fant ingenting ved full skanning..

 

 

Edit:

Etter en restart fungerer programmene igjen.

 

Dette høres litt ut som noe jeg fikk.

Det var en trojaner, som lastet ned noe malware som het SMART repair.

Alle filer og skrivebord forsvant, det ble bare verre og verre.

 

http://malwaretips.com/blogs/uninstall-smart-hdd/

 

Brukte guiden over, den inneholdt både bruk av MBAM og online skanning og mer.

Tror kanskje du trenger noe slikt som gjør en grundig jobb.

Bruker PCem nå og den fungerer greit.

 

Hvis du vet hva som rammet deg er det guider på nettet.

Lenke til kommentar
smartphone

smartphone

Skrevet
Skrevet

Takk for tips, akkurat samme som jeg har/hadde.

 

Skal gå gjennom guiden.

Tenkte bare jeg ville tilføye at det gikk lettere enn jeg trodde med guiden. Husker ikke alt, mener det var noe jeg måtte gjøre flere ganger.

Skjuling av ip var ikke noe problem hos meg.

 

Etter som det sto i guiden var restart fy-fy og maskinen skulle startes i sikkermodus med nettverkskopling.

 

Bare du får startet en nettleser går det vel. Og det er vel noe av poenget med dette viruset/malwaren at man skal kjøpe en lisens på nett, så det ønsker vel å opprettholde nettverk og nettleser.

 

Ellers var det greit å ha en egen administratorkonto med passord, det er noe jeg skal huske på fremover.

Hadde det på denne maskinen, men kommer til å passe på å ha en admin-konto på alle maskiner fremover.

 

Dessuten skanner jeg nå nesten daglig med MBAM. Jeg har fått anbefalt MSE Microsoft Essentials og blitt frarådet sterkt AVG. Jeg hadde byttet til MSE før dette, og lagt inn MBAM, men ikke hatt problemer på noen år. Derfor hadde jeg vel ikke skannet med MBAM på noen uker.

Bruker nå MBAM og MSE på begge mine maskiner, uten at jeg kan si det er noen løsning. Kun noe jeg har gjort på bakgrunn av anbefalinger.

 

Det jeg stusser litt på er at guiden er fra mars, og MSE ba om å få tilsendt hva programmet oppdaget ved skanning etterpå. Godt at programmet "lærer" av nye virus, men hadde trodd at et virus som var noen måneder gammelt skulle bli oppdaget.

Jeg fikk to varsler på MSE, men MSE sa også "aksjon utført - ikke nødvendig å gjøre mer".

Ingenting tar alle virus, og mulig det hadde blitt oppdaget hvis jeg hadde skannet med MBAM oftere.

 

Lykke til og håper det ordner seg greit for deg!

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
Gå til emneliste

  • Hvem er aktive   0 medlemmer

    • Ingen innloggede medlemmer aktive
×
×
  • Opprett ny...