Alvorlig virusinfisert PC

[Insomniatic]

Nå har min kjære Laptop fått en så helvetes virus at jeg gir opp... Jeg skulle laste ned en keygen til et spill (Ja jeg fortjente det kanskje siden det er ulovlig) og jeg scanna filen med AVG Anti-Spyware, og den fant ikke noe. Men når jeg kjørte programmet begynte all faenskap å skje... Fikk blå skjerm og sånt, så skrudde den seg av... Jeg var helt wtf, så skrudde jeg på PC-en igjen og da var bakgrunnen endret til en sånn rar greie der det står "YOUR PRIVACY IS IN DANGER" og så blir jeg sendt til en internettside med et "antivirus" og så har den innstalert et falskt antivirus som jeg må betale lisens på 20 euro osv, og når jeg scanner pcen med antivirus, så får jeg enten blå skjerm eller så fullfører den søket men når den skal fjerne viruset blir det blå skjerm. Selv om jeg starter i sikker modus blir alt fucked up... Og når jeg går inn på pcen så blir det nesten hele tiden blå skjerm*

 

Noen som vet hva jeg kan gjøre for å fjerne dette?

*Blå skjerm, altså blå bakgrunn med masse sånne rare ting...

[Nutjob]

finn frem xp/vista CD-en din og reformater disken du lagra fila på(mest sannsynlig c om du ikke kaller den noe annet, eller du har lagra den på ett spesifik område)

[norbat]

Har du mulighet til å laste over combofix på PC-en?

Hvis, kjør den gjerne fra sikker modus.

[Insomniatic]

Har du mulighet til å laste over combofix på PC-en?

Hvis, kjør den gjerne fra sikker modus.

Jeg har fortsatt combofix, men har ikke sjans til å kjøre den. Med en gang jeg kommer inn blir pcen skrudd av. Og formatering kunne jeg gjerne gjort men jeg må ta backup av mange filer. Jeg har heldigvis fått det til med firefox profilen min, selvom den er ganske f*****d up i nettleseren, så er passordene mine reddet. Men får ikke kjørt noen filer. Selv i sikker modus får pcen blå skjerm og falske "you are being attacked by the internet" osv...

[Insomniatic]

ETTER EVIGE FORSØK FIKK JEG TIL EN HIJACKTHIS LOGG!

Klikk for å se/fjerne innholdet nedenfor

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:39: VIRUS ALERT!, on 04.06.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Programfiler\Fellesfiler\GtFlashSwitch\GtFlashSwitch.exe

C:\WINDOWS\system32\PSIService.exe

C:\WINDOWS\System32\PAStiSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn1\yt.dll

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programfiler\Winamp Toolbar\winamptb.dll

O3 - Toolbar: atfxqogp - {ED7940C6-E629-435E-A9D5-4FBF74F37C26} - C:\WINDOWS\atfxqogp.dll

O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Programfiler\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Programfiler\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')

O4 - Global Startup: coresysd.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users.WINDOWS\Programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

O8 - Extra context menu item: Sothink SWF Catcher - C:\Programfiler\Fellesfiler\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programfiler\Fellesfiler\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programfiler\Fellesfiler\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: @C:\Programfiler\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: @C:\Programfiler\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.1.87.cab

O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/uploader/ssi...ureUploader.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by125fd.bay125.hotmail.msn.com/activex/HMAtchmt.ocx

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{1ABA6710-96B4-4197-AEDC-8741AE2F3712}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\..\{63FBE47F-C984-4DFC-8EEA-59DD2FB2F045}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\..\{9CC1C19F-BF39-4BFE-ACB4-50205B825569}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

O21 - SSODL: vregfwlx - {85F43A82-D3F9-4D6C-893D-2CE7A1FEBB53} - C:\WINDOWS\vregfwlx.dll

O21 - SSODL: vltdfabw - {C1DA0D03-9A7E-44D5-9D36-F468E3EB0004} - C:\WINDOWS\vltdfabw.dll

O21 - SSODL: ServiceRam - {58bb6bbc-b463-44fe-8a5c-1fcd0ce1c679} - C:\WINDOWS\Resources\ServiceRam.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: dopewars server (dopewars-server) - Unknown owner - C:\Programfiler\dopewars-1.5.12\dopewars.exe

O23 - Service: GtFlashSwitch - OptionNV - C:\Programfiler\Fellesfiler\GtFlashSwitch\GtFlashSwitch.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programfiler\HPQ\Shared\hpqwmi.exe

O23 - Service: iPod-tjeneste (iPodService) - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\mssrv32.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

O24 - Desktop Component 0: (no name) - https://www.diskusjon.no/index.php?autocom=my_forum

 

--

End of file - 6796 bytes

Klikk for å se/fjerne innholdet nedenfor

Endret 21. juli 2008 av Latterkongen

[norbat]

Ja, du er tydelig infisert. Spørsmålet er om du overhode får kjørt noen scanninger på PC-en?

 

F.eks. combofix (gjerne fra sikker modus) eller andre?

[Insomniatic]

Ja, du er tydelig infisert. Spørsmålet er om du overhode får kjørt noen scanninger på PC-en?

 

F.eks. combofix (gjerne fra sikker modus) eller andre?

HJT Kjører fortsatt... Så hva burde jeg gjøre?

[snippsat]

Får du startet opp i sikkerhetmodus du må svare på det?

 

Under boot trykk F8 flere ganger velg sikkerhetmodus.

Da kjører du hjt eller combofix der.

Endret 4. juni 2008 av SNIPPSAT

[Insomniatic]

Får du startet opp i sikkerhetmodus du må svare på det?

 

Under boot trykk F8 flere ganger velg sikkerhetmodus.

Da kjører du hjt eller combofix der.

Trenger vel ikke starte i sikkermodus nå? HJT står på hele tiden nå og er klar til å bli forandret på. Jeg gidder ikke ta sjansen på å skru pcen av fordi det er ikke sikkert jeg får den på igjen da.

[norbat]

HJT: Sett merke framfor følgende linjer og klikk Fix checked:

O3 - Toolbar: atfxqogp - {ED7940C6-E629-435E-A9D5-4FBF74F37C26} - C:\WINDOWS\atfxqogp.dll

O4 - Global Startup: coresysd.exe

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O17 - HKLM\System\CCS\Services\Tcpip\..\{1ABA6710-96B4-4197-AEDC-8741AE2F3712}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\..\{63FBE47F-C984-4DFC-8EEA-59DD2FB2F045}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\..\{9CC1C19F-BF39-4BFE-ACB4-50205B825569}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

O21 - SSODL: vregfwlx - {85F43A82-D3F9-4D6C-893D-2CE7A1FEBB53} - C:\WINDOWS\vregfwlx.dll

O21 - SSODL: vltdfabw - {C1DA0D03-9A7E-44D5-9D36-F468E3EB0004} - C:\WINDOWS\vltdfabw.dll

O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\mssrv32.exe

 

Hent Fixwareout

 

Legg filen på skrivebordet og dobbeltklikk på den. Klikk Next -> Install.

Sjekk at det er avkrysset i 'Run fixit'.

Klikk Finish og fixet vil starte. Følg instruksjonen.

Restart PC-en når du blir bedt om det. Oppstarten vil ta litt lengre tid en normalt .....

 

Når PC-en har restartet følger du bare instruksjonen som kommer på skjermen.

 

Prøv deretter å kjøre combofix

[Insomniatic]

Username "Micke" - 05.06.08 12:28:04 [Fixwareout edited 9/01/2007]

 

~~~~~ Prerun check

 

DNS Resolver-bufferen ble tømt.

 

 

System was rebooted successfully.

 

~~~~~ Postrun check

HKLM\SOFTWARE\~\Winlogon\ "System"=""

....

....

~~~~~ Misc files.

....

~~~~~ Checking for older varients.

....

 

~~~~~ Current runs (hklm hkcu "run" Keys Only)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]

"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

....

Hosts file was reset, If you use a custom hosts file please replace it...

~~~~~ End report ~~~~~

[Insomniatic]

ComboFix 08-06-04.5 - Micke 2008-06-05 12:35:36.6 - NTFSx86

Running from: C:\Documents and Settings\Micke.MICKES\Skrivebord\ComboFix.exe

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\boqnrwdmsno.dll

C:\WINDOWS\system32\818646

C:\WINDOWS\system32\818646\818646.dll

C:\WINDOWS\system32\DdeKjRqr.ini

C:\WINDOWS\system32\DdeKjRqr.ini2

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\xmpstean.exe

 

.

((((((((((((((((((((((((( Files Created from 2008-05-05 to 2008-06-05 )))))))))))))))))))))))))))))))

.

 

2008-06-05 12:27 . 2008-06-05 12:31 <DIR> d-------- C:\fixwareout

2008-06-05 02:04 . 2008-06-05 10:19 <DIR> dr-h----- C:\Documents and Settings\Micke.MICKES\Siste

2008-06-01 21:23 . 2008-06-01 21:23 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\SUPERAntiSpyware.com

2008-06-01 16:06 . 2006-06-02 00:39 <DIR> dr------- C:\Documents and Settings\Administrator\Start-meny

2008-06-01 16:06 . 2006-06-02 00:39 <DIR> d--h----- C:\Documents and Settings\Administrator\Skrivere

2008-06-01 16:06 . 2008-06-01 16:25 <DIR> d-------- C:\Documents and Settings\Administrator\Skrivebord

2008-06-01 16:06 . 2006-06-02 00:39 <DIR> d--h----- C:\Documents and Settings\Administrator\Siste

2008-06-01 16:06 . 2008-06-01 21:23 <DIR> dr-h----- C:\Documents and Settings\Administrator\Programdata

2008-06-01 16:06 . 2006-06-02 00:39 <DIR> d-------- C:\Documents and Settings\Administrator\Mine dokumenter

2008-06-01 16:06 . 2006-06-01 22:56 <DIR> d--h----- C:\Documents and Settings\Administrator\Maler

2008-06-01 16:06 . 2008-05-23 18:40 <DIR> d--h----- C:\Documents and Settings\Administrator\Lokale innstillinger

2008-06-01 16:06 . 2006-06-02 00:39 <DIR> d-------- C:\Documents and Settings\Administrator\Favoritter

2008-06-01 16:06 . 2006-06-02 00:39 <DIR> d--h----- C:\Documents and Settings\Administrator\AndrMask

2008-06-01 16:06 . 2008-06-01 16:06 <DIR> d-------- C:\Documents and Settings\Administrator

2008-06-01 14:53 . 2008-06-01 15:32 82 ---h----- C:\WINDOWS\popcreg.dat

2008-06-01 14:53 . 2008-06-01 15:32 23 --a------ C:\WINDOWS\popcinfot.dat

2008-06-01 14:34 . 2008-06-01 12:17 94,208 --a------ C:\WINDOWS\exdq.exe

2008-05-30 17:51 . 2008-05-30 17:51 <DIR> d-------- C:\Documents and Settings\Micke.MICKES\Programdata\Publish Providers

2008-05-30 17:50 . 2008-05-30 17:50 <DIR> d-------- C:\Documents and Settings\Micke.MICKES\Programdata\Sony

2008-05-30 17:41 . 2008-05-30 17:41 <DIR> d-------- C:\Programfiler\MSBuild

2008-05-30 17:36 . 2008-05-30 17:36 <DIR> d-------- C:\WINDOWS\system32\XPSViewer

2008-05-30 17:35 . 2008-05-30 17:35 <DIR> d-------- C:\Programfiler\Reference Assemblies

2008-05-30 17:34 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll

2008-05-30 17:28 . 2008-05-30 17:28 <DIR> d-------- C:\Documents and Settings\Micke.MICKES\Programdata\Sony Setup

2008-05-30 17:24 . 2008-05-30 17:24 <DIR> d-------- C:\Programfiler\Sony Setup

2008-05-29 16:33 . 2008-05-29 16:33 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Programdata\SwiftKit

2008-05-26 16:32 . 2008-05-26 16:32 <DIR> d-------- C:\DVDVideoSoft

2008-05-26 16:31 . 2008-05-26 16:31 <DIR> d-------- C:\Programfiler\Fellesfiler\DVDVideoSoft

2008-05-26 16:31 . 2008-05-26 16:31 <DIR> d-------- C:\Programfiler\DVDVideoSoft

2008-05-25 22:21 . 2004-08-04 00:57 14,720 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys

2008-05-25 22:21 . 2004-08-04 00:57 14,720 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys

2008-05-25 21:22 . 2004-08-03 23:10 38,016 --a------ C:\WINDOWS\system32\drivers\bthmodem.sys

2008-05-25 21:22 . 2004-08-03 23:10 38,016 --a--c--- C:\WINDOWS\system32\dllcache\bthmodem.sys

2008-05-25 21:20 . 2004-08-04 01:03 152,576 --a------ C:\WINDOWS\system32\irftp.exe

2008-05-25 21:20 . 2004-08-04 01:03 152,576 --a--c--- C:\WINDOWS\system32\dllcache\irftp.exe

2008-05-25 21:20 . 2004-08-03 22:58 100,992 --a------ C:\WINDOWS\system32\drivers\bthpan.sys

2008-05-25 21:20 . 2004-08-03 22:58 100,992 --a--c--- C:\WINDOWS\system32\dllcache\bthpan.sys

2008-05-25 21:20 . 2004-08-03 23:10 59,648 --a------ C:\WINDOWS\system32\drivers\rfcomm.sys

2008-05-25 21:20 . 2004-08-03 23:10 59,648 --a--c--- C:\WINDOWS\system32\dllcache\rfcomm.sys

2008-05-25 21:20 . 2004-08-03 23:10 17,024 --a------ C:\WINDOWS\system32\drivers\BthEnum.sys

2008-05-25 21:20 . 2004-08-03 23:10 17,024 --a--c--- C:\WINDOWS\system32\dllcache\bthenum.sys

2008-05-25 21:20 . 2004-08-04 01:03 8,192 --a------ C:\WINDOWS\system32\wshirda.dll

2008-05-25 21:20 . 2004-08-04 01:03 8,192 --a--c--- C:\WINDOWS\system32\dllcache\wshirda.dll

2008-05-25 21:19 . 2004-08-04 00:55 274,432 --a------ C:\WINDOWS\system32\drivers\bthport.sys

2008-05-25 21:19 . 2004-08-04 00:55 274,432 --a--c--- C:\WINDOWS\system32\dllcache\bthport.sys

2008-05-25 21:19 . 2004-08-03 23:10 18,944 --a------ C:\WINDOWS\system32\drivers\BTHUSB.SYS

2008-05-25 21:19 . 2004-08-03 23:10 18,944 --a--c--- C:\WINDOWS\system32\dllcache\bthusb.sys

2008-05-23 21:21 . 2008-05-23 21:21 <DIR> d-------- C:\Programfiler\Fellesfiler\eSellerate

2008-05-23 15:56 . 2008-05-23 15:56 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware

2008-05-23 15:56 . 2008-05-23 15:56 <DIR> d-------- C:\Documents and Settings\Micke.MICKES\Programdata\SUPERAntiSpyware.com

2008-05-23 15:56 . 2008-05-23 15:56 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Programdata\SUPERAntiSpyware.com

2008-05-22 17:56 . 2008-05-23 16:58 19,772 --a------ C:\WINDOWS\system32\nav32update

2008-05-20 19:11 . 2008-03-21 19:11 32 -ra------ C:\Documents and Settings\All Users\hash.dat

2008-05-18 23:29 . 2008-05-18 23:29 <DIR> d-------- C:\Programfiler\Dopewars

2008-05-16 23:13 . 2008-06-03 14:03 <DIR> d-a------ C:\Documents and Settings\All Users.WINDOWS\Programdata\TEMP

2008-05-16 15:47 . 2008-05-16 15:47 <DIR> d-------- C:\Programfiler\dopewars-1.5.12

2008-05-16 15:47 . 2008-05-16 15:47 20,992 --a------ C:\WINDOWS\bw-uninstall.exe

2008-05-11 14:06 . 2002-02-18 10:23 172,304 --a------ C:\WINDOWS\system32\jview.exe

2008-05-11 14:06 . 2002-02-18 10:23 171,792 --a------ C:\WINDOWS\system32\wjview.exe

2008-05-11 14:06 . 2002-02-18 10:23 49,424 --a------ C:\WINDOWS\system32\clspack.exe

2008-05-11 13:40 . 2008-05-11 20:53 <DIR> d-------- C:\rscache

2008-05-10 15:11 . 2008-05-31 15:22 <DIR> d-------- C:\Programfiler\SwiftKit

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-03 12:32 94,208 ----a-w C:\WINDOWS\DUMP4cf7.tmp

2008-06-02 12:09 --------- d-----w C:\Documents and Settings\Micke.MICKES\Programdata\wsInspector

2008-06-01 18:08 94,208 ----a-w C:\WINDOWS\DUMP4304.tmp

2008-06-01 14:00 --------- d-----w C:\Programfiler\Cheat Engine

2008-06-01 12:54 --------- d-----w C:\Programfiler\PopCap Games

2008-05-30 14:14 --------- d-----w C:\Programfiler\Disk Cleaner

2008-05-23 13:55 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-05-23 06:32 --------- d--h--w C:\Programfiler\XSoftware

2008-05-22 18:37 --------- d-----w C:\Programfiler\Google

2008-05-22 17:41 --------- d-----w C:\Programfiler\Corel

2008-04-26 19:56 --------- d-----w C:\Documents and Settings\Micke.MICKES\Programdata\Azureus

2008-04-26 19:34 --------- d-----w C:\Documents and Settings\Micke.MICKES\Programdata\LimeWire

2008-04-26 19:26 --------- d-----w C:\Programfiler\Azureus

2008-04-23 06:13 --------- d-----w C:\Documents and Settings\Micke.MICKES\Programdata\mIRC

2008-04-23 06:09 --------- d-----w C:\Programfiler\mIRC

2008-04-18 16:33 --------- d-----w C:\Programfiler\Spybot - Search & Destroy

2008-04-18 16:30 691,545 ----a-w C:\WINDOWS\unins000.exe

2008-04-15 17:39 --------- d-----w C:\Documents and Settings\Micke.MICKES\Programdata\tor

2008-04-06 13:22 --------- d-----w C:\Programfiler\Java

2008-04-06 13:15 --------- d-----w C:\Programfiler\Sun

2008-01-31 13:05 167 ----a-w C:\Documents and Settings\All Users.WINDOWS\Programdata\saopts.dat

2006-04-18 12:55 834 ----a-w C:\Documents and Settings\Micke\Programdata\wklnhst.dat

2005-05-13 16:12 217,073 --sha-r C:\WINDOWS\meta4.exe

2005-10-24 10:13 66,560 --sha-r C:\WINDOWS\MOTA113.exe

2005-10-13 20:27 422,400 --sha-r C:\WINDOWS\x2.64.exe

2006-06-18 19:27 80 --sh--r C:\WINDOWS\system32\744BE5167C.dll

2008-01-17 15:28 104 --sh--r C:\WINDOWS\system32\744BE5167C.sys

2008-02-03 18:30 168 --sh--r C:\WINDOWS\system32\7C16E54B74.sys

2005-10-07 18:14 308,224 --sha-r C:\WINDOWS\system32\avisynth.dll

2005-07-14 11:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll

2005-06-26 14:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll

2005-06-21 21:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll

2006-07-17 09:26 65,210 --sha-w C:\WINDOWS\system32\fhgniw.dat

2004-01-24 23:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll

2006-04-27 09:24 2,945,024 --sha-r C:\WINDOWS\system32\Smab.dll

2006-06-15 21:03 8,384 --sha-w C:\WINDOWS\system32\srsc.dat

2005-02-28 12:16 240,128 --sha-r C:\WINDOWS\system32\x.264.exe

2004-01-24 23:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll

.

<pre>
----a-w		   360,448 2004-10-02 11:21:08  C:\Program Files\Mappe\Cheatpack\Auto Miners\Sythe's Powerminer .exe
</pre>

 

 

((((((((((((((((((((((((((((( snapshot@2008-05-23_17.14.19.85 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-05-30 15:35:37 151,552 ----a-w C:\WINDOWS\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll

+ 2008-05-30 15:36:45 3,915,776 ----a-w C:\WINDOWS\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll

+ 2008-05-30 15:36:48 344,064 ----a-w C:\WINDOWS\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll

+ 2008-05-30 15:35:36 352,256 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll

+ 2008-05-30 15:36:45 593,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll

+ 2008-05-30 15:36:45 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll

+ 2008-05-30 15:36:48 184,320 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll

+ 2008-05-30 15:36:48 126,976 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll

+ 2008-05-30 15:36:48 376,832 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll

+ 2008-05-30 15:36:48 151,552 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll

+ 2008-05-30 15:36:46 4,972,544 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll

+ 2008-05-30 15:36:47 897,024 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll

+ 2008-05-30 15:36:48 528,384 ----a-w C:\WINDOWS\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll

+ 2008-05-30 15:35:39 94,208 ----a-w C:\WINDOWS\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll

+ 2008-05-30 15:35:40 126,976 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll

+ 2008-05-30 15:35:39 401,408 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll

+ 2008-05-30 15:35:40 131,072 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll

+ 2008-05-30 15:35:40 884,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll

+ 2008-05-30 15:35:45 159,744 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll

+ 2008-05-30 15:35:45 16,384 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll

+ 2008-05-30 15:35:41 5,623,808 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll

+ 2008-05-30 15:36:48 688,128 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll

+ 2008-05-30 15:41:10 1,108,784 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll

+ 2008-05-30 15:41:11 1,641,272 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll

+ 2008-05-30 15:41:10 588,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll

+ 2008-05-30 15:36:47 163,840 ----a-w C:\WINDOWS\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll

+ 2008-05-30 15:36:47 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll

+ 2008-05-30 15:36:47 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll

+ 2008-05-30 15:36:47 86,016 ----a-w C:\WINDOWS\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll

+ 2008-05-30 15:36:44 1,167,360 ----a-w C:\WINDOWS\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll

+ 2008-05-30 15:36:48 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll

+ 2008-05-30 15:46:47 53,248 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AjaVideoProperties\6b12d64d17ff75d538c184f1f37da832\AjaVideoProperties.ni.dll

+ 2008-05-30 16:37:45 499,712 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\80cc36468a5cca04a6c5deb60604f176\ComSvcConfig.ni.exe

+ 2008-05-30 15:47:03 94,208 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ControlLibrary\b8a4272ac04a88041605b87cc6036752\ControlLibrary.ni.dll

+ 2008-05-30 15:46:58 1,331,200 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CoreGraphics.XmlSer#\d5691cf9444be65e3d4f73bf13e440bb\CoreGraphics.XmlSerializers.ni.dll

+ 2008-05-30 15:46:54 1,622,016 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CoreGraphics\3d1ed52a8f10ae688e2ba5df14aec99c\CoreGraphics.ni.dll

+ 2008-05-30 15:46:48 139,264 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CorePrimitives\32d6a5ebc18be67cbc792d2f0d7c13f8\CorePrimitives.ni.dll

+ 2008-05-30 15:47:02 925,696 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CoreUI.XmlSerialize#\6ba973e48beabb159db984fb8cca9be5\CoreUI.XmlSerializers.ni.dll

+ 2008-05-30 15:46:59 409,600 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CoreUI\5914954056da07cdfd495763d1f3769c\CoreUI.ni.dll

+ 2008-05-30 15:47:06 65,536 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop\41369efc2d0fcf7114912ab165213fc5\Interop.ni.dll

+ 2008-05-30 16:37:50 1,118,208 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\a14f48371df5fc8343c3be86bd39ed6e\Microsoft.Transactions.Bridge.ni.dll

+ 2008-05-30 16:37:51 405,504 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\cb3f61c5998a9845585da358bf39ec3f\Microsoft.Transactions.Bridge.Dtc.ni.dll

+ 2008-05-30 15:37:44 17,920 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\f49ccfb81fedd0fadd6d9e245b6fad7d\Microsoft.VisualC.ni.dll

+ 2008-05-30 16:38:26 1,568,768 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\a9f073c852177040b4d6be3668540f6e\PresentationBuildTasks.ni.dll

+ 2008-05-30 15:38:46 40,448 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\b92be050b973bb9818946a194a8e897e\PresentationCFFRasterizer.ni.dll

+ 2008-05-30 15:38:42 11,984,896 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\113800d8b28c623a80fd0819c52d9f21\PresentationCore.ni.dll

+ 2008-05-30 15:40:44 48,640 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\fe5abcc38ca99d663ae979445a826467\PresentationFontCache.ni.exe

+ 2008-05-30 15:40:41 393,216 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1a05c606750ad253bca27271e30badf1\PresentationFramework.Aero.ni.dll

+ 2008-05-30 15:40:14 14,680,064 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5b1661a233e73196a9cb585c2d288bc4\PresentationFramework.ni.dll

+ 2008-05-30 15:40:37 548,864 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\712061c643ce0e64ef797117cfe23c12\PresentationFramework.Luna.ni.dll

+ 2008-05-30 15:40:36 241,664 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\9ecfe0226f3ec5adfe4373c8b5de906c\PresentationFramework.Classic.ni.dll

+ 2008-05-30 15:40:38 270,336 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d2def50d945f45a28f045328567a169b\PresentationFramework.Royale.ni.dll

+ 2008-05-30 15:40:22 1,982,464 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationUI\84534445743881c68f9eea11cb7dbc31\PresentationUI.ni.dll

+ 2008-05-30 15:40:30 2,396,160 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ReachFramework\cd7560ba3f06b82ccdcc4c9bf3ea1714\ReachFramework.ni.dll

+ 2008-05-30 16:37:52 135,168 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\5253021b50cfe40e3b4e512c6d1979ca\ServiceModelReg.ni.exe

+ 2008-05-30 16:37:53 286,720 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9eb64fd1a4644ce40e4f4cb3fb96fbbf\SMDiagnostics.ni.dll

+ 2008-05-30 16:37:54 323,584 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMSvcHost\4e28323907df4c38ee65455210da2664\SMSvcHost.ni.exe

+ 2008-05-30 15:46:44 675,840 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sony.Capture\de589c1d5807afd7114a8fc4e8b18f45\Sony.Capture.ni.dll

+ 2008-05-30 15:46:42 290,816 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sony.MediaSoftware.#\9671adade32078abb52c0946a823301c\Sony.MediaSoftware.ExternalVideoDevice.ni.dll

+ 2008-05-30 15:46:46 253,952 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sony.Vegas.NetRender\85298de8c1a6da92c5be5ce0391003d4\Sony.Vegas.NetRender.ni.dll

+ 2008-05-30 15:46:41 1,036,288 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sony.Vegas\d714e3b2ba94fc55f74cb6f38fb60ff6\Sony.Vegas.ni.dll

+ 2008-05-30 16:38:31 262,144 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\sysglobl\0afbaf0cda2896adadeb2a464c50ef58\sysglobl.ni.dll

+ 2008-05-30 15:37:54 163,840 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\048e99053199d0cdc037de7e6b7bdd8d\System.Configuration.Install.ni.dll

+ 2008-05-30 15:37:52 1,179,648 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\7020269c51b60fe32f7e645df19b0b8d\System.Data.OracleClient.ni.dll

+ 2008-05-30 15:37:44 2,695,168 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\80fed00349ba723cdb47a8d378495c56\System.Data.SqlXml.ni.dll

+ 2008-05-30 16:36:45 241,664 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\e2c27199a51ae64a70551911a77a2cf4\System.IdentityModel.Selectors.ni.dll

+ 2008-05-30 16:36:43 987,136 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\ab6e3ce14dbdb5699bdef76eb1a5f8db\System.IdentityModel.ni.dll

+ 2008-05-30 16:36:46 421,888 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IO.Log\66a51278eb0f8f11361c87f553d40411\System.IO.Log.ni.dll

+ 2008-05-30 15:41:39 655,360 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Messaging\9f5ccf482a089941dc64156f9151d995\System.Messaging.ni.dll

+ 2008-05-30 15:40:32 1,118,208 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Printing\a8dad16d0e955a45822f18539ccbec4e\System.Printing.ni.dll

+ 2008-05-30 15:37:47 815,104 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\29ea2ae1367b8d6c184f8256c0896c0b\System.Runtime.Remoting.ni.dll

+ 2008-05-30 15:37:48 339,968 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\3c1a1dc96fe187cb21bde6a5bea54c44\System.Runtime.Serialization.Formatters.Soap.ni.dll

+ 2008-05-30 16:36:50 2,363,392 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\fd126a8defccff02fdff6910351959cb\System.Runtime.Serialization.ni.dll

+ 2008-05-30 16:37:30 17,534,976 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\38b32b7090b9628c53fa42311c2ab973\System.ServiceModel.ni.dll

+ 2008-05-30 15:37:53 229,376 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\1bd9979dc498d85fc925c27e9cadedfc\System.ServiceProcess.ni.dll

+ 2008-05-30 16:38:29 2,031,616 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Speech\f460589d38b5790045f34d5ca8085f20\System.Speech.ni.dll

+ 2008-05-30 15:41:23 2,994,176 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\f425a95279339aee05e9e599aab48aaf\System.Workflow.Activities.ni.dll

+ 2008-05-30 15:41:32 4,587,520 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\35453eeabb57515a39a8e3f851a5ec77\System.Workflow.ComponentModel.ni.dll

+ 2008-05-30 15:41:37 2,101,248 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\2684e139a8fd4ed85890748306e614d7\System.Workflow.Runtime.ni.dll

+ 2008-05-30 16:38:32 483,328 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\bf54002acd3f4b312edd0d5c9af7e9e0\UIAutomationClient.ni.dll

+ 2008-05-30 16:38:34 1,118,208 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\a5acddca7613c9e3a1c7668bcc7e6d69\UIAutomationClientsideProviders.ni.dll

+ 2008-05-30 15:38:45 50,688 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\5ff77486b2d84c7f534127e25aedae8c\UIAutomationProvider.ni.dll

+ 2008-05-30 15:38:45 196,608 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\cbc5e5cf3b1dc51bff090f346fc816e0\UIAutomationTypes.ni.dll

+ 2008-05-30 15:47:05 1,462,272 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WidgetLibrary\cb85889b2b0d8218620f0ab937044d39\WidgetLibrary.ni.dll

+ 2008-05-30 15:37:37 3,272,704 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\2c9352e092a41b798da126453a7109c9\WindowsBase.ni.dll

+ 2008-05-30 16:38:37 274,432 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\03e64ef1e736575b7581d42011b5a3ba\WindowsFormsIntegration.ni.dll

+ 2008-05-30 16:37:56 380,928 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WsatConfig\f284ae829631bae5aff423fd440b17f2\WsatConfig.ni.exe

- 2008-05-23 14:52:57 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-06-05 10:46:03 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2006-10-30 02:06:24 74,012 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\baseline.dat

+ 2006-10-30 01:25:56 99,600 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\DeleteTemp.exe

+ 2006-10-29 21:15:06 220,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\dlmgr.dll

+ 2006-10-29 21:17:56 1,054,720 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\gencomp.dll

+ 2006-10-29 21:14:26 163,328 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\HtmlLite.dll

+ 2006-10-30 01:25:54 194,320 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\RebootStub.exe

+ 2006-10-30 01:25:56 167,176 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\runmsi.exe

+ 2006-10-30 01:25:56 365,320 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe

+ 2006-10-30 01:17:12 80,384 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1025.dll

+ 2006-10-30 01:17:30 80,384 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1028.dll

+ 2006-10-30 01:17:36 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1029.dll

+ 2006-10-30 01:17:44 87,040 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1030.dll

+ 2006-10-30 01:17:50 89,600 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1031.dll

+ 2006-10-30 01:17:56 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1032.dll

+ 2006-10-30 01:18:10 82,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1035.dll

+ 2006-10-30 01:18:16 91,648 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1036.dll

+ 2006-10-30 01:18:22 80,384 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1037.dll

+ 2006-10-30 01:18:30 89,600 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1038.dll

+ 2006-10-30 01:18:36 88,064 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1040.dll

+ 2006-10-30 01:18:42 80,384 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1041.dll

+ 2006-10-30 01:18:48 80,384 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1042.dll

+ 2006-10-30 01:18:56 87,040 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1043.dll

+ 2006-10-30 01:19:02 83,968 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1044.dll

+ 2006-10-30 01:19:08 86,528 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1045.dll

+ 2006-10-30 01:19:14 84,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1046.dll

+ 2006-10-30 01:19:28 82,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1049.dll

+ 2006-10-30 01:19:34 83,968 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1053.dll

+ 2006-10-30 01:19:42 82,432 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1055.dll

+ 2006-10-30 01:17:24 80,384 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.2052.dll

+ 2006-10-30 01:19:22 90,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.2070.dll

+ 2006-10-30 01:18:02 90,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.3082.dll

+ 2006-10-29 21:15:20 80,384 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.dll

+ 2006-10-29 21:15:22 1,621,504 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\SITSetup.dll

+ 2006-10-29 21:16:52 1,139,712 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\vs_setup.dll

+ 2006-10-29 21:18:26 590,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\vs70uimgr.dll

+ 2006-10-29 21:20:20 541,184 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\vsbasereqs.dll

+ 2006-10-29 21:18:12 816,128 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\vsscenario.dll

+ 2006-10-30 01:17:14 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1025.dll

+ 2006-10-30 01:17:30 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1028.dll

+ 2006-10-30 01:17:38 99,840 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1029.dll

+ 2006-10-30 01:17:44 99,840 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1030.dll

+ 2006-10-30 01:17:50 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1031.dll

+ 2006-10-30 01:17:58 104,448 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1032.dll

+ 2006-10-30 01:18:10 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1035.dll

+ 2006-10-30 01:18:16 103,424 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1036.dll

+ 2006-10-30 01:18:24 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1037.dll

+ 2006-10-30 01:18:30 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1038.dll

+ 2006-10-30 01:18:36 101,376 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1040.dll

+ 2006-10-30 01:18:42 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1041.dll

+ 2006-10-30 01:18:50 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1042.dll

+ 2006-10-30 01:18:56 99,840 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1043.dll

+ 2006-10-30 01:19:02 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1044.dll

+ 2006-10-30 01:19:08 99,840 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1045.dll

+ 2006-10-30 01:19:16 99,328 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1046.dll

+ 2006-10-30 01:19:28 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1049.dll

+ 2006-10-30 01:19:36 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1053.dll

+ 2006-10-30 01:19:42 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1055.dll

+ 2006-10-30 01:17:24 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.2052.dll

+ 2006-10-30 01:19:22 101,376 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.2070.dll

+ 2006-10-30 01:18:04 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.3082.dll

+ 2006-10-29 21:18:36 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.dll

+ 2006-10-29 21:19:30 1,103,872 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapUI.dll

+ 2006-10-30 01:34:02 159,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe

+ 2006-10-30 01:33:58 741,376 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

+ 2008-05-30 15:35:25 626,440 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\install.exe

+ 2008-05-30 15:35:25 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\install.res.1033.dll

+ 2006-10-30 01:34:00 352,256 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.dll

+ 2006-10-30 01:34:00 151,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.Dtc.dll

+ 2006-10-30 01:34:02 2,560 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll

+ 2006-10-30 01:34:02 61,440 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe

+ 2006-10-30 01:34:02 11,264 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceMonikerSupport.dll

+ 2006-10-30 01:34:00 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMDiagnostics.dll

+ 2006-10-30 01:34:02 122,880 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

+ 2006-10-30 01:34:02 884,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll

+ 2006-10-30 01:34:02 5,623,808 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll

+ 2006-10-30 01:34:00 159,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.Install.dll

+ 2006-10-30 01:34:00 16,384 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll

+ 2006-10-30 01:34:02 143,360 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe

+ 2006-07-25 19:32:00 14,648 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\PerformanceCounterInstaller.exe

+ 2006-10-20 14:08:52 797,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\NaturalLanguage6.dll

+ 2006-10-20 14:09:02 4,874,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\NlsData0009.dll

+ 2006-10-20 12:03:40 2,628,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\NlsLexicons0009.dll

+ 2006-10-20 19:29:46 72,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PenIMC.dll

+ 2006-10-20 19:21:24 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationCFFRasterizer.dll

+ 2006-10-20 19:21:24 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

+ 2006-10-20 19:29:52 106,272 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll

+ 2006-10-20 19:21:26 897,024 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationUI.dll

+ 2006-10-20 19:21:26 14,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\XamlViewer\XamlViewer_v0300.exe

+ 2006-09-28 17:52:18 655,360 ----a-w C:\WINDOWS\system32\CDDBControl.dll

+ 2006-09-28 17:52:18 98,304 ----a-w C:\WINDOWS\system32\CddbLangDE.dll

+ 2006-09-28 17:52:18 98,304 ----a-w C:\WINDOWS\system32\CddbLangES.dll

+ 2006-09-28 17:52:18 98,304 ----a-w C:\WINDOWS\system32\CddbLangFR.dll

+ 2006-09-28 17:52:18 102,400 ----a-w C:\WINDOWS\system32\CddbLangIT.dll

+ 2006-09-28 17:52:18 77,824 ----a-w C:\WINDOWS\system32\CddbLangJA.dll

+ 2006-09-28 17:52:18 98,304 ----a-w C:\WINDOWS\system32\CddbLangNL.dll

+ 2006-09-28 17:52:18 765,952 ----a-w C:\WINDOWS\system32\CDDBUI.dll

+ 2006-10-14 14:43:18 27,648 -c----w C:\WINDOWS\system32\dllcache\FilterPipelinePrintProc.dll

+ 2004-09-30 17:51:30 27,136 -c--a-w C:\WINDOWS\system32\dllcache\irmon.dll

+ 2006-10-14 14:44:44 671,744 -c----w C:\WINDOWS\system32\dllcache\PrintFilterPipelineSvc.exe

+ 2006-10-14 18:21:58 580,352 -c----w C:\WINDOWS\system32\dllcache\XPSSHHDR.dll

+ 2006-10-14 18:22:00 1,698,048 -c----w C:\WINDOWS\system32\dllcache\XpsSvcs.dll

+ 2006-10-20 19:29:46 69,408 ----a-w C:\WINDOWS\system32\dxva2.dll

+ 2006-10-20 19:30:00 478,496 ----a-w C:\WINDOWS\system32\evr.dll

- 2007-04-17 15:27:30 194,568 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT

+ 2008-06-01 11:46:00 197,752 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT

+ 2006-10-30 01:33:58 556,296 ----a-w C:\WINDOWS\system32\icardagt.exe

+ 2006-10-30 01:33:58 9,480 ----a-w C:\WINDOWS\system32\icardres.dll

+ 2006-10-30 01:33:58 83,968 ----a-w C:\WINDOWS\system32\infocardapi.dll

+ 2004-09-30 17:51:30 27,136 ----a-w C:\WINDOWS\system32\irmon.dll

+ 2006-10-20 19:30:06 1,980,704 ----a-w C:\WINDOWS\system32\milcore.dll

+ 2006-09-01 10:08:02 1,334,032 ----a-w C:\WINDOWS\system32\msxml6.dll

+ 2006-07-19 08:55:18 86,728 ----a-w C:\WINDOWS\system32\msxml6r.dll

- 2008-05-12 21:15:41 62,678 ----a-w C:\WINDOWS\system32\perfc009.dat

+ 2008-06-01 14:37:38 70,458 ----a-w C:\WINDOWS\system32\perfc009.dat

- 2008-05-12 21:15:41 71,104 ----a-w C:\WINDOWS\system32\perfc014.dat

+ 2008-06-01 14:37:38 78,884 ----a-w C:\WINDOWS\system32\perfc014.dat

- 2008-05-12 21:15:41 401,398 ----a-w C:\WINDOWS\system32\perfh009.dat

+ 2008-06-01 14:37:38 436,694 ----a-w C:\WINDOWS\system32\perfh009.dat

- 2008-05-12 21:15:41 405,492 ----a-w C:\WINDOWS\system32\perfh014.dat

+ 2008-06-01 14:37:38 439,838 ----a-w C:\WINDOWS\system32\perfh014.dat

+ 2006-10-24 10:30:20 412,160 ------w C:\WINDOWS\system32\photometadatahandler.dll

+ 2006-10-20 19:29:52 104,224 ----a-w C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll

+ 2006-10-20 19:29:58 344,352 ----a-w C:\WINDOWS\system32\PresentationHost.exe

+ 2006-10-20 19:29:46 20,768 ----a-w C:\WINDOWS\system32\PresentationHostProxy.dll

+ 2006-10-20 19:30:02 769,312 ----a-w C:\WINDOWS\system32\PresentationNative_v0300.dll

+ 2006-10-14 14:43:38 124,416 ------w C:\WINDOWS\system32\prntvpt.dll

+ 2006-08-24 14:15:06 150,808 ----a-w C:\WINDOWS\system32\rgb9rast_2.dll

- 2007-03-06 02:01:46 14,560 ------w C:\WINDOWS\system32\spmsg.dll

+ 2006-10-16 14:10:58 14,640 ------w C:\WINDOWS\system32\spmsg.dll

+ 2006-10-14 14:43:18 751,104 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mxdwdrv.dll

+ 2006-10-14 14:42:40 131,584 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mxdwdui.dll

- 2004-08-03 23:03:26 264,704 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIDRV.DLL

+ 2006-10-14 14:42:18 376,320 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\unidrv.dll

- 2004-08-03 23:03:26 197,632 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIDRVUI.DLL

+ 2006-10-14 14:42:28 510,464 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\unidrvui.dll

- 2004-08-03 23:02:54 619,520 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIRES.DLL

+ 2006-10-14 14:40:36 619,008 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\unires.dll

+ 2006-10-14 18:22:00 1,698,048 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\XpsSvcs.dll

+ 2006-10-14 14:43:18 27,648 ----a-w C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

+ 2006-10-14 14:44:44 671,744 ------w C:\WINDOWS\system32\spool\prtprocs\w32x86\PrintFilterPipelineSvc.exe

+ 2006-10-14 15:13:02 34,304 ----a-w C:\WINDOWS\system32\spool\prtprocs\x64\filterpipelineprintproc.dll

+ 2006-10-14 15:12:14 737,792 ----a-w C:\WINDOWS\system32\spool\XPSEP\amd64\amd64\mxdwdrv.dll

+ 2006-10-14 18:09:04 2,946,304 ----a-w C:\WINDOWS\system32\spool\XPSEP\amd64\amd64\xpssvcs.dll

+ 2006-10-14 15:12:14 737,792 ----a-w C:\WINDOWS\system32\spool\XPSEP\amd64\mxdwdrv.dll

+ 2006-10-14 18:09:04 2,946,304 ----a-w C:\WINDOWS\system32\spool\XPSEP\amd64\xpssvcs.dll

+ 2006-10-14 14:43:18 751,104 ----a-w C:\WINDOWS\system32\spool\XPSEP\i386\i386\mxdwdrv.dll

+ 2006-10-14 18:22:00 1,698,048 ----a-w C:\WINDOWS\system32\spool\XPSEP\i386\i386\xpssvcs.dll

+ 2006-10-14 14:43:18 751,104 ----a-w C:\WINDOWS\system32\spool\XPSEP\i386\mxdwdrv.dll

+ 2006-10-14 18:22:00 1,698,048 ----a-w C:\WINDOWS\system32\spool\XPSEP\i386\xpssvcs.dll

- 2006-09-06 14:43:46 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe

+ 2006-10-16 14:10:58 23,856 ----a-w C:\WINDOWS\system32\spupdsvc.exe

+ 2006-10-20 19:29:54 159,008 ----a-w C:\WINDOWS\system32\UIAutomationCore.dll

+ 2006-10-24 10:30:06 716,288 ------w C:\WINDOWS\system32\WindowsCodecs.dll

+ 2006-10-24 10:29:50 352,256 ------w C:\WINDOWS\system32\WindowsCodecsExt.dll

+ 2006-10-24 10:30:00 276,992 ------w C:\WINDOWS\system32\WMPhoto.dll

+ 2006-10-14 18:21:58 580,352 ------w C:\WINDOWS\system32\XPSSHHDR.dll

+ 2006-10-14 18:22:00 1,698,048 ------w C:\WINDOWS\system32\XpsSvcs.dll

+ 2006-10-20 19:29:54 304,928 ----a-w C:\WINDOWS\system32\XPSViewer\XPSViewer.exe

+ 2006-12-01 22:46:44 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]

2007-10-04 22:06 1135968 --a------ C:\Programfiler\Winamp Toolbar\winamptb.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Programfiler\Winamp Toolbar\winamptb.dll" [2007-10-04 22:06 1135968]

 

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]

[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Programfiler\Winamp Toolbar\winamptb.dll [2007-10-04 22:06 1135968]

 

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]

[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"ALUAlert"="C:\Programfiler\Symantec\LiveUpdate\ALUNotify.exe" [ ]

"msnmsgr"="C:\Programfiler\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54 5674352]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"ServiceRam"= {58bb6bbc-b463-44fe-8a5c-1fcd0ce1c679} - C:\WINDOWS\Resources\ServiceRam.dll [ ]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=61.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.yv12"= yv12vfw.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\xgN75.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programfiler\\Messenger\\msmsgs.exe"=

"C:\\Programfiler\\LimeWire\\LimeWire.exe"=

"C:\\Programfiler\\BitTorrent\\bittorrent.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\Mappe\\err41beta\\client.exe"=

"C:\\Programfiler\\MessengerDiscovery\\MessengerDiscovery Live.exe"=

"C:\\WINDOWS\\system32\\java.exe"=

"C:\\Programfiler\\Azureus\\Azureus.exe"=

"C:\\Program Files\\Mappe\\err31\\client.exe"=

"C:\\Programfiler\\Winamp Remote\\bin\\Orb.exe"=

"C:\\Programfiler\\Winamp Remote\\bin\\OrbTray.exe"=

"C:\\Programfiler\\Winamp Remote\\bin\\OrbStreamerClient.exe"=

"C:\\Programfiler\\Mozilla Firefox\\firefox.exe"=

"C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\MSN Messenger\\livecall.exe"=

 

R2 GtFlashSwitch;GtFlashSwitch;C:\Programfiler\Fellesfiler\GtFlashSwitch\GtFlashSwitch.exe [2007-02-09 14:48]

R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2004-12-15 17:18]

S3 C;C NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\C.sys []

S3 CSNPD51;CSNPD51 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\CSNPD51.sys []

S3 dopewars-server;dopewars server;C:\Programfiler\dopewars-1.5.12\dopewars.exe [2008-05-16 15:47]

S3 dsreader;MaxDrive Driver (dsreader.sys);C:\WINDOWS\system32\Drivers\dsreader.sys [2001-01-03 00:53]

S3 dump_wmimmc;dump_wmimmc;C:\WINDOWS\system32\drivers\dump_wmimmc.sys []

S3 GTFFBUS;GT FF BUS;C:\WINDOWS\system32\DRIVERS\gtffbus.sys [2007-01-15 16:48]

S3 GTMNDISIRPXP;GT M 3G+ IRP NDIS;C:\WINDOWS\system32\DRIVERS\Gtm51Irp.sys [2007-01-15 16:48]

S3 GTPTSER;GT PT SER;C:\WINDOWS\system32\DRIVERS\gtptser.sys [2007-01-15 16:48]

S3 GTUQBUS;GT UQ BUS;C:\WINDOWS\system32\DRIVERS\gtuqbus.sys [2007-01-15 16:48]

S3 PAC7311;VGA SoC PC-Camer@;C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS [2005-09-16 13:34]

S3 PsSdk30;PsSdk30;C:\WINDOWS\system32\Drivers\PsSdk30.drv []

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0E5F932B-6766-4624-0006-000602040807}]

C:\WINDOWS\system32\nav32update.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{30ADB197-4D38-660D-0707-080508000804}]

C:\WINDOWS\system32\virusdelete.exe

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-05 12:47:22

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PsSdk30]

"ImagePath"="\??\C:\WINDOWS\system32\Drivers\PsSdk30.drv"

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\system32\ati2evxx.exe

C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\system32\PSIService.exe

C:\WINDOWS\system32\PAStiSvc.exe

.

**************************************************************************

.

Completion time: 2008-06-05 12:59:05 - machine was rebooted [Micke]

ComboFix-quarantined-files.txt 2008-06-05 10:58:52

ComboFix2.txt 2008-05-23 15:14:49

 

Pre-Run: 18,886,578,176 byte ledig

Post-Run: 18,872,094,720 byte ledig

 

479 --- E O F --- 2008-01-31 13:46:21

[norbat]

Hvis du ikke nylig har kjørt en full scan med SAS, så gjør du det nå (oppdater først)

[Insomniatic]

Hvis du ikke nylig har kjørt en full scan med SAS, så gjør du det nå (oppdater først)

kan ikke oppdatere, får error make sure your firewall isnt blocking...

[norbat]

og har du sjekket om brannmuren ikke stenger?

[Insomniatic]

og har du sjekket om brannmuren ikke stenger?

Har ikke brannmur

[norbat]

Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript

Dra deretter fila over Combofix-iconet. Combofix vil starte igjen.

 

File::

C:\WINDOWS\system32\nav32update.exe

 

Folder::

C:\WINDOWS\system32\nav32update

 

Registry::

[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0E5F932B-6766-4624-0006-000602040807}]

[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{30ADB197-4D38-660D-0707-080508000804}]

 

RenV::

----a-w 360,448 2004-10-02 11:21:08 C:\Program Files\Mappe\Cheatpack\Auto Miners\Sythe's Powerminer .exe

 

Se om du får oppdatert SAS og kjørt en scan.

 

 

Edit: Du har en tråd her: https://www.diskusjon.no/index.php?showtopic=956638&hl= som omhandler det samme problemet. Vet ikke om du fullførte veiledningen - tror kanskje ikke det. Hold deg til denne tråden her nå og stå løpet ut

Endret 5. juni 2008 av norbat

[Insomniatic]

Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript

Dra deretter fila over Combofix-iconet. Combofix vil starte igjen.

 

File::

C:\WINDOWS\system32\nav32update.exe

 

Folder::

C:\WINDOWS\system32\nav32update

 

Registry::

[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0E5F932B-6766-4624-0006-000602040807}]

[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{30ADB197-4D38-660D-0707-080508000804}]

 

RenV::

----a-w 360,448 2004-10-02 11:21:08 C:\Program Files\Mappe\Cheatpack\Auto Miners\Sythe's Powerminer .exe

 

Se om du får oppdatert SAS og kjørt en scan.

 

 

Edit: Du har en tråd her: https://www.diskusjon.no/index.php?showtopic=956638&hl= som omhandler det samme problemet. Vet ikke om du fullførte veiledningen - tror kanskje ikke det. Hold deg til denne tråden her nå og stå løpet ut

Den andre tråden var et annet virus. Dette er et complete messup. Men hvordan er en cfscript? Hva er filetternavnet?

[norbat]

filendelsen blir .txt (automatisk når du lagrer vha. notisblokk)

[r2d290]

Etternavnet er .txt

altså et helt vanlig tekstdokument

 

Dette skal du dra over combofix-ikonet...

 

edit: litt sen

Endret 5. juni 2008 av r2d290