StereoSteward Skrevet 1. august 2008 Del Skrevet 1. august 2008 (endret) Beklager dårlig topic men får ikke beskrevet det på annet vis... Lastet ned oppdateringer til XP via winupdate, da jeg restartet maskinene fikk jeg opp Antivirus XP 2008 som fortalte at jeg hadde masse virus. Jeg har ikke installert AntiVIRUS XP 2008, så jeg startet opp i sikkermodus og prøvde og avinstallere det uten hell. Kompisen min sa jeg skulle slette det fra regedit > HKEY_LOCAL_MACHINE\SOFTWARE\rh_ettellerannet og fra C:\programfiler\rhEttEllerAnnet, så da gjorde jeg det uten at problemet stoppet der... Har kjørt AVG som har tatt noe, men tydeligvis ikke alt. Kan nevne at de oppdateringene jeg lastet ned fra windows må jeg nå laste ned på nytt igjen. Hadde også problemer under oppstart hvor bl.a. ATI ikke fikk startet sitt kontrollpanel, og winupdate.exe ikke fant pathway, men disse problemene er tilsynelatende borte. Får ikke kjørt SAS da det dukker opp blåskjerm med mld 0x00000050 når jeg har kjørt SAS i ca 1,5 min HJT: Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2Scan saved at 13:21:46, on 01.08.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\mnmsrvc.exe C:\Programfiler\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\StkCSrv.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Programfiler\ASUS\Power4 Gear\BatteryLife.exe C:\WINDOWS\ATK0100\HControl.exe C:\WINDOWS\RTHDCPL.EXE C:\Programfiler\Motorola\SMSERIAL\sm56hlpr.exe C:\Programfiler\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\ASUSTPE.exe C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Fellesfiler\LightScribe\LightScribeControlPanel.exe C:\Programfiler\Messenger\msmsgs.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Programfiler\Trend Micro\Høyjakk\jee.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programfiler\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programfiler\AVG\AVG8\avgtoolbar.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: &WinSec Toolbar - {3F5A62E2-51F2-11D3-A075-CC7364CAE42A} - C:\WINDOWS\system32\wscmp.dll (file missing) O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programfiler\AVG\AVG8\avgtoolbar.dll O4 - HKLM\..\Run: [Power_Gear] C:\Programfiler\ASUS\Power4 Gear\BatteryLife.exe 1 O4 - HKLM\..\Run: [ACU] C:\Programfiler\Atheros\ACU.exe -nogui O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [sMSERIAL] C:\Programfiler\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Programfiler\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programfiler\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdnww.exe] C:\WINDOWS\system32\kdnww.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKCU\..\Run: [startCCC] C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKCU\..\Run: [ASUSTPE] C:\WINDOWS\system32\ASUSTPE.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Programfiler\Fellesfiler\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Startup: CCC.lnk = ? O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Append to Existing PDF - res://C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1217496979090 O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Programfiler\AutoCAD 2002\AcPreview.ocx O17 - HKLM\System\CCS\Services\Tcpip\..\{19C9F23F-CC70-422B-8E9A-62BD036ECA49}: NameServer = 192.168.0.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{19C9F23F-CC70-422B-8E9A-62BD036ECA49}: NameServer = 192.168.0.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{19C9F23F-CC70-422B-8E9A-62BD036ECA49}: NameServer = 192.168.0.1 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programfiler\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: mssetd.dll,avgrsstx.dll O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Atheros konfigurasjonstjeneste (ACS) - Atheros - C:\WINDOWS\system32\acs.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe O23 - Service: Plug and Play (RPC) (PlugPlayRPC) - Unknown owner - C:\WINDOWS\portsv.exe (file missing) O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkCSrv.exe -- End of file - 8894 bytes ComboFix Klikk for å se/fjerne innholdet nedenfor ComboFix 08-07-30.02 - ** 2008-08-01 13:18:09.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.1471 [GMT 2:00] Running from: C:\Documents and Settings\**\Skrivebord\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-07-01 to 2008-08-01 ))))))))))))))))))))))))))))))) . 2008-08-01 13:16 . 2008-08-01 13:16 <DIR> dr-h----- C:\Documents and Settings\**\Siste 2008-08-01 12:54 . 2008-08-01 12:54 <DIR> d-------- C:\WINDOWS\LastGood 2008-08-01 12:53 . 2008-08-01 12:53 <DIR> d-------- C:\Programfiler\MSXML 4.0 2008-07-31 14:02 . 2008-08-01 10:43 <DIR> d-------- C:\Programfiler\Trend Micro 2008-07-31 13:38 . 2008-07-31 13:38 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-07-31 13:38 . 2008-07-31 13:38 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-07-31 13:38 . 2008-07-31 13:38 <DIR> d-------- C:\Documents and Settings\**\Programdata\SUPERAntiSpyware.com 2008-07-31 13:38 . 2008-07-31 13:38 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-07-31 13:26 . 2008-07-31 13:26 0 --a------ C:\WINDOWS\nsreg.dat 2008-07-31 13:21 . 2008-07-31 13:21 <DIR> d-------- C:\Programfiler\CCleaner 2008-07-31 13:12 . 2008-07-31 13:12 <DIR> d-------- C:\Programfiler\Sun 2008-07-31 13:11 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-07-31 13:10 . 2008-07-31 13:11 <DIR> d-------- C:\Programfiler\Java 2008-07-31 12:54 . 2008-07-31 12:54 <DIR> d-------- C:\Programfiler\Fellesfiler\Java 2008-07-31 10:51 . 2008-07-31 10:57 <DIR> d-------- C:\Documents and Settings\**\.housecall6.6 2008-07-31 09:40 . 2008-07-31 09:40 <DIR> d-------- C:\WINDOWS\system32\4213 2008-07-31 09:40 . 2008-07-31 09:40 7,168 --a------ C:\WINDOWS\7C5DA49A7AAD04B60D362BAEC3073F.exe 2008-07-31 09:35 . 2008-07-31 09:35 168 --a------ C:\log.udt 2008-07-30 11:11 . 2008-08-01 13:15 <DIR> d--h----- C:\$AVG8.VAULT$ 2008-07-30 11:10 . 2008-07-30 11:10 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys 2008-07-30 11:10 . 2008-07-30 11:10 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys 2008-07-30 11:10 . 2008-07-30 11:10 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll 2008-07-30 11:09 . 2008-08-01 10:42 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg 2008-07-30 11:09 . 2008-07-30 11:09 <DIR> d-------- C:\Programfiler\AVG 2008-07-30 11:09 . 2008-07-31 10:39 <DIR> d-------- C:\Documents and Settings\**\Programdata\AVGTOOLBAR 2008-07-30 11:08 . 2008-07-30 11:09 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\avg8 2008-07-30 10:25 . 2008-02-17 08:20 <DIR> dr------- C:\Documents and Settings\Administrator\Start-meny 2008-07-30 10:25 . 2008-02-17 08:20 <DIR> d--h----- C:\Documents and Settings\Administrator\Skrivere 2008-07-30 10:25 . 2008-02-17 08:20 <DIR> d-------- C:\Documents and Settings\Administrator\Skrivebord 2008-07-30 10:25 . 2008-02-17 08:20 <DIR> d--h----- C:\Documents and Settings\Administrator\Siste 2008-07-30 10:25 . 2008-07-31 14:05 <DIR> dr-h----- C:\Documents and Settings\Administrator\Programdata 2008-07-30 10:25 . 2008-02-17 08:20 <DIR> d-------- C:\Documents and Settings\Administrator\Mine dokumenter 2008-07-30 10:25 . 2008-02-17 00:45 <DIR> d--h----- C:\Documents and Settings\Administrator\Maler 2008-07-30 10:25 . 2008-08-01 13:19 <DIR> d--h----- C:\Documents and Settings\Administrator\Lokale innstillinger 2008-07-30 10:25 . 2008-02-17 08:20 <DIR> d-------- C:\Documents and Settings\Administrator\Favoritter 2008-07-30 10:25 . 2008-02-17 08:20 <DIR> d--h----- C:\Documents and Settings\Administrator\AndrMask 2008-07-30 10:25 . 2008-07-30 11:10 <DIR> d-------- C:\Documents and Settings\Administrator 2008-07-30 09:10 . 2008-07-30 09:11 38,925 --a------ C:\WINDOWS\system32\note32.exe 2008-07-30 09:03 . 2008-07-30 09:03 29 --a------ C:\WINDOWS\system32\tiqrgfap.tmp 2008-07-30 09:02 . 2008-07-30 09:02 33,056 --a------ C:\WINDOWS\system32\wpx11.cpx 2008-07-30 09:02 . 2008-07-30 09:02 8,192 --a------ C:\WINDOWS\system32\wpx15.cpx 2008-07-30 09:02 . 2008-07-30 09:02 0 --a------ C:\WINDOWS\system32\lich.dat 2008-07-29 14:24 . 2008-06-14 20:00 272,256 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-07-29 14:24 . 2008-06-14 20:00 272,256 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys 2008-07-29 14:23 . 2007-04-02 07:59 546,304 --a------ C:\WINDOWS\system32\SET18C.tmp 2008-07-23 13:01 . 2008-07-23 13:01 <DIR> d-------- C:\Programfiler\VideoLAN 2008-07-23 13:01 . 2008-07-23 13:01 <DIR> d-------- C:\Documents and Settings\**\Programdata\vlc 2008-07-23 11:40 . 2008-07-23 11:40 49 --a------ C:\WINDOWS\hpntwksetup.ini 2008-07-23 11:20 . 2008-07-23 11:20 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy 2008-07-11 11:27 . 2008-07-11 11:27 <DIR> d-------- C:\Programfiler\Bonjour 2008-07-08 11:20 . 2008-07-08 11:20 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\FLEXnet 2008-07-08 11:17 . 2008-07-08 11:17 <DIR> d-------- C:\Programfiler\Fellesfiler\Macrovision Shared 2008-07-08 11:16 . 2008-04-07 05:38 45,392 -ra------ C:\WINDOWS\system32\AdobePDF.dll 2008-07-08 11:16 . 2008-04-07 05:38 22,872 -ra------ C:\WINDOWS\system32\AdobePDFUI.dll 2008-07-08 11:10 . 2008-07-11 11:27 <DIR> d-------- C:\Programfiler\Fellesfiler\Adobe 2008-07-03 09:52 . 2008-07-03 09:52 <DIR> d-------- C:\Programfiler\Hewlett-Packard 2008-07-03 09:51 . 2008-07-03 09:51 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Hewlett-Packard 2008-07-03 09:50 . 2008-07-03 09:51 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2008-07-03 09:50 . 2008-07-03 09:50 1,986 --a------ C:\WINDOWS\sounder.his 2008-07-03 09:46 . 2004-08-03 22:58 207,360 --a------ C:\WINDOWS\system32\drivers\Dot4.sys 2008-07-03 09:46 . 2004-08-03 22:58 207,360 --a--c--- C:\WINDOWS\system32\dllcache\dot4.sys 2008-07-03 09:46 . 2001-10-06 13:23 23,808 --a------ C:\WINDOWS\system32\drivers\Dot4usb.sys 2008-07-03 09:46 . 2001-10-06 13:23 23,808 --a--c--- C:\WINDOWS\system32\dllcache\dot4usb.sys 2008-07-03 09:46 . 2001-08-17 21:47 12,928 --a------ C:\WINDOWS\system32\drivers\Dot4Prt.sys 2008-07-03 09:46 . 2001-08-17 21:47 12,928 --a--c--- C:\WINDOWS\system32\dllcache\dot4prt.sys 2008-07-02 08:19 . 2008-07-02 08:19 <DIR> d-------- C:\Documents and Settings\LocalService\Skrivebord . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-11 06:31 --------- d-----w C:\Programfiler\AutoCAD 2002 2008-06-20 17:43 246,784 ----a-w C:\WINDOWS\system32\SET118.tmp 2008-06-20 17:43 148,992 ----a-w C:\WINDOWS\system32\SET119.tmp 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-05-07 05:16 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll . ((((((((((((((((((((((((((((( snapshot@2008-07-31_14.11.04.39 ))))))))))))))))))))))))))))))))))))))))) . + 2008-01-23 04:56:21 554,008 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\dao360.dll + 2007-12-10 12:41:11 518,944 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexch40.dll + 2007-12-10 12:41:11 326,432 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexcl40.dll + 2007-12-10 12:41:11 1,516,568 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjet40.dll + 2007-12-10 12:41:11 355,112 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjetol1.dll + 2007-11-01 05:16:22 166,688 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjint40.dll + 2007-12-10 12:41:12 60,192 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjter40.dll + 2007-12-10 12:41:12 248,608 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjtes40.dll + 2007-12-10 12:41:12 219,936 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msltus40.dll + 2007-12-10 12:41:12 355,104 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mspbde40.dll + 2007-12-10 12:41:13 432,928 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd2x40.dll + 2007-12-10 12:41:13 322,336 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd3x40.dll + 2007-12-10 12:41:13 559,904 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrepl40.dll + 2007-12-10 12:41:13 264,992 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mstext40.dll + 2007-12-10 12:41:13 838,432 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswdat10.dll + 2007-11-01 05:16:23 621,344 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswstr10.dll + 2007-12-10 12:41:14 355,104 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msxbde40.dll + 2007-03-06 02:01:46 14,560 ----a-w C:\WINDOWS\$hf_mig$\KB950749\spmsg.dll + 2007-03-06 02:01:51 214,752 ----a-w C:\WINDOWS\$hf_mig$\KB950749\spuninst.exe + 2007-03-06 02:01:45 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\spcustom.dll + 2007-03-06 02:02:09 721,120 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\update.exe + 2007-03-06 02:03:01 374,496 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\updspapi.dll + 2008-04-21 06:58:40 1,024,000 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\browseui.dll + 2008-04-21 06:58:40 151,552 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\cdfview.dll + 2008-04-21 06:58:40 1,054,720 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\danim.dll + 2008-04-21 06:58:41 357,888 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\dxtmsft.dll + 2008-04-21 06:58:41 205,312 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\dxtrans.dll + 2008-04-21 06:58:41 55,808 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\extmgr.dll + 2008-04-17 10:46:59 18,432 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\iedw.exe + 2008-04-21 06:58:41 251,904 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\iepeers.dll + 2008-04-21 06:58:41 96,768 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\inseng.dll + 2008-04-21 06:58:41 16,384 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\jsproxy.dll + 2008-04-21 06:58:44 3,087,872 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\mshtml.dll + 2008-04-21 06:58:44 449,024 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\mshtmled.dll + 2008-04-21 06:58:44 146,432 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\msrating.dll + 2008-04-21 06:58:44 532,480 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\mstime.dll + 2008-04-21 06:58:44 39,424 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\pngfilt.dll + 2008-04-21 06:58:46 1,499,136 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\shdocvw.dll + 2008-04-21 06:58:47 474,112 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\shlwapi.dll + 2008-04-17 11:03:56 354,304 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\spru0414.dll + 2008-04-21 06:58:47 618,496 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\urlmon.dll + 2008-04-21 06:58:48 666,112 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\wininet.dll + 2008-04-21 06:56:38 3,087,872 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP3GDR\mshtml.dll + 2008-04-21 06:56:38 665,600 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP3GDR\wininet.dll + 2008-04-21 06:41:28 3,088,384 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP3QFE\mshtml.dll + 2008-04-21 06:41:28 666,112 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP3QFE\wininet.dll + 2007-11-30 12:39:50 17,784 ----a-w C:\WINDOWS\$hf_mig$\KB950759\spmsg.dll + 2007-11-30 12:39:50 232,824 ----a-w C:\WINDOWS\$hf_mig$\KB950759\spuninst.exe + 2007-11-30 12:39:50 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB950759\update\spcustom.dll + 2007-11-30 12:39:50 760,696 ----a-w C:\WINDOWS\$hf_mig$\KB950759\update\update.exe + 2007-11-30 12:39:50 385,912 ----a-w C:\WINDOWS\$hf_mig$\KB950759\update\updspapi.dll + 2008-05-07 05:03:49 1,291,264 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP2QFE\quartz.dll + 2008-05-07 05:12:39 1,291,264 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP3GDR\quartz.dll + 2008-05-07 05:09:20 1,291,264 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP3QFE\quartz.dll + 2007-11-30 11:19:51 17,784 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spmsg.dll + 2007-11-30 11:19:51 232,824 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spuninst.exe + 2007-11-30 11:19:51 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\spcustom.dll + 2007-11-30 12:39:50 760,696 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\update.exe + 2007-11-30 12:39:50 385,912 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\updspapi.dll + 2006-08-16 12:14:55 100,352 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\6to4svc.dll + 2008-06-20 10:44:08 138,368 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys + 2008-06-20 17:37:54 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\dnsapi.dll + 2008-06-20 17:37:54 246,784 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll + 2008-06-20 10:44:42 360,960 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys + 2008-06-20 09:32:39 225,920 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip6.sys + 2008-06-20 11:40:08 138,496 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys + 2008-06-20 17:49:37 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\dnsapi.dll + 2008-06-20 17:49:37 246,784 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll + 2008-06-20 11:51:12 361,600 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys + 2008-06-20 11:08:27 225,856 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip6.sys + 2008-06-20 11:48:03 138,496 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys + 2008-06-20 17:45:13 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\dnsapi.dll + 2008-06-20 17:45:13 246,784 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll + 2008-06-20 11:59:02 361,600 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys + 2008-06-20 11:16:44 225,856 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip6.sys + 2007-11-30 12:39:50 17,784 ----a-w C:\WINDOWS\$hf_mig$\KB951748\spmsg.dll + 2007-11-30 12:39:50 232,824 ----a-w C:\WINDOWS\$hf_mig$\KB951748\spuninst.exe + 2007-11-30 12:39:50 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\spcustom.dll + 2007-11-30 12:39:47 760,696 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\update.exe + 2007-11-30 12:39:48 385,912 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\updspapi.dll - 2008-02-18 09:40:41 7,168 ----a-w C:\WINDOWS\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\IEExecRemote.dll + 2008-08-01 10:54:17 8,192 ----a-w C:\WINDOWS\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\IEExecRemote.dll - 2008-02-18 09:40:38 32,768 ----a-w C:\WINDOWS\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll + 2008-08-01 10:54:19 32,768 ----a-w C:\WINDOWS\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll - 2008-02-18 09:40:33 716,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.JScript.dll + 2008-08-01 10:54:29 720,896 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.JScript.dll - 2008-02-18 09:40:33 299,008 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll + 2008-08-01 10:54:20 299,008 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll - 2008-02-18 09:40:41 32,768 ----a-w C:\WINDOWS\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll + 2008-08-01 10:54:26 32,768 ----a-w C:\WINDOWS\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll - 2008-02-18 09:40:42 299,008 ----a-w C:\WINDOWS\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\System.Data.OracleClient.dll + 2008-08-01 10:54:23 303,104 ----a-w C:\WINDOWS\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\System.Data.OracleClient.dll - 2008-02-18 09:40:39 1,290,240 ----a-w C:\WINDOWS\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll + 2008-08-01 10:54:26 1,294,336 ----a-w C:\WINDOWS\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll - 2008-02-18 09:40:39 1,699,840 ----a-w C:\WINDOWS\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Design.dll + 2008-08-01 10:54:18 1,703,936 ----a-w C:\WINDOWS\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Design.dll - 2008-02-18 09:40:39 86,016 ----a-w C:\WINDOWS\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServices.dll + 2008-08-01 10:54:28 90,112 ----a-w C:\WINDOWS\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServices.dll - 2008-02-18 09:40:40 466,944 ----a-w C:\WINDOWS\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll + 2008-08-01 10:54:23 466,944 ----a-w C:\WINDOWS\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll - 2008-02-18 09:40:40 241,664 ----a-w C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll + 2008-08-01 10:54:21 241,664 ----a-w C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll - 2008-02-18 09:40:40 64,000 ----a-w C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll + 2008-08-01 10:54:21 66,560 ----a-w C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll - 2008-02-18 09:40:40 368,640 ----a-w C:\WINDOWS\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\System.Management.dll + 2008-08-01 10:54:25 372,736 ----a-w C:\WINDOWS\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\System.Management.dll - 2008-02-18 09:40:40 241,664 ----a-w C:\WINDOWS\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll + 2008-08-01 10:54:29 241,664 ----a-w C:\WINDOWS\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll - 2008-02-18 09:40:40 323,584 ----a-w C:\WINDOWS\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll + 2008-08-01 10:54:24 323,584 ----a-w C:\WINDOWS\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll - 2008-02-18 09:40:40 131,072 ----a-w C:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll + 2008-08-01 10:54:21 131,072 ----a-w C:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll - 2008-02-18 09:40:40 77,824 ----a-w C:\WINDOWS\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll + 2008-08-01 10:54:22 77,824 ----a-w C:\WINDOWS\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll - 2008-02-18 09:40:41 126,976 ----a-w C:\WINDOWS\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll + 2008-08-01 10:54:27 126,976 ----a-w C:\WINDOWS\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll - 2008-02-18 09:40:41 819,200 ----a-w C:\WINDOWS\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Mobile.dll + 2008-08-01 10:54:16 819,200 ----a-w C:\WINDOWS\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Mobile.dll - 2008-02-18 09:40:41 57,344 ----a-w C:\WINDOWS\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll + 2008-08-01 10:54:20 57,344 ----a-w C:\WINDOWS\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll - 2008-02-18 09:40:41 569,344 ----a-w C:\WINDOWS\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll + 2008-08-01 10:54:18 573,440 ----a-w C:\WINDOWS\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll - 2008-02-18 09:40:41 1,245,184 ----a-w C:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll + 2008-08-01 10:54:28 1,257,472 ----a-w C:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll - 2008-02-18 09:40:41 2,039,808 ----a-w C:\WINDOWS\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll + 2008-08-01 10:54:22 2,052,096 ----a-w C:\WINDOWS\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll - 2008-02-18 09:40:41 1,335,296 ----a-w C:\WINDOWS\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.Xml.dll + 2008-08-01 10:54:25 1,339,392 ----a-w C:\WINDOWS\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.XML.dll - 2008-02-18 09:40:40 1,216,512 ----a-w C:\WINDOWS\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll + 2008-08-01 10:54:30 1,224,704 ----a-w C:\WINDOWS\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll + 2008-08-01 10:55:14 118,784 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_73a0df11\CustomMarshalers.dll + 2008-08-01 10:54:40 61,440 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_8e7f5fdc\CustomMarshalers.dll + 2008-08-01 10:55:28 8,880,128 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_c624d4c0\mscorlib.dll + 2008-08-01 10:55:07 3,379,200 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_df55215a\mscorlib.dll + 2008-08-01 10:55:01 1,470,464 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_59bdc5c5\System.Design.dll + 2008-08-01 10:55:23 3,395,584 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_77655c1f\System.Design.dll + 2008-08-01 10:54:42 90,112 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_4b70359f\System.Drawing.Design.dll + 2008-08-01 10:55:15 192,512 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_79d434a7\System.Drawing.Design.dll + 2008-08-01 10:55:04 835,584 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_cde6a769\System.Drawing.dll + 2008-08-01 10:55:24 2,244,608 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_f130910b\System.Drawing.dll + 2008-08-01 10:55:19 7,880,704 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_612ac430\System.Windows.Forms.dll + 2008-08-01 10:54:48 3,014,656 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_c3774c8e\System.Windows.Forms.dll + 2008-08-01 10:55:21 5,505,024 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_79141308\System.Xml.dll + 2008-08-01 10:54:56 2,088,960 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_9217ad5f\System.Xml.dll + 2008-08-01 10:55:14 4,763,648 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_42c6e4a5\System.dll + 2008-08-01 10:54:39 1,953,792 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_ee0cf88a\System.dll + 2008-06-14 18:00:44 272,256 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys + 2008-08-01 10:53:02 32,768 ----a-r C:\WINDOWS\Installer\{C04E32E0-0416-434D-AFB9-6969D703A9EF}\icon.exe - 2003-02-20 19:19:32 253,952 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll + 2004-07-14 23:49:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll - 2003-02-20 19:19:34 20,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe + 2004-07-14 23:49:18 20,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe - 2003-02-20 19:19:38 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe + 2004-07-14 23:49:26 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe - 2003-02-20 19:19:36 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe + 2004-07-14 23:49:22 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe - 2003-02-20 19:09:08 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll + 2004-07-14 22:32:22 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll - 2003-02-21 10:20:44 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\csc.exe + 2004-07-15 09:23:28 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\csc.exe - 2003-02-21 10:21:00 626,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cscomp.dll + 2004-07-15 09:23:44 626,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cscomp.dll - 2003-02-20 19:06:20 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll + 2004-07-14 22:24:30 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll + 2003-10-08 12:30:14 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\gacutil.exe - 2003-02-21 07:24:38 7,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEExecRemote.dll + 2004-07-15 12:31:00 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEExecRemote.dll - 2003-02-21 07:24:40 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEHost.dll + 2004-07-15 12:31:04 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEHost.dll - 2003-02-20 19:09:40 196,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ilasm.exe + 2004-07-14 22:35:30 196,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ilasm.exe - 2003-02-21 07:26:36 716,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.dll + 2004-07-15 12:28:58 720,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.dll - 2003-02-21 07:26:38 299,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.dll + 2004-07-15 12:28:56 299,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.dll - 2003-02-21 07:25:04 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MigPol.exe + 2004-07-15 12:28:50 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MigPol.exe - 2003-02-21 07:25:04 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe + 2004-07-15 12:28:50 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe - 2003-02-20 19:09:12 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscordbc.dll + 2004-07-14 22:32:44 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscordbc.dll - 2003-02-20 19:09:12 233,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscordbi.dll + 2004-07-14 22:32:46 233,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscordbi.dll - 2003-02-20 19:06:32 311,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll + 2004-07-14 22:25:06 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll - 2003-02-20 19:09:16 98,304 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll + 2004-07-14 22:33:04 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll - 2003-02-21 07:26:34 2,088,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll + 2004-07-15 12:29:02 2,138,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll - 2003-02-20 19:09:18 143,360 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorrc.dll + 2004-07-14 22:33:22 143,360 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorrc.dll - 2003-02-20 19:09:18 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsec.dll + 2004-07-14 22:33:24 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsec.dll - 2003-02-20 19:07:34 2,494,464 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll + 2004-07-14 22:26:52 2,510,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll - 2003-02-20 19:08:32 2,482,176 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll + 2004-07-14 22:28:34 2,502,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll + 2004-08-10 14:20:00 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe - 2003-02-20 19:09:30 90,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\PerfCounter.dll + 2004-07-14 22:34:50 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\PerfCounter.dll - 2003-02-21 07:26:46 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\RegCode.dll + 2004-07-15 12:28:48 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\RegCode.dll - 2003-02-20 19:09:34 319,488 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SOS.dll + 2004-07-14 22:35:04 319,488 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SOS.dll - 2003-02-21 07:26:38 1,290,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Data.dll + 2004-07-15 12:32:00 1,294,336 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Data.dll - 2003-02-21 07:25:42 299,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Data.OracleClient.dll + 2004-07-15 12:31:14 303,104 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Data.OracleClient.dll - 2003-02-21 07:26:42 1,699,840 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Design.dll + 2004-07-15 12:29:02 1,703,936 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Design.dll - 2003-02-21 07:26:44 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.DirectoryServices.dll + 2004-07-15 12:28:54 90,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.DirectoryServices.dll - 2003-02-21 07:26:46 1,216,512 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.dll + 2004-07-15 12:31:16 1,224,704 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.dll - 2003-02-21 07:26:50 466,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Drawing.dll + 2004-07-15 12:28:58 466,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Drawing.dll - 2003-02-21 07:26:50 241,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.dll + 2004-07-15 12:28:56 241,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.dll - 2003-02-20 19:09:36 64,000 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.Thunk.dll + 2004-07-14 22:35:12 66,560 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.Thunk.dll - 2003-02-21 07:26:52 368,640 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Management.dll + 2004-07-15 12:31:58 372,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Management.dll - 2003-02-21 07:26:54 241,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Messaging.dll + 2004-07-15 12:31:12 241,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Messaging.dll - 2003-02-21 07:26:56 323,584 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Remoting.dll + 2004-07-15 12:28:58 323,584 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Remoting.dll - 2003-02-21 07:26:56 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll + 2004-07-15 12:31:54 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll - 2003-02-21 07:26:58 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Security.dll + 2004-07-15 12:28:52 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Security.dll - 2003-02-21 07:27:00 126,976 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.ServiceProcess.dll + 2004-07-15 12:28:54 126,976 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.ServiceProcess.dll - 2003-02-21 07:27:02 1,245,184 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.dll + 2004-07-15 12:29:00 1,257,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.dll - 2003-02-21 07:27:06 819,200 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.Mobile.dll + 2004-07-15 12:28:58 819,200 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.Mobile.dll - 2003-02-21 07:24:18 57,344 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.RegularExpressions.dll + 2004-07-15 12:28:52 57,344 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.RegularExpressions.dll - 2003-02-21 07:27:06 569,344 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.Services.dll + 2004-07-15 12:31:16 573,440 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.Services.dll - 2003-02-21 07:27:08 2,039,808 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll + 2004-07-15 12:32:02 2,052,096 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll - 2003-02-21 07:27:10 1,335,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.XML.dll + 2004-07-15 12:29:00 1,339,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.XML.dll + 2004-06-22 11:51:38 53,248 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe - 2003-02-21 10:20:38 737,280 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\vbc.exe + 2004-07-15 09:23:20 737,280 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\vbc.exe - 2003-02-21 05:04:18 1,032,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\VsaVb7rt.dll + 2004-07-15 06:15:14 1,032,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\VsaVb7rt.dll - 2003-02-20 20:10:40 31,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\WMINet_Utils.dll + 2004-07-15 00:11:56 31,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\WMINet_Utils.dll - 2007-08-02 12:00:00 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll + 2008-04-21 07:04:03 151,552 ----a-w C:\WINDOWS\system32\cdfview.dll - 2007-08-02 12:00:00 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll + 2008-04-21 07:04:04 1,054,720 ----a-w C:\WINDOWS\system32\danim.dll - 2007-08-02 12:00:00 1,022,976 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll + 2008-04-21 07:04:03 1,023,488 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll - 2007-08-02 12:00:00 151,040 -c--a-w C:\WINDOWS\system32\dllcache\cdfview.dll + 2008-04-21 07:04:03 151,552 -c--a-w C:\WINDOWS\system32\dllcache\cdfview.dll - 2007-08-02 12:00:00 1,054,208 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll + 2008-04-21 07:04:04 1,054,720 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll - 2007-08-02 12:00:00 561,179 -c--a-w C:\WINDOWS\system32\dllcache\dao360.dll + 2008-03-25 04:50:25 554,008 -c--a-w C:\WINDOWS\system32\dllcache\dao360.dll - 2007-08-02 12:00:00 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll + 2008-04-21 07:04:04 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll - 2007-08-02 12:00:00 201,728 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll + 2008-04-21 07:04:04 205,312 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll - 2007-08-02 12:00:00 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll + 2008-04-21 07:04:04 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll - 2007-08-02 12:00:00 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe + 2008-04-17 10:52:54 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe - 2007-08-02 12:00:00 251,392 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll + 2008-04-21 07:04:04 251,392 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll - 2007-08-02 12:00:00 96,768 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll + 2008-04-21 07:04:04 96,768 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll - 2007-08-02 12:00:00 15,872 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll + 2008-04-21 07:04:04 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll - 2007-08-02 12:00:00 512,029 -c--a-w C:\WINDOWS\system32\dllcache\msexch40.dll + 2008-03-25 04:50:28 518,944 -c--a-w C:\WINDOWS\system32\dllcache\msexch40.dll - 2007-08-02 12:00:00 319,517 -c--a-w C:\WINDOWS\system32\dllcache\msexcl40.dll + 2008-03-25 04:50:30 326,432 -c--a-w C:\WINDOWS\system32\dllcache\msexcl40.dll - 2007-08-02 12:00:00 3,070,464 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll + 2008-04-21 07:04:05 3,080,704 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll - 2007-08-02 12:00:00 448,512 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll + 2008-04-21 07:04:05 449,024 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll - 2007-08-02 12:00:00 1,507,356 -c--a-w C:\WINDOWS\system32\dllcache\msjet40.dll + 2008-03-25 04:50:34 1,516,568 -c--a-w C:\WINDOWS\system32\dllcache\msjet40.dll - 2007-08-02 12:00:00 358,976 -c--a-w C:\WINDOWS\system32\dllcache\msjetol1.dll + 2008-03-25 04:50:40 355,112 -c--a-w C:\WINDOWS\system32\dllcache\msjetol1.dll - 2007-08-02 12:00:00 159,775 -c--a-w C:\WINDOWS\system32\dllcache\msjint40.dll + 2008-03-25 04:51:59 166,688 -c--a-w C:\WINDOWS\system32\dllcache\msjint40.dll - 2007-08-02 12:00:00 53,279 -c--a-w C:\WINDOWS\system32\dllcache\msjter40.dll + 2008-03-25 04:50:42 60,192 -c--a-w C:\WINDOWS\system32\dllcache\msjter40.dll - 2007-08-02 12:00:00 241,693 -c--a-w C:\WINDOWS\system32\dllcache\msjtes40.dll + 2008-03-25 04:50:42 248,608 -c--a-w C:\WINDOWS\system32\dllcache\msjtes40.dll - 2007-08-02 12:00:00 213,023 -c--a-w C:\WINDOWS\system32\dllcache\msltus40.dll + 2008-03-25 04:50:44 219,936 -c--a-w C:\WINDOWS\system32\dllcache\msltus40.dll - 2007-08-02 12:00:00 348,189 -c--a-w C:\WINDOWS\system32\dllcache\mspbde40.dll + 2008-03-25 04:50:45 355,104 -c--a-w C:\WINDOWS\system32\dllcache\mspbde40.dll - 2007-08-02 12:00:00 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll + 2008-04-21 07:04:05 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll - 2007-08-02 12:00:00 421,919 -c--a-w C:\WINDOWS\system32\dllcache\msrd2x40.dll + 2008-03-25 04:50:47 432,928 -c--a-w C:\WINDOWS\system32\dllcache\msrd2x40.dll - 2007-08-02 12:00:00 315,423 -c--a-w C:\WINDOWS\system32\dllcache\msrd3x40.dll + 2008-03-25 04:50:49 322,336 -c--a-w C:\WINDOWS\system32\dllcache\msrd3x40.dll - 2007-08-02 12:00:00 552,989 -c--a-w C:\WINDOWS\system32\dllcache\msrepl40.dll + 2008-03-25 04:50:52 559,904 -c--a-w C:\WINDOWS\system32\dllcache\msrepl40.dll - 2007-08-02 12:00:00 258,077 -c--a-w C:\WINDOWS\system32\dllcache\mstext40.dll + 2008-03-25 04:50:55 264,992 -c--a-w C:\WINDOWS\system32\dllcache\mstext40.dll - 2007-08-02 12:00:00 530,432 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll + 2008-04-21 07:04:05 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll - 2007-08-02 12:00:00 831,519 -c--a-w C:\WINDOWS\system32\dllcache\mswdat10.dll + 2008-03-25 04:50:57 838,432 -c--a-w C:\WINDOWS\system32\dllcache\mswdat10.dll - 2007-08-02 12:00:00 614,429 -c--a-w C:\WINDOWS\system32\dllcache\mswstr10.dll + 2008-03-25 04:51:59 621,344 -c--a-w C:\WINDOWS\system32\dllcache\mswstr10.dll - 2007-08-02 12:00:00 348,189 -c--a-w C:\WINDOWS\system32\dllcache\msxbde40.dll + 2008-03-25 04:50:58 355,104 -c--a-w C:\WINDOWS\system32\dllcache\msxbde40.dll - 2007-08-02 12:00:00 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll + 2008-04-21 07:04:05 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll - 2007-08-02 12:00:00 1,290,752 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll + 2008-05-07 05:16:33 1,290,752 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll - 2007-08-02 12:00:00 200,064 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys + 2008-05-08 12:28:49 202,752 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys - 2007-08-02 12:00:00 1,492,480 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll + 2008-04-21 07:04:05 1,494,528 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll - 2007-08-02 12:00:00 474,112 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll + 2008-04-21 07:04:05 474,112 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll - 2007-08-02 12:00:00 612,352 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll + 2008-04-21 07:04:05 615,936 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll - 2007-08-02 12:00:00 655,872 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll + 2008-04-21 07:04:06 658,944 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll - 2007-08-02 12:00:00 200,064 ----a-w C:\WINDOWS\system32\drivers\RMCast.sys + 2008-05-08 12:28:49 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys - 2007-08-02 12:00:00 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll + 2008-04-21 07:04:04 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll - 2007-08-02 12:00:00 201,728 ----a-w C:\WINDOWS\system32\dxtrans.dll + 2008-04-21 07:04:04 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll - 2007-08-02 12:00:00 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll + 2008-04-21 07:04:04 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll - 2007-08-02 12:00:00 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll + 2008-04-21 07:04:04 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll - 2007-08-02 12:00:00 96,768 ----a-w C:\WINDOWS\system32\inseng.dll + 2008-04-21 07:04:04 96,768 ----a-w C:\WINDOWS\system32\inseng.dll - 2007-08-02 12:00:00 15,872 ----a-w C:\WINDOWS\system32\jsproxy.dll + 2008-04-21 07:04:04 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll + 2008-06-25 07:15:48 17,972,344 ----a-w C:\WINDOWS\system32\MRT.exe - 2007-08-02 12:00:00 512,029 ----a-w C:\WINDOWS\system32\msexch40.dll + 2008-03-25 04:50:28 518,944 ----a-w C:\WINDOWS\system32\msexch40.dll - 2007-08-02 12:00:00 319,517 ----a-w C:\WINDOWS\system32\msexcl40.dll + 2008-03-25 04:50:30 326,432 ----a-w C:\WINDOWS\system32\msexcl40.dll - 2007-08-02 12:00:00 448,512 ----a-w C:\WINDOWS\system32\mshtmled.dll + 2008-04-21 07:04:05 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll - 2007-08-02 12:00:00 1,507,356 ----a-w C:\WINDOWS\system32\msjet40.dll + 2008-03-25 04:50:34 1,516,568 ----a-w C:\WINDOWS\system32\msjet40.dll - 2007-08-02 12:00:00 358,976 ----a-w C:\WINDOWS\system32\msjetoledb40.dll + 2008-03-25 04:50:40 355,112 ----a-w C:\WINDOWS\system32\msjetoledb40.dll - 2007-08-02 12:00:00 159,775 ----a-w C:\WINDOWS\system32\msjint40.dll + 2008-03-25 04:51:59 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll - 2007-08-02 12:00:00 53,279 ----a-w C:\WINDOWS\system32\msjter40.dll + 2008-03-25 04:50:42 60,192 ----a-w C:\WINDOWS\system32\msjter40.dll - 2007-08-02 12:00:00 241,693 ----a-w C:\WINDOWS\system32\msjtes40.dll + 2008-03-25 04:50:42 248,608 ----a-w C:\WINDOWS\system32\msjtes40.dll - 2007-08-02 12:00:00 213,023 ----a-w C:\WINDOWS\system32\msltus40.dll + 2008-03-25 04:50:44 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll - 2007-08-02 12:00:00 348,189 ----a-w C:\WINDOWS\system32\mspbde40.dll + 2008-03-25 04:50:45 355,104 ----a-w C:\WINDOWS\system32\mspbde40.dll - 2007-08-02 12:00:00 146,432 ----a-w C:\WINDOWS\system32\msrating.dll + 2008-04-21 07:04:05 146,432 ----a-w C:\WINDOWS\system32\msrating.dll - 2007-08-02 12:00:00 421,919 ----a-w C:\WINDOWS\system32\msrd2x40.dll + 2008-03-25 04:50:47 432,928 ----a-w C:\WINDOWS\system32\msrd2x40.dll - 2007-08-02 12:00:00 315,423 ----a-w C:\WINDOWS\system32\msrd3x40.dll + 2008-03-25 04:50:49 322,336 ----a-w C:\WINDOWS\system32\msrd3x40.dll - 2007-08-02 12:00:00 552,989 ----a-w C:\WINDOWS\system32\msrepl40.dll + 2008-03-25 04:50:52 559,904 ----a-w C:\WINDOWS\system32\msrepl40.dll - 2007-08-02 12:00:00 258,077 ----a-w C:\WINDOWS\system32\mstext40.dll + 2008-03-25 04:50:55 264,992 ----a-w C:\WINDOWS\system32\mstext40.dll - 2007-08-02 12:00:00 530,432 ----a-w C:\WINDOWS\system32\mstime.dll + 2008-04-21 07:04:05 532,480 ----a-w C:\WINDOWS\system32\mstime.dll - 2007-08-02 12:00:00 831,519 ----a-w C:\WINDOWS\system32\mswdat10.dll + 2008-03-25 04:50:57 838,432 ----a-w C:\WINDOWS\system32\mswdat10.dll - 2007-08-02 12:00:00 614,429 ----a-w C:\WINDOWS\system32\mswstr10.dll + 2008-03-25 04:51:59 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll - 2007-08-02 12:00:00 348,189 ----a-w C:\WINDOWS\system32\msxbde40.dll + 2008-03-25 04:50:58 355,104 ----a-w C:\WINDOWS\system32\msxbde40.dll - 2003-04-18 15:46:22 1,233,920 ----a-w C:\WINDOWS\system32\msxml4.dll + 2007-05-08 13:03:04 1,275,392 ----a-w C:\WINDOWS\system32\msxml4.dll - 2008-05-15 12:27:25 70,270 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-08-01 10:54:05 70,270 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-05-15 12:27:25 78,770 ----a-w C:\WINDOWS\system32\perfc014.dat + 2008-08-01 10:54:05 78,770 ----a-w C:\WINDOWS\system32\perfc014.dat - 2008-05-15 12:27:25 418,788 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-08-01 10:54:05 418,788 ----a-w C:\WINDOWS\system32\perfh009.dat - 2008-05-15 12:27:25 422,862 ----a-w C:\WINDOWS\system32\perfh014.dat + 2008-08-01 10:54:05 422,862 ----a-w C:\WINDOWS\system32\perfh014.dat - 2007-08-02 12:00:00 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll + 2008-04-21 07:04:05 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll - 2008-03-20 12:41:20 14,640 ------w C:\WINDOWS\system32\spmsg.dll + 2007-11-30 11:19:51 17,784 ------w C:\WINDOWS\system32\spmsg.dll + 2008-03-27 09:24:20 60,416 ------w C:\WINDOWS\system32\tzchange.exe + 2008-08-01 10:50:32 16,384 ------w C:\WINDOWS\Temp\Perflib_Perfdata_7a0.dat + 2007-05-08 13:06:44 1,275,392 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9848.0_x-ww_1b897e9a\msxml4.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 14:35 90112] "ASUSTPE"="C:\WINDOWS\system32\ASUSTPE.exe" [2006-10-14 12:43 69632] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-08-02 14:00 15360] "LightScribe Control Panel"="C:\Programfiler\Fellesfiler\LightScribe\LightScribeControlPanel.exe" [2007-06-20 13:49 451872] "MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" [2004-08-04 02:15 1667584] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Power_Gear"="C:\Programfiler\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 19:01 90112] "ACU"="C:\Programfiler\Atheros\ACU.exe" [2007-05-03 18:42 376921] "HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-10-14 18:37 110592] "SMSERIAL"="C:\Programfiler\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 18:31 630784] "NeroFilterCheck"="C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe" [2007-03-01 16:57 153136] "Adobe Acrobat Speed Launcher"="C:\Programfiler\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 02:25 37232] "Acrobat Assistant 8.0"="C:\Programfiler\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 22:43 640376] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-30 11:09 1232152] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "RTHDCPL"="RTHDCPL.EXE" [2006-11-14 18:21 16270848 C:\WINDOWS\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2006-05-16 19:04 2879488 C:\WINDOWS\SkyTel.exe] C:\Documents and Settings\**\Start-meny\Programmer\Oppstart\ CCC.lnk - C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 11:57:36 49152] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=mssetd.dll,avgrsstx.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\Bonjour\\mDNSResponder.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-30 11:10] R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-30 11:09] R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-30 11:09] R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-30 11:10] R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:\WINDOWS\System32\StkCSrv.exe [2007-02-07 19:44] R3 RTSTOR;USB Mass Stroage Device;C:\WINDOWS\system32\drivers\RTSTOR.SYS [2007-01-15 15:37] R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;C:\WINDOWS\system32\Drivers\StkCMini.sys [2007-02-13 13:41] R3 WSIMD;wsimd Service;C:\WINDOWS\system32\DRIVERS\wsimd.sys [2007-03-28 20:52] S2 cdralw;NVIDIA Compatible Windows Miniport Driver;C:\WINDOWS\system32\DRIVERS\nvmini.sys [] S2 PlugPlayRPC;Plug and Play (RPC);C:\WINDOWS\portsv.exe service [] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 *Newly Created Service* - CATCHME [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "C:\Programfiler\Fellesfiler\LightScribe\LSRunOnce.exe" . - - - - ORPHANS REMOVED - - - - HKLM-Run-C:\WINDOWS\system32\kdnww.exe - C:\WINDOWS\system32\kdnww.exe . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\**\Programdata\Mozilla\Firefox\Profiles\pbwho5ko.default\ FF -: plugin - C:\Programfiler\Adobe\Acrobat 9.0\Acrobat\browser\nppdf32.dll ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-01 13:19:56 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... C:\WINDOWS\system32\13f42a0d3b00787e425af6020fcbcdcf.sys 36864 bytes executable scan completed successfully hidden files: 1 ************************************************************************** "ServiceDll"="%SystemRoot%\System32\browser.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\C:] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\13f42a0d3b00787e425af6020fcbcdcf] "ImagePath"="system32\13f42a0d3b00787e425af6020fcbcdcf.sys" . Completion time: 2008-08-01 13:20:37 ComboFix-quarantined-files.txt 2008-08-01 11:20:31 Pre-Run: 68,425,502,720 byte ledig Post-Run: 68,414,562,304 byte ledig 572 --- E O F --- 2008-08-01 10:57:17 Pga. dårlig nettilgang er det ikke sikkert jeg får svart med det første, men setter stor pris på all den hjelp jeg kan få På forhånd takk Endret 25. august 2008 av StereoSteward Lenke til kommentar
snippsat Skrevet 1. august 2008 Del Skrevet 1. august 2008 (endret) Kopiere fet tekst under bildet->åpne notisblokk og lim inn. Lagre på skrivebordet som CFScript.txt Gjør som på bildet combofix vil starte,Post logg c:\combofix.txt File:: C:\WINDOWS\7C5DA49A7AAD04B60D362BAEC3073F.exe C:\WINDOWS\system32\note32.exe C:\WINDOWS\system32\tiqrgfap.tmp C:\WINDOWS\system32\wpx11.cpx C:\WINDOWS\system32\wpx15.cpx C:\WINDOWS\system32\lich.dat C:\WINDOWS\system32\SET18C.tmp --- Start HijackThis "scan" finn disse linjene merk dem,så trykk fix checked. O3 - Toolbar: &WinSec Toolbar - {3F5A62E2-51F2-11D3-A075-CC7364CAE42A} - C:\WINDOWS\system32\wscmp.dll (file missing) O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdnww.exe] C:\WINDOWS\system32\kdnww.exe --- Start->kjør->cmd Skriv det i fet tekst. sc stop PlugPlayRPC sc stop PlugPlayRPC -- Last ned kjør CCleaner 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t. Kjør og register-renser"svar ja til og reparere"-->backup svar ja når du blir spørt. Kjør register-renser et par ganger til alle feil er borte. --- Last ned MBAM til skrivebordet. Velg Norsk språkdrakt-->kjør hurtig systemskann. Når MBAM er ferdig åpner den en logg,den poster du. --- Restart --- Ny hijackthis logg HKEY_LOCAL_MACHINE\SOFTWARE\rh_ettellerannet Det er litt feil i den stien. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\rhcn7cj0ea59 Husk alltid ta backup av registert. Det er flere registeroppføringer fra AntiVIRUS XP 2008, så det er bedere og få litt hjelp viss en ikke vet hva man holder på med. Endret 1. august 2008 av SNIPPSAT Lenke til kommentar
StereoSteward Skrevet 22. august 2008 Forfatter Del Skrevet 22. august 2008 Her kommer loggene. Sent svar grunnet ferie. Takk for hjelpen så langt! ComboFix: ComboFix 08-07-30.02 - ** 2008-08-22 11:48:22.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.1499 [GMT 2:00] Running from: C:\Documents and Settings\**\Skrivebord\ComboFix.exe Command switches used :: C:\Documents and Settings\**\Skrivebord\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . - REDUCED FUNCTIONALITY MODE - FILE :: C:\WINDOWS\7C5DA49A7AAD04B60D362BAEC3073F.exe C:\WINDOWS\system32\lich.dat C:\WINDOWS\system32\note32.exe C:\WINDOWS\system32\SET18C.tmp C:\WINDOWS\system32\tiqrgfap.tmp C:\WINDOWS\system32\wpx11.cpx C:\WINDOWS\system32\wpx15.cpx . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\7C5DA49A7AAD04B60D362BAEC3073F.exe C:\WINDOWS\system32\lich.dat C:\WINDOWS\system32\note32.exe C:\WINDOWS\system32\tiqrgfap.tmp . ((((((((((((((((((((((((( Files Created from 2008-07-22 to 2008-08-22 ))))))))))))))))))))))))))))))) . 2008-08-01 13:16 . 2008-08-22 11:46 <DIR> dr-h----- C:\Documents and Settings\**\Siste 2008-08-01 12:53 . 2008-08-01 12:53 <DIR> d-------- C:\Programfiler\MSXML 4.0 2008-07-31 14:02 . 2008-08-01 10:43 <DIR> d-------- C:\Programfiler\Trend Micro 2008-07-31 13:38 . 2008-07-31 13:38 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-07-31 13:38 . 2008-07-31 13:38 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-07-31 13:38 . 2008-07-31 13:38 <DIR> d-------- C:\Documents and Settings\**\Programdata\SUPERAntiSpyware.com 2008-07-31 13:38 . 2008-07-31 13:38 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-07-31 13:26 . 2008-07-31 13:26 0 --a------ C:\WINDOWS\nsreg.dat 2008-07-31 13:21 . 2008-07-31 13:21 <DIR> d-------- C:\Programfiler\CCleaner 2008-07-31 13:12 . 2008-07-31 13:12 <DIR> d-------- C:\Programfiler\Sun 2008-07-31 13:11 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-07-31 13:10 . 2008-07-31 13:11 <DIR> d-------- C:\Programfiler\Java 2008-07-31 12:54 . 2008-07-31 12:54 <DIR> d-------- C:\Programfiler\Fellesfiler\Java 2008-07-31 10:51 . 2008-07-31 10:57 <DIR> d-------- C:\Documents and Settings\**\.housecall6.6 2008-07-31 09:40 . 2008-07-31 09:40 <DIR> d-------- C:\WINDOWS\system32\4213 2008-07-31 09:35 . 2008-07-31 09:35 168 --a------ C:\log.udt 2008-07-30 11:11 . 2008-08-02 05:07 <DIR> d--h----- C:\$AVG8.VAULT$ 2008-07-30 11:10 . 2008-07-30 11:10 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys 2008-07-30 11:10 . 2008-07-30 11:10 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys 2008-07-30 11:10 . 2008-07-30 11:10 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll 2008-07-30 11:09 . 2008-08-01 10:42 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg 2008-07-30 11:09 . 2008-07-30 11:09 <DIR> d-------- C:\Programfiler\AVG 2008-07-30 11:09 . 2008-07-31 10:39 <DIR> d-------- C:\Documents and Settings\**\Programdata\AVGTOOLBAR 2008-07-30 11:08 . 2008-07-30 11:09 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\avg8 2008-07-30 10:25 . 2008-02-17 08:20 <DIR> dr------- C:\Documents and Settings\Administrator\Start-meny 2008-07-30 10:25 . 2008-02-17 08:20 <DIR> d--h----- C:\Documents and Settings\Administrator\Skrivere 2008-07-30 10:25 . 2008-02-17 08:20 <DIR> d-------- C:\Documents and Settings\Administrator\Skrivebord 2008-07-30 10:25 . 2008-02-17 08:20 <DIR> d--h----- C:\Documents and Settings\Administrator\Siste 2008-07-30 10:25 . 2008-07-31 14:05 <DIR> dr-h----- C:\Documents and Settings\Administrator\Programdata 2008-07-30 10:25 . 2008-02-17 08:20 <DIR> d-------- C:\Documents and Settings\Administrator\Mine dokumenter 2008-07-30 10:25 . 2008-02-17 00:45 <DIR> d--h----- C:\Documents and Settings\Administrator\Maler 2008-07-30 10:25 . 2008-08-22 11:48 <DIR> d--h----- C:\Documents and Settings\Administrator\Lokale innstillinger 2008-07-30 10:25 . 2008-02-17 08:20 <DIR> d-------- C:\Documents and Settings\Administrator\Favoritter 2008-07-30 10:25 . 2008-02-17 08:20 <DIR> d--h----- C:\Documents and Settings\Administrator\AndrMask 2008-07-30 10:25 . 2008-07-30 11:10 <DIR> d-------- C:\Documents and Settings\Administrator 2008-07-29 14:24 . 2008-06-14 20:00 272,256 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-07-29 14:24 . 2008-06-14 20:00 272,256 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys 2008-07-23 13:01 . 2008-07-23 13:01 <DIR> d-------- C:\Programfiler\VideoLAN 2008-07-23 13:01 . 2008-07-23 13:01 <DIR> d-------- C:\Documents and Settings\**\Programdata\vlc 2008-07-23 11:40 . 2008-07-23 11:40 49 --a------ C:\WINDOWS\hpntwksetup.ini 2008-07-23 11:20 . 2008-07-23 11:20 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-11 09:27 --------- d-----w C:\Programfiler\Fellesfiler\Adobe 2008-07-11 09:27 --------- d-----w C:\Programfiler\Bonjour 2008-07-11 06:31 --------- d-----w C:\Programfiler\AutoCAD 2002 2008-07-08 09:20 --------- d-----w C:\Documents and Settings\All Users\Programdata\FLEXnet 2008-07-08 09:17 --------- d-----w C:\Programfiler\Fellesfiler\Macrovision Shared 2008-07-03 07:52 --------- d-----w C:\Programfiler\Hewlett-Packard 2008-07-03 07:51 --------- d-----w C:\Documents and Settings\All Users\Programdata\Hewlett-Packard 2008-06-20 17:43 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll . ((((((((((((((((((((((((((((( snapshot_2008-08-01_13.20.19.57 ))))))))))))))))))))))))))))))))))))))))) . - 2007-08-02 12:00:00 100,352 ------w C:\WINDOWS\system32\6to4svc.dll + 2006-08-16 12:00:08 100,352 ----a-w C:\WINDOWS\system32\6to4svc.dll - 2007-08-02 12:00:00 1,022,976 ------w C:\WINDOWS\system32\browseui.dll + 2008-04-21 07:04:03 1,023,488 ----a-w C:\WINDOWS\system32\browseui.dll - 2007-08-02 12:00:00 100,352 -c----w C:\WINDOWS\system32\dllcache\6to4svc.dll + 2006-08-16 12:00:08 100,352 -c--a-w C:\WINDOWS\system32\dllcache\6to4svc.dll - 2007-08-02 12:00:00 138,496 -c----w C:\WINDOWS\system32\dllcache\afd.sys + 2008-06-20 10:44:38 138,368 -c--a-w C:\WINDOWS\system32\dllcache\afd.sys - 2007-08-02 12:00:00 148,480 -c----w C:\WINDOWS\system32\dllcache\dnsapi.dll + 2008-06-20 17:43:13 148,992 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll - 2007-08-02 12:00:00 246,784 -c----w C:\WINDOWS\system32\dllcache\mswsock.dll + 2008-06-20 17:43:14 246,784 -c--a-w C:\WINDOWS\system32\dllcache\mswsock.dll - 2007-08-02 12:00:00 359,040 -c----w C:\WINDOWS\system32\dllcache\tcpip.sys + 2008-06-20 10:45:13 360,320 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys - 2007-08-02 12:00:00 223,616 -c----w C:\WINDOWS\system32\dllcache\tcpip6.sys + 2008-06-20 09:52:06 225,920 -c--a-w C:\WINDOWS\system32\dllcache\tcpip6.sys - 2007-08-02 12:00:00 148,480 ------w C:\WINDOWS\system32\dnsapi.dll + 2008-06-20 17:43:13 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll - 2007-08-02 12:00:00 3,070,464 ------w C:\WINDOWS\system32\mshtml.dll + 2008-04-21 07:04:05 3,080,704 ----a-w C:\WINDOWS\system32\mshtml.dll - 2007-08-02 12:00:00 1,492,480 ------w C:\WINDOWS\system32\shdocvw.dll + 2008-04-21 07:04:05 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll - 2007-08-02 12:00:00 474,112 ------w C:\WINDOWS\system32\shlwapi.dll + 2008-04-21 07:04:05 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll - 2007-08-02 12:00:00 612,352 ------w C:\WINDOWS\system32\urlmon.dll + 2008-04-21 07:04:05 615,936 ----a-w C:\WINDOWS\system32\urlmon.dll - 2007-08-02 12:00:00 655,872 ------w C:\WINDOWS\system32\wininet.dll + 2008-04-21 07:04:06 658,944 ----a-w C:\WINDOWS\system32\wininet.dll - 2007-08-02 12:00:00 353,792 ------w C:\WINDOWS\system32\xpsp3res.dll + 2008-04-17 11:03:56 354,304 ----a-w C:\WINDOWS\system32\xpsp3res.dll + 2008-08-22 09:43:09 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_ac.dat . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 14:35 90112] "ASUSTPE"="C:\WINDOWS\system32\ASUSTPE.exe" [2006-10-14 12:43 69632] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-08-02 14:00 15360] "LightScribe Control Panel"="C:\Programfiler\Fellesfiler\LightScribe\LightScribeControlPanel.exe" [2007-06-20 13:49 451872] "MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" [2004-08-04 02:15 1667584] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Power_Gear"="C:\Programfiler\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 19:01 90112] "ACU"="C:\Programfiler\Atheros\ACU.exe" [2007-05-03 18:42 376921] "HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-10-14 18:37 110592] "SMSERIAL"="C:\Programfiler\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 18:31 630784] "NeroFilterCheck"="C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe" [2007-03-01 16:57 153136] "Adobe Acrobat Speed Launcher"="C:\Programfiler\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 02:25 37232] "Acrobat Assistant 8.0"="C:\Programfiler\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 22:43 640376] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-30 11:09 1232152] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "RTHDCPL"="RTHDCPL.EXE" [2006-11-14 18:21 16270848 C:\WINDOWS\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2006-05-16 19:04 2879488 C:\WINDOWS\SkyTel.exe] C:\Documents and Settings\**\Start-meny\Programmer\Oppstart\ CCC.lnk - C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 11:57:36 49152] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=mssetd.dll,avgrsstx.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\Bonjour\\mDNSResponder.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-30 11:10] R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-30 11:09] R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-30 11:09] R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-30 11:10] R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:\WINDOWS\System32\StkCSrv.exe [2007-02-07 19:44] R3 RTSTOR;USB Mass Stroage Device;C:\WINDOWS\system32\drivers\RTSTOR.SYS [2007-01-15 15:37] R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;C:\WINDOWS\system32\Drivers\StkCMini.sys [2007-02-13 13:41] R3 WSIMD;wsimd Service;C:\WINDOWS\system32\DRIVERS\wsimd.sys [2007-03-28 20:52] S2 cdralw;NVIDIA Compatible Windows Miniport Driver;C:\WINDOWS\system32\DRIVERS\nvmini.sys [] S2 PlugPlayRPC;Plug and Play (RPC);C:\WINDOWS\portsv.exe service [] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "C:\Programfiler\Fellesfiler\LightScribe\LSRunOnce.exe" . - - - - ORPHANS REMOVED - - - - HKLM-Run-C:\WINDOWS\system32\kdnww.exe - C:\WINDOWS\system32\kdnww.exe ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-22 11:48:46 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... C:\WINDOWS\system32\13f42a0d3b00787e425af6020fcbcdcf.sys 36864 bytes executable scan completed successfully hidden files: 1 ************************************************************************** "ServiceDll"="%SystemRoot%\System32\browser.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\C:] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\13f42a0d3b00787e425af6020fcbcdcf] "ImagePath"="system32\13f42a0d3b00787e425af6020fcbcdcf.sys" . Completion time: 2008-08-22 11:50:46 ComboFix-quarantined-files.txt 2008-08-22 09:50:26 Pre-Run: 67,953,901,568 byte ledig Post-Run: 67,944,341,504 byte ledig 191 --- E O F --- 2008-08-01 10:57:17 Fikk ikke kjørt sc stop PlugPlay RPC Fikk denne feilmld: C:\Documents and Settings\SINDRE1>sc stop PlugPlayRPC [sC] ControlService FAILED 1062: Tjenesten er ikke startet. Gikk inn i Kontrollpanel -> Administrative verktøy -> Tjenester og sjekket at Plug and Play (RPC) tjenestestatus = stoppet MBAM: Malwarebytes' Anti-Malware 1.25 Database versjon: 1062 Windows 5.1.2600 Service Pack 2 12:05:05 22.08.2008 mbam-log-08-22-2008 (12-04-57).txt Skanntype: Rask Skann Objekter skannet: 45373 Tid tilbakelagt: 3 minute(s), 8 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 2 Registerverdier infisert: 1 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 1 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: HKEY_LOCAL_MACHINE\SOFTWARE\rhcg3fj0e92a (Rogue.Multiple) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PlugPlayRPC (Trojan.Agent) -> No action taken. Registerverdier infisert: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Controls Folder\http://91.203.92.13/files/41/0/file.exe (Trojan.Agent) -> No action taken. Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: C:\WINDOWS\system32\13f42a0d3b00787e425af6020fcbcdcf.sys (Trojan.Agent) -> No action taken. Hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:42:22, on 22.08.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\mnmsrvc.exe C:\Programfiler\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\StkCSrv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\system32\wscntfy.exe C:\Programfiler\ASUS\Power4 Gear\BatteryLife.exe C:\Programfiler\Atheros\ACU.exe C:\WINDOWS\ATK0100\HControl.exe C:\WINDOWS\RTHDCPL.EXE C:\Programfiler\Motorola\SMSERIAL\sm56hlpr.exe C:\Programfiler\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe C:\Programfiler\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\ASUSTPE.exe C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Fellesfiler\LightScribe\LightScribeControlPanel.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\Programfiler\Messenger\msmsgs.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\Trend Micro\Høyjakk\jee.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programfiler\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programfiler\AVG\AVG8\avgtoolbar.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programfiler\AVG\AVG8\avgtoolbar.dll O4 - HKLM\..\Run: [Power_Gear] C:\Programfiler\ASUS\Power4 Gear\BatteryLife.exe 1 O4 - HKLM\..\Run: [ACU] C:\Programfiler\Atheros\ACU.exe -nogui O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [sMSERIAL] C:\Programfiler\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Programfiler\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programfiler\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKCU\..\Run: [startCCC] C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKCU\..\Run: [ASUSTPE] C:\WINDOWS\system32\ASUSTPE.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Programfiler\Fellesfiler\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Startup: CCC.lnk = ? O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Append to Existing PDF - res://C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1217496979090 O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Programfiler\AutoCAD 2002\AcPreview.ocx O17 - HKLM\System\CCS\Services\Tcpip\..\{19C9F23F-CC70-422B-8E9A-62BD036ECA49}: NameServer = 192.168.0.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{19C9F23F-CC70-422B-8E9A-62BD036ECA49}: NameServer = 192.168.0.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{19C9F23F-CC70-422B-8E9A-62BD036ECA49}: NameServer = 192.168.0.1 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programfiler\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: mssetd.dll,avgrsstx.dll O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Atheros konfigurasjonstjeneste (ACS) - Atheros - C:\WINDOWS\system32\acs.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe O23 - Service: Plug and Play (RPC) (PlugPlayRPC) - Unknown owner - C:\WINDOWS\portsv.exe (file missing) O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkCSrv.exe -- End of file - 8719 bytes Lenke til kommentar
snippsat Skrevet 22. august 2008 Del Skrevet 22. august 2008 Ser bra ut dette Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc. Sjekk java Java. Surf trygt. Lenke til kommentar
StereoSteward Skrevet 25. august 2008 Forfatter Del Skrevet 25. august 2008 Hjertelig takk for hjelpen! Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå