02. marts 2006 - 13:32
Der er
5 kommentarer
HJT Log - Tror der er noget snavs
Logfile of HijackThis v1.99.1
Scan saved at 13:24:48, on 02-03-2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Telia\TELIAS~1\backweb\7836882\Program\SERVIC~1.EXE
C:\WINDOWS\U2ViYXN0aWFu\command.exe
C:\Programmer\Telia\Telias Sakerhetstjanster\Anti-Virus\fsgk32st.exe
C:\Programmer\Telia\Telias Sakerhetstjanster\Anti-Virus\FSGK32.EXE
C:\Programmer\Telia\Telias Sakerhetstjanster\backweb\7836882\program\fsbwsys.exe
C:\Programmer\Telia\Telias Sakerhetstjanster\Common\FSMA32.EXE
C:\Programmer\Telia\Telias Sakerhetstjanster\Common\FSMB32.EXE
C:\Programmer\Network Monitor\netmon.exe
C:\Programmer\Telia\Telias Sakerhetstjanster\Anti-Virus\fssm32.exe
C:\Programmer\Telia\Telias Sakerhetstjanster\Common\FCH32.EXE
C:\WINDOWS\Explorer.EXE
C:\Programmer\Telia\Telias Sakerhetstjanster\Common\FAMEH32.EXE
C:\Programmer\Telia\Telias Sakerhetstjanster\FWES\Program\fsdfwd.exe
C:\Programmer\Telia\Telias Sakerhetstjanster\Common\FSM32.EXE
C:\Programmer\Telia\Telias Sakerhetstjanster\Anti-Virus\fsav32.exe
C:\Programmer\Telia\Telias Sakerhetstjanster\FSGUI\fsguiexe.exe
C:\Programmer\Telia\Telias Sakerhetstjanster\backweb\7836882\Program\fspex.exe
C:\WINDOWS\System32\wpabaln.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\Sebastian\Skrivebord\hjt.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://searchbar.findthewebsiteyouneed.comR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Programmer\TheSearchAccelerator\UCMTSAIE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Winamp Agent] C:\WINDOWS\System32\winamp.exe
O4 - HKLM\..\Run: [keyboard] C:\\keyboard.exe
O4 - HKLM\..\Run: [Windowsz] rwnt.exe
O4 - HKLM\..\Run: [mousepad] C:\\mousepad.exe
O4 - HKLM\..\Run: [gimmygames] C:\\gimmygames12.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programmer\Telia\Telias Sakerhetstjanster\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programmer\Telia\Telias Sakerhetstjanster\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Programmer\Telia\Telias Sakerhetstjanster\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\RunServices: [Windowsz] rwnt.exe
O8 - Extra context menu item: &Google Search -
res://C:\Programmer\Google\GoogleToolbar1.dll/cmsearch.htmlO8 - Extra context menu item: &Translate English Word -
res://C:\Programmer\Google\GoogleToolbar1.dll/cmwordtrans.htmlO8 - Extra context menu item: Backward Links -
res://C:\Programmer\Google\GoogleToolbar1.dll/cmbacklinks.htmlO8 - Extra context menu item: Cached Snapshot of Page -
res://C:\Programmer\Google\GoogleToolbar1.dll/cmcache.htmlO8 - Extra context menu item: Similar Pages -
res://C:\Programmer\Google\GoogleToolbar1.dll/cmsimilar.htmlO8 - Extra context menu item: Translate Page into English -
res://C:\Programmer\Google\GoogleToolbar1.dll/cmtrans.htmlO9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O20 - Winlogon Notify: RunServices - C:\WINDOWS\system32\k4pm0e71eh.dll
O23 - Service: Telias säkerhetstjänster (BackWeb Plug-in - 7836882) - Unknown owner - C:\PROGRA~1\Telia\TELIAS~1\backweb\7836882\Program\SERVIC~1.EXE
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\U2ViYXN0aWFu\command.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Programmer\Telia\Telias Sakerhetstjanster\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Programmer\Telia\Telias Sakerhetstjanster\backweb\7836882\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Programmer\Telia\Telias Sakerhetstjanster\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Programmer\Telia\Telias Sakerhetstjanster\Common\FSMA32.EXE
09. marts 2006 - 21:13
#1
(1)
Deaktiver systemgendannelse, ved at Højreklikke på "Denne Computer" på skrivebordet -> egenskaber -> Systemgendannelse -> sæt flueben i "Deaktiver systemgendannelse" -> Klik OK.
(2)
Hent
http://downloads.stevengould.org/cleanup/CleanUp40.exeLæs vejledningen til Cleanup her:
http://www.bleepingcomputer.com/forums/tutorial93.htmlHent scannereren
http://www.spywareinfo.dk/download/mwav.exe.Hent og udpak Killbox
http://www.bleepingcomputer.com/files/spyware/KillBox.zipHent
http://www.cexx.org/LSPFix.exe.Hvis du senere ikke kan komme på internettet, skal du køre lspfix.exe, marker "I know what I am doing" og klik på finish.
(3)
Genstart computeren i fejlsikret tilstand (tryk F8 når Windows starter op), og fix følgende linjer med HijackThis:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://searchbar.findthewebsiteyouneed.comO3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Programmer\TheSearchAccelerator\UCMTSAIE.dll
O4 - HKLM\..\Run: [Winamp Agent] C:\WINDOWS\System32\winamp.exe
O4 - HKLM\..\Run: [keyboard] C:\\keyboard.exe
O4 - HKLM\..\Run: [Windowsz] rwnt.exe
O4 - HKLM\..\Run: [mousepad] C:\\mousepad.exe
O4 - HKLM\..\Run: [gimmygames] C:\\gimmygames12.exe
O4 - HKLM\..\RunServices: [Windowsz] rwnt.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O20 - Winlogon Notify: RunServices - C:\WINDOWS\system32\k4pm0e71eh.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\U2ViYXN0aWFu\command.exe
(4)
Tast CTRL+ALT+DEL, vælg faneblade Processer og find denne fil(er):
command.exe
Højreklik på filen og vælg Afslut.
(5)
Åbn en tilfældig mappe, i menuen skal du klikke på Funktioner -> Mappeindstillinger -> Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler" og ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".
søg efter og slet følgende fil(er):
C:\WINDOWS\System32\winamp.exe
C:\keyboard.exe
rwnt.exe
C:\mousepad.exe
C:\gimmygames12.exe
C:\WINDOWS\web\related.htm
C:\WINDOWS\system32\k4pm0e71eh.dll
… og følgende mappe(r):
C:\Programmer\TheSearchAccelerator\
C:\WINDOWS\U2ViYXN0aWFu\
(6)
Kør scanneren mwav.exe, og sæt flueben i følgende: Memory, Startup folders, drive, Registry, System folders og Services.
Sæt prik i følgende: All local drives og Scan all files. Tryk på Scan Clean.
Scanningen kan godt nogen tid.
(7)
Kør Cleanup. Gå til option og sæt flueben ved cookies, prefetch, temp og all users. Tryk på “cleanup”.
(8)
Start KillBox, sæt prik i "Delete on reboot", kopier nedenstående filnavn(e) til tekstfeltet i Killbox og klik herefter på den røde knap med det hvide kryds. Gentag det for alle filerne, men sig først ja til at genstarte, når du kommer til den sidste fil. Du skal genstarte i fejlsikret tilstand.
C:\WINDOWS\U2ViYXN0aWFu\command.exe
(9)
Start -> kør -> skriv "cleanmgr" -> Slet Temporary internet files, papirkurv og midlertidige filer. Gentag for alle dine drev.
(10)
Genstart computeren normalt. Lav en ny log med HijackThis, og send den herind.
(11)
Når vi er helt færdige, så husk at aktiver systemgendannelse igen.
16. marts 2006 - 15:55
#2
Logfile of HijackThis v1.99.1
Scan saved at 15:55:53, on 16-03-2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Telia\TELIAS~1\backweb\7836882\Program\SERVIC~1.EXE
C:\Programmer\Telia\Telias Sakerhetstjanster\Anti-Virus\fsgk32st.exe
C:\Programmer\Telia\Telias Sakerhetstjanster\Anti-Virus\FSGK32.EXE
C:\Programmer\Telia\Telias Sakerhetstjanster\backweb\7836882\program\fsbwsys.exe
C:\Programmer\Telia\Telias Sakerhetstjanster\Common\FSMA32.EXE
C:\Programmer\Telia\Telias Sakerhetstjanster\Common\FSMB32.EXE
C:\Programmer\Telia\Telias Sakerhetstjanster\Anti-Virus\fssm32.exe
C:\Programmer\Telia\Telias Sakerhetstjanster\Common\FCH32.EXE
C:\Programmer\Telia\Telias Sakerhetstjanster\Common\FAMEH32.EXE
C:\Programmer\Telia\Telias Sakerhetstjanster\FWES\Program\fsdfwd.exe
C:\Programmer\Telia\Telias Sakerhetstjanster\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Telia\Telias Sakerhetstjanster\Common\FSM32.EXE
C:\Programmer\ATI Technologies\ATI.ACE\cli.exe
C:\Programmer\Telia\Telias Sakerhetstjanster\FSGUI\fsguiexe.exe
C:\Programmer\Telia\Telias Sakerhetstjanster\backweb\7836882\Program\fspex.exe
C:\Programmer\ATI Technologies\ATI.ACE\cli.exe
C:\Programmer\ATI Technologies\ATI.ACE\cli.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Sebastian\Skrivebord\hjt.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.tweak.dk/forumR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programmer\Telia\Telias Sakerhetstjanster\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programmer\Telia\Telias Sakerhetstjanster\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Programmer\Telia\Telias Sakerhetstjanster\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [ATICCC] "C:\Programmer\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Programmer\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Xfire.lnk = C:\Programmer\Xfire\Xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Google Search -
res://C:\Programmer\Google\GoogleToolbar1.dll/cmsearch.htmlO8 - Extra context menu item: &Translate English Word -
res://C:\Programmer\Google\GoogleToolbar1.dll/cmwordtrans.htmlO8 - Extra context menu item: Backward Links -
res://C:\Programmer\Google\GoogleToolbar1.dll/cmbacklinks.htmlO8 - Extra context menu item: Cached Snapshot of Page -
res://C:\Programmer\Google\GoogleToolbar1.dll/cmcache.htmlO8 - Extra context menu item: Similar Pages -
res://C:\Programmer\Google\GoogleToolbar1.dll/cmsimilar.htmlO8 - Extra context menu item: Translate Page into English -
res://C:\Programmer\Google\GoogleToolbar1.dll/cmtrans.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/MsnMessengerSetupDownloader.cabO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Run - C:\WINDOWS\system32\g0040adqed0e0.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Telias säkerhetstjänster (BackWeb Plug-in - 7836882) - Unknown owner - C:\PROGRA~1\Telia\TELIAS~1\backweb\7836882\Program\SERVIC~1.EXE
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\U2ViYXN0aWFu\command.exe (file missing)
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Programmer\Telia\Telias Sakerhetstjanster\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Programmer\Telia\Telias Sakerhetstjanster\backweb\7836882\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Programmer\Telia\Telias Sakerhetstjanster\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Programmer\Telia\Telias Sakerhetstjanster\Common\FSMA32.EXE
16. marts 2006 - 22:51
#4
L2MFIX find log 010406
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\DateTime]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\h82olif3182.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
**********************************************************************************
useragent:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{2D8E96C0-23AF-8D27-03EE-ECA2A9BB1DBE}"=""
**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Egenskabsark for multimediefiler"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-scannerstyring"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Sikkerhedsside"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Egenskabsside for OLE-dokumentfil"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Gr‘nsefladeudvidelse til deling"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Kontrolpanel-udvidelse til sk‘rmkort"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Kontrolpanel-udvidelse til sk‘rm"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Kontrolpanel-udvidelse til sk‘rmpanorering"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security-side"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Kompatibilitetsside"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Udvidelsen Diskcopy"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Gr‘nsefladeudvidelser til Microsoft Windows-netv‘rksobjekter"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-sk‘rmstyring"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-printerstyring"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Gr‘nsefladeudvidelser til filkomprimering"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Gr‘nsefladeudvidelse til webudskrift"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Kontekstmenu til kryptering"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Rejsetaske"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal-ikon"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-profil"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Sikkerhedsside"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Gr‘nsefladeudvidelse til deling"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO-filtype"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto signeringsfiltype"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Netv‘rksforbindelser"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Netv‘rksforbindelser"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scannere og kameraer"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scannere og kameraer"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scannere og kameraer"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scannere og kameraer"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scannere og kameraer"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell-udvidelser til Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft-dataforbindelse"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Planlagte opgaver"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Proceslinje og menuen Start"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="S›g"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Hj‘lp og support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Hj‘lp og support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="K›r..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internettet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administration"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="V‘rkt›jslinje til Microsoft Internet"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Webs›gning"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Redigeringsboks til adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft URL-oversigtstjeneste"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Oversigt"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Velkomstbillede til Internet Explorer 4-suiten"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internettet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX-cachemappe"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Programstyring"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Opt‘lling af installerede programmer"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Udpakning af miniaturer til GDI+-filer"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Dokumentinfo om miniaturehandler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Udpakning af HTML-miniaturer"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Guiden Webudgivelse"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Bestil billedudskrift over World Wide Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objekt til guiden Webudgivelse"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Guiden F† et Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Brugerkonti"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Kanalfil"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Genvej til kanal"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Mappen Offlinefiler"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Efter &personer..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{B66AC48A-492A-4270-975A-CE3C27E80A6B}"=""
"{B24E2A4B-F7B1-4676-9A85-B59EAFB6120F}"=""
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{5E2121EE-0300-11D4-8D3B-444553540000}"="Catalyst Context Menu extension"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{B66AC48A-492A-4270-975A-CE3C27E80A6B}]
@=""
"IDEx"="ADDR"
[HKEY_CLASSES_ROOT\CLSID\{B66AC48A-492A-4270-975A-CE3C27E80A6B}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{B66AC48A-492A-4270-975A-CE3C27E80A6B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{B66AC48A-492A-4270-975A-CE3C27E80A6B}\InprocServer32]
@="C:\\WINDOWS\\system32\\mri.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{B24E2A4B-F7B1-4676-9A85-B59EAFB6120F}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{B24E2A4B-F7B1-4676-9A85-B59EAFB6120F}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{B24E2A4B-F7B1-4676-9A85-B59EAFB6120F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{B24E2A4B-F7B1-4676-9A85-B59EAFB6120F}\InprocServer32]
@="C:\\WINDOWS\\system32\\wqiprop.dll"
"ThreadingModel"="Apartment"
**********************************************************************************
Files Found are not all bad files:
C:\WINDOWS\SYSTEM32\
ati2cqag.dll Wed 25 Jan 2006 4.10.38 A.... 258.048 252,00 K
ati2dvag.dll Wed 25 Jan 2006 4.52.48 A.... 255.488 249,50 K
ati2edxx.dll Wed 25 Jan 2006 4.46.50 A.... 41.472 40,50 K
ati2evxx.dll Wed 25 Jan 2006 4.46.38 A.... 61.440 60,00 K
ati3duag.dll Wed 25 Jan 2006 4.36.50 A.... 2.604.128 2,48 M
atiddc.dll Wed 25 Jan 2006 4.44.58 A.... 53.248 52,00 K
atidemgr.dll Wed 25 Jan 2006 3.29.40 A.... 282.624 276,00 K
atiiiexx.dll Wed 25 Jan 2006 4.28.12 A.... 307.200 300,00 K
atikvmag.dll Wed 25 Jan 2006 4.16.50 A.... 151.552 148,00 K
atioglx1.dll Wed 25 Jan 2006 4.30.28 A.... 6.684.672 6,38 M
atioglxx.dll Wed 25 Jan 2006 4.13.54 A.... 5.115.904 4,88 M
atipdlxx.dll Wed 25 Jan 2006 4.47.18 A.... 114.688 112,00 K
atitvo32.dll Wed 25 Jan 2006 4.16.08 A.... 17.408 17,00 K
ativvaxx.dll Wed 25 Jan 2006 4.30.18 A.... 860.192 840,03 K
atmtd.dll Thu 2 Mar 2006 12.29.40 A.... 687.592 671,48 K
d00mla~1.dll Sat 4 Mar 2006 16.40.16 ..S.R 233.798 228,32 K
dn6001~1.dll Sun 12 Mar 2006 15.17.38 ..S.R 237.204 231,64 K
e8jmli~1.dll Wed 8 Mar 2006 15.57.02 ..S.R 233.807 228,32 K
en8ml1~1.dll Mon 13 Mar 2006 13.42.52 ..S.R 234.863 229,36 K
enn6l1~1.dll Mon 13 Mar 2006 16.40.02 ..S.R 235.333 229,82 K
enpsl1~1.dll Mon 6 Mar 2006 0.54.26 ..S.R 234.133 228,64 K
f22m0c~1.dll Fri 3 Mar 2006 15.57.10 ..S.R 237.265 231,70 K
f6j20g~1.dll Wed 15 Mar 2006 23.56.20 ..S.R 233.898 228,41 K
fpn003~1.dll Thu 16 Mar 2006 14.00.52 ..S.R 233.735 228,25 K
fpnq03~1.dll Wed 15 Mar 2006 11.41.22 ..S.R 234.235 228,74 K
gp46l3~1.dll Mon 6 Mar 2006 17.25.50 ..S.R 234.069 228,58 K
gp80l3~1.dll Mon 13 Mar 2006 15.56.38 ..S.R 234.765 229,26 K
h82oli~1.dll Thu 16 Mar 2006 15.54.30 ..S.R 235.010 229,50 K
hr2o05~1.dll Mon 13 Mar 2006 16.56.58 ..S.R 234.007 228,52 K
hrj205~1.dll Thu 9 Mar 2006 17.32.54 ..S.R 233.355 227,88 K
i2jqlc~1.dll Tue 14 Mar 2006 10.15.20 ..S.R 235.194 229,68 K
i4420e~1.dll Sat 11 Mar 2006 17.03.24 ..S.R 233.370 227,90 K
ir22l5~1.dll Sun 5 Mar 2006 14.30.14 ..S.R 233.860 228,38 K
irn0l5~1.dll Thu 2 Mar 2006 19.03.38 ..S.R 233.775 228,29 K
irn2l5~1.dll Fri 3 Mar 2006 18.29.42 ..S.R 233.875 228,39 K
irpql5~1.dll Thu 16 Mar 2006 1.40.54 ..S.R 235.257 229,74 K
j84o0i~1.dll Sun 5 Mar 2006 23.53.04 ..S.R 233.422 227,95 K
jt6407~1.dll Sat 4 Mar 2006 16.23.24 ..S.R 233.481 228,01 K
jtlm07~1.dll Thu 2 Mar 2006 15.37.56 ..S.R 237.280 231,72 K
jtns07~1.dll Thu 16 Mar 2006 14.43.44 ..S.R 234.439 228,94 K
k4080e~1.dll Mon 13 Mar 2006 15.54.42 ..S.R 234.486 228,99 K
l2r0lc~1.dll Thu 16 Mar 2006 1.57.32 ..S.R 234.774 229,27 K
l4n40e~1.dll Thu 9 Mar 2006 7.13.42 ..S.R 233.475 228,00 K
lacmgr10.dll Sat 4 Mar 2006 16.23.26 ..S.R 237.143 231,58 K
lap209~1.dll Sun 5 Mar 2006 14.30.14 ..S.R 237.143 231,58 K
lv8409~1.dll Mon 6 Mar 2006 0.37.36 ..S.R 233.492 228,02 K
lv8609~1.dll Mon 13 Mar 2006 16.23.40 ..S.R 234.371 228,88 K
lvjm09~1.dll Fri 10 Mar 2006 11.16.44 ..S.R 237.262 231,70 K
m6polg~1.dll Mon 13 Mar 2006 13.38.14 ..S.R 235.058 229,55 K
medemui.dll Wed 15 Mar 2006 23.56.20 ..S.R 233.682 228,20 K
mzvcirt.dll Mon 13 Mar 2006 16.23.40 ..S.R 233.682 228,20 K
n68o0g~1.dll Wed 15 Mar 2006 17.44.38 ..S.R 234.068 228,58 K
o066la~1.dll Mon 6 Mar 2006 0.09.58 ..S.R 234.078 228,59 K
o2lu0c~1.dll Tue 14 Mar 2006 15.29.46 ..S.R 234.614 229,11 K
o4ro0e~1.dll Thu 16 Mar 2006 12.01.24 ..S.R 234.076 228,59 K
oemdspif.dll Wed 25 Jan 2006 4.47.04 A.... 77.824 76,00 K
p8r4li~1.dll Tue 14 Mar 2006 18.28.32 ..S.R 235.180 229,67 K
q2ps0c~1.dll Mon 6 Mar 2006 22.10.50 ..S.R 233.634 228,16 K
qav.dll Mon 6 Mar 2006 0.37.36 ..S.R 237.143 231,58 K
r06u0a~1.dll Thu 16 Mar 2006 16.42.42 ..S.R 235.970 230,44 K
r6r60g~1.dll Tue 7 Mar 2006 17.21.46 ..S.R 233.596 228,12 K
sirenacm.dll Tue 24 Jan 2006 19.34.24 A.... 118.784 116,00 K
tkd32.dll Thu 2 Mar 2006 12.31.12 ..S.R 234.272 228,78 K
u8ru0i~1.dll Thu 9 Mar 2006 3.06.08 ..S.R 233.747 228,27 K
urtfs.dll Thu 16 Mar 2006 14.00.52 ..S.R 233.682 228,20 K
vcscript.dll Thu 16 Mar 2006 12.01.24 ..S.R 233.682 228,20 K
vza64k.dll Mon 13 Mar 2006 13.38.14 ..S.R 233.682 228,20 K
wqiprop.dll Thu 16 Mar 2006 16.42.42 ..S.R 235.010 229,50 K
68 items found: 68 files (51 H/S), 0 directories.
Total of file sizes: 29.656.696 bytes 28,28 M
Locate .tmp files:
No matches found.
**********************************************************************************
Directory Listing of system files:
Disken i drev C har ikke noget navn.
Diskens serienummer er 0424-3BAB
Indhold af C:\WINDOWS\System32
16-03-2006 16:42 235.010 wqiprop.dll
16-03-2006 16:42 235.970 r06u0aj9edo.dll
16-03-2006 15:54 235.010 h82olif3182.dll
16-03-2006 14:43 234.439 jtns0757e.dll
16-03-2006 14:00 233.682 urtfs.dll
16-03-2006 14:00 233.735 fpn0035me.dll
16-03-2006 12:01 233.682 vcscript.dll
16-03-2006 12:01 234.076 o4ro0e93eh.dll
16-03-2006 01:57 234.774 l2r0lc9m1f.dll
16-03-2006 01:40 235.257 irpql5751.dll
15-03-2006 23:56 233.682 medemui.dll
15-03-2006 23:56 233.898 f6j20g1oe6.dll
15-03-2006 17:44 234.068 n68o0gl3e6q.dll
15-03-2006 11:41 234.235 fpnq0355e.dll
14-03-2006 18:28 235.180 p8r4li9q18.dll
14-03-2006 15:29 234.614 o2lu0c39ef.dll
14-03-2006 10:15 235.194 i2jqlc151f.dll
13-03-2006 16:56 234.007 hr2o05f3e.dll
13-03-2006 16:40 235.333 enn6l15s1.dll
13-03-2006 16:23 233.682 mzvcirt.dll
13-03-2006 16:23 234.371 lv8609lse.dll
13-03-2006 15:56 234.765 gp80l3lm1.dll
13-03-2006 15:54 234.486 k4080edueh080.dll
13-03-2006 13:42 234.863 en8ml1l11.dll
13-03-2006 13:38 233.682 vza64k.dll
13-03-2006 13:38 235.058 m6polg7316.dll
12-03-2006 15:17 237.204 dn6001jme.dll
11-03-2006 17:03 233.370 i4420ehoeh4c0.dll
10-03-2006 11:16 237.262 lvjm0911e.dll
09-03-2006 17:32 233.355 hrj2051oe.dll
09-03-2006 07:13 233.475 l4n40e5qeh.dll
09-03-2006 03:06 233.747 u8ru0i99e8.dll
08-03-2006 15:57 233.807 e8jmli1118.dll
07-03-2006 18:21 <DIR> dllcache
07-03-2006 17:21 233.596 r6r60g9se6.dll
06-03-2006 22:10 233.634 q2ps0c77ef.dll
06-03-2006 17:25 234.069 gp46l3hs1.dll
06-03-2006 00:54 234.133 enpsl1771.dll
06-03-2006 00:37 237.143 qav.dll
06-03-2006 00:37 233.492 lv8409lqe.dll
06-03-2006 00:09 234.078 o066lajs1do6.dll
05-03-2006 23:53 233.422 j84o0ih3e84.dll
05-03-2006 14:30 237.143 lap2097oe.dll
05-03-2006 14:30 233.860 ir22l5fo1.dll
04-03-2006 16:40 233.798 d00mlad11d0.dll
04-03-2006 16:23 237.143 lacmgr10.dll
04-03-2006 16:23 233.481 jt6407jqe.dll
03-03-2006 18:29 233.875 irn2l55o1.dll
03-03-2006 15:57 237.265 f22m0cf1ef2.dll
02-03-2006 19:03 233.775 irn0l55m1.dll
02-03-2006 15:37 237.280 jtlm0731e.dll
02-03-2006 12:31 234.272 tkd32.dll
02-03-2006 12:30 <DIR> Microsoft
02-03-2006 12:29 100.352 rwnt.0xe.mwt
52 fil(er) 12.064.784 byte
2 mappe(r) 181.715.615.744 byte ledig