Avatar billede 11cd Nybegynder
16. april 2009 - 15:36 Der er 37 kommentarer og
1 løsning

Hjælp til/mod virus? (HJT-log)

Hej
Jeg kæmper med en virus på min computer, men jeg kan ikke nedkæmpe den med 'almindelige' midler.
Jeg har prøvet en del virus-programmer (senest Avast) og jeg har også prøvet Dr. Web, som jeg har set anbefalet her på siden. Dr. Web fandt også en del, men der er altså stadig noget. Kan I hjælpe?
Her er en log fra HJT.exe:
Logfile of HijackThis v1.99.1
Scan saved at 15:02:55, on 16-04-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Programmer\Fælles filer\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\keyhook.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Programmer\D-Tools\daemon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\NETGEAR\WN111v2\WN111V2.exe
C:\Programmer\Corel\Graphics9\Register\Remind32.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\HP_Ejer\Skrivebord\hj-mappe\hjts.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DA_DK&c=Q404&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DA_DK&c=Q404&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DA_DK&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DA_DK&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DA_DK&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DA_DK&c=Q404&bd=pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.exactsearch.net/sidesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
O1 - Hosts: 82.98.235.133 browser-security.microsoft.com
O1 - Hosts: 82.98.235.133 securityresponse.symantec.com
O1 - Hosts: 82.98.235.133 speed-runner.com
O1 - Hosts: 82.98.235.133 url.adtrgt.com
O1 - Hosts: 82.98.235.133 us.mcafee.com
O1 - Hosts: 82.98.235.133 www.kaspersky.com
O1 - Hosts: 82.98.235.133 www.my-etrust.com
O1 - Hosts: 82.98.235.133 www.symantec.com
O1 - Hosts: 82.98.235.133 www.winmx.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CPV - {15421b84-3488-49a7-ad18-cbf84a3efaf6} - C:\Programmer\WWShow\WWShow.dll
O2 - BHO: (no name) - {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {fe887f31-69c0-4a97-937f-e76930556d3b} - (no file)
O3 - Toolbar: HP-visning - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Programmer\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [ATICCC] "C:\Programmer\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Corel Registration.lnk = C:\Programmer\Corel\Graphics9\Register\Remind32.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NETGEAR WN111v2 Smart Wizard.lnk = C:\Programmer\NETGEAR\WN111v2\WN111V2.exe
O8 - Extra context menu item: Bloker alle billeder fra den samme server - C:\Programmer\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Marker forekomster af ord på denne side - C:\Programmer\Avant Browser\Highlight.htm
O8 - Extra context menu item: Søg på ord - C:\Programmer\Avant Browser\Search.htm
O8 - Extra context menu item: Tilføj til AD Black List - C:\Programmer\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Åben alle links på denne side... - C:\Programmer\Avant Browser\OpenAllLinks.htm
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O11 - Options group: [java_sun] Java (Sun)
O16 - DPF: {10B80396-96A7-11D3-B7A6-00A0C94C6AE0} (ParallelGraphics Cortona VRML 1.0 to VRML 2.0 convertor) - http://www.parallelgraphics.com/bin/cortvrml10.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: gebspnlb - geBspnLb.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswupdsv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmer\Fælles filer\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus (avast! antivirus) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner (avast! mail scanner) - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner (avast! web scanner) - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Tjenesten Background Intelligent Transfer (BITS) - Unknown owner - %fystemRoot%\System32\svchost.exe (file missing)
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Programmer\NETGEAR\WN111v2\jswpsapi.exe
O23 - Service: License Management Service ESD - element5 - C:\Programmer\Fælles filer\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Programmer\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: Automatiske opdateringer (wuauserv) - Unknown owner - %fystemroot%\system32\svchost.exe (file missing)
Håber I kan?
Avatar billede arkil Nybegynder
16. april 2009 - 15:45 #1
-- Hent denne fil, og pak den ud til en mappe på skrivebordet:
http://download.bleepingcomputer.com/andymanchesta/SDFix.exe

Dobbeltklik på filen, og lad den pakke sig ud til en mappe i roden af din harddisk (typisk: c:\SDfix)

-- Genstart i fejlsikret, hvis du ikke ved hvordan så kig her:
http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=23&PN=1

-- Gå så ind i mappen SDFix, som du fik oprettet tidligere. Dobbeltklik på filen RunThis.bat, for at starte værktøjet. Tryk "y" for at bekræfte, at du kører værktøjet på egen risiko. Så vil værktøjet gå i gang med at fjerne trojanservicen, og lave et par reparationer af registreringsdatabasen. På et tidspunkt vil det bede dig om at trykke en taste for at genstarte computeren. Det skal du gøre, hvorefter computeren vil genstarte efter 15 sekunder.

Genstarten vil tage lidt længere end sædvanligt, idet værktøjet skal have tid til at udføre sit arbejde. Når skrivebordet dukker op, vil værktøjet skrive "Finished". Tryk herefter en taste for at indlæse dine skrivebordsikoner igen.

Åben så SDFix-mappen, find filen Report.txt, og kopier indholdet af denne fil herind.
Avatar billede johnstigers Seniormester
16. april 2009 - 16:12 #2
Lige en sidebemærkning:
Hvornår har du sidst været på windows update?
Du bruger stadig IE6...
Avatar billede 11cd Nybegynder
16. april 2009 - 16:31 #3
hmm,,, ja, - det er lidt underligt med det. Når jeg prøver skriver den:
"
Webstedet har fundet et problem og kan ikke vise den side, som du forsøger at få vist. Nedenstående muligheder kan muligvis hjælpe dig med at løse problemet
"
Hvad gør jeg ved det?
Avatar billede arkil Nybegynder
16. april 2009 - 16:53 #4
Er det den første link der siger dette ?

Prøv så om du kan dette.

Hent Malwarebytes Anti-Malware herfra:
http://www.besttechie.net/tools/mbam-setup.exe
Eller herfra ->
http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

Installer programmet - når det er gjort skal du lade programmet opdatere sig. Herefter åbner et vindue, hvor du skal flytte prikken til "Kør et fuldstændigt systemscan" - klik på Skan Knappen - lad programmet arbejde. Når det er færdig (det tager lidt tid afhængig af hvor meget du har på computeren).
Derefter - Tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på "Fjern det valgte" - nu åbnes log'en og du skal gemme den et sted, hvor du kan finde den igen, kopier teksten fra den log herind i tråden.
Avatar billede arkil Nybegynder
16. april 2009 - 16:57 #5
How > Gør lige dette først.

Hent HostsXpert, og udpak den til egen mappe.

http://www.funkytoad.com/download/HostsXpert.zip
Så åbner du HostsXpert, og klikker på "Recovery - i værktøjlinjen, tryk så på - Restore MS Hosts

Tryk også på - Make Hosts readable

NB. Hvis du selv har lagt adr. ind i hosts filen, skal lægges de lægges manuelt ind igen
16. april 2009 - 18:31 #6
... hvis du endelig skal bruge HiJackThis så brug denne version af HJT -> http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe
Avatar billede haverslev Novice
16. april 2009 - 18:43 #7
Lige en info til spørger 11cd ( Anders Borg )

Kan se du har oprettet 2 brugere, en der hedder 11cd og en der hedder 11cd-anders.
Det er ikke tilladt at have 2 brugerkontoer :)

http://www.eksperten.dk/profil/11cd

http://www.eksperten.dk/profil/11cd-Anders
Avatar billede 11cd Nybegynder
17. april 2009 - 09:32 #8
Beklager de 2 kontos, men den ene var vist med forkert mail? Jeg fik aldrig noget pass, så jeg prøvede igen.
Avatar billede 11cd Nybegynder
17. april 2009 - 09:36 #9
Her er indholdet af rapporten.

Tak for de mange kommentarer, men hvad er næste skridt?

b]SDFix: Version 1.240 [/b]
Run by HP_Ejer on 16-04-2009 at 16:32
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Checking Services :

Restoring Default Security Values
Restoring Default Hosts File
Rebooting

Checking Files :
Trojan Files Found:
C:\-17442~1 - Deleted
C:\Documents and Settings\HP_Ejer\Application Data\SpeedRunner\config.cfg - Deleted
C:\Temp\1cb\syscheck.log - Deleted
C:\Programmer\iCheck\Uninstall.exe - Deleted
C:\Programmer\VnrPack\trgts.gz - Deleted
C:\DOCUME~1\HP_Ejer\LOKALE~1\Temp\TMP10.tmp - Deleted
C:\DOCUME~1\HP_Ejer\LOKALE~1\Temp\TMP11.tmp - Deleted
C:\DOCUME~1\HP_Ejer\LOKALE~1\Temp\TMP12.tmp - Deleted
C:\DOCUME~1\HP_Ejer\LOKALE~1\Temp\TMP14.tmp - Deleted
C:\DOCUME~1\HP_Ejer\LOKALE~1\Temp\TMPD.tmp - Deleted
C:\DOCUME~1\HP_Ejer\LOKALE~1\Temp\TMPE.tmp - Deleted
C:\WINDOWS\system32\cmd.com - Deleted
C:\WINDOWS\system32\netstat.com - Deleted
C:\WINDOWS\system32\pac.txt - Deleted
C:\WINDOWS\system32\ping.com - Deleted
C:\WINDOWS\system32\regedit.com - Deleted
C:\WINDOWS\system32\taskkill.com - Deleted
C:\WINDOWS\system32\tasklist.com - Deleted
C:\WINDOWS\system32\tracert.com - Deleted
C:\WINDOWS\system32\ntos.exe  - Deleted

Folder C:\Documents and Settings\HP_Ejer\Application Data\SpeedRunner - Removed
Folder C:\Programmer\iCheck - Removed
Folder C:\Programmer\InetGet2 - Removed
Folder C:\Programmer\VnrPack - Removed
Folder C:\Temp\1cb - Removed

Removing Temp Files
ADS Check :


                                Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-17 09:12:33
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\89fd950]
"ImagePath"="\SystemRoot\System32\drivers\89fd950.sys"
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000001
"F96ZK6nPB"="YmluZGVyeXNlcnZpY2UubW9iaQ=="
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40]
"khjeh"=hex:20,02,00,00,76,4c,3a,b9,4f,1a,74,20,d2,7a,3b,10,44,25,90,8b,56,..
"hj34z0"=hex:a8,3c,03,7d,6d,26,2d,64,9d,7a,87,ff,c2,5b,0c,97,82,5e,2d,b0,d4,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\89fd950]
"ImagePath"="\SystemRoot\System32\drivers\89fd950.sys"
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000001
"F96ZK6nPB"="YmluZGVyeXNlcnZpY2UubW9iaQ=="
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :


Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programmer\\Messenger\\msmsgs.exe"="C:\\Programmer\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Programmer\\Autodesk\\3dsMax8\\3dsmax.exe"="C:\\Programmer\\Autodesk\\3dsMax8\\3dsmax.exe:*:Enabled:Autodesk 3ds Max 8"
"C:\\Programmer\\Autodesk\\backburner\\monitor.exe"="C:\\Programmer\\Autodesk\\backburner\\monitor.exe:*:Enabled:backburner 2.3 monitor"
"C:\\Programmer\\Autodesk\\backburner\\manager.exe"="C:\\Programmer\\Autodesk\\backburner\\manager.exe:*:Enabled:backburner 2.3 manager"
"C:\\Programmer\\Autodesk\\backburner\\server.exe"="C:\\Programmer\\Autodesk\\backburner\\server.exe:*:Enabled:backburner 2.3 server"
"C:\\Programmer\\SmartFTP\\SmartFTP.exe"="C:\\Programmer\\SmartFTP\\SmartFTP.exe:*:Enabled:SmartFTP Client"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
Remaining Files :

File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Wed  8 Dec 2004          196 A.SHR --- "C:\BOOT.BAK"
Thu 28 Apr 2005      245,248 ...H. --- "C:\WINDOWS\system32\wodfamod.dll"
Thu 27 Oct 2005        4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 22 Dec 2004        76,568 ..SHR --- "C:\Programmer\Autodesk\Autodesk DWF Viewer\Setup.exe"
Thu 13 Jan 2005        11,360 A.SHR --- "C:\Programmer\Autodesk\Autodesk DWF Viewer\_Setupx.dll"
Thu 27 Oct 2005        4,348 ...H. --- "C:\Documents and Settings\Ejer\Dokumenter\Musik\Sikkerhedskopiering af licenser\drmv1key.bak"
Fri  4 Nov 2005            20 A..H. --- "C:\Documents and Settings\Ejer\Dokumenter\Musik\Sikkerhedskopiering af licenser\drmv1lic.bak"
Thu 27 Oct 2005          400 ...H. --- "C:\Documents and Settings\Ejer\Dokumenter\Musik\Sikkerhedskopiering af licenser\drmv2key.bak"
Fri  4 Nov 2005        1,536 A..H. --- "C:\Documents and Settings\Ejer\Dokumenter\Musik\Sikkerhedskopiering af licenser\drmv2lic.bak"
Finished!
Avatar billede 11cd Nybegynder
17. april 2009 - 09:56 #10
Skal jeg bruge: HostsXpert nu?
Avatar billede 11cd Nybegynder
17. april 2009 - 12:12 #11
Hej igen

Jeg er ikke helt med på, hvad du mener jeg skal gøre med HostXpert.

Jeg kan ikke se noget, som hedder "Recovery", men jeg har fundet en knap, som hedder "Restore MS Hosts File" (under "File Handling"). Det må være den du mener. Jeg har trykket på den.

Jeg kan ikke finde noget, som hedder "Make Hosts readable", men en knap, som hedder "Make ReadOnly". Når jeg trykker på kanppen "Make ReadOnly", så skifter den blot til "Make Writeable?" (med rødt). Hvad skal jeg få der til at stå?

Jeg ved ikke, hvad du mener med "NB. Hvis du selv har lagt adr. ind i hosts filen, skal lægges de lægges manuelt ind igen"? Beklager, men jeg er sku' lidt IT-dum - kan du hjælpe mig lidt mere?
Avatar billede 11cd Nybegynder
17. april 2009 - 12:12 #12
Jeg har lige lavet endnu en scan med Avast og den siger, at der stadig er en virus - øv!
Avatar billede johnstigers Seniormester
17. april 2009 - 13:10 #13
Jeg kan ikke se noget, som hedder "Recovery", men jeg har fundet en knap, som hedder "Restore MS Hosts File"
Det er korrekt :)

Jeg kan ikke finde noget, som hedder "Make Hosts readable", men en knap, som hedder "Make ReadOnly". Når jeg trykker på kanppen "Make ReadOnly", så skifter den blot til "Make Writeable?" (med rødt).
Det er korrekt - Hosts filen er nu kun readonly.

NB er hvis du selv har haft åbnet hosts filen i notepad og lagt adresser ind i den - men det lyder det ikke til du har :)
Avatar billede 11cd Nybegynder
17. april 2009 - 13:31 #14
Pokkers, - så har jeg lavet en fejl. jeg har startet programmet Malwarebytes Anti-Malware, hvor den IKKE var ReadOnly - pis, - har det stor betydning?
Avatar billede 11cd Nybegynder
17. april 2009 - 13:35 #15
hmmm,,,, jeg har ændret det underscanningen - håber, det går. Den Scanner altså ikke i safemode, - skal den det?
Avatar billede arkil Nybegynder
17. april 2009 - 14:03 #16
Jeg har ikke haft tid før nu, jeg beklager.

Glem det med hosts filen, den er nul stillet.
Lad mig se en log fra Malwarebytes.
Så dette >


--Hent Combofix, og gem den på dit skrivebord:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Luk alle andre vinduer ned.

Kør så Combofix.exe, og følg anvisningerne. (Vistabrugere skal klikke med højre-musetast på filen og vælge (Kør som administrator)

Vigtigt-> Deaktiver dit antivirus/antispyware program. Da det/de kan "forstyrre" og konflikte med Combofix, eller fjerne vigtige Combofix filer, hvilket kan få computeren til fryse.

Du må ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.

Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: combofix.txt som ligger her C:\ Combofix txt

Hvis logfilen ikke åbnes så finder du den her c:\combofix.txt
Indholdet af denne fil må du gerne lægge herind.
Avatar billede 11cd Nybegynder
17. april 2009 - 14:13 #17
Her er den fra Anti-Malware:

Malwarebytes' Anti-Malware 1.36
Database version: 1992
Windows 5.1.2600 Service Pack 3

17-04-2009 14:02:19
mbam-log-2009-04-17 (14-02-10).txt

Skan type: FuldstÊndig skanning (C:\|D:\|)
Objekter skannet: 159836
Tid tilbagelagt: 1 hour(s), 25 minute(s), 56 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase N¯gler: 24
Inficerede Registeringsdatabase VÊrdier: 3
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 7
Inficerede Filer: 20

Inficerede Hukommelses Processer:
(Ingen mistÊnkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistÊnkelige filer fundet)

Inficerede Registeringsdatabase N¯gler:
HKEY_CLASSES_ROOT\bho_cpv.workhorse (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\bho_cpv.workhorse.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\xbtb07618.ietoolbar (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\xbtb07618.ietoolbar.1 (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\xbtb07618.xbtb07618 (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\xbtb07618.xbtb07618.1 (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{17e44256-51e0-4d46-a0c8-44e80ab4ba5b} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{e0f01490-dcf3-4357-95aa-169a8c2b2190} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{63334394-3da3-4b29-a041-03535909d361} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{77fbf9b8-1d37-4ff2-9ced-192d8e3aba6f} (Adware.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Bargains (Adware.Bargain.Buddy) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\xbtb07618.xbtb07618toolbar (Adware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> No action taken.

Inficerede Registeringsdatabase VÊrdier:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{77fbf9b8-1d37-4ff2-9ced-192d8e3aba6f} (Adware.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{77fbf9b8-1d37-4ff2-9ced-192d8e3aba6f} (Adware.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> No action taken.

Inficerede Registeringsdatabase Filer:
(Ingen mistÊnkelige filer fundet)

Inficerede Mapper:
C:\WINDOWS\system32\wsnpoem (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Ejer\Application Data\nidle (Trojan.Agent) -> No action taken.
C:\Programmer\WWShow (Trojan.Agent) -> No action taken.
C:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0851 (Backdoor.Bot) -> No action taken.
C:\Programmer\Jcore (Trojan.BHO) -> No action taken.
C:\Programmer\winupdate (Worm.P2P) -> No action taken.
C:\WINDOWS\system32\aNI13 (Trojan.Agent) -> No action taken.

Inficerede Filer:
C:\Programmer\WWShow\WWShow.dll (Trojan.BHO) -> No action taken.
C:\Documents and Settings\HP_Ejer\winss.exe (Trojan.Downloader) -> No action taken.
C:\Programmer\Mozilla Firefox\components\srff.dll (Adware.SurfAccuracy) -> No action taken.
C:\System Volume Information\_restore{1FD1846F-4D58-43DF-B050-006CA39AB12A}\RP567\A0051898.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{1FD1846F-4D58-43DF-B050-006CA39AB12A}\RP571\A0053418.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{1FD1846F-4D58-43DF-B050-006CA39AB12A}\RP574\A0059666.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{1FD1846F-4D58-43DF-B050-006CA39AB12A}\RP574\A0059667.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{1FD1846F-4D58-43DF-B050-006CA39AB12A}\RP574\A0059669.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{1FD1846F-4D58-43DF-B050-006CA39AB12A}\RP574\A0059670.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{1FD1846F-4D58-43DF-B050-006CA39AB12A}\RP574\A0059671.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{1FD1846F-4D58-43DF-B050-006CA39AB12A}\RP574\A0059673.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{1FD1846F-4D58-43DF-B050-006CA39AB12A}\RP574\A0059674.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{1FD1846F-4D58-43DF-B050-006CA39AB12A}\RP574\A0059677.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\bszip.dll (Worm.P2P) -> No action taken.
C:\WINDOWS\system32\MSINET.oca (Rogue.Trace) -> No action taken.
C:\WINDOWS\system32\drivers\89fd950.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\wsnpoem\audio.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\wsnpoem\audio.dll.cla (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\wsnpoem\video.dll (Trojan.Agent) -> No action taken.
C:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0851\Desktop.ini (Backdoor.Bot) -> No action taken.
Avatar billede 11cd Nybegynder
17. april 2009 - 14:19 #18
jeg er igang med Combofix. Jeg ser et blåt vindue, men en streg som blinker, men der sker ikke rigtigt noget?

Hvor længe skal det tage?
Avatar billede 11cd Nybegynder
17. april 2009 - 14:27 #19
hmmm,,, det er som om at installationen ikke virker - den afslutter ikke skærmbilledet, som nok er installations-programmet (det blå vinude). Hvad kan jeg gøre?

Den opretter en mappe på mit C-drev, men jeg er ikke sikker på, at startfilen er der. Hvad skal den hedde?
Avatar billede 11cd Nybegynder
17. april 2009 - 14:31 #20
hmmm,,, nej, - Combofix.exe er der ikke. - hmmm...
Avatar billede 11cd Nybegynder
17. april 2009 - 14:33 #21
Combofix-Download?
Combobatch?
17. april 2009 - 14:50 #22
NB NB NB: Mht din kørsel med [Malwarebytes] ( -> No action taken.) - du har fuldstændig 'glemt' denne detalje ->
Derefter - Tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på "[b]Fjern det valgte[b]" -

Såååå - ny kørsel med Malwarebytes under alle omstændigheder ...
Avatar billede 11cd Nybegynder
17. april 2009 - 15:02 #23
Det huskede jeg faktisk, men det er måske den forkerte log, som jeg har smidt ind? - Hvor finder jeg den rigtige?
Avatar billede johnstigers Seniormester
17. april 2009 - 15:05 #24
Vedr. Combofix:

Så længe det blå vindue er fremme med en blinkende markør arbejder programmet.

Prøv igen - det starter når du klikker på ComboFix.exe
Avatar billede johnstigers Seniormester
17. april 2009 - 15:06 #25
Loggen finder du samme sted som den anden
Avatar billede 11cd Nybegynder
20. april 2009 - 10:51 #26
Jeg har fundet den rigtige log fra Anti-Malware. Derudover går det også meget bedre med ComboFix efter en genstart af computeren. ComboFix er i gang i skrivende stund.

Malwarebytes' Anti-Malware 1.36
Database version: 1992
Windows 5.1.2600 Service Pack 3

17-04-2009 14:02:34
mbam-log-2009-04-17 (14-02-34).txt

Skan type: FuldstÊndig skanning (C:\|D:\|)
Objekter skannet: 159836
Tid tilbagelagt: 1 hour(s), 25 minute(s), 56 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase N¯gler: 24
Inficerede Registeringsdatabase VÊrdier: 3
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 7
Inficerede Filer: 20

Inficerede Hukommelses Processer:
(Ingen mistÊnkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistÊnkelige filer fundet)

Inficerede Registeringsdatabase N¯gler:
HKEY_CLASSES_ROOT\bho_cpv.workhorse (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_cpv.workhorse.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xbtb07618.ietoolbar (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xbtb07618.ietoolbar.1 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xbtb07618.xbtb07618 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xbtb07618.xbtb07618.1 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17e44256-51e0-4d46-a0c8-44e80ab4ba5b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e0f01490-dcf3-4357-95aa-169a8c2b2190} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{63334394-3da3-4b29-a041-03535909d361} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{77fbf9b8-1d37-4ff2-9ced-192d8e3aba6f} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Bargains (Adware.Bargain.Buddy) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\xbtb07618.xbtb07618toolbar (Adware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase VÊrdier:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{77fbf9b8-1d37-4ff2-9ced-192d8e3aba6f} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{77fbf9b8-1d37-4ff2-9ced-192d8e3aba6f} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Filer:
(Ingen mistÊnkelige filer fundet)

Inficerede Mapper:
C:\WINDOWS\system32\wsnpoem (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Ejer\Application Data\nidle (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Programmer\WWShow (Trojan.Agent) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0851 (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Programmer\Jcore (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Programmer\winupdate (Worm.P2P) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\aNI13 (Trojan.Agent) -> Quarantined and deleted successfully.

Inficerede Filer:
C:\Programmer\WWShow\WWShow.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Ejer\winss.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Programmer\Mozilla Firefox\components\srff.dll (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1FD1846F-4D58-43DF-B050-006CA39AB12A}\RP567\A0051898.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1FD1846F-4D58-43DF-B050-006CA39AB12A}\RP571\A0053418.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1FD1846F-4D58-43DF-B050-006CA39AB12A}\RP574\A0059666.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1FD1846F-4D58-43DF-B050-006CA39AB12A}\RP574\A0059667.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1FD1846F-4D58-43DF-B050-006CA39AB12A}\RP574\A0059669.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1FD1846F-4D58-43DF-B050-006CA39AB12A}\RP574\A0059670.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1FD1846F-4D58-43DF-B050-006CA39AB12A}\RP574\A0059671.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1FD1846F-4D58-43DF-B050-006CA39AB12A}\RP574\A0059673.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1FD1846F-4D58-43DF-B050-006CA39AB12A}\RP574\A0059674.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1FD1846F-4D58-43DF-B050-006CA39AB12A}\RP574\A0059677.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bszip.dll (Worm.P2P) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\MSINET.oca (Rogue.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\89fd950.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wsnpoem\audio.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wsnpoem\audio.dll.cla (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wsnpoem\video.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0851\Desktop.ini (Backdoor.Bot) -> Quarantined and deleted successfully.
Avatar billede 11cd Nybegynder
20. april 2009 - 11:54 #27
Her er loggen fra ComboFix. Jeg har lige fået at vide, at vores hjemmeside har været hakket. Kan det været sket gennem denne computer? De øvrige computere her er MACs udover en enkelt anden PC, som kører med Avast-beskyttelse.

Det er fedt, at I kan hjælpe :) Hvad er næste skridt?



ComboFix 09-04-20.05 - HP_Ejer 20-04-2009 10:48.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.45.1030.18.2047.1642 [GMT 2:00]
K¯rer fra: c:\documents and settings\HP_Ejer\Skrivebord\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090419-0] *On-access scanning disabled* (Updated)
* Dannede nyt systemgendannelsespunkt
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\HP_Ejer\Lokale indstillinger\Temporary Internet Files\CPV.stt
c:\programmer\FÊlles filer\download
c:\programmer\FÊlles filer\inetget
c:\programmer\FÊlles filer\windows
c:\programmer\FÊlles filer\windows\AutoIt3.exe
c:\programmer\FÊlles filer\windows\psapi.dll
c:\windows\system32\acrnxbvc.ini
c:\windows\system32\activedsy.exe
c:\windows\system32\agxqub.dll
c:\windows\system32\ancwsolv.ini
c:\windows\system32\atxtdxaq.ini
c:\windows\system32\bhhhhutn.ini
c:\windows\system32\btjixysm.ini
c:\windows\system32\ccuoguek.ini
c:\windows\system32\crypts.dll
c:\windows\system32\digiwet.dll
c:\windows\system32\dnxtfukg.ini
c:\windows\system32\dvenjndn.ini
c:\windows\system32\dvxynpcp.ini
c:\windows\system32\ebbnvdvk.ini
c:\windows\system32\igafwpav.ini
c:\windows\system32\ijsgoufx.ini
c:\windows\system32\inctefrl.ini
c:\windows\system32\jkobtgop.ini
c:\windows\system32\lcnkrokl.ini
c:\windows\system32\lmiecxpf.ini
c:\windows\system32\loesvfvk.ini
c:\windows\system32\lubaquqi.ini
c:\windows\system32\lvdcvlja.ini
c:\windows\system32\ncskbvkj.dll
c:\windows\system32\nwypwims.ini
c:\windows\system32\ohrgohfd.dll
c:\windows\system32\oqhnlssh.ini
c:\windows\system32\pfmsjthk.ini
c:\windows\system32\ptsotlls.ini
c:\windows\system32\pxhwptio.ini
c:\windows\system32\pYJlonpo.ini
c:\windows\system32\pYJlonpo.ini2
c:\windows\system32\qfotvnrd.ini
c:\windows\system32\qmnxfyfy.dll
c:\windows\system32\rqviacqf.dll
c:\windows\system32\rtxwyqrv.ini
c:\windows\system32\rxtwehtm.ini
c:\windows\system32\skdmrg.dll
c:\windows\system32\sxavyvts.ini
c:\windows\system32\sxkedfrg.ini
c:\windows\system32\ucvheqkh.ini
c:\windows\system32\udwwsnpu.ini
c:\windows\system32\uokbeciy.ini
c:\windows\system32\vunkquiv.ini
c:\windows\system32\wsbnnl.dll
c:\windows\system32\yzqpwr.dll
D:\Autorun.inf
c:\windows\system32\drivers\str.sys . . . . lykkedes ikke at slette

.
(((((((((((((((((((((((((((((((((((((((  Drivers/Tjenester  )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SAMSSRPCSS
-------\Service_SamSsRpcSs


(((((((((((((((((((((((((((((  Filer skabt fra 2009-03-20 til 2009-04-20  )))))))))))))))))))))))))))))))))))
.

2009-04-20 08:38 . 2009-04-20 08:38    20480    --sha-w    c:\windows\system32\accessn.dll
2009-04-20 08:37 . 2009-04-20 08:38    86    --s-a-w    c:\windows\system32\283006063.dat
2009-04-17 10:20 . 2009-04-17 10:20    --------    d-----w    c:\documents and settings\HP_Ejer\Application Data\Malwarebytes
2009-04-17 10:20 . 2009-04-06 13:32    15504    ----a-w    c:\windows\system32\drivers\mbam.sys
2009-04-17 10:20 . 2009-04-06 13:32    38496    ----a-w    c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-17 10:20 . 2009-04-17 10:23    --------    d-----w    c:\programmer\Malwarebytes' Anti-Malware
2009-04-17 10:20 . 2009-04-17 10:20    --------    d-----w    c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-16 14:31 . 2009-04-16 14:31    578560    -c--a-w    c:\windows\system32\dllcache\user32.dll
2009-04-16 14:28 . 2009-04-16 14:28    --------    d-----w    c:\windows\ERUNT
2009-04-16 14:24 . 2009-04-17 07:14    --------    d-----w    C:\SDFix
2009-04-16 09:45 . 2009-04-16 09:45    --------    d-----w    c:\documents and settings\HP_Ejer\DoctorWeb
2009-04-16 08:56 . 2009-04-16 08:56    --------    d--h--r    c:\documents and settings\All Users\Application Data\Atheros
2009-04-16 08:54 . 2009-04-16 08:54    --------    d-----w    c:\programmer\NETGEAR
2009-04-16 08:54 . 2009-04-16 08:54    --------    d-----w    c:\documents and settings\All Users\Application Data\NETGEAR
2009-04-14 11:09 . 2009-04-14 11:09    --------    d-----w    c:\programmer\Alwil Software
2009-04-03 11:02 . 2009-04-03 11:02    --------    d-----w    c:\programmer\CCleaner
2009-03-26 12:19 . 2009-03-27 19:22    283    ----a-w    c:\windows\system32\ub.dat

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-16 08:56 . 2004-01-01 09:27    --------    d--h--w    c:\programmer\InstallShield Installation Information
2009-04-14 12:30 . 2005-11-30 14:55    --------    d-----w    c:\programmer\Freeprod Toolbar
2009-04-14 11:09 . 2005-12-02 09:15    --------    d-----w    c:\programmer\NaviSearch
2009-04-14 11:09 . 2005-12-02 09:15    --------    d-----w    c:\programmer\BullsEye Network
2009-04-14 11:02 . 2004-01-01 07:07    --------    d-----w    c:\programmer\Symantec
2009-04-14 11:02 . 2004-01-01 07:07    --------    d-----w    c:\programmer\FÊlles filer\Symantec Shared
2009-04-03 11:14 . 2004-01-01 15:22    75196    ----a-w    c:\windows\system32\perfc006.dat
2009-04-03 11:14 . 2004-01-01 15:22    420068    ----a-w    c:\windows\system32\perfh006.dat
2009-04-03 10:54 . 2004-01-01 07:07    --------    d-----w    c:\documents and settings\All Users\Application Data\Symantec
2009-04-03 10:44 . 2004-01-01 08:05    --------    d-----w    c:\programmer\Java
2009-03-13 08:46 . 2009-03-13 08:46    --------    d-----w    c:\documents and settings\HP_Ejer\Application Data\Twain
2009-03-09 03:19 . 2009-03-05 14:39    410984    ----a-w    c:\windows\system32\deploytk.dll
2009-03-06 09:17 . 2004-01-01 07:30    80647    ----a-w    c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-03-06 09:12 . 2004-01-01 15:22    250576    --sha-r    C:\ntldr
2009-02-09 14:07 . 2004-01-01 15:22    1846784    ----a-w    c:\windows\system32\win32k.sys
2006-07-07 10:57 . 2006-07-07 10:56    142    ----a-w    c:\documents and settings\Administrator\Lokale indstillinger\Application Data\fusioncache.dat
2005-06-10 13:20 . 2004-12-10 14:39    71800    ----a-w    c:\documents and settings\HP_Ejer\Lokale indstillinger\Application Data\GDIPFONTCACHEV1.DAT
2004-12-10 14:39 . 2004-12-08 12:09    136    ----a-w    c:\documents and settings\HP_Ejer\Lokale indstillinger\Application Data\fusioncache.dat
2005-05-11 17:2005-06-30 12:04        34:00 .    c:\programmer\mozilla firefox\components\jar50.dll
2005-05-11 17:2005-06-30 12:04        34:00 .    c:\programmer\mozilla firefox\components\jsd3250.dll
2005-05-11 17:2005-06-30 12:04        34:00 .    c:\programmer\mozilla firefox\components\xpinstal.dll
.

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*BemÊrk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"SiS Windows KeyHook"="c:\windows\System32\keyhook.exe" [2004-05-20 249856]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"ATIPTA"="c:\programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-24 339968]
"DAEMON Tools-1033"="c:\programmer\D-Tools\daemon.exe" [2004-08-22 81920]
"ATICCC"="c:\programmer\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2005-03-04 88209]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-07-01 73728]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\ALCWZRD.EXE [2004-07-06 2550272]

c:\documents and settings\HP_Ejer\Menuen Start\Programmer\Start\
Corel Registration.lnk - c:\programmer\Corel\Graphics9\Register\Remind32.exe [2005-3-3 67584]

c:\documents and settings\All Users\Menuen Start\Programmer\Start\
HP Digital Imaging Monitor.lnk - c:\programmer\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-29 241664]
NETGEAR WN111v2 Smart Wizard.lnk - c:\programmer\NETGEAR\WN111v2\WN111V2.exe [2008-5-9 1474631]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\a2service.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ArcaCheck.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\arcavir.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashDisp.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashEnhcd.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashServ.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashUpd.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\aswUpdSv.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avcls.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avz.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avz4.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avz_se.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdinit.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\caav.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\caavguiscan.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\casecuritycenter.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ccupdate.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfp.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfpupdat.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cmdagent.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DRWEB32.EXE]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FAMEH32.EXE]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FPAVServer.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fpscan.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FPWin.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsav32.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsgk32st.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FSMA32.EXE]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guardxservice.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guardxup.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navigator.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NAVSTUB.EXE]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Nvcc.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\outpost.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\preupd.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pskdr.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SfFnUp.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Vba32arkit.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vba32ldr.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Zanda.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zapro.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Zlh.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zoneband.dll]
"Debugger"=ntsd -d

[HKLM\~\startupfolder\c:^documents and settings^all users^menuen start^programmer^start^adobe reader hurtigstart.lnk]
path=c:\documents and settings\All Users\Menuen Start\Programmer\Start\Adobe Reader Hurtigstart.lnk
backup=c:\windows\pss\Adobe Reader Hurtigstart.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"JavaQuickStarterService"=2 (0x2)
"SNDSrvc"=3 (0x3)
"ose"=3 (0x3)
"iPodService"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmer\\Messenger\\msmsgs.exe"=
"c:\\Programmer\\Autodesk\\3dsMax8\\3dsmax.exe"=
"c:\\Programmer\\Autodesk\\backburner\\monitor.exe"=
"c:\\Programmer\\Autodesk\\backburner\\manager.exe"=
"c:\\Programmer\\Autodesk\\backburner\\server.exe"=
"c:\\Programmer\\SmartFTP\\SmartFTP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 89fd950;89fd950; [x]
S1 aswsp;avast! Self Protection; [x]
S2 aswfsblk;aswfsblk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S3 dnindis5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.SYS [2003-07-24 17149]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Ujafrofb

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\autorun.exe
.
- - - - TOMME GENVEJE FJERNET - - - -

BHO-{fe887f31-69c0-4a97-937f-e76930556d3b} - (no file)
HKCU-Run-Sonic RecordNow! - (no file)
HKLM-Run-VTTimer - VTTimer.exe
Notify-gebspnlb - geBspnLb.dll


.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DA_DK&c=Q404&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DA_DK&c=Q404&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
IE: Bloker alle billeder fra den samme server - c:\programmer\Avant Browser\AddAllToADBlackList.htm
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Marker forekomster af ord p denne side - c:\programmer\Avant Browser\Highlight.htm
IE: S¯g p ord - c:\programmer\Avant Browser\Search.htm
IE: Tilf¯j til AD Black List - c:\programmer\Avant Browser\AddToADBlackList.htm
IE: ≈ben alle links p denne side... - c:\programmer\Avant Browser\OpenAllLinks.htm
DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} - hxxps://www.sparlolland.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab
FF - ProfilePath -

---- FIREFOX POLITIKKER ----
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("backups.number_of_prefs_copies", 1);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("browser.link.open_newwindow.ui", 3); // prefs UI version
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.closed", "allAccess");
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.document", "allAccess");
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.frames", "allAccess");
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.history", "allAccess");
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.length", "allAccess");
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.opener", "allAccess");
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.parent", "allAccess");
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.self", "allAccess");
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.top", "allAccess");
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.window", "allAccess");
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.DOMParser,parseFromString", "noAccess");
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.DOMParser,parseFromStream", "noAccess");
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("dom.disable_window_open_feature.status",      false);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("advanced.always_load_images",        true);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.protocol-handler.external.help", false);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.http.connect.timeout",  30);    // in seconds
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.http.request.timeout", 120);    // in seconds
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.IDN_show_punycode", true);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.image.imageBehavior",        0); // 0-Accept, 1-dontAcceptForeign, 2-dontUse
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.cookie.cookieBehavior",      3); // 0-Accept, 1-dontAcceptForeign, 2-dontUse, 3-p3p
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel",            1); // 0=low, 1=medium, 2=high, 3=custom
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.enablePad",                  false); // Allow client to do proxy autodiscovery
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("app.id", "{ec8030f7-c20a-464f-9b0e-13a3a9e97384}");
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("app.version",
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("app.extensions.version", "1.0");
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("app.build_id",
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.autoUpdateEnabled", true);    // Whether or not background app updates
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.url", "chrome://mozapps/locale/update/update.properties");
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.updatesAvailable", false);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.lastUpdateDate", 0);          // UTC offset when last App update was
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.performed", false);            // Whether or not an update has been
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.autoUpdateEnabled", true);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.autoUpdate", false);    // Automatically download and install
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.interval", 604800000);  // Check for updates to Extensions and
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.lastUpdateDate", 0);    // UTC offset when last Extension/Theme
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.severity.threshold", 5);// The number of pending Extension/Theme
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.count", 0);            // The number of extension/theme/etc
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("update.interval", 3600000);              // Check each of the above intervals
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("update.showSlidingNotification", true);  // Windows-only slide-up taskbar
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("update.severity", 0);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("general.useragent.vendor", "Firefox");
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("general.useragent.vendorSub",
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.update.resetHomepage",        false);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.startup.homepage_override.1", false);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.turbo.enabled", false);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://browser/content/searchconfig.properties");
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom",  "chrome://browser/content/searchconfig.properties");
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("update_notifications.enabled", true);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("update_notifications.provider.0.frequency", 7); // number of days
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.xul.error_pages.enabled", false);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("pfs.datasource.url", "chrome://mozapps/locale/plugins/plugins.properties");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-20 10:53
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 


c:\windows\system32\drivers\str.sys 0 bytes
c:\windows\system32\drivers\rjjasotfffv.sys 31104 bytes executable

scanning gennemf¯rt med succes
skjulte filer: 2

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\gyuwcubnkcii]
"ImagePath"="\??\c:\windows\system32\drivers\rjjasotfffv.sys"
--

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SamSsRpcSs]
"ImagePath"="c:\windows\system32\activedsy.exe srv"
.
--------------------- DLLs startet under k¯rende Processer ---------------------

- - - - - - - > 'winlogon.exe'(1156)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Andre k¯rende processer ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\acs.exe
c:\programmer\FÊlles filer\Autodesk Shared\Service\AdskScSrv.exe
c:\windows\system32\drivers\CDANTSRV.EXE
c:\programmer\FÊlles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programmer\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
c:\windows\system32\wdfmgr.exe
.
**************************************************************************
.
Gennemf¯rt tid: 2009-04-20 10:56 - maskinen blev genstartet
ComboFix-quarantined-files.txt  2009-04-20 08:56

Pre-K¯rsel: 135.457.615.872 byte ledig
Post-K¯rsel: 136.051.482.624 byte ledig

369    --- E O F ---    2009-03-12 02:00
Avatar billede arkil Nybegynder
21. april 2009 - 12:31 #28
Opret lige først en Backup af reg basen.
Start > Kør > Skriv regedit > Klik ok > Marker øverst "Denne computer" > Ud i filer > Eksporter > Giv din backup et navn.
Husk at deaktiver Avast før du kører Combofix.

Åbn et Notesblokvindue, kopiér indholdet med fed skrift ind i dokumentet, og gem indholdet samme sted, som Combofix ligger med navnet CFScript.txt Når du gemmer, skal du sikre, at der under "filtyper" står "alle filer".


Killall::
File::
c:\windows\system32\accessn.dll
c:\windows\system32\283006063.dat
c:\windows\system32\drivers\str.sys
c:\windows\system32\drivers\rjjasotfffv.sys
c:\windows\system32\activedsy.exe srv
RootKit::
c:\windows\system32\accessn.dll
c:\windows\system32\283006063.dat
c:\windows\system32\drivers\str.sys
c:\windows\system32\drivers\rjjasotfffv.sys
c:\windows\system32\activedsy.exe srv
Driver::
89fd950
Registry::
[-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\gyuwcubnkcii]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SamSsRpcSs]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\a2service.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ArcaCheck.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\arcavir.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashDisp.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashEnhcd.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashServ.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashUpd.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\aswUpdSv.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avcls.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avz.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avz4.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avz_se.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdinit.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\caav.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\caavguiscan.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\casecuritycenter.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ccupdate.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfp.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfpupdat.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cmdagent.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DRWEB32.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FAMEH32.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FPAVServer.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fpscan.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FPWin.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsav32.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsgk32st.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FSMA32.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guardxservice.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guardxup.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navigator.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NAVSTUB.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Nvcc.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\outpost.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\preupd.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pskdr.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SfFnUp.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Vba32arkit.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vba32ldr.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Zanda.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zapro.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Zlh.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zoneband.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
"Ujafrofb"=-




Tag så fat i den nye fil med musen, og før den hen over ikonet for Combofix, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif
Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Kopier den logfil  herind.

PS: Gør lige det her, inden du kører CFScript.txt:
Højreklik på Avast ikonet, og vælg 'Settings'. Sæt det flueben, som er markeret med et rødt kryds på billedet her:
http://img.photobucket.com/albums/v666/sUBs/Avast.gif
Avatar billede 11cd Nybegynder
28. april 2009 - 10:04 #29
Hej

Efter en mindre pause grundet et voldsomt arbejdspres er jeg nu tilbage på mission PC-anti virus. Jeg håber, at I fortsat er med mig?

Ang. Avast, så starter den slet ikke mere automatisk mere og jeg kan heller ikke få den til det ved at geninstallere programmet?

Jeg har kørt ComboFix på den måde, som I har fortalt mig. Det gik også udenmærket bort set fra, at den endte med at skrive "filer var ikke ventet pö dette tidspunkt."? Kan det være fordi at Avast har fjernet et eller andet under mine bestræbelser på at få Avast til at virke igen?

Loggen åbnede ikke automatisk, men jeg fandt den i mappen:

ComboFix 09-04-27.03 - HP_Ejer 28-04-2009  9:44:48.2 - NTFSx86

Microsoft Windows XP Home Edition  5.1.2600.3.1252.45.1030.18.2047.1631 [GMT 2:00]

K¯rer fra: C:\Documents and Settings\HP_Ejer\Skrivebord\ComboFix.exe

Kommandoer benyttet :: C:\ComboFix\CFScript.txt

* Dannede nyt systemgendannelsespunkt

.



(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))

.



C:\WINDOWS\system32\drivers\str.sys

.

---- Forrige K¯rsel -------

.

C:\Documents and Settings\HP_Ejer\Lokale indstillinger\Temporary Internet Files\CPV.stt

C:\Programmer\FÊlles filer\download

C:\Programmer\FÊlles filer\inetget

C:\Programmer\FÊlles filer\windows

C:\Programmer\FÊlles filer\windows\AutoIt3.exe

C:\Programmer\FÊlles filer\windows\psapi.dll

C:\WINDOWS\system32\acrnxbvc.ini

C:\WINDOWS\system32\activedsy.exe

C:\WINDOWS\system32\agxqub.dll

C:\WINDOWS\system32\ancwsolv.ini

C:\WINDOWS\system32\atxtdxaq.ini

C:\WINDOWS\system32\bhhhhutn.ini

C:\WINDOWS\system32\btjixysm.ini

C:\WINDOWS\system32\ccuoguek.ini

C:\WINDOWS\system32\crypts.dll

C:\WINDOWS\system32\digiwet.dll

C:\WINDOWS\system32\dnxtfukg.ini

C:\WINDOWS\system32\dvenjndn.ini

C:\WINDOWS\system32\dvxynpcp.ini

C:\WINDOWS\system32\ebbnvdvk.ini

C:\WINDOWS\system32\igafwpav.ini

C:\WINDOWS\system32\ijsgoufx.ini

C:\WINDOWS\system32\inctefrl.ini

C:\WINDOWS\system32\jkobtgop.ini

C:\WINDOWS\system32\lcnkrokl.ini

C:\WINDOWS\system32\lmiecxpf.ini

C:\WINDOWS\system32\loesvfvk.ini

C:\WINDOWS\system32\lubaquqi.ini

C:\WINDOWS\system32\lvdcvlja.ini

C:\WINDOWS\system32\ncskbvkj.dll

C:\WINDOWS\system32\nwypwims.ini

C:\WINDOWS\system32\ohrgohfd.dll

C:\WINDOWS\system32\oqhnlssh.ini

C:\WINDOWS\system32\pfmsjthk.ini

C:\WINDOWS\system32\ptsotlls.ini

C:\WINDOWS\system32\pxhwptio.ini

C:\WINDOWS\system32\pYJlonpo.ini

C:\WINDOWS\system32\pYJlonpo.ini2

C:\WINDOWS\system32\qfotvnrd.ini

C:\WINDOWS\system32\qmnxfyfy.dll

C:\WINDOWS\system32\rqviacqf.dll

C:\WINDOWS\system32\rtxwyqrv.ini

C:\WINDOWS\system32\rxtwehtm.ini

C:\WINDOWS\system32\skdmrg.dll

C:\WINDOWS\system32\sxavyvts.ini

C:\WINDOWS\system32\sxkedfrg.ini

C:\WINDOWS\system32\ucvheqkh.ini

C:\WINDOWS\system32\udwwsnpu.ini

C:\WINDOWS\system32\uokbeciy.ini

C:\WINDOWS\system32\vunkquiv.ini

C:\WINDOWS\system32\wsbnnl.dll

C:\WINDOWS\system32\yzqpwr.dll

D:\Autorun.inf

C:\WINDOWS\system32\drivers\str.sys . . . . lykkedes ikke at slette



.

(((((((((((((((((((((((((((((((((((((((  Drivers/Tjenester  )))))))))))))))))))))))))))))))))))))))))))))))))

.



-------\Legacy_SAMSSRPCSS

-------\Service_SamSsRpcSs





(((((((((((((((((((((((((((((  Filer skabt fra 2009-05-28 til 2009-4-28  )))))))))))))))))))))))))))))))))))

.



2009-04-28 07:20:53 . 2009-04-28 07:20:53    0    d-----w    C:\WINDOWS\LastGood

2009-04-27 14:44:21 . 2006-06-29 11:07:36    14048    ------w    C:\WINDOWS\system32\spmsg2.dll

2009-04-27 14:39:07 . 2009-04-27 14:44:03    0    d-----w    C:\WINDOWS\system32\XPSViewer

2009-04-27 14:39:02 . 2009-04-27 14:39:03    0    d-----w    C:\Programmer\MSBuild

2009-04-27 14:38:55 . 2009-04-27 14:38:55    0    d-----w    C:\Programmer\Reference Assemblies

2009-04-27 14:38:31 . 2008-07-06 12:06:10    117760    ------w    C:\WINDOWS\system32\prntvpt.dll

2009-04-27 14:38:31 . 2008-07-06 12:06:10    89088    -c----w    C:\WINDOWS\system32\dllcache\filterpipelineprintproc.dll

2009-04-27 14:38:31 . 2008-07-06 10:50:03    597504    -c----w    C:\WINDOWS\system32\dllcache\printfilterpipelinesvc.exe

2009-04-27 14:38:31 . 2008-07-06 12:06:10    575488    -c----w    C:\WINDOWS\system32\dllcache\xpsshhdr.dll

2009-04-27 14:38:31 . 2008-07-06 12:06:10    575488    ------w    C:\WINDOWS\system32\xpsshhdr.dll

2009-04-27 14:38:30 . 2008-07-06 12:06:10    1676288    -c----w    C:\WINDOWS\system32\dllcache\xpssvcs.dll

2009-04-27 14:38:30 . 2008-07-06 12:06:10    1676288    ------w    C:\WINDOWS\system32\xpssvcs.dll

2009-04-27 14:38:30 . 2009-04-27 14:38:42    0    d-----w    C:\5050073f2bc7af8add

2009-04-20 08:57:40 . 2009-02-06 10:10:02    227840    -c----w    C:\WINDOWS\system32\dllcache\wmiprvse.exe

2009-04-20 08:57:39 . 2009-03-06 14:20:58    284672    -c----w    C:\WINDOWS\system32\dllcache\pdh.dll

2009-04-20 08:57:39 . 2009-02-09 11:25:40    110592    -c----w    C:\WINDOWS\system32\dllcache\services.exe

2009-04-20 08:57:39 . 2009-02-09 10:53:27    401408    -c----w    C:\WINDOWS\system32\dllcache\rpcss.dll

2009-04-20 08:57:39 . 2009-02-09 10:53:27    473600    -c----w    C:\WINDOWS\system32\dllcache\fastprox.dll

2009-04-20 08:57:39 . 2009-02-09 10:53:27    682496    -c----w    C:\WINDOWS\system32\dllcache\advapi32.dll

2009-04-20 08:57:39 . 2009-02-09 10:53:28    730624    -c----w    C:\WINDOWS\system32\dllcache\lsasrv.dll

2009-04-20 08:57:38 . 2009-02-09 10:53:26    453120    -c----w    C:\WINDOWS\system32\dllcache\wmiprvsd.dll

2009-04-20 08:57:38 . 2009-02-09 10:53:27    719360    -c----w    C:\WINDOWS\system32\dllcache\ntdll.dll

2009-04-20 08:56:37 . 2008-04-21 21:15:43    217088    -c----w    C:\WINDOWS\system32\dllcache\wordpad.exe

2009-04-20 08:37:19 . 2009-04-20 08:38:22    86    --s-a-w    C:\WINDOWS\system32\283006063.dat

2009-04-17 10:20:13 . 2009-04-17 10:20:13    0    d-----w    C:\Documents and Settings\HP_Ejer\Application Data\Malwarebytes

2009-04-17 10:20:10 . 2009-04-06 13:32:46    15504    ----a-w    C:\WINDOWS\system32\drivers\mbam.sys

2009-04-17 10:20:07 . 2009-04-06 13:32:54    38496    ----a-w    C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2009-04-17 10:20:05 . 2009-04-17 10:20:05    0    d-----w    C:\Documents and Settings\All Users\Application Data\Malwarebytes

2009-04-17 10:20:05 . 2009-04-17 10:23:21    0    d-----w    C:\Programmer\Malwarebytes' Anti-Malware

2009-04-16 14:31:30 . 2009-04-16 14:31:30    578560    -c--a-w    C:\WINDOWS\system32\dllcache\user32.dll

2009-04-16 14:28:14 . 2009-04-16 14:28:29    0    d-----w    C:\WINDOWS\ERUNT

2009-04-16 14:24:14 . 2009-04-17 07:14:34    0    d-----w    C:\SDFix

2009-04-16 09:45:42 . 2009-04-16 09:45:42    0    d-----w    C:\Documents and Settings\HP_Ejer\DoctorWeb

2009-04-16 08:56:13 . 2009-04-16 08:56:13    0    d--h--r    C:\Documents and Settings\All Users\Application Data\Atheros

2009-04-16 08:54:31 . 2009-04-16 08:54:31    0    d-----w    C:\Programmer\NETGEAR

2009-04-16 08:54:15 . 2009-04-16 08:54:15    0    d-----w    C:\Documents and Settings\All Users\Application Data\NETGEAR

2009-04-14 11:09:20 . 2009-04-14 11:09:20    0    d-----w    C:\Programmer\Alwil Software

2009-04-03 11:02:58 . 2009-04-03 11:02:58    0    d-----w    C:\Programmer\CCleaner



.

((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-28 07:17:08 . 2004-12-10 14:39:04    71800    ----a-w    C:\Documents and Settings\HP_Ejer\Lokale indstillinger\Application Data\GDIPFONTCACHEV1.DAT

2009-04-27 14:42:21 . 2004-01-01 15:22:23    84224    ----a-w    C:\WINDOWS\system32\perfc006.dat

2009-04-27 14:42:21 . 2004-01-01 15:22:23    460698    ----a-w    C:\WINDOWS\system32\perfh006.dat

2009-04-16 08:56:11 . 2004-01-01 09:27:01    0    d--h--w    C:\Programmer\InstallShield Installation Information

2009-04-14 12:30:43 . 2005-11-30 14:55:24    0    d-----w    C:\Programmer\Freeprod Toolbar

2009-04-14 11:09:02 . 2005-12-02 09:15:10    0    d-----w    C:\Programmer\NaviSearch

2009-04-14 11:09:00 . 2005-12-02 09:15:08    0    d-----w    C:\Programmer\BullsEye Network

2009-04-14 11:02:50 . 2004-01-01 07:07:11    0    d-----w    C:\Programmer\Symantec

2009-04-14 11:02:47 . 2004-01-01 07:07:19    0    d-----w    C:\Programmer\FÊlles filer\Symantec Shared

2009-04-03 10:44:36 . 2004-01-01 08:05:16    0    d-----w    C:\Programmer\Java

2009-03-27 19:22:00 . 2009-03-26 12:19:00    283    ----a-w    C:\WINDOWS\system32\ub.dat

2009-03-09 03:19:08 . 2009-03-05 14:39:48    410984    ----a-w    C:\WINDOWS\system32\deploytk.dll

2009-03-06 14:20:58 . 2004-01-01 14:25:58    284672    ----a-w    C:\WINDOWS\system32\pdh.dll

2009-03-06 09:17:54 . 2004-01-01 07:30:40    80647    ----a-w    C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\index.dat

2009-02-20 08:11:52 . 2004-11-11 18:50:08    667648    ----a-w    C:\WINDOWS\system32\wininet.dll

2009-02-20 08:11:51 . 2004-08-27 00:53:34    81920    ------w    C:\WINDOWS\system32\ieencode.dll

2009-02-10 17:08:50 . 2002-09-09 21:07:24    2068608    ----a-w    C:\WINDOWS\system32\ntkrnlpa.exe

2009-02-09 14:07:12 . 2004-01-01 15:22:15    1846784    ----a-w    C:\WINDOWS\system32\win32k.sys

2009-02-09 11:26:05 . 2004-01-01 15:22:05    2191616    ----a-w    C:\WINDOWS\system32\ntoskrnl.exe

2009-02-09 11:25:40 . 2004-01-01 14:26:10    110592    ----a-w    C:\WINDOWS\system32\services.exe

2009-02-09 10:53:28 . 2004-01-01 15:22:00    730624    ----a-w    C:\WINDOWS\system32\lsasrv.dll

2009-02-09 10:53:27 . 2005-01-03 13:23:06    401408    ----a-w    C:\WINDOWS\system32\rpcss.dll

2009-02-09 10:53:27 . 2004-01-01 15:22:04    719360    ----a-w    C:\WINDOWS\system32\ntdll.dll

2009-02-09 10:53:27 . 2004-01-01 14:19:22    682496    ----a-w    C:\WINDOWS\system32\advapi32.dll

2009-02-06 10:39:08 . 2004-01-01 14:26:09    35328    ----a-w    C:\WINDOWS\system32\sc.exe

2009-02-03 19:58:19 . 2004-01-01 14:26:09    56832    ----a-w    C:\WINDOWS\system32\secur32.dll

2005-05-11 17:34:00 . 2005-06-30 12:04:46    41578    ----a-w    C:\Programmer\mozilla firefox\components\jar50.dll

2005-05-11 17:34:00 . 2005-06-30 12:04:47    48228    ----a-w    C:\Programmer\mozilla firefox\components\jsd3250.dll

2005-05-11 17:34:00 . 2005-06-30 12:04:46    159340    ----a-w    C:\Programmer\mozilla firefox\components\xpinstal.dll

.



(((((((((((((((((((((((((((((  SnapShot@2009-04-20_08.53.17  )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-07-29 19:10:04 . 2008-07-29 19:10:04    26112              C:\WINDOWS\system32\TsWpfWrp.exe

- 2005-01-27 10:23:30 . 2007-08-10 07:14:24    26488              C:\WINDOWS\system32\spupdsvc.exe

+ 2005-01-27 10:23:30 . 2007-11-30 11:18:51    26488              C:\WINDOWS\system32\spupdsvc.exe

+ 2009-04-27 14:38:41 . 2008-07-06 12:06:10    89088              C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

+ 2004-01-01 07:02:18 . 2002-10-16 15:57:10    81920              C:\WINDOWS\system32\ReinstallBackups\0018\DriverFiles\ps2.bat

+ 2004-01-01 07:17:21 . 2002-10-16 15:57:10    81920              C:\WINDOWS\system32\ReinstallBackups\0017\DriverFiles\ps2.bat

+ 2004-01-01 07:08:24 . 2002-10-16 15:57:10    81920              C:\WINDOWS\system32\ReinstallBackups\0016\DriverFiles\ps2.bat

+ 2004-01-01 07:15:11 . 2002-10-16 15:57:10    81920              C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\ps2.bat

+ 2004-01-01 07:08:27 . 2002-10-16 15:57:10    81920              C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\ps2.bat

+ 2004-01-01 07:14:39 . 2002-10-16 15:57:10    81920              C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\ps2.bat

+ 2004-12-08 12:03:47 . 2002-10-16 15:57:10    81920              C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\ps2.bat

+ 2004-01-01 07:11:45 . 2002-10-16 15:57:10    81920              C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\ps2.bat

+ 2004-01-01 09:00:34 . 2002-10-16 15:57:10    81920              C:\WINDOWS\system32\ps2.bat

+ 2008-07-29 17:59:58 . 2008-07-29 17:59:58    43544              C:\WINDOWS\system32\PresentationHostProxy.dll

+ 2004-01-01 15:22:06 . 2009-04-27 14:42:21    72712              C:\WINDOWS\system32\perfc009.dat

+ 2008-07-25 09:17:04 . 2008-07-25 09:17:04    15360              C:\WINDOWS\system32\mui\0409\mscorees.dll

+ 2008-09-10 15:43:58 . 2008-09-10 15:43:58    15872              C:\WINDOWS\system32\mui\0406\mscorees.dll

- 2005-01-03 13:23:07 . 2008-04-14 16:05:27    91648              C:\WINDOWS\system32\mtxoci.dll

+ 2005-01-03 13:23:07 . 2008-06-12 14:23:34    91648              C:\WINDOWS\system32\mtxoci.dll

+ 2005-01-03 13:23:07 . 2008-06-12 14:23:34    66560              C:\WINDOWS\system32\mtxclu.dll

- 2005-01-03 13:23:07 . 2008-04-14 16:05:27    66560              C:\WINDOWS\system32\mtxclu.dll

+ 2004-01-01 14:25:36 . 2008-06-12 14:23:34    58880              C:\WINDOWS\system32\msdtclog.dll

- 2004-01-01 14:25:36 . 2008-04-14 16:05:25    58880              C:\WINDOWS\system32\msdtclog.dll

+ 2004-01-01 07:28:58 . 2004-02-11 21:26:00    19429              C:\WINDOWS\system32\MsDtc\Trace\msdtcvtr.bat

+ 2008-07-25 09:16:58 . 2008-07-25 09:16:58    83968              C:\WINDOWS\system32\mscories.dll

+ 2008-07-29 17:24:50 . 2008-07-29 17:24:50    97800              C:\WINDOWS\system32\infocardapi.dll

+ 2008-07-29 17:24:50 . 2008-07-29 17:24:50    11264              C:\WINDOWS\system32\icardres.dll

+ 2008-07-29 19:10:04 . 2008-07-29 19:10:04    73720              C:\WINDOWS\system32\dxva2.dll

- 2009-04-14 11:09:48 . 2009-02-05 20:05:11    26944              C:\WINDOWS\system32\drivers\aavmker4.sys

+ 2009-04-20 13:43:05 . 2009-02-05 20:05:11    26944              C:\WINDOWS\system32\drivers\aavmker4.sys

- 2009-04-14 11:09:49 . 2009-02-05 20:06:20    51376              C:\WINDOWS\system32\drivers\aswTdi.sys

+ 2009-04-20 13:43:05 . 2009-02-05 20:06:20    51376              C:\WINDOWS\system32\drivers\aswTdi.sys

- 2009-04-14 11:09:50 . 2009-02-05 20:06:10    23152              C:\WINDOWS\system32\drivers\aswRdr.sys

+ 2009-04-20 13:43:06 . 2009-02-05 20:06:10    23152              C:\WINDOWS\system32\drivers\aswRdr.sys

+ 2009-04-20 13:43:03 . 2009-02-05 20:08:10    94032              C:\WINDOWS\system32\drivers\aswmon2.sys

- 2009-04-14 11:09:42 . 2009-02-05 20:08:10    94032              C:\WINDOWS\system32\drivers\aswmon2.sys

- 2009-04-14 11:09:42 . 2009-02-05 20:08:19    93296              C:\WINDOWS\system32\drivers\aswmon.sys

+ 2009-04-20 13:43:03 . 2009-02-05 20:08:19    93296              C:\WINDOWS\system32\drivers\aswmon.sys

- 2009-04-14 11:09:43 . 2009-02-05 20:07:12    20560              C:\WINDOWS\system32\drivers\aswFsBlk.sys

+ 2009-04-20 13:43:03 . 2009-02-05 20:07:12    20560              C:\WINDOWS\system32\drivers\aswFsBlk.sys

+ 2009-02-03 19:58:19 . 2009-02-03 19:58:19    56832              C:\WINDOWS\system32\dllcache\secur32.dll

+ 2004-01-01 14:26:09 . 2009-02-06 10:39:08    35328              C:\WINDOWS\system32\dllcache\sc.exe

+ 2008-06-12 14:23:34 . 2008-06-12 14:23:34    91648              C:\WINDOWS\system32\dllcache\mtxoci.dll

+ 2008-06-12 14:23:34 . 2008-06-12 14:23:34    66560              C:\WINDOWS\system32\dllcache\mtxclu.dll

+ 2008-06-12 14:23:34 . 2008-06-12 14:23:34    58880              C:\WINDOWS\system32\dllcache\msdtclog.dll

+ 2009-02-20 08:11:51 . 2009-02-20 08:11:51    81920              C:\WINDOWS\system32\dllcache\ieencode.dll

+ 2008-07-25 09:16:46 . 2008-07-25 09:16:46    96760              C:\WINDOWS\system32\dfshim.dll

+ 2004-01-01 07:33:29 . 2009-04-20 14:34:48    32768              C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Temporary Internet Files\Content.IE5\index.dat

- 2004-01-01 07:33:29 . 2009-04-20 08:52:51    32768              C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Temporary Internet Files\Content.IE5\index.dat

- 2004-01-01 07:33:29 . 2009-04-20 08:52:51    32768              C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Oversigt\History.IE5\index.dat

+ 2004-01-01 07:33:29 . 2009-04-20 14:34:48    32768              C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Oversigt\History.IE5\index.dat

- 2004-01-01 07:33:29 . 2009-04-20 08:52:51    16384              C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

+ 2004-01-01 07:33:29 . 2009-04-20 14:34:48    16384              C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

- 2009-04-14 11:09:46 . 2009-02-05 20:04:45    97480              C:\WINDOWS\system32\AvastSS.scr

+ 2009-04-20 13:43:03 . 2009-02-05 20:04:45    97480              C:\WINDOWS\system32\AvastSS.scr

+ 2008-07-29 21:40:48 . 2008-07-29 21:40:48    70648              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

+ 2008-07-29 21:40:48 . 2008-07-29 21:40:48    91136              C:\WINDOWS\Microsoft.NET\Framework\v3.5\MSBuild.exe

+ 2008-07-29 21:40:48 . 2008-07-29 21:40:48    41984              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft.VisualC.STLCLR.dll

+ 2008-07-29 21:40:48 . 2008-07-29 21:40:48    40960              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft.Data.Entity.Build.Tasks.dll

+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    89080              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.2052.dll

+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    92664              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1042.dll

+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    95224              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1041.dll

+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    89592              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1028.dll

+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    84480              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.2052.dll

+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    94720              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1042.dll

+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    97792              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1041.dll

+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    84992              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1028.dll

+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    97280              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\DeleteTemp.exe

+ 2008-10-21 19:02:30 . 2008-10-21 19:02:30    97280              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - dan\DeleteTemp.exe

+ 2008-10-23 05:21:28 . 2008-10-23 05:21:28    27912              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - dan\baseline.dat

+ 2008-07-29 21:40:48 . 2008-07-29 21:40:48    95224              C:\WINDOWS\Microsoft.NET\Framework\v3.5\EdmGen.exe

+ 2008-07-29 21:40:48 . 2008-07-29 21:40:48    78856              C:\WINDOWS\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe

+ 2008-10-23 05:23:32 . 2008-10-23 05:23:32    43864              C:\WINDOWS\Microsoft.NET\Framework\v3.5\da\MSBuild.resources.exe

+ 2008-10-23 05:23:32 . 2008-10-23 05:23:32    19288              C:\WINDOWS\Microsoft.NET\Framework\v3.5\da\EdmGen.Resources.dll

+ 2008-10-23 05:23:32 . 2008-10-23 05:23:32    16224              C:\WINDOWS\Microsoft.NET\Framework\v3.5\da\DataSvcUtil.resources.dll

+ 2008-07-29 21:40:48 . 2008-07-29 21:40:48    41984              C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInUtil.exe

+ 2008-07-29 21:40:48 . 2008-07-29 21:40:48    41992              C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInProcess32.exe

+ 2008-07-29 21:40:48 . 2008-07-29 21:40:48    41992              C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInProcess.exe

+ 2008-07-29 19:10:04 . 2008-07-29 19:10:04    46104              C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

+ 2008-07-29 17:59:58 . 2008-07-29 17:59:58    32768              C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationCFFRasterizer.dll

+ 2008-07-29 19:10:04 . 2008-07-29 19:10:04    71160              C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PenIMC.dll

+ 2008-07-29 17:32:52 . 2008-07-29 17:32:52    17448              C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\PerformanceCounterInstaller.exe

+ 2008-07-29 17:16:38 . 2008-07-29 17:16:38    32768              C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll

+ 2008-07-29 17:16:38 . 2008-07-29 17:16:38    73728              C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.Install.dll

+ 2008-07-29 17:16:38 . 2008-07-29 17:16:38    20504              C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceMonikerSupport.dll

+ 2008-07-29 17:16:38 . 2008-07-29 17:16:38    11280              C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll

+ 2008-10-23 04:02:16 . 2008-10-23 04:02:16    32768              C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\da\WsatConfig.resources.dll

+ 2008-10-23 04:02:16 . 2008-10-23 04:02:16    10240              C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\da\SMSvcHost.resources.dll

+ 2008-10-23 04:02:16 . 2008-10-23 04:02:16    28672              C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\da\ServiceModelReg.resources.dll

+ 2008-10-23 04:02:16 . 2008-10-23 04:02:16    32768              C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\da\ComSvcConfig.resources.dll

+ 2008-07-25 09:17:02 . 2008-07-25 09:17:02    37896              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll

+ 2008-07-25 09:17:02 . 2008-07-25 09:17:02    81400              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL

+ 2008-07-25 09:17:02 . 2008-07-25 09:17:02    77824              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll

+ 2008-07-25 09:17:02 . 2008-07-25 09:17:02    57392              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll

- 2005-09-23 05:28:56 . 2005-09-23 05:28:56    81920              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll

+ 2008-07-25 09:17:00 . 2008-07-25 09:17:00    81920              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll

+ 2008-07-25 09:17:00 . 2008-07-25 09:17:00    81920              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll

- 2005-09-23 05:28:56 . 2005-09-23 05:28:56    81920              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll

+ 2008-07-25 09:17:04 . 2008-07-25 09:17:04    95232              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll

+ 2008-07-25 09:17:02 . 2008-07-25 09:17:02    16896              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll

+ 2008-07-25 09:17:06 . 2008-07-25 09:17:06    61952              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe

- 2005-09-23 05:28:56 . 2005-09-23 05:28:56    32768              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

+ 2008-07-25 09:17:00 . 2008-07-25 09:17:00    32768              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

+ 2008-07-25 09:17:00 . 2008-07-25 09:17:00    53248              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

- 2005-09-23 05:28:56 . 2005-09-23 05:28:56    53248              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

+ 2008-07-25 09:17:02 . 2008-07-25 09:17:02    88584              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll

+ 2008-07-25 09:17:02 . 2008-07-25 09:17:02    24584              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\normalization.dll

+ 2008-07-25 09:17:04 . 2008-07-25 09:17:04    31744              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll

+ 2008-09-10 15:43:58 . 2008-09-10 15:43:58    31744              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MUI\0406\mscorsecr.dll

+ 2008-07-25 09:17:02 . 2008-07-25 09:17:02    19456              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscortim.dll

+ 2008-07-25 09:17:02 . 2008-07-25 09:17:02    69632              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

+ 2008-07-25 09:16:58 . 2008-07-25 09:16:58    18944              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll

+ 2008-07-25 09:17:00 . 2008-07-25 09:17:00    77312              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll

+ 2008-07-25 09:17:00 . 2008-07-25 09:17:00    94208              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorld.dll

+ 2008-07-25 09:17:00 . 2008-07-25 09:17:00    46592              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll

+ 2008-07-25 09:17:00 . 2008-07-25 09:17:00    83456              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll

+ 2008-07-25 09:16:56 . 2008-07-25 09:16:56    69632              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe

- 2005-09-23 05:28:48 . 2005-09-23 05:28:48    69632              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe

+ 2008-07-25 09:16:40 . 2008-07-25 09:16:40    97792              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll

- 2005-09-23 05:28:30 . 2005-09-23 05:28:30    12800              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

+ 2008-07-25 09:16:38 . 2008-07-25 09:16:38    12800              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

+ 2008-07-25 09:16:38 . 2008-07-25 09:16:38    32768              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll

- 2005-09-23 05:28:30 . 2005-09-23 05:28:30    32768              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll

- 2005-09-23 05:28:30 . 2005-09-23 05:28:30    28672              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll

+ 2008-07-25 09:16:38 . 2008-07-25 09:16:38    28672              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll

+ 2008-07-25 09:16:56 . 2008-07-25 09:16:56    77824              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll

+ 2008-07-25 09:16:56 . 2008-07-25 09:16:56    36864              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll

- 2005-09-23 05:28:48 . 2005-09-23 05:28:48    36864              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll

- 2005-09-23 05:28:48 . 2005-09-23 05:28:48    40960              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe

+ 2008-07-25 09:16:54 . 2008-07-25 09:16:54    40960              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe

+ 2008-07-25 09:17:00 . 2008-07-25 09:17:00    72192              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll

- 2005-09-23 05:28:56 . 2005-09-23 05:28:56    72192              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll

+ 2008-07-25 09:17:00 . 2008-07-25 09:17:00    65032              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll

+ 2008-07-25 09:17:00 . 2008-07-25 09:17:00    28672              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe

- 2005-09-23 05:28:56 . 2005-09-23 05:28:56    28672              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe

+ 2008-07-25 09:17:00 . 2008-07-25 09:17:00    77824              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEHost.dll

+ 2008-07-25 09:16:58 . 2008-07-25 09:16:58    18936              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fusion.dll

+ 2008-07-25 09:16:46 . 2008-07-25 09:16:46    62968              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfdll.dll

+ 2008-09-10 15:43:58 . 2008-09-10 15:43:58    81920              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\System.Web.Services.resources.dll

+ 2008-09-10 15:43:58 . 2008-09-10 15:43:58    36864              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\System.Web.Mobile.resources.dll

+ 2008-09-10 15:43:58 . 2008-09-10 15:43:58    16384              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\System.Transactions.resources.dll

+ 2008-09-10 15:43:58 . 2008-09-10 15:43:58    40960              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\System.ServiceProcess.resources.dll

+ 2008-09-10 15:43:58 . 2008-09-10 15:43:58    28672              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\System.Security.resources.dll

+ 2008-09-10 15:43:58 . 2008-09-10 15:43:58    11264              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\System.Runtime.Serialization.Formatters.Soap.resources.dll

+ 2008-09-10 15:43:58 . 2008-09-10 15:43:58    32768              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\System.Runtime.Remoting.resources.dll

+ 2008-09-10 15:43:58 . 2008-09-10 15:43:58    77824              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\System.Messaging.resources.dll

+ 2008-09-10 15:43:58 . 2008-09-10 15:43:58    12800              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\System.Management.resources.dll

+ 2008-09-10 15:43:58 . 2008-09-10 15:43:58    32768              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\System.EnterpriseServices.resources.dll

+ 2008-09-10 15:43:58 . 2008-09-10 15:43:58    24576              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\System.Drawing.resources.dll

+ 2008-09-10 15:43:58 . 2008-09-10 15:43:58    40960              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\System.DirectoryServices.resources.dll

+ 2008-09-10 15:43:58 . 2008-09-10 15:43:58    16896              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\System.DirectoryServices.Protocols.resources.dll

+ 2008-09-10 15:43:58 . 2008-09-10 15:43:58    36864              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\system.data.sqlxml.resources.dll

+ 2008-09-10 15:43:58 . 2008-09-10 15:43:58    49152              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\System.Configuration.resources.dll

+ 2008-09-10 15:43:58 . 2008-09-10 15:43:58    28672              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\System.Configuration.Install.resources.dll

+ 2008-09-10 15:43:58 . 2008-09-10 15:43:58    10240              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\sysglobl.resources.dll

+ 2008-09-10 15:43:58 . 2008-09-10 15:43:58    95232              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\ShFusRes.dll

+ 2008-09-10 15:43:58 . 2008-09-10 15:43:58    11264              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\Regasm.Resources.dll

+ 2008-09-10 15:43:58 . 2008-09-10 15:43:58    12800              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\MSBuild.resources.dll

+ 2008-09-10 15:44:00 . 2008-09-10 15:44:00    57344              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\Microsoft.VisualBasic.resources.dll

+ 2008-09-10 15:43:56 . 2008-09-10 15:43:56    45056              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\Microsoft.JScript.resources.dll

+ 2008-09-10 15:43:58 . 2008-09-10 15:43:58    10240              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\Microsoft.Build.Utilities.Resources.dll

+ 2008-09-10 15:43:58 . 2008-09-10 15:43:58    53248              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\Microsoft.Build.Engine.resources.dll

+ 2008-09-10 15:43:58 . 2008-09-10 15:43:58    36864              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\caspol.resources.dll

+ 2008-09-10 15:43:50 . 2008-09-10 15:43:50    36864              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\aspnet_regsql.resources.dll

+ 2008-09-10 15:43:50 . 2008-09-10 15:43:50    90624              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\aspnet_rc.dll

+ 2008-07-25 09:16:50 . 2008-07-25 09:16:50    35320              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

+ 2008-07-25 09:17:00 . 2008-07-25 09:17:00    69120              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll

+ 2008-07-25 09:17:02 . 2008-07-25 09:17:02    27136              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Culture.dll

- 2005-09-23 05:28:42 . 2005-09-23 05:28:42    13312              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll

+ 2008-07-25 09:16:50 . 2008-07-25 09:16:50    13312              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll

+ 2008-07-25 09:16:50 . 2008-07-25 09:16:50    80376              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe

+ 2008-07-25 09:17:00 . 2008-07-25 09:17:00    89608              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll

+ 2008-11-25 02:59:18 . 2008-11-25 02:59:18    31560              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe

+ 2008-07-25 09:16:40 . 2008-07-25 09:16:40    34312              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

+ 2008-07-25 09:16:40 . 2008-07-25 09:16:40    33288              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe

+ 2008-07-25 09:16:40 . 2008-07-25 09:16:40    24576              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe

+ 2008-07-25 09:16:38 . 2008-07-25 09:16:38    84480              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll

+ 2008-07-25 09:16:40 . 2008-07-25 09:16:40    33800              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll

+ 2008-07-25 09:16:40 . 2008-07-25 09:16:40    17416              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll

+ 2008-07-25 09:16:40 . 2008-07-25 09:16:40    22024              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll

+ 2008-07-25 09:16:40 . 2008-07-25 09:16:40    36864              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe

- 2005-09-23 05:28:32 . 2005-09-23 05:28:32    36864              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe

+ 2008-07-25 09:17:02 . 2008-07-25 09:17:02    58880              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe

+ 2008-07-25 09:16:44 . 2008-07-25 09:16:44    98808              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\alink.dll

+ 2008-07-25 09:17:00 . 2008-07-25 09:17:00    10752              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll

- 2005-09-23 05:28:56 . 2005-09-23 05:28:56    10752              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll

+ 2008-07-25 09:16:50 . 2008-07-25 09:16:50    13824              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll

+ 2008-07-25 09:16:42 . 2008-07-25 09:16:42    28672              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll

+ 2008-09-10 15:43:54 . 2008-09-10 15:43:54    14336              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1030\CvtResUI.dll

+ 2008-09-10 15:43:52 . 2008-09-10 15:43:52    30720              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1030\alinkui.dll

+ 2008-07-25 09:16:58 . 2008-07-25 09:16:58    96768              C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll

+ 2008-07-25 09:17:02 . 2008-07-25 09:17:02    16896              C:\WINDOWS\Microsoft.NET\Framework\SharedReg12.dll

+ 2008-07-25 09:17:02 . 2008-07-25 09:17:02    16896              C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_perfcounter.dll

+ 2008-07-25 09:17:02 . 2008-07-25 09:17:02    16896              C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_mscorwks.dll

+ 2008-07-25 09:16:58 . 2008-07-25 09:16:58    16896              C:\WINDOWS\Microsoft.NET\Framework\sbscmp10.dll

+ 2008-07-25 09:16:58 . 2008-07-25 09:16:58    82944              C:\WINDOWS\Microsoft.NET\Framework\NETFXSBS10.exe

+ 2009-04-27 14:38:31 . 2008-07-06 12:06:10    89088              C:\WINDOWS\Driver Cache\i386\filterpipelineprintproc.dll

+ 2009-04-27 14:47:03 . 2009-04-27 14:47:03    60928              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\a715aa442ef87ae99b3ade185599249d\UIAutomationProvider.ni.dll

+ 2009-04-27 14:51:26 . 2009-04-27 14:51:26    37888              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\423f794d1f4ed6e120fbb02e436491cb\System.Windows.Presentation.ni.dll

+ 2009-04-27 14:51:15 . 2009-04-27 14:51:15    36864              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\19ca1747c1ea18a3b639b302bca8df93\System.Web.DynamicData.Design.ni.dll

+ 2009-04-27 14:49:37 . 2009-04-27 14:49:37    94208              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\532438e2acfcadc469a4d468c51f8451\System.ComponentModel.DataAnnotations.ni.dll

+ 2009-04-27 14:49:36 . 2009-04-27 14:49:36    82944              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\597b20e1b053d6a510cfe033c07a63e6\System.AddIn.Contract.ni.dll

+ 2009-04-27 14:45:23 . 2009-04-27 14:45:23    47104              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\2d7408a0232f2e2efd0d7adf5dfa733a\PresentationFontCache.ni.exe

+ 2009-04-27 14:44:57 . 2009-04-27 14:44:57    39424              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\c8fd2d9233f8ea3031fb16f697635231\PresentationCFFRasterizer.ni.dll

+ 2009-04-27 14:50:48 . 2009-04-27 14:50:48    55296              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\790cf1edb17ee41b59be62ecbd59613b\Microsoft.Vsa.ni.dll

+ 2009-04-27 14:49:26 . 2009-04-27 14:49:26    65024              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e9aba2eab90d647356f65e66053da02b\Microsoft.Build.Framework.ni.dll

+ 2009-04-27 14:49:14 . 2009-04-27 14:49:14    74752              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\28343d470d992f169ca0e7cdb3cc3117\Microsoft.Build.Framework.ni.dll

+ 2009-04-27 14:49:13 . 2009-04-27 14:49:13    14336              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\dfsvc\f4e38208e88cb4cc314a1d6543b9fcc6\dfsvc.ni.exe

+ 2009-04-27 14:49:11 . 2009-04-27 14:49:11    25600              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\11eb4f6606ba01e5128805759121ea6c\Accessibility.ni.dll

+ 2009-04-27 14:39:05 . 2009-04-27 14:39:05    94208              C:\WINDOWS\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll

+ 2009-04-27 14:44:04 . 2009-04-27 14:44:04    86016              C:\WINDOWS\assembly\GAC_MSIL\WindowsBase.resources\3.0.0.0_da_31bf3856ad364e35\WindowsBase.resources.dll

+ 2009-04-27 14:39:01 . 2009-04-27 14:39:01    98304              C:\WINDOWS\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll

+ 2009-04-27 14:44:04 . 2009-04-27 14:44:04    10240              C:\WINDOWS\assembly\GAC_MSIL\UIAutomationTypes.resources\3.0.0.0_da_31bf3856ad364e35\UIAutomationTypes.resources.dll

+ 2009-04-27 14:39:01 . 2009-04-27 14:39:01    40960              C:\WINDOWS\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll

+ 2009-04-27 14:44:03 . 2009-04-27 14:44:03    12288              C:\WINDOWS\assembly\GAC_MSIL\UIAutomationClientsideProviders.resources\3.0.0.0_da_31bf3856ad364e35\UIAutomationClientsideProviders.resources.dll

+ 2009-04-27 14:44:03 . 2009-04-27 14:44:03    36864              C:\WINDOWS\assembly\GAC_MSIL\system.workflow.runtime.resources\3.0.0.0_da_31bf3856ad364e35\System.Workflow.Runtime.resources.dll

+ 2009-04-27 14:39:59 . 2009-04-27 14:39:59    12288              C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Presentation\3.5.0.0__b77a5c561934e089\System.Windows.Presentation.dll

+ 2009-04-27 14:43:44 . 2009-04-27 14:43:44    81920              C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services.resources\2.0.0.0_da_b03f5f7f11d50a3a\System.Web.Services.resources.dll

+ 2009-04-27 14:40:03 . 2009-04-27 14:40:03    61440              C:\WINDOWS\assembly\GAC_MSIL\System.Web.Routing\3.5.0.0__31bf3856ad364e35\System.Web.Routing.dll

+ 2009-04-27 14:41:54 . 2009-04-27 14:41:54    77824              C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

+ 2009-04-27 14:43:54 . 2009-04-27 14:43:54    36864              C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile.resources\2.0.0.0_da_b03f5f7f11d50a3a\System.Web.Mobile.resources.dll

+ 2009-04-27 14:44:13 . 2009-04-27 14:44:13    45056              C:\WINDOWS\assembly\GAC_MSIL\System.Web.Extensions.Design.resources\3.5.0.0_da_31bf3856ad364e35\System.Web.Extensions.Design.Resources.dll

+ 2009-04-27 14:44:13 . 2009-04-27 14:44:13    24576              C:\WINDOWS\assembly\GAC_MSIL\System.Web.Entity.resources\3.5.0.0_da_b77a5c561934e089\System.Web.Entity.Resources.dll

+ 2009-04-27 14:44:13 . 2009-04-27 14:44:13    20480              C:\WINDOWS\assembly\GAC_MSIL\System.Web.Entity.Design.resources\3.5.0.0_da_b77a5c561934e089\System.Web.Entity.Design.Resources.dll

+ 2009-04-27 14:44:13 . 2009-04-27 14:44:13    15872              C:\WINDOWS\assembly\GAC_MSIL\System.Web.DynamicData.resources\3.5.0.0_da_31bf3856ad364e35\System.Web.DynamicData.Resources.dll

+ 2009-04-27 14:40:02 . 2009-04-27 14:40:02    32768              C:\WINDOWS\assembly\GAC_MSIL\System.Web.DynamicData.Design\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll

+ 2009-04-27 14:40:01 . 2009-04-27 14:40:01    77824              C:\WINDOWS\assembly\GAC_MSIL\System.Web.Abstractions\3.5.0.0__31bf3856ad364e35\System.Web.Abstractions.dll

+ 2009-04-27 14:43:50 . 2009-04-27 14:43:50    16384              C:\WINDOWS\assembly\GAC_MSIL\System.Transactions.resources\2.0.0.0_da_b77a5c561934e089\System.Transactions.resources.dll

+ 2009-04-27 14:44:03 . 2009-04-27 14:44:03    61440              C:\WINDOWS\assembly\GAC_MSIL\System.Speech.resources\3.0.0.0_da_31bf3856ad364e35\System.Speech.resources.dll

+ 2009-04-27 14:43:50 . 2009-04-27 14:43:50    40960              C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_da_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll

+ 2009-04-27 14:44:11 . 2009-04-27 14:44:11    69632              C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel.Web.resources\3.5.0.0_da_31bf3856ad364e35\System.ServiceModel.Web.resources.dll

+ 2009-04-27 14:38:59 . 2009-04-27 14:38:59    32768              C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll

+ 2009-04-27 14:38:58 . 2009-04-27 14:38:59    73728              C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll

+ 2009-04-27 14:44:05 . 2009-04-27 14:44:05    32768              C:\WINDOWS\assembly\GAC_MSIL\system.servicemodel.install.resources\3.0.0.0_da_b77a5c561934e089\System.ServiceModel.Install.Resources.dll

+ 2009-04-27 14:43:43 . 2009-04-27 14:43:43    28672              C:\WINDOWS\assembly\GAC_MSIL\System.Security.resources\2.0.0.0_da_b03f5f7f11d50a3a\System.Security.resources.dll

+ 2009-04-27 14:44:05 . 2009-04-27 14:44:05    94208              C:\WINDOWS\assembly\GAC_MSIL\system.runtime.serialization.resources\3.0.0.0_da_b77a5c561934e089\System.RunTime.Serialization.Resources.dll

+ 2009-04-27 14:43:50 . 2009-04-27 14:43:50    11264              C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_da_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll

+ 2009-04-27 14:43:49 . 2009-04-27 14:43:50    32768              C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_da_b77a5c561934e089\System.Runtime.Remoting.resources.dll

+ 2009-04-27 14:44:03 . 2009-04-27 14:44:03    28672              C:\WINDOWS\assembly\GAC_MSIL\System.Printing.resources\3.0.0.0_da_31bf3856ad364e35\System.Printing.resources.dll

+ 2009-04-27 14:44:14 . 2009-04-27 14:44:14    28672              C:\WINDOWS\assembly\GAC_MSIL\System.Net.resources\3.5.0.0_da_b03f5f7f11d50a3a\System.Net.Resources.dll

+ 2009-04-27 14:43:53 . 2009-04-27 14:43:53    77824              C:\WINDOWS\assembly\GAC_MSIL\System.Messaging.resources\2.0.0.0_da_b03f5f7f11d50a3a\System.Messaging.resources.dll

+ 2009-04-27 14:43:49 . 2009-04-27 14:43:49    12800              C:\WINDOWS\assembly\GAC_MSIL\system.management.resources\2.0.0.0_da_b03f5f7f11d50a3a\System.Management.resources.dll

+ 2009-04-27 14:44:13 . 2009-04-27 14:44:13    10752              C:\WINDOWS\assembly\GAC_MSIL\System.Management.Instrumentation.resources\3.5.0.0_da_b77a5c561934e089\System.Management.Instrumentation.Resources.dll

+ 2009-04-27 14:44:05 . 2009-04-27 14:44:05    20480              C:\WINDOWS\assembly\GAC_MSIL\system.io.log.resources\3.0.0.0_da_b03f5f7f11d50a3a\System.IO.Log.Resources.dll

+ 2009-04-27 14:44:04 . 2009-04-27 14:44:04    53248              C:\WINDOWS\assembly\GAC_MSIL\system.identitymodel.selectors.resources\3.0.0.0_da_b77a5c561934e089\System.IdentityModel.Selectors.Resources.dll

+ 2009-04-27 14:44:05 . 2009-04-27 14:44:05    61440              C:\WINDOWS\assembly\GAC_MSIL\system.identitymodel.resources\3.0.0.0_da_b77a5c561934e089\System.IdentityModel.Resources.dll

+ 2009-04-27 14:43:49 . 2009-04-27 14:43:49    32768              C:\WINDOWS\assembly\GAC_MSIL\System.EnterpriseServices.resources\2.0.0.0_da_b03f5f7f11d50a3a\System.EnterpriseServices.resources.dll

+ 2009-04-27 14:43:53 . 2009-04-27 14:43:53    24576              C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.resources\2.0.0.0_da_b03f5f7f11d50a3a\System.Drawing.resources.dll

- 2006-10-12 23:26:56 . 2006-10-12 23:26:56    81920              C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

+ 2009-04-27 14:41:55 . 2009-04-27 14:41:55    81920              C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

+ 2009-04-27 14:43:43 . 2009-04-27 14:43:43    40960              C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.resources\2.0.0.0_da_b03f5f7f11d50a3a\System.DirectoryServices.resources.dll

+ 2009-04-27 14:43:44 . 2009-04-27 14:43:44    16896              C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols.resources\2.0.0.0_da_b03f5f7f11d50a3a\System.DirectoryServices.Protocols.resources.dll

+ 2009-04-27 14:44:12 . 2009-04-27 14:44:12    36864              C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement.resources\3.5.0.0_da_b77a5c561934e089\System.DirectoryServices.AccountManagement.resources.dll

+ 2009-04-27 14:43:48 . 2009-04-27 14:43:48    36864              C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml.resources\2.0.0.0_da_b77a5c561934e089\system.data.sqlxml.resources.dll

+ 2009-04-27 14:44:12 . 2009-04-27 14:44:12    65536              C:\WINDOWS\assembly\GAC_MSIL\System.Data.Services.resources\3.5.0.0_da_b77a5c561934e089\System.Data.Services.resources.dll

+ 2009-04-27 14:44:11 . 2009-04-27 14:44:11    32768              C:\WINDOWS\assembly\GAC_MSIL\System.Data.Services.Client.resources\3.5.0.0_da_b77a5c561934e089\System.Data.Services.Client.resources.dll

+ 2009-04-27 14:44:12 . 2009-04-27 14:44:12    53248              C:\WINDOWS\assembly\GAC_MSIL\System.Data.Linq.resources\3.5.0.0_da_b77a5c561934e089\System.Data.Linq.Resources.dll

+ 2009-04-27 14:44:13 . 2009-04-27 14:44:13    15360              C:\WINDOWS\assembly\GAC_MSIL\System.Data.Entity.Design.resources\3.5.0.0_da_b77a5c561934e089\System.Data.Entity.Design.Resources.dll

+ 2009-04-27 14:39:57 . 2009-04-27 14:39:57    53248              C:\WINDOWS\assembly\GAC_MSIL\System.Data.DataSetExtensions\3.5.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll

+ 2009-04-27 14:44:13 . 2009-04-27 14:44:13    57344              C:\WINDOWS\assembly\GAC_MSIL\System.Core.resources\3.5.0.0_da_b77a5c561934e089\System.Core.Resources.dll

+ 2009-04-27 14:43:51 . 2009-04-27 14:43:52    49152              C:\WINDOWS\assembly\GAC_MSIL\system.configuration.resources\2.0.0.0_da_b03f5f7f11d50a3a\System.Configuration.resources.dll

- 2006-10-12 23:26:54 . 2006-10-12 23:26:54    81920              C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

+ 2009-04-27 14:42:07 . 2009-04-27 14:42:07    81920              C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

+ 2009-04-27 14:43:47 . 2009-04-27 14:43:47    28672              C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install.resources\2.0.0.0_da_b03f5f7f11d50a3a\System.Configuration.Install.resources.dll

+ 2009-04-27 14:40:00 . 2009-04-27 14:40:00    57344              C:\WINDOWS\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\3.5.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll

+ 2009-04-27 14:39:55 . 2009-04-27 14:39:55    45056              C:\WINDOWS\assembly\GAC_MSIL\System.AddIn.Contract\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll

+ 2009-04-27 14:43:51 . 2009-04-27 14:43:51    10240              C:\WINDOWS\assembly\GAC_MSIL\sysglobl.resources\2.0.0.0_da_b03f5f7f11d50a3a\sysglobl.resources.dll

+ 2009-04-27 14:44:03 . 2009-04-27 14:44:03    40960              C:\WINDOWS\assembly\GAC_MSIL\ReachFramework.resources\3.0.0.0_da_31bf3856ad364e35\ReachFramework.resources.dll

+ 2009-04-27 14:39:04 . 2009-04-27 14:39:04    46104              C:\WINDOWS\assembly\GAC_MSIL\PresentationFontCache\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe

+ 2009-04-27 14:38:59 . 2009-04-27 14:38:59    32768              C:\WINDOWS\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll

+ 2009-04-27 14:44:03 . 2009-04-27 14:44:03    49152              C:\WINDOWS\assembly\GAC_MSIL\PresentationBuildTasks.resources\3.0.0.0_da_31bf3856ad364e35\PresentationBuildTasks.resources.dll

- 2006-10-12 23:26:48 . 2006-10-12 23:26:48    32768              C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

+ 2009-04-27 14:41:59 . 2009-04-27 14:41:59    32768              C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

+ 2009-04-27 14:42:01 . 2009-04-27 14:42:01    12800              C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

- 2006-10-12 23:26:48 . 2006-10-12 23:26:49    12800              C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

+ 2009-04-27 14:39:52 . 2009-04-27 14:39:52    41984              C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\1.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll

- 2006-10-12 23:26:47 . 2006-10-12 23:26:47    28672              C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

+ 2009-04-27 14:42:01 . 2009-04-27 14:42:01    28672              C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

+ 2009-04-27 14:43:55 . 2009-04-27 14:43:55    57344              C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_da_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll

+ 2009-04-27 14:44:04 . 2009-04-27 14:44:04    28672              C:\WINDOWS\assembly\GAC_MSIL\microsoft.transactions.bridge.resources\3.0.0.0_da_b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Resources.dll

+ 2009-04-27 14:43:42 . 2009-04-27 14:43:42    45056              C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Jscript.resources\8.0.0.0_da_b03f5f7f11d50a3a\Microsoft.JScript.resources.dll

+ 2009-04-27 14:42:05 . 2009-04-27 14:42:05    77824              C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

+ 2009-04-27 14:39:54 . 2009-04-27 14:39:54    94208              C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v3.5.dll

+ 2009-04-27 14:44:12 . 2009-04-27 14:44:12    11264              C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5.resources\3.5.0.0_da_b03f5f7f11d50a3a\Microsoft.Build.Utilities.v3.5.resources.dll

+ 2009-04-27 14:43:46 . 2009-04-27 14:43:46    10240              C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities.resources\2.0.0.0_da_b03f5f7f11d50a3a\Microsoft.Build.Utilities.Resources.dll

+ 2009-04-27 14:39:53 . 2009-04-27 14:39:53    36864              C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

+ 2009-04-27 14:42:04 . 2009-04-27 14:42:04    36864              C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

- 2006-10-12 23:26:51 . 2006-10-12 23:26:51    36864              C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

+ 2009-04-27 14:44:12 . 2009-04-27 14:44:12    65536              C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine.resources\3.5.0.0_da_b03f5f7f11d50a3a\Microsoft.Build.Engine.resources.dll

+ 2009-04-27 14:43:45 . 2009-04-27 14:43:45    53248              C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine.resources\2.0.0.0_da_b03f5f7f11d50a3a\Microsoft.Build.Engine.resources.dll

+ 2009-04-27 14:44:12 . 2009-04-27 14:44:12    11776              C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Conversion.v3.5.resources\3.5.0.0_da_b03f5f7f11d50a3a\Microsoft.Build.Conversion.v3.5.resources.dll

+ 2009-04-27 14:41:58 . 2009-04-27 14:41:58    77824              C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

+ 2009-04-27 14:41:57 . 2009-04-27 14:41:57    13312              C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

- 2006-10-12 23:26:50 . 2006-10-12 23:26:50    13312              C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

+ 2009-04-27 14:41:57 . 2009-04-27 14:41:57    10752              C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

- 2006-10-12 23:26:53 . 2006-10-12 23:26:53    10752              C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

+ 2009-04-27 14:42:00 . 2009-04-27 14:42:00    72192              C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

- 2006-10-12 23:27:05 . 2006-10-12 23:27:05    72192              C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

+ 2009-04-27 14:41:57 . 2009-04-27 14:41:57    69120              C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

+ 2009-04-27 14:41:57 . 2009-04-27 14:41:57    8192              C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll

+ 2008-05-05 05:25:06 . 2008-05-05 05:25:06    3072              C:\WINDOWS\system32\xpsp4res.dll

+ 2009-03-03 19:21:57 . 2008-01-18 15:13:09    2247              C:\WINDOWS\ServicePackFiles\i386\tscdsbl.bat

+ 2008-07-29 21:40:48 . 2008-07-29 21:40:48    5632              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Sentinel.v3.5Client.dll

+ 2008-10-23 05:23:32 . 2008-10-23 05:23:32    5632              C:\WINDOWS\Microsoft.NET\Framework\v3.5\da\Microsoft.Data.Entity.Build.Tasks.Resources.dll

+ 2008-07-25 09:16:38 . 2008-07-25 09:16:38    7168              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll

- 2005-09-23 05:28:30 . 2005-09-23 05:28:30    7168              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll

- 2005-09-23 05:29:10 . 2005-09-23 05:29:10    5632              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll

+ 2008-07-25 09:17:16 . 2008-07-25 09:17:16    5632              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll

+ 2008-07-25 09:17:00 . 2008-07-25 09:17:00    6656              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll

+ 2008-07-25 09:17:02 . 2008-07-25 09:17:02    8192              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll

- 2005-09-23 05:28:56 . 2005-09-23 05:28:56    8192              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll

- 2005-09-23 05:28:56 . 2005-09-23 05:28:56    9728              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe

+ 2008-07-25 09:17:00 . 2008-07-25 09:17:00    9728              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe

+ 2008-09-10 15:44:00 . 2008-09-10 15:44:00    9216              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\GAC\DA\Microsoft.VisualBasic.Compatibility.resources.dll

+ 2008-09-10 15:44:00 . 2008-09-10 15:44:00    8704              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\GAC\DA\Microsoft.VisualBasic.Compatibility.Data.resources.dll

+ 2008-07-25 09:16:46 . 2008-07-25 09:16:46    5120              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe

+ 2008-09-10 15:43:58 . 2008-09-10 15:43:58    6144              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\System.Drawing.Design.resources.dll

+ 2008-09-10 15:43:56 . 2008-09-10 15:43:56    7168              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\JSC.resources.dll

+ 2008-09-10 15:43:58 . 2008-09-10 15:43:58    4096              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\InstallUtil.resources.dll

+ 2008-09-10 15:43:50 . 2008-09-10 15:43:50    5632              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\aspnet_regbrowsers.resources.dll

+ 2008-09-10 15:43:50 . 2008-09-10 15:43:50    8192              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\aspnet_compiler.resources.dll

+ 2009-03-03 19:21:57 . 2008-01-18 15:13:09    2247              C:\WINDOWS\Installer\tsclientmsitrans\tscdsbl.bat

+ 2004-10-30 02:20:32 . 2004-02-11 14:26:00    2589              C:\WINDOWS\I386\RUNW32.BAT

+ 2009-04-27 14:44:03 . 2009-04-27 14:44:03    4608              C:\WINDOWS\assembly\GAC_MSIL\WindowsFormsIntegration.resources\3.0.0.0_da_31bf3856ad364e35\WindowsFormsIntegration.resources.dll

+ 2009-04-27 14:44:03 . 2009-04-27 14:44:04    4096              C:\WINDOWS\assembly\GAC_MSIL\UIAutomationProvider.resources\3.0.0.0_da_31bf3856ad364e35\UIAutomationProvider.resources.dll

+ 2009-04-27 14:44:03 . 2009-04-27 14:44:03    4096              C:\WINDOWS\assembly\GAC_MSIL\UIAutomationClient.resources\3.0.0.0_da_31bf3856ad364e35\UIAutomationClient.resources.dll

+ 2009-04-27 14:44:14 . 2009-04-27 14:44:14    7680              C:\WINDOWS\assembly\GAC_MSIL\System.Xml.Linq.resources\3.5.0.0_da_b77a5c561934e089\System.Xml.Linq.Resources.dll

+ 2009-04-27 14:44:14 . 2009-04-27 14:44:14    3584              C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Presentation.resources\3.5.0.0_da_b77a5c561934e089\System.Windows.Presentation.resources.dll

+ 2009-04-27 14:44:14 . 2009-04-27 14:44:14    7168              C:\WINDOWS\assembly\GAC_MSIL\System.Web.Routing.resources\3.5.0.0_da_31bf3856ad364e35\System.Web.Routing.Resources.dll

+ 2009-04-27 14:44:13 . 2009-04-27 14:44:13    4096              C:\WINDOWS\assembly\GAC_MSIL\System.Web.DynamicData.Design.resources\3.5.0.0_da_31bf3856ad364e35\System.Web.DynamicData.Design.Resources.dll

+ 2009-04-27 14:44:13 . 2009-04-27 14:44:13    3584              C:\WINDOWS\assembly\GAC_MSIL\System.Web.Abstractions.resources\3.5.0.0_da_31bf3856ad364e35\System.Web.Abstractions.Resources.dll

+ 2009-04-27 14:43:48 . 2009-04-27 14:43:48    6144              C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design.resources\2.0.0.0_da_b03f5f7f11d50a3a\System.Drawing.Design.resources.dll

+ 2009-04-27 14:44:11 . 2009-04-27 14:44:11    7680              C:\WINDOWS\assembly\GAC_MSIL\System.Data.Services.Design.resources\3.5.0.0_da_b77a5c561934e089\System.Data.Services.Design.resources.dll

+ 2009-04-27 14:44:13 . 2009-04-27 14:44:13    5120              C:\WINDOWS\assembly\GAC_MSIL\System.Data.DataSetExtensions.resources\3.5.0.0_da_b77a5c561934e089\System.Data.DataSetExtensions.Resources.dll

+ 2009-04-27 14:44:13 . 2009-04-27 14:44:13    7680              C:\WINDOWS\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations.resources\3.5.0.0_da_31bf3856ad364e35\System.ComponentModel.DataAnnotations.Resources.dll

+ 2009-04-27 14:44:05 . 2009-04-27 14:44:05    5120              C:\WINDOWS\assembly\GAC_MSIL\smdiagnostics.resources\3.0.0.0_da_b77a5c561934e089\SMDiagnostics.resources.dll

+ 2009-04-27 14:39:54 . 2009-04-27 14:39:54    5632              C:\WINDOWS\assembly\GAC_MSIL\Sentinel.v3.5Client\3.5.0.0__b03f5f7f11d50a3a\Sentinel.v3.5Client.dll

- 2006-10-12 23:26:48 . 2006-10-12 23:26:48    7168              C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

+ 2009-04-27 14:41:58 . 2009-04-27 14:41:58    7168              C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

+ 2009-04-27 14:42:06 . 2009-04-27 14:42:06    5632              C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

- 2006-10-12 23:27:14 . 2006-10-12 23:27:14    5632              C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

+ 2009-04-27 14:43:55 . 2009-04-27 14:43:55    9216              C:\WINDOWS\assembly\GAC_MSIL\microsoft.visualbasic.compatibility.resources\8.0.0.0_da_b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.resources.dll

+ 2009-04-27 14:43:55 . 2009-04-27 14:43:55    8704              C:\WINDOWS\assembly\GAC_MSIL\microsoft.visualbasic.compatibility.data.resources\8.0.0.0_da_b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.resources.dll

+ 2009-04-27 14:44:04 . 2009-04-27 14:44:04    5120              C:\WINDOWS\assembly\GAC_MSIL\microsoft.transactions.bridge.dtc.resources\3.0.0.0_da_b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.Resources.dll

+ 2009-04-27 14:41:58 . 2009-04-27 14:41:59    6656              C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll

+ 2009-04-27 14:41:57 . 2009-04-27 14:41:57    8192              C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

- 2006-10-12 23:27:04 . 2006-10-12 23:27:04    8192              C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

+ 2004-01-01 09:07:06 . 2004-01-01 09:07:06    2566              C:\WINDOWS\$NtUninstallKB810217$\spuninst\spuninst.bat

+ 2009-04-27 14:42:02 . 2009-04-27 14:42:02    113664              C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll

- 2006-10-12 23:26:49 . 2006-10-12 23:26:49    258048              C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll

+ 2009-04-27 14:42:02 . 2009-04-27 14:42:02    258048              C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll

+ 2007-11-07 00:19:32 . 2007-11-07 00:19:32    655872              C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll

+ 2007-11-07 00:19:32 . 2007-11-07 00:19:32    568832              C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll

+ 2007-11-06 19:23:56 . 2007-11-06 19:23:56    224768              C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll

+ 2008-07-25 09:17:20 . 2008-07-25 09:17:20    635904              C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll

+ 2008-07-25 09:17:20 . 2008-07-25 09:17:20    558080              C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcp80.dll

+ 2008-07-25 09:17:20 . 2008-07-25 09:17:20    479232              C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcm80.dll

+ 2008-07-29 19:26:06 . 2008-07-29 19:26:06    301568              C:\WINDOWS\system32\XPSViewer\XPSViewer.exe

- 2004-12-13 09:24:31 . 2008-04-14 16:05:38    354304              C:\WINDOWS\system32\winhttp.dll

+ 2004-12-13 09:24:31 . 2008-12-16 12:32:06    354304              C:\WINDOWS\system32\winhttp.dll

+ 2004-01-01 14:27:26 . 2009-02-06 10:10:02    227840              C:\WINDOWS\system32\wbem\wmiprvse.exe

+ 2004-01-01 14:27:26 . 2009-02-09 10:53:26    453120              C:\WINDOWS\system32\wbem\wmiprvsd.dll

+ 2004-01-01 14:24:34 . 2009-02-09 10:53:27    473600              C:\WINDOWS\system32\wbem\fastprox.dll

+ 2004-11-11 18:50:08 . 2009-02-20 08:11:53    620544              C:\WINDOWS\system32\urlmon.dll

- 2004-11-11 18:50:08 . 2008-10-16 01:01:38    620544              C:\WINDOWS\system32\urlmon.dll

+ 2008-07-29 17:59:58 . 2008-07-29 17:59:58    161296              C:\WINDOWS\system32\UIAutomationCore.dll

+ 2009-04-27 14:38:40 . 2008-07-06 12:06:10    765440              C:\WINDOWS\system32\spool\XPSEP\i386\mxdwdrv.dll

+ 2009-04-27 14:38:40 . 2008-07-06 12:06:10    765440              C:\WINDOWS\system32\spool\XPSEP\i386\i386\mxdwdrv.dll

+ 2009-04-27 14:38:40 . 2008-07-06 12:06:10    748032              C:\WINDOWS\system32\spool\XPSEP\amd64\mxdwdrv.dll

+ 2009-04-27 14:38:40 . 2008-07-06 12:06:10    748032              C:\WINDOWS\system32\spool\XPSEP\amd64\amd64\mxdwdrv.dll

+ 2009-04-27 14:38:41 . 2008-07-06 12:06:10    147456              C:\WINDOWS\system32\spool\prtprocs\x64\filterpipelineprintproc.dll

+ 2
Avatar billede 11cd Nybegynder
28. april 2009 - 10:11 #30
Fortsættes... (den er vildt lang?) :

+ 2009-04-27 14:38:31 . 2008-07-06 10:50:03    597504              C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
- 2004-12-09 12:08:11 . 2007-05-15 08:08:53    761344              C:\WINDOWS\system32\spool\drivers\w32x86\3\unires.dll
+ 2004-12-09 12:08:11 . 2008-03-13 04:52:36    761344              C:\WINDOWS\system32\spool\drivers\w32x86\3\unires.dll
+ 2004-12-09 12:08:12 . 2008-07-06 12:06:10    744960              C:\WINDOWS\system32\spool\drivers\w32x86\3\unidrvui.dll
- 2004-12-09 12:08:12 . 2008-04-14 16:05:36    373248              C:\WINDOWS\system32\spool\drivers\w32x86\3\unidrv.dll
+ 2004-12-09 12:08:12 . 2008-07-06 12:06:10    373248              C:\WINDOWS\system32\spool\drivers\w32x86\3\unidrv.dll
+ 2009-04-27 14:38:31 . 2008-07-06 12:06:10    198656              C:\WINDOWS\system32\spool\drivers\w32x86\3\mxdwdui.dll
+ 2009-04-27 14:38:31 . 2008-07-06 12:06:10    765440              C:\WINDOWS\system32\spool\drivers\w32x86\3\mxdwdrv.dll
+ 2006-08-24 14:15:06 . 2006-08-24 14:15:06    150808              C:\WINDOWS\system32\rgb9rast_2.dll
+ 2008-07-29 17:59:58 . 2008-07-29 17:59:58    781344              C:\WINDOWS\system32\PresentationNative_v0300.dll
+ 2008-07-29 18:35:46 . 2008-07-29 18:35:46    326160              C:\WINDOWS\system32\PresentationHost.exe
+ 2008-07-29 17:59:58 . 2008-07-29 17:59:58    105016              C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
+ 2004-01-01 15:22:07 . 2009-04-27 14:42:21    445506              C:\WINDOWS\system32\perfh009.dat
+ 2005-01-03 13:23:07 . 2008-06-12 14:23:34    161792              C:\WINDOWS\system32\msdtcuiu.dll
- 2005-01-03 13:23:07 . 2008-04-14 16:05:25    161792              C:\WINDOWS\system32\msdtcuiu.dll
- 2005-01-03 13:23:07 . 2008-04-14 16:05:25    956928              C:\WINDOWS\system32\msdtctm.dll
+ 2005-01-03 13:23:07 . 2008-06-12 14:23:34    956928              C:\WINDOWS\system32\msdtctm.dll
+ 2005-01-03 13:23:07 . 2008-06-12 14:23:34    428032              C:\WINDOWS\system32\msdtcprx.dll
+ 2008-07-25 09:16:58 . 2008-07-25 09:16:58    158720              C:\WINDOWS\system32\mscorier.dll
+ 2008-07-25 09:16:58 . 2008-07-25 09:16:58    282112              C:\WINDOWS\system32\mscoree.dll
+ 2008-07-29 17:24:50 . 2008-07-29 17:24:50    622080              C:\WINDOWS\system32\icardagt.exe
+ 2004-01-01 07:25:36 . 2009-04-28 07:16:43    332280              C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-07-29 19:10:04 . 2008-07-29 19:10:04    493048              C:\WINDOWS\system32\evr.dll
+ 2009-04-20 13:43:03 . 2009-02-05 20:07:23    114768              C:\WINDOWS\system32\drivers\aswSP.sys
- 2009-04-14 11:09:42 . 2009-02-05 20:07:23    114768              C:\WINDOWS\system32\drivers\aswSP.sys
- 2009-03-03 19:10:14 . 2008-10-16 01:01:37    667648              C:\WINDOWS\system32\dllcache\wininet.dll
+ 2009-03-03 19:10:14 . 2009-02-20 08:11:52    667648              C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-12-16 12:32:06 . 2008-12-16 12:32:06    354304              C:\WINDOWS\system32\dllcache\winhttp.dll
- 2009-03-03 19:10:12 . 2008-10-16 01:01:38    620544              C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2009-03-03 19:10:12 . 2009-02-20 08:11:53    620544              C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-06-12 14:23:34 . 2008-06-12 14:23:34    161792              C:\WINDOWS\system32\dllcache\msdtcuiu.dll
+ 2008-06-12 14:23:34 . 2008-06-12 14:23:34    956928              C:\WINDOWS\system32\dllcache\msdtctm.dll
+ 2008-06-12 14:23:34 . 2008-06-12 14:23:34    428032              C:\WINDOWS\system32\dllcache\msdtcprx.dll
+ 2008-07-29 21:40:48 . 2008-07-29 21:40:48    196104              C:\WINDOWS\Microsoft.NET\Framework\v3.5\WFServicesReg.exe
+ 2008-07-29 21:40:48 . 2008-07-29 21:40:48    802816              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft.Build.Tasks.v3.5.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    984056              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapUI.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    107512              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    111096              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.3082.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    110072              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.2070.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    106488              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1055.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    105976              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1053.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    107000              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1049.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    107512              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1046.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    109048              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1045.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    106488              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1044.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    108536              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1043.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    110072              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1040.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    111096              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1038.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    101368              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1037.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    112120              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1036.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    106488              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1035.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    113656              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1032.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    111608              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1031.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    108536              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1030.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    108536              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1029.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    102904              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1025.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    689152              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vsscenario.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    413184              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vsbasereqs.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    632320              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs70uimgr.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    110080              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    131584              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.3082.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    131072              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.2070.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    121344              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1055.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    121344              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1053.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    123904              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1049.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    122880              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1046.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    128512              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1045.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    121856              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1044.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    129024              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1043.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    128512              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1040.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    132096              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1038.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    111104              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1037.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    133120              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1036.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    122368              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1035.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    137728              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1032.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    130048              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1031.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    126464              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1030.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    125440              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1029.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    113152              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1025.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    269304              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    177152              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\HtmlLite.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    276984              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\dlmgr.dll
+ 2008-07-29 21:15:24 . 2008-07-29 21:15:24    225490              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\baseline.dat
+ 2008-10-21 19:02:30 . 2008-10-21 19:02:30    984056              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - dan\WapUI.dll
+ 2008-10-23 03:33:54 . 2008-10-23 03:33:54    106304              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - dan\WapRes.dll
+ 2008-10-21 19:02:30 . 2008-10-21 19:02:30    689152              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - dan\vsscenario.dll
+ 2008-10-21 19:02:30 . 2008-10-21 19:02:30    413184              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - dan\vsbasereqs.dll
+ 2008-10-21 19:02:30 . 2008-10-21 19:02:30    632320              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - dan\vs70uimgr.dll
+ 2008-10-23 03:33:54 . 2008-10-23 03:33:54    124232              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - dan\setupres.dll
+ 2008-10-21 19:02:30 . 2008-10-21 19:02:30    269304              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - dan\setup.exe
+ 2008-10-22 06:38:02 . 2008-10-22 06:38:02    181064              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - dan\RebootStub.exe
+ 2008-10-21 19:02:30 . 2008-10-21 19:02:30    177152              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - dan\HtmlLite.dll
+ 2008-10-21 19:02:30 . 2008-10-21 19:02:30    276984              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - dan\dlmgr.dll
+ 2008-10-23 05:23:32 . 2008-10-23 05:23:32    159744              C:\WINDOWS\Microsoft.NET\Framework\v3.5\da\Microsoft.Build.Tasks.v3.5.resources.dll
+ 2008-07-29 21:40:48 . 2008-07-29 21:40:48    233976              C:\WINDOWS\Microsoft.NET\Framework\v3.5\1033\vbc7ui.dll
+ 2008-07-29 21:40:48 . 2008-07-29 21:40:48    168448              C:\WINDOWS\Microsoft.NET\Framework\v3.5\1033\cscompui.dll
+ 2008-10-23 05:23:32 . 2008-10-23 05:23:32    247104              C:\WINDOWS\Microsoft.NET\Framework\v3.5\1030\vbc7ui.dll
+ 2008-10-23 05:23:32 . 2008-10-23 05:23:32    182600              C:\WINDOWS\Microsoft.NET\Framework\v3.5\1030\cscompui.dll
+ 2008-07-29 18:35:46 . 2008-07-29 18:35:46    864256              C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationUI.dll
+ 2008-07-29 17:59:58 . 2008-07-29 17:59:58    132120              C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2008-07-29 19:10:04 . 2008-07-29 19:10:04    806928              C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\NaturalLanguage6.dll
+ 2008-10-23 04:20:08 . 2008-10-23 04:20:08    368640              C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\da\PresentationUI.resources.dll
+ 2008-07-29 17:16:38 . 2008-07-29 17:16:38    152576              C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe
+ 2008-07-29 17:16:38 . 2008-07-29 17:16:38    966656              C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
+ 2008-07-29 17:16:38 . 2008-07-29 17:16:38    132096              C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
+ 2008-07-29 17:16:38 . 2008-07-29 17:16:38    110592              C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2008-07-29 17:16:38 . 2008-07-29 17:16:38    156688              C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe
+ 2008-07-29 17:16:38 . 2008-07-29 17:16:38    163840              C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.Dtc.dll
+ 2008-07-29 17:16:38 . 2008-07-29 17:16:38    397312              C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.dll
+ 2008-07-29 17:24:50 . 2008-07-29 17:24:50    881664              C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
+ 2008-05-14 20:38:44 . 2008-05-14 20:38:44    864256              C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\da\infocard.resources.dll
+ 2008-07-29 17:16:38 . 2008-07-29 17:16:38    168968              C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe
+ 2008-11-25 02:59:18 . 2008-11-25 02:59:18    436040              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2008-07-25 09:17:00 . 2008-07-25 09:17:00    839680              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
+ 2008-07-25 09:17:02 . 2008-07-25 09:17:02    835584              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
- 2005-09-23 05:28:56 . 2005-09-23 05:28:56    835584              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
+ 2008-07-25 09:17:02 . 2008-07-25 09:17:02    261632              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
- 2005-09-23 05:28:56 . 2005-09-23 05:28:56    114688              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
+ 2008-07-25 09:17:00 . 2008-07-25 09:17:00    114688              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
+ 2008-07-25 09:17:00 . 2008-07-25 09:17:00    258048              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
- 2005-09-23 05:28:56 . 2005-09-23 05:28:56    258048              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
- 2005-09-23 05:28:56 . 2005-09-23 05:28:56    131072              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-07-25 09:17:00 . 2008-07-25 09:17:00    131072              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-07-25 09:17:00 . 2008-07-25 09:17:00    303104              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
- 2005-09-23 05:28:56 . 2005-09-23 05:28:56    258048              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
+ 2008-07-25 09:17:00 . 2008-07-25 09:17:00    258048              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
+ 2008-07-25 09:17:00 . 2008-07-25 09:17:00    372736              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
+ 2008-07-25 09:17:02 . 2008-07-25 09:17:02    113664              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
+ 2008-07-25 09:17:02 . 2008-07-25 09:17:02    258048              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
- 2005-09-23 05:28:56 . 2005-09-23 05:28:56    258048              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
+ 2008-07-25 09:17:00 . 2008-07-25 09:17:00    626688              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2008-07-25 09:17:02 . 2008-07-25 09:17:02    188416              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
- 2005-09-23 05:28:56 . 2005-09-23 05:28:56    188416              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
+ 2008-07-25 09:17:00 . 2008-07-25 09:17:00    401408              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
+ 2008-07-25 09:16:46 . 2008-07-25 09:16:46    970752              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
+ 2008-07-25 09:17:02 . 2008-07-25 09:17:02    745472              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
+ 2008-11-25 02:59:40 . 2008-11-25 02:59:40    486400              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
+ 2008-07-25 09:17:02 . 2008-07-25 09:17:02    425984              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
+ 2008-07-25 09:17:02 . 2008-07-25 09:17:02    110592              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
- 2005-09-23 05:28:56 . 2005-09-23 05:28:56    110592              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
+ 2008-07-25 09:17:02 . 2008-07-25 09:17:02    392184              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2008-07-25 09:17:00 . 2008-07-25 09:17:00    118784              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
+ 2008-07-25 09:16:58 . 2008-07-25 09:16:58    143360              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\peverify.dll
+ 2008-07-25 09:17:02 . 2008-07-25 09:17:02    100856              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.exe
+ 2008-07-25 09:17:02 . 2008-07-25 09:17:02    230912              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
+ 2008-07-25 09:17:04 . 2008-07-25 09:17:04    345600              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
+ 2008-07-25 09:17:00 . 2008-07-25 09:17:00    114176              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
+ 2008-11-25 02:59:40 . 2008-11-25 02:59:40    364872              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2008-07-25 09:17:00 . 2008-07-25 09:17:00    308224              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
+ 2008-11-25 02:59:40 . 2008-11-25 02:59:40    990032              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2008-07-25 09:17:12 . 2008-07-25 09:17:12    659456              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
- 2005-09-23 05:29:10 . 2005-09-23 05:29:10    372736              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
+ 2008-07-25 09:17:14 . 2008-07-25 09:17:14    372736              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
- 2005-09-23 05:29:10 . 2005-09-23 05:29:10    110592              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2008-07-25 09:17:14 . 2008-07-25 09:17:14    110592              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2008-07-25 09:16:54 . 2008-07-25 09:16:54    749568              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
+ 2008-07-25 09:16:56 . 2008-07-25 09:16:56    655360              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
+ 2008-07-25 09:16:56 . 2008-07-25 09:16:56    348160              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
+ 2008-07-25 09:17:00 . 2008-07-25 09:17:00    230904              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
+ 2008-07-25 09:17:00 . 2008-07-25 09:17:00    798224              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
+ 2008-07-25 09:17:16 . 2008-07-25 09:17:16    575496              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
+ 2008-09-10 15:43:58 . 2008-09-10 15:43:58    155648              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\System.xml.resources.dll
+ 2008-09-10 15:43:58 . 2008-09-10 15:43:58    409600              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\System.Windows.Forms.resources.dll
+ 2008-09-10 15:43:58 . 2008-09-10 15:43:58    593920              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\System.Web.resources.dll
+ 2008-09-10 15:43:58 . 2008-09-10 15:43:58    200704              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\system.resources.dll
+ 2008-09-10 15:43:58 . 2008-09-10 15:43:58    536576              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\System.Design.resources.dll
+ 2008-09-10 15:43:52 . 2008-09-10 15:43:52    393216              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\System.Deployment.resources.dll
+ 2008-09-10 15:43:58 . 2008-09-10 15:43:58    344064              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\System.Data.resources.dll
+ 2008-09-10 15:43:58 . 2008-09-10 15:43:58    110592              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\System.Data.OracleClient.resources.dll
+ 2008-09-10 15:43:58 . 2008-09-10 15:43:58    380416              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\mscorrc.dll
+ 2008-09-10 15:43:58 . 2008-09-10 15:43:58    299008              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\mscorlib.resources.dll
+ 2008-09-10 15:43:58 . 2008-09-10 15:43:58    135168              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\Microsoft.Build.Tasks.resources.dll
+ 2008-09-10 15:43:50 . 2008-09-10 15:43:50    311296              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\aspnetmmcext.resources.dll
- 2005-09-23 05:28:56 . 2005-09-23 05:28:56    106496              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
+ 2008-07-25 09:17:00 . 2008-07-25 09:17:00    106496              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
+ 2008-07-25 09:16:40 . 2008-07-25 09:16:40    507904              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
- 2005-09-23 05:28:32 . 2005-09-23 05:28:32    106496              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
+ 2008-07-25 09:16:40 . 2008-07-25 09:16:40    106496              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
+ 2008-07-25 09:17:02 . 2008-07-25 09:17:02    147968              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
+ 2008-07-25 09:16:36 . 2008-07-25 09:16:36    218112              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
+ 2008-07-25 09:17:10 . 2008-07-25 09:17:10    193016              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
+ 2008-07-25 09:16:48 . 2008-07-25 09:16:48    145408              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
+ 2008-09-10 15:43:50 . 2008-09-10 15:43:50    232960              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1030\Vsavb7rtUI.dll
+ 2008-09-10 15:44:00 . 2008-09-10 15:44:00    205816              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1030\vbc7ui.dll
+ 2008-09-10 15:43:54 . 2008-09-10 15:43:54    159232              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1030\cscompui.dll
+ 2009-04-27 14:38:31 . 2008-03-13 04:52:36    761344              C:\WINDOWS\Driver Cache\i386\unires.dll
+ 2009-04-27 14:38:31 . 2008-07-06 12:06:10    744960              C:\WINDOWS\Driver Cache\i386\unidrvui.dll
+ 2009-04-27 14:38:31 . 2008-07-06 12:06:10    373248              C:\WINDOWS\Driver Cache\i386\unidrv.dll
+ 2009-04-27 14:38:31 . 2008-07-06 12:06:10    198656              C:\WINDOWS\Driver Cache\i386\mxdwdui.dll
+ 2009-04-27 14:38:31 . 2008-07-06 12:06:10    765440              C:\WINDOWS\Driver Cache\i386\mxdwdrv.dll
+ 2009-04-27 14:49:09 . 2009-04-27 14:49:09    321536              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WsatConfig\2ef5bc3a2edd7570bb23886a4f32294a\WsatConfig.ni.exe
+ 2009-04-27 14:47:05 . 2009-04-27 14:47:05    240128              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\6a818099f0386e2356ae94f886a2196f\WindowsFormsIntegration.ni.dll
+ 2009-04-27 14:47:04 . 2009-04-27 14:47:04    187904              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\a6d9503962d47c722231c1478f180695\UIAutomationTypes.ni.dll
+ 2009-04-27 14:47:01 . 2009-04-27 14:47:01    447488              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\5c028c3d8db6c0f0277673ea4a2d89fb\UIAutomationClient.ni.dll
+ 2009-04-27 14:51:45 . 2009-04-27 14:51:45    400896              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\c338a470b14851ce5987bb0f0869c310\System.Xml.Linq.ni.dll
+ 2009-04-27 14:51:10 . 2009-04-27 14:51:10    129536              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\bb77ea11f46ab438b2b7ed7c180011a1\System.Web.Routing.ni.dll
+ 2009-04-27 14:51:22 . 2009-04-27 14:51:22    202240              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\6ee255220d90dcbe80c990e443051cc5\System.Web.RegularExpressions.ni.dll
+ 2009-04-27 14:51:19 . 2009-04-27 14:51:19    859648              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\58f62044fa702ea6f936071aa5520baa\System.Web.Extensions.Design.ni.dll
+ 2009-04-27 14:51:16 . 2009-04-27 14:51:16    328704              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\79c29ac85dd57dd485ab60118ac292ff\System.Web.Entity.ni.dll
+ 2009-04-27 14:51:17 . 2009-04-27 14:51:17    301056              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\d3d65e34fa60f0b6c72ca0d12ec89933\System.Web.Entity.Design.ni.dll
+ 2009-04-27 14:51:14 . 2009-04-27 14:51:14    547328              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\b7891f5659db299dbd1b3c72db7edb9f\System.Web.DynamicData.ni.dll
+ 2009-04-27 14:51:09 . 2009-04-27 14:51:09    141312              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\00ec08741a765c707bd9169346064a81\System.Web.Abstractions.ni.dll
+ 2009-04-27 14:50:56 . 2009-04-27 14:50:56    627200              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\5a555c9ae6984c40157cf940bb519f7c\System.Transactions.ni.dll
+ 2009-04-27 14:50:55 . 2009-04-27 14:50:55    212992              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\ea3366939280c1715f1c620e33ee3c8a\System.ServiceProcess.ni.dll
+ 2009-04-27 14:49:22 . 2009-04-27 14:49:23    676352              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\1c8df2da33222c048d683017f2095f04\System.Security.ni.dll
+ 2009-04-27 14:50:44 . 2009-04-27 14:50:44    311296              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\bfd6e16d8c3589cd2bd3f8d46f0a5402\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2009-04-27 14:50:49 . 2009-04-27 14:50:49    621056              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Net\519d9c618341b136f9b963ffb7495308\System.Net.ni.dll
+ 2009-04-27 14:50:45 . 2009-04-27 14:50:45    998400              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\8642fdfbf02a6cb6f01169fe6fdb5d11\System.Management.ni.dll
+ 2009-04-27 14:50:43 . 2009-04-27 14:50:43    330752              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management.I#\1d3fbbd23ce1e8637ef4f40a8d23cd32\System.Management.Instrumentation.ni.dll
+ 2009-04-27 14:48:24 . 2009-04-27 14:48:24    381440              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IO.Log\7c367a96b10d626ec8cbf8149272d845\System.IO.Log.ni.dll
+ 2009-04-27 14:48:23 . 2009-04-27 14:48:23    212992              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\68e71147704ef0d34d9a4bece7767fc5\System.IdentityModel.Selectors.ni.dll
+ 2009-04-27 14:50:42 . 2009-04-27 14:50:42    280064              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4267bd908175603006c6c90bb5d900c7\System.EnterpriseServices.Wrapper.dll
+ 2009-04-27 14:50:42 . 2009-04-27 14:50:42    627712              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4267bd908175603006c6c90bb5d900c7\System.EnterpriseServices.ni.dll
+ 2009-04-27 14:46:35 . 2009-04-27 14:46:35    208384              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\18bbe2b6717e7f1d1dd672526e9889ee\System.Drawing.Design.ni.dll
+ 2009-04-27 14:50:41 . 2009-04-27 14:50:41    455680              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c434a07332ce490711c27fd0edb7562f\System.DirectoryServices.Protocols.ni.dll
+ 2009-04-27 14:50:40 . 2009-04-27 14:50:40    881152              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\8b3bb7a2c2f3ffe94c866283f1cd5957\System.DirectoryServices.AccountManagement.ni.dll
+ 2009-04-27 14:50:34 . 2009-04-27 14:50:34    939008              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\a4b887f476fa4b8746a93a9fc2208560\System.Data.Services.Client.ni.dll
+ 2009-04-27 14:50:35 . 2009-04-27 14:50:35    354816              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1cf3acad6553d6c59df576794f4e8bd6\System.Data.Services.Design.ni.dll
+ 2009-04-27 14:50:29 . 2009-04-27 14:50:29    756736              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\392de34573f9f8ec885714f2f3e7f07f\System.Data.Entity.Design.ni.dll
+ 2009-04-27 14:49:38 . 2009-04-27 14:49:38    135680              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\1db495ff00bbd14df4af6680c4de0653\System.Data.DataSetExtensions.ni.dll
+ 2009-04-27 14:49:18 . 2009-04-27 14:49:18    971264              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\b82c00e2d24305ad6cb08556e3779b75\System.Configuration.ni.dll
+ 2009-04-27 14:50:43 . 2009-04-27 14:50:43    141312              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\de514e484e49b04b016949d57ffac03e\System.Configuration.Install.ni.dll
+ 2009-04-27 14:49:36 . 2009-04-27 14:49:36    633856              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.AddIn\ce984d754e3c0b6be4504b785cc43574\System.AddIn.ni.dll
+ 2009-04-27 14:49:09 . 2009-04-27 14:49:09    366080              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMSvcHost\045dd501b7257b1cc26083538ae69045\SMSvcHost.ni.exe
+ 2009-04-27 14:49:07 . 2009-04-27 14:49:07    256000              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9790551187e294b4ed3aaa1c221891c7\SMDiagnostics.ni.dll
+ 2009-04-27 14:49:07 . 2009-04-27 14:49:07    320512              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\10a0c9707876fc1f65e64b811a28b020\ServiceModelReg.ni.exe
+ 2009-04-27 14:45:53 . 2009-04-27 14:45:53    224768              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f475294d8c7dc2dd4febeef27bc0417e\PresentationFramework.Classic.ni.dll
+ 2009-04-27 14:45:54 . 2009-04-27 14:45:54    539648              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8003abaf6bcf70f7eb620d06837e897b\PresentationFramework.Luna.ni.dll
+ 2009-04-27 14:45:53 . 2009-04-27 14:45:53    368128              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\59a67874d8d8475faa5be1d993083d12\PresentationFramework.Aero.ni.dll
+ 2009-04-27 14:45:55 . 2009-04-27 14:45:55    258048              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2c980c9a5051d723c6ec2a78a3d0e2b3\PresentationFramework.Royale.ni.dll
+ 2009-04-27 14:49:14 . 2009-04-27 14:49:14    133632              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\MSBuild\6d38e317128608bc4516ea46ab94590e\MSBuild.ni.exe
+ 2009-04-27 14:49:05 . 2009-04-27 14:49:05    386560              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\1820d6a012fc0e16c3e1d29d973cd2d0\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2009-04-27 14:49:31 . 2009-04-27 14:49:31    144384              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\55b9eff9e23359faed4351386c062238\Microsoft.Build.Utilities.ni.dll
+ 2009-04-27 14:49:32 . 2009-04-27 14:49:32    175104              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\4217124db1ea5de5f1a1f3eea75e8d32\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2009-04-27 14:49:25 . 2009-04-27 14:49:25    839680              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\96825c34d7e1f7df1923ff2123bed8da\Microsoft.Build.Engine.ni.dll
+ 2009-04-27 14:49:24 . 2009-04-27 14:49:24    222720              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\9b321ebf67587237f576df6104a32588\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2009-04-27 14:49:23 . 2009-04-27 14:49:23    220672              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\9bea05938bee3555c5aa8763d89a68f9\CustomMarshalers.ni.dll
+ 2009-04-27 14:49:02 . 2009-04-27 14:49:02    410112              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\12629e2f3e315459bee67cbbaac85cb2\ComSvcConfig.ni.exe
+ 2009-04-27 14:49:12 . 2009-04-27 14:49:13    842240              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\b5b2feadc3943e3976daebc0bcd2b5e2\AspNetMMCExt.ni.dll
+ 2009-04-27 14:39:05 . 2009-04-27 14:39:05    385024              C:\WINDOWS\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2009-04-27 14:39:04 . 2009-04-27 14:39:04    167936              C:\WINDOWS\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2009-04-27 14:43:45 . 2009-04-27 14:43:45    155648              C:\WINDOWS\assembly\GAC_MSIL\System.XML.resources\2.0.0.0_da_b77a5c561934e089\System.xml.resources.dll
+ 2009-04-27 14:39:59 . 2009-04-27 14:39:59    139264              C:\WINDOWS\assembly\GAC_MSIL\System.Xml.Linq\3.5.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2009-04-27 14:39:50 . 2009-04-27 14:39:50    507904              C:\WINDOWS\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll
+ 2009-04-27 14:44:11 . 2009-04-27 14:44:11    102400              C:\WINDOWS\assembly\GAC_MSIL\System.WorkflowServices.resources\3.5.0.0_da_31bf3856ad364e35\System.WorkflowServices.resources.dll
+ 2009-04-27 14:39:02 . 2009-04-27 14:39:02    540672              C:\WINDOWS\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
+ 2009-04-27 14:44:02 . 2009-04-27 14:44:02    307200              C:\WINDOWS\assembly\GAC_MSIL\system.workflow.componentmodel.resources\3.0.0.0_da_31bf3856ad364e35\System.Workflow.ComponentModel.resources.dll
+ 2009-04-27 14:44:02 . 2009-04-27 14:44:02    180224              C:\WINDOWS\assembly\GAC_MSIL\system.workflow.activities.resources\3.0.0.0_da_31bf3856ad364e35\System.Workflow.Activities.resources.dll
+ 2009-04-27 14:43:51 . 2009-04-27 14:43:51    409600              C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_da_b77a5c561934e089\System.Windows.Forms.resources.dll
+ 2009-04-27 14:41:54 . 2009-04-27 14:41:54    839680              C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2009-04-27 14:43:44 . 2009-04-27 14:43:44    593920              C:\WINDOWS\assembly\GAC_MSIL\System.Web.resources\2.0.0.0_da_b03f5f7f11d50a3a\System.Web.resources.dll
- 2006-10-12 23:27:13 . 2006-10-12 23:27:13    835584              C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2009-04-27 14:41:54 . 2009-04-27 14:41:54    835584              C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2009-04-27 14:44:13 . 2009-04-27 14:44:14    626688              C:\WINDOWS\assembly\GAC_MSIL\System.Web.Extensions.resources\3.5.0.0_da_31bf3856ad364e35\System.Web.Extensions.Resources.dll
+ 2009-04-27 14:40:02 . 2009-04-27 14:40:02    335872              C:\WINDOWS\assembly\GAC_MSIL\System.Web.Extensions.Design\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll
+ 2009-04-27 14:43:07 . 2009-04-27 14:43:07    139264              C:\WINDOWS\assembly\GAC_MSIL\System.Web.Entity\3.5.0.0__b77a5c561934e089\System.Web.Entity.dll
+ 2009-04-27 14:39:59 . 2009-04-27 14:39:59    131072              C:\WINDOWS\assembly\GAC_MSIL\System.Web.Entity.Design\3.5.0.0__b77a5c561934e089\System.Web.Entity.Design.dll
+ 2009-04-27 14:43:07 . 2009-04-27 14:43:08    229376              C:\WINDOWS\assembly\GAC_MSIL\System.Web.DynamicData\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.dll
+ 2009-04-27 14:39:04 . 2009-04-27 14:39:04    688128              C:\WINDOWS\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2006-10-12 23:26:56 . 2006-10-12 23:26:56    114688              C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2009-04-27 14:41:59 . 2009-04-27 14:41:59    114688              C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2009-04-27 14:39:49 . 2009-04-27 14:39:49    569344              C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
+ 2009-04-27 14:44:05 . 2009-04-27 14:44:05    450560              C:\WINDOWS\assembly\GAC_MSIL\system.servicemodel.resources\3.0.0.0_da_b77a5c561934e089\System.ServiceModel.Resources.dll
+ 2009-04-27 14:42:02 . 2009-04-27 14:42:02    258048              C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2006-10-12 23:26:53 . 2006-10-12 23:26:53    258048              C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2009-04-27 14:38:56 . 2009-04-27 14:38:56    966656              C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2009-04-27 14:42:03 . 2009-04-27 14:42:03    131072              C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2006-10-12 23:27:10 . 2006-10-12 23:27:10    131072              C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2009-04-27 14:42:03 . 2009-04-27 14:42:03    303104              C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2009-04-27 14:43:53 . 2009-04-27 14:43:53    200704              C:\WINDOWS\assembly\GAC_MSIL\System.resources\2.0.0.0_da_b77a5c561934e089\system.resources.dll
+ 2009-04-27 14:40:01 . 2009-04-27 14:40:01    233472              C:\WINDOWS\assembly\GAC_MSIL\System.Net\3.5.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2006-10-12 23:27:12 . 2006-10-12 23:27:12    258048              C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2009-04-27 14:42:04 . 2009-04-27 14:42:04    258048              C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2009-04-27 14:42:05 . 2009-04-27 14:42:05    372736              C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2009-04-27 14:39:58 . 2009-04-27 14:39:58    143360              C:\WINDOWS\assembly\GAC_MSIL\System.Management.Instrumentation\3.5.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2009-04-27 14:38:56 . 2009-04-27 14:38:56    131072              C:\WINDOWS\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2009-04-27 14:38:56 . 2009-04-27 14:38:56    430080              C:\WINDOWS\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2009-04-27 14:39:07 . 2009-04-27 14:39:07    126976              C:\WINDOWS\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2009-04-27 14:42:04 . 2009-04-27 14:42:04    626688              C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2009-04-27 14:42:01 . 2009-04-27 14:42:01    401408              C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2006-10-12 23:26:55 . 2006-10-12 23:26:55    188416              C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2009-04-27 14:41:56 . 2009-04-27 14:41:56    188416              C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2009-04-27 14:39:51 . 2009-04-27 14:39:51    286720              C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\3.5.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2009-04-27 14:43:52 . 2009-04-27 14:43:52    536576              C:\WINDOWS\assembly\GAC_MSIL\System.Design.resources\2.0.0.0_da_b03f5f7f11d50a3a\System.Design.resources.dll
+ 2009-04-27 14:42:08 . 2009-04-27 14:42:08    970752              C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2009-04-27 14:43:42 . 2009-04-27 14:43:42    393216              C:\WINDOWS\assembly\GAC_MSIL\System.Deployment.resources\2.0.0.0_da_b03f5f7f11d50a3a\System.Deployment.resources.dll
+ 2009-04-27 14:42:08 . 2009-04-27 14:42:08    745472              C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2009-04-27 14:43:07 . 2009-04-27 14:43:07    442368              C:\WINDOWS\assembly\GAC_MSIL\System.Data.Services\3.5.0.0__b77a5c561934e089\System.Data.Services.dll
+ 2009-04-27 14:39:50 . 2009-04-27 14:39:50    114688              C:\WINDOWS\assembly\GAC_MSIL\System.Data.Services.Design\3.5.0.0__b77a5c561934e089\System.Data.Services.Design.dll
+ 2009-04-27 14:43:07 . 2009-04-27 14:43:07    294912              C:\WINDOWS\assembly\GAC_MSIL\System.Data.Services.Client\3.5.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2009-04-27 14:43:52 . 2009-04-27 14:43:52    344064              C:\WINDOWS\assembly\GAC_MSIL\System.Data.resources\2.0.0.0_da_b77a5c561934e089\System.Data.resources.dll
+ 2009-04-27 14:43:47 . 2009-04-27 14:43:48    110592              C:\WINDOWS\assembly\GAC_MSIL\System.Data.OracleClient.resources\2.0.0.0_da_b77a5c561934e089\System.Data.OracleClient.resources.dll
+ 2009-04-27 14:39:51 . 2009-04-27 14:39:51    684032              C:\WINDOWS\assembly\GAC_MSIL\System.Data.Linq\3.5.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2009-04-27 14:44:13 . 2009-04-27 14:44:13    389120              C:\WINDOWS\assembly\GAC_MSIL\System.Data.Entity.resources\3.5.0.0_da_b77a5c561934e089\System.Data.Entity.Resources.dll
+ 2009-04-27 14:39:57 . 2009-04-27 14:39:57    229376              C:\WINDOWS\assembly\GAC_MSIL\System.Data.Entity.Design\3.5.0.0__b77a5c561934e089\System.Data.Entity.Design.dll
+ 2009-04-27 14:39:56 . 2009-04-27 14:39:57    667648              C:\WINDOWS\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
+ 2009-04-27 14:42:07 . 2009-04-27 14:42:07    425984              C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2009-04-27 14:39:55 . 2009-04-27 14:39:55    163840              C:\WINDOWS\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
- 2006-10-12 23:27:10 . 2006-10-12 23:27:10    110592              C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2009-04-27 14:42:06 . 2009-04-27 14:42:06    110592              C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2009-04-27 14:38:56 . 2009-04-27 14:38:56    110592              C:\WINDOWS\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
+ 2009-04-27 14:39:00 . 2009-04-27 14:39:00    528384              C:\WINDOWS\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2009-04-27 14:39:07 . 2009-04-27 14:39:07    864256              C:\WINDOWS\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2009-04-27 14:44:04 . 2009-04-27 14:44:04    368640              C:\WINDOWS\assembly\GAC_MSIL\PresentationUI.resources\3.0.0.0_da_31bf3856ad364e35\PresentationUI.resources.dll
+ 2009-04-27 14:39:05 . 2009-04-27 14:39:05    163840              C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2009-04-27 14:44:04 . 2009-04-27 14:44:04    237568              C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_da_31bf3856ad364e35\PresentationFramework.resources.dll
+ 2009-04-27 14:39:05 . 2009-04-27 14:39:05    397312              C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2009-04-27 14:39:05 . 2009-04-27 14:39:05    139264              C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2009-04-27 14:39:05 . 2009-04-27 14:39:05    196608              C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2009-04-27 14:44:03 . 2009-04-27 14:44:03    106496              C:\WINDOWS\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_da_31bf3856ad364e35\PresentationCore.resources.dll
+ 2009-04-27 14:39:03 . 2009-04-27 14:39:03    598016              C:\WINDOWS\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
+ 2009-04-27 14:43:47 . 2009-04-27 14:43:47    299008              C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_da_b77a5c561934e089\mscorlib.resources.dll
+ 2009-04-27 14:41:59 . 2009-04-27 14:41:59    659456              C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2006-10-12 23:27:14 . 2006-10-12 23:27:14    372736              C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2009-04-27 14:41:59 . 2009-04-27 14:41:59    372736              C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2009-04-27 14:42:00 . 2009-04-27 14:42:00    110592              C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2006-10-12 23:27:14 . 2006-10-12 23:27:14    110592              C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2009-04-27 14:38:55 . 2009-04-27 14:38:55    397312              C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2009-04-27 14:42:00 . 2009-04-27 14:42:00    749568              C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2009-04-27 14:42:05 . 2009-04-27 14:42:05    655360              C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2009-04-27 14:39:54 . 2009-04-27 14:39:54    802816              C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v3.5.dll
+ 2009-04-27 14:44:12 . 2009-04-27 14:44:12    159744              C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5.resources\3.5.0.0_da_b03f5f7f11d50a3a\Microsoft.Build.Tasks.v3.5.resources.dll
+ 2009-04-27 14:43:46 . 2009-04-27 14:43:46    135168              C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks.resources\2.0.0.0_da_b03f5f7f11d50a3a\Microsoft.Build.Tasks.resources.dll
+ 2009-04-27 14:39:53 . 2009-04-27 14:39:53    733184              C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2009-04-27 14:42:03 . 2009-04-27 14:42:03    348160              C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2009-04-27 14:39:52 . 2009-04-27 14:39:52    106496              C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Conversion.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v3.5.dll
+ 2009-04-27 14:41:53 . 2009-04-27 14:41:53    507904              C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2009-04-27 14:43:42 . 2009-04-27 14:43:42    311296              C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt.resources\2.0.0.0_da_b03f5f7f11d50a3a\aspnetmmcext.resources.dll
+ 2009-04-27 14:42:02 . 2009-04-27 14:42:02    261632              C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2009-04-27 14:39:01 . 2009-04-27 14:39:01    368640              C:\WINDOWS\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2009-04-27 14:42:02 . 2009-04-27 14:42:02    113664              C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2006-10-12 23:26:49 . 2006-10-12 23:26:49    258048              C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2009-04-27 14:42:02 . 2009-04-27 14:42:02    258048              C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2009-04-27 14:42:07 . 2009-04-27 14:42:07    486400              C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2009-04-27 14:38:55 . 2009-04-27 14:38:55    163840              C:\WINDOWS\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2009-04-27 14:38:40 . 2008-07-06 12:06:10    1676288              C:\WINDOWS\system32\spool\XPSEP\i386\xpssvcs.dll
+ 2009-04-27 14:38:40 . 2008-07-06 12:06:10    1676288              C:\WINDOWS\system32\spool\XPSEP\i386\i386\xpssvcs.dll
+ 2009-04-27 14:38:40 . 2008-07-06 15:36:12    2936832              C:\WINDOWS\system32\spool\XPSEP\amd64\xpssvcs.dll
+ 2009-04-27 14:38:40 . 2008-07-06 15:36:12    2936832              C:\WINDOWS\system32\spool\XPSEP\amd64\amd64\xpssvcs.dll
+ 2009-04-27 14:38:30 . 2008-07-06 12:06:10    1676288              C:\WINDOWS\system32\spool\drivers\w32x86\3\XpsSvcs.dll
+ 2004-11-11 22:43:24 . 2009-03-02 23:11:13    1499136              C:\WINDOWS\system32\shdocvw.dll
- 2004-11-11 22:43:24 . 2008-10-16 01:01:37    1499136              C:\WINDOWS\system32\shdocvw.dll
+ 2004-12-08 13:14:27 . 2008-12-20 22:14:55    1292288              C:\WINDOWS\system32\quartz.dll
- 2004-12-08 13:14:27 . 2008-05-07 05:11:40    1292288              C:\WINDOWS\system32\quartz.dll
+ 2004-11-11 18:50:06 . 2009-02-20 08:11:54    3089408              C:\WINDOWS\system32\mshtml.dll
+ 2006-02-14 08:20:14 . 2008-03-20 16:06:36    1480232              C:\WINDOWS\system32\LegitCheckControl.dll
- 2004-01-01 14:24:53 . 2008-04-14 16:05:23    1006080              C:\WINDOWS\system32\kernel32.dll
+ 2004-01-01 14:24:53 . 2009-03-21 14:08:56    1006080              C:\WINDOWS\system32\kernel32.dll
- 2009-03-03 19:10:12 . 2008-10-16 01:01:37    1499136              C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2009-03-03 19:10:12 . 2009-03-02 23:11:13    1499136              C:\WINDOWS\system32\dllcache\shdocvw.dll
- 2008-05-07 05:11:40 . 2008-05-07 05:11:40    1292288              C:\WINDOWS\system32\dllcache\quartz.dll
+ 2008-05-07 05:11:40 . 2008-12-20 22:14:55    1292288              C:\WINDOWS\system32\dllcache\quartz.dll
+ 2009-03-03 19:09:51 . 2009-02-09 11:26:05    2191616              C:\WINDOWS\system32\dllcache\ntoskrnl.exe
+ 2009-03-03 19:09:51 . 2009-02-09 11:26:00    2026496              C:\WINDOWS\system32\dllcache\ntkrpamp.exe
- 2009-03-03 19:09:51 . 2008-08-14 13:25:41    2026496              C:\WINDOWS\system32\dllcache\ntkrpamp.exe
+ 2009-03-03 19:09:52 . 2009-02-10 17:08:50    2068608              C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
- 2009-03-03 19:09:52 . 2008-08-14 13:25:45    2068608              C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
+ 2009-03-03 19:09:52 . 2009-02-09 11:25:42    2147840              C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
- 2009-03-03 19:09:52 . 2008-08-14 13:25:42    2147840              C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
+ 2009-03-03 19:10:11 . 2009-02-20 08:11:54    3089408              C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2009-03-21 14:08:56 . 2009-03-21 14:08:56    1006080              C:\WINDOWS\system32\dllcache\kernel32.dll
+ 2009-04-20 13:42:47 . 2009-02-05 20:11:35    1256296              C:\WINDOWS\system32\aswBoot.exe
- 2009-04-14 11:09:23 . 2009-02-05 20:11:35    1256296              C:\WINDOWS\system32\aswBoot.exe
+ 2008-07-29 21:40:48 . 2008-07-29 21:40:48    1720824              C:\WINDOWS\Microsoft.NET\Framework\v3.5\vbc.exe
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    1054208              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    1364992              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\SITSetup.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    1064448              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\gencomp.dll
+ 2008-10-21 19:02:30 . 2008-10-21 19:02:30    1054208              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - dan\vs_setup.dll
+ 2008-10-21 19:02:30 . 2008-10-21 19:02:30    1364992              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - dan\SITSetup.dll
+ 2008-10-21 19:02:30 . 2008-10-21 19:02:30    1064448              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - dan\gencomp.dll
+ 2008-07-29 21:40:48 . 2008-07-29 21:40:48    1548280              C:\WINDOWS\Microsoft.NET\Framework\v3.5\csc.exe
+ 2008-12-05 17:35:22 . 2008-12-05 17:35:22    1736528              C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll
+ 2008-07-29 19:10:04 . 2008-07-29 19:10:04    2637840              C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\NlsLexicons0009.dll
+ 2008-07-29 19:10:04 . 2008-07-29 19:10:04    4883464              C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\NlsData0009.dll
+ 2008-12-05 18:12:12 . 2008-12-05 18:12:12    5931008              C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
+ 2008-07-25 09:16:38 . 2008-07-25 09:16:38    1344000              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
+ 2008-07-25 09:17:10 . 2008-07-25 09:17:10    1172472              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe
+ 2008-11-25 02:59:40 . 2008-11-25 02:59:40    2048000              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
+ 2008-07-25 09:17:00 . 2008-07-25 09:17:00    5025792              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2008-11-25 02:59:40 . 2008-11-25 02:59:40    5242880              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2008-07-25 09:17:00 . 2008-07-25 09:17:00    3149824              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2008-07-25 09:17:00 . 2008-07-25 09:17:00    5062656              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
+ 2008-07-25 09:17:00 . 2008-07-25 09:17:00    2933248              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
+ 2008-11-25 02:59:36 . 2008-11-25 02:59:36    5813576              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2008-11-25 02:59:40 . 2008-11-25 02:59:40    4546560              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2008-07-25 09:16:50 . 2008-07-25 09:16:50    1163768              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
+ 2009-03-03 19:09:51 . 2009-02-09 11:26:05    2191616              C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
+ 2009-03-03 19:09:51 . 2009-02-09 11:26:00    2026496              C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe
- 2009-03-03 19:09:51 . 2008-08-14 13:25:41    2026496              C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe
- 2009-03-03 19:09:52 . 2008-08-14 13:25:45    2068608              C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
+ 2009-03-03 19:09:52 . 2009-02-10 17:08:50    2068608              C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
+ 2009-03-03 19:09:52 . 2009-02-09 11:25:42    2147840              C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe
- 2009-03-03 19:09:52 . 2008-08-14 13:25:42    2147840              C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe
+ 2009-04-27 14:45:02 . 2009-04-27 14:45:02    3313664              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\14cd5f4b61d35f9b76327d6be9853755\WindowsBase.ni.dll
+ 2009-04-27 14:47:03 . 2009-04-27 14:47:03    1049600              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\f3c7957351aec85f526a3350c9718b1e\UIAutomationClientsideProviders.ni.dll
+ 2009-04-27 14:44:54 . 2009-04-27 14:44:54    7868416              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\80978a322d7dd39f0a71be1251ae395a\System.ni.dll
+ 2009-04-27 14:47:00 . 2009-04-27 14:47:00    5450752              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\773a9786013451d3baaeff003dc4230f\System.Xml.ni.dll
+ 2009-04-27 14:51:44 . 2009-04-27 14:51:44    1356288              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\ac1750e78d79520dcf19195772eff1b6\System.WorkflowServices.ni.dll
+ 2009-04-27 14:51:41 . 2009-04-27 14:51:41    1908224              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\d265da36954fcb4cb7ad5adc693ea0f2\System.Workflow.Runtime.ni.dll
+ 2009-04-27 14:51:37 . 2009-04-27 14:51:37    4514304              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\693a8fbe6f7ad6e4e429052da4317e59\System.Workflow.ComponentModel.ni.dll
+ 2009-04-27 14:51:30 . 2009-04-27 14:51:31    2992640              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\cc99fbbac0b6e4e9ca62093e49b0c16b\System.Workflow.Activities.ni.dll
+ 2009-04-27 14:51:25 . 2009-04-27 14:51:25    1840640              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\b57bb002a655920cbfa2bee29d1e22b7\System.Web.Services.ni.dll
+ 2009-04-27 14:51:22 . 2009-04-27 14:51:22    2209280              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\81197e32ec931f439b3114e9031b65d6\System.Web.Mobile.ni.dll
+ 2009-04-27 14:51:13 . 2009-04-27 14:51:13    2403328              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\7f64c9d25471b72e1e957bdfe67947c8\System.Web.Extensions.ni.dll
+ 2009-04-27 14:46:39 . 2009-04-27 14:46:40    1917440              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Speech\63cf639b6e0a3c25c1643c85016e7422\System.Speech.ni.dll
+ 2009-04-27 14:50:54 . 2009-04-27 14:50:54    1706496              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\340cad17fe57947eacbc8fa2cea780da\System.ServiceModel.Web.ni.dll
+ 2009-04-27 14:48:28 . 2009-04-27 14:48:28    2338304              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\034c91b133dee73d452652c52767b5ea\System.Runtime.Serialization.ni.dll
+ 2009-04-27 14:46:37 . 2009-04-27 14:46:37    1035264              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Printing\646ab52eef343380aa002c220dc31e13\System.Printing.ni.dll
+ 2009-04-27 14:48:22 . 2009-04-27 14:48:22    1056768              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c2de8479e54852f56996f79bc93acb13\System.IdentityModel.ni.dll
+ 2009-04-27 14:46:34 . 2009-04-27 14:46:34    1587200              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\3da96ee075bab9202626ae44c18d226c\System.Drawing.ni.dll
+ 2009-04-27 14:50:38 . 2009-04-27 14:50:38    1116672              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\543aced762f6b0c3f8e037955941afc6\System.DirectoryServices.ni.dll
+ 2009-04-27 14:50:36 . 2009-04-27 14:50:36    1801216              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\a6b58624486714fa71e5e35186850ff0\System.Deployment.ni.dll
+ 2009-04-27 14:46:14 . 2009-04-27 14:46:14    6616576              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\c70731047b0022638b3f9fb158948a03\System.Data.ni.dll
+ 2009-04-27 14:49:21 . 2009-04-27 14:49:21    2510336              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\826b09ab0d0e36f4d631b4cd335df511\System.Data.SqlXml.ni.dll
+ 2009-04-27 14:50:32 . 2009-04-27 14:50:32    1328128              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.Services\956a513dcbd44d5a6801840ef2b0b47b\System.Data.Services.ni.dll
+ 2009-04-27 14:46:20 . 2009-04-27 14:46:20    2516480              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\0bbec79460b1137df5313f9baf7b246f\System.Data.Linq.ni.dll
+ 2009-04-27 14:50:25 . 2009-04-27 14:50:26    9924096              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6479f975b105808a8d9e7a7fdc762551\System.Data.Entity.ni.dll
+ 2009-04-27 14:46:06 . 2009-04-27 14:46:06    2295296              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\47d87251e93256c635eb73403b8db33e\System.Core.ni.dll
+ 2009-04-27 14:46:02 . 2009-04-27 14:46:02    2128896              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ReachFramework\4bfb3048bf200a6a8592d1b4ba861a7f\ReachFramework.ni.dll
+ 2009-04-27 14:45:58 . 2009-04-27 14:45:58    1657856              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationUI\6bafb1a2a73794ddb9761cb321c9e7e2\PresentationUI.ni.dll
+ 2009-04-27 14:44:56 . 2009-04-27 14:44:56    1451008              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\e634bc4c4a00635a0a254febab0e2e2c\PresentationBuildTasks.ni.dll
+ 2009-04-27 14:49:34 . 2009-04-27 14:49:34    1712128              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\1c86afc399d0fdd8e069266ffbe748d1\Microsoft.VisualBasic.ni.dll
+ 2009-04-27 14:49:04 . 2009-04-27 14:49:04    1093120              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\6b2f62f5e981913fce1d223f645d9ddf\Microsoft.Transactions.Bridge.ni.dll
+ 2009-04-27 14:50:48 . 2009-04-27 14:50:48    2332160              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\b261961046545831aa60963e84905968\Microsoft.JScript.ni.dll
+ 2009-04-27 14:49:28 . 2009-04-27 14:49:28    1620992              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\bd241492d96db39f20e758c13c845033\Microsoft.Build.Tasks.ni.dll
+ 2009-04-27 14:49:31 . 2009-04-27 14:49:31    1966080              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\a47100d8f4574bed2d49d83d0ab8964e\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2009-04-27 14:49:16 . 2009-04-27 14:49:16    1888768              C:\WIN
Avatar billede 11cd Nybegynder
28. april 2009 - 10:12 #31
og fortsættes igen??? (Eksperten vil ikke acceptere så lange indlæg?):

+ 2009-04-27 14:49:16 . 2009-04-27 14:49:16    1888768              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\6cfe582681724965fb817e8ece5f0909\Microsoft.Build.Engine.ni.dll
+ 2009-04-27 14:39:01 . 2009-04-27 14:39:01    1245184              C:\WINDOWS\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2009-04-27 14:42:09 . 2009-04-27 14:42:09    3149824              C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2009-04-27 14:42:10 . 2009-04-27 14:42:10    2048000              C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2009-04-27 14:39:02 . 2009-04-27 14:39:02    1630208              C:\WINDOWS\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
+ 2009-04-27 14:39:02 . 2009-04-27 14:39:02    1138688              C:\WINDOWS\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
+ 2009-04-27 14:41:55 . 2009-04-27 14:41:55    5025792              C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2009-04-27 14:43:08 . 2009-04-27 14:43:08    1277952              C:\WINDOWS\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2009-04-27 14:42:43 . 2009-04-27 14:42:43    5931008              C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2009-04-27 14:41:55 . 2009-04-27 14:41:55    5062656              C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2009-04-27 14:39:57 . 2009-04-27 14:39:57    2879488              C:\WINDOWS\assembly\GAC_MSIL\System.Data.Entity\3.5.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2009-04-27 14:42:45 . 2009-04-27 14:42:45    5283840              C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2009-04-27 14:41:53 . 2009-04-27 14:41:53    5242880              C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-04-27 14:42:08 . 2009-04-27 14:42:08    2933248              C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2009-04-27 14:38:59 . 2009-04-27 14:39:00    4210688              C:\WINDOWS\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2009-04-27 14:42:06 . 2009-04-27 14:42:06    4546560              C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2005-05-12 01:00:16 . 2009-04-06 05:57:26    24921544              C:\WINDOWS\system32\MRT.exe
+ 2009-04-27 14:41:21 . 2009-04-27 14:41:22    11072000              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP155.tmp\mscorlib.dll
+ 2009-04-27 14:46:52 . 2009-04-27 14:46:53    12430848              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\63406259e94d5c0ff5b79401dfe113ce\System.Windows.Forms.ni.dll
+ 2009-04-27 14:51:07 . 2009-04-27 14:51:07    11796992              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\3963ce03d445a8619abbf388d590134b\System.Web.ni.dll
+ 2009-04-27 14:48:58 . 2009-04-27 14:48:59    17317888              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\4146033013edebd7e0cb604e504ebfee\System.ServiceModel.ni.dll
+ 2009-04-27 14:46:31 . 2009-04-27 14:46:31    10683392              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Design\8ee220bc3cce4f7bbd7818946519ed7f\System.Design.ni.dll
+ 2009-04-27 14:45:50 . 2009-04-27 14:45:51    14327808              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\96e710f47c601cba3f2348a8d11ddede\PresentationFramework.ni.dll
+ 2009-04-27 14:45:21 . 2009-04-27 14:45:22    12216320              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\956375d487cbef36165b3250030e3574\PresentationCore.ni.dll
+ 2009-04-27 14:44:44 . 2009-04-27 14:44:44    11486720              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\6d667f19d687361886990f3ca0f49816\mscorlib.ni.dll
.
-- Snapshot sat til dags dato --
.
(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*BemÊrk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 16:05:45 15360]
"Sonic RecordNow!"="" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 15:04:38 52736]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 19:02:48 61440]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 19:43:46 233472]
"SiS Windows KeyHook"="C:\WINDOWS\System32\keyhook.exe" [2004-05-20 08:47:18 249856]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 15:57:10 81920]
"ATIPTA"="C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-24 20:10:00 339968]
"DAEMON Tools-1033"="C:\Programmer\D-Tools\daemon.exe" [2004-08-22 15:05:02 81920]
"ATICCC"="C:\Programmer\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 15:41:22 45056]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 20:08:45 81000]
"VTTimer"="VTTimer.exe" [BU]
"AGRSMMSG"="AGRSMMSG.exe" - C:\WINDOWS\AGRSMMSG.exe [2005-03-04 10:01:56 88209]
"SoundMan"="SOUNDMAN.EXE" - C:\WINDOWS\SOUNDMAN.EXE [2004-07-01 17:58:14 73728]
"AlcWzrd"="ALCWZRD.EXE" - C:\WINDOWS\ALCWZRD.EXE [2004-07-06 00:05:48 2550272]

C:\Documents and Settings\HP_Ejer\Menuen Start\Programmer\Start\
Corel Registration.lnk - C:\Programmer\Corel\Graphics9\Register\Remind32.exe [2005-3-3 67584]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
HP Digital Imaging Monitor.lnk - C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-29 241664]
NETGEAR WN111v2 Smart Wizard.lnk - C:\Programmer\NETGEAR\WN111v2\WN111V2.exe [2008-5-9 1474631]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebspnlb]
geBspnLb.dll [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\a2service.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ArcaCheck.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\arcavir.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashDisp.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashEnhcd.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashServ.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashUpd.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\aswUpdSv.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avcls.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avz.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avz4.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avz_se.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdinit.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\caav.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\caavguiscan.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\casecuritycenter.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ccupdate.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfp.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfpupdat.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cmdagent.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DRWEB32.EXE]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FAMEH32.EXE]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FPAVServer.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fpscan.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FPWin.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsav32.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsgk32st.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FSMA32.EXE]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guardxservice.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guardxup.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navigator.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NAVSTUB.EXE]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Nvcc.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\outpost.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\preupd.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pskdr.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SfFnUp.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Vba32arkit.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vba32ldr.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Zanda.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zapro.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Zlh.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zoneband.dll]
"Debugger"=ntsd -d

[HKLM\~\startupfolder\c:^documents and settings^all users^menuen start^programmer^start^adobe reader hurtigstart.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Adobe Reader Hurtigstart.lnk
backup=C:\WINDOWS\pss\Adobe Reader Hurtigstart.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"JavaQuickStarterService"=2 (0x2)
"SNDSrvc"=3 (0x3)
"ose"=3 (0x3)
"iPodService"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmer\\Messenger\\msmsgs.exe"=
"C:\\Programmer\\Autodesk\\3dsMax8\\3dsmax.exe"=
"C:\\Programmer\\Autodesk\\backburner\\monitor.exe"=
"C:\\Programmer\\Autodesk\\backburner\\manager.exe"=
"C:\\Programmer\\Autodesk\\backburner\\server.exe"=
"C:\\Programmer\\SmartFTP\\SmartFTP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 89fd950;89fd950; [x]
R2 gyuwcubnkcii;gyuwcubnkcii; [x]
R3 jswpsapi;Jumpstart Wifi Protected Setup;C:\Programmer\NETGEAR\WN111v2\jswpsapi.exe [2008-02-27 09:54:52 360547]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20:07:12 20560]
S3 dnindis5;DNINDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\DNINDIS5.SYS [2003-07-24 10:10:34 17149]
S3 jswscimd;jswscimd Service;C:\WINDOWS\system32\DRIVERS\jswscimd.sys [2008-02-12 16:05:00 57440]
S3 wn111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;C:\WINDOWS\system32\DRIVERS\WN111v2.sys [2008-05-31 12:46:00 434688]
S3 wsimd;wsimd Service;C:\WINDOWS\system32\DRIVERS\wsimd.sys [2007-12-14 02:31:00 57408]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Ujafrofb

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\autorun.exe
.
- - - - TOMME GENVEJE FJERNET - - - -

BHO-{fe887f31-69c0-4a97-937f-e76930556d3b} - (no file)


.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DA_DK&c=Q404&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DA_DK&c=Q404&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
IE: Bloker alle billeder fra den samme server - C:\Programmer\Avant Browser\AddAllToADBlackList.htm
IE: E&ksporter til Microsoft Excel - C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Marker forekomster af ord p denne side - C:\Programmer\Avant Browser\Highlight.htm
IE: S¯g p ord - C:\Programmer\Avant Browser\Search.htm
IE: Tilf¯j til AD Black List - C:\Programmer\Avant Browser\AddToADBlackList.htm
IE: ≈ben alle links p denne side... - C:\Programmer\Avant Browser\OpenAllLinks.htm
DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} - hxxps://www.sparlolland.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab
FF - ProfilePath -

---- FIREFOX POLITIKKER ----
C:\Programmer\Mozilla Firefox\greprefs\all.js - pref("backups.number_of_prefs_copies", 1);
C:\Programmer\Mozilla Firefox\greprefs\all.js - pref("browser.link.open_newwindow.ui", 3); // prefs UI version
C:\Programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.closed", "allAccess");
C:\Programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.document", "allAccess");
C:\Programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.frames", "allAccess");
C:\Programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.history", "allAccess");
C:\Programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.length", "allAccess");
C:\Programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.opener", "allAccess");
C:\Programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.parent", "allAccess");
C:\Programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.self", "allAccess");
C:\Programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.top", "allAccess");
C:\Programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.window", "allAccess");
C:\Programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.DOMParser,parseFromString", "noAccess");
C:\Programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.DOMParser,parseFromStream", "noAccess");
C:\Programmer\Mozilla Firefox\greprefs\all.js - pref("dom.disable_window_open_feature.status",      false);
C:\Programmer\Mozilla Firefox\greprefs\all.js - pref("advanced.always_load_images",        true);
C:\Programmer\Mozilla Firefox\greprefs\all.js - pref("network.protocol-handler.external.help", false);
C:\Programmer\Mozilla Firefox\greprefs\all.js - pref("network.http.connect.timeout",  30);    // in seconds
C:\Programmer\Mozilla Firefox\greprefs\all.js - pref("network.http.request.timeout", 120);    // in seconds
C:\Programmer\Mozilla Firefox\greprefs\all.js - pref("network.IDN_show_punycode", true);
C:\Programmer\Mozilla Firefox\greprefs\all.js - pref("network.image.imageBehavior",        0); // 0-Accept, 1-dontAcceptForeign, 2-dontUse
C:\Programmer\Mozilla Firefox\greprefs\all.js - pref("network.cookie.cookieBehavior",      3); // 0-Accept, 1-dontAcceptForeign, 2-dontUse, 3-p3p
C:\Programmer\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel",            1); // 0=low, 1=medium, 2=high, 3=custom
C:\Programmer\Mozilla Firefox\greprefs\all.js - pref("network.enablePad",                  false); // Allow client to do proxy autodiscovery
C:\Programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("app.id", "{ec8030f7-c20a-464f-9b0e-13a3a9e97384}");
C:\Programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("app.version",
C:\Programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("app.extensions.version", "1.0");
C:\Programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("app.build_id",
C:\Programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.autoUpdateEnabled", true);    // Whether or not background app updates
C:\Programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.url", "chrome://mozapps/locale/update/update.properties");
C:\Programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.updatesAvailable", false);
C:\Programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.lastUpdateDate", 0);          // UTC offset when last App update was
C:\Programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.performed", false);            // Whether or not an update has been
C:\Programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.autoUpdateEnabled", true);
C:\Programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.autoUpdate", false);    // Automatically download and install
C:\Programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.interval", 604800000);  // Check for updates to Extensions and
C:\Programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.lastUpdateDate", 0);    // UTC offset when last Extension/Theme
C:\Programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.severity.threshold", 5);// The number of pending Extension/Theme
C:\Programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.count", 0);            // The number of extension/theme/etc
C:\Programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("update.interval", 3600000);              // Check each of the above intervals
C:\Programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("update.showSlidingNotification", true);  // Windows-only slide-up taskbar
C:\Programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("update.severity", 0);
C:\Programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("general.useragent.vendor", "Firefox");
C:\Programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("general.useragent.vendorSub",
C:\Programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.update.resetHomepage",        false);
C:\Programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.startup.homepage_override.1", false);
C:\Programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.turbo.enabled", false);
C:\Programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://browser/content/searchconfig.properties");
C:\Programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom",  "chrome://browser/content/searchconfig.properties");
C:\Programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("update_notifications.enabled", true);
C:\Programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("update_notifications.provider.0.frequency", 7); // number of days
C:\Programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.xul.error_pages.enabled", false);
C:\Programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("pfs.datasource.url", "chrome://mozapps/locale/plugins/plugins.properties");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-28 09:46:34
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemf¯rt med succes
skjulte filer: 0

**************************************************************************
.
--------------------- DLLs startet under k¯rende Processer ---------------------

- - - - - - - > 'winlogon.exe'(1148)
C:\WINDOWS\system32\Ati2evxx.dll
.
Gennemf¯rt tid: 2009-04-28  9:47:48
ComboFix-quarantined-files.txt  2009-04-28 07:47:39

Pre-K¯rsel: 134.471.286.784 byte ledig
Post-K¯rsel: 134.540.541.952 byte ledig

1215    --- E O F ---    2009-04-21 07:36:05
Avatar billede donella Nybegynder
29. april 2009 - 09:09 #32
hej vi bruger avast her hjemme og vi har ikke haft noget som helst virus på vores computere efter vi tog den jeg kender andre der har den på deres computere og de er meget glade for den og den er gratis
Avatar billede arkil Nybegynder
29. april 2009 - 12:23 #33
Den blev noget lang den logfil.

Åbn et Notesblokvindue, kopiér indholdet med fed skrift ind i dokumentet, og gem indholdet samme sted, som Combofix ligger med navnet CFScript.txt Når du gemmer, skal du sikre, at der under "filtyper" står "alle filer".


Killall::
Snapshot::
File::
C:\WINDOWS\system32\283006063.dat
Driver::
89fd950
gyuwcubnkcii



Tag så fat i den nye fil med musen, og før den hen over ikonet for Combofix, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif
Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Kopier den logfil  herind.
Avatar billede arkil Nybegynder
29. april 2009 - 18:17 #34
Hvis du når at se dette indlæg så spring over det indlæg før dette og udfør dette her.
Du må gerne skrive om du kørte det her sidste indlæg når  du lægger logfilen herind, så ved jeg  det.


Åbn et Notesblokvindue, kopiér indholdet med fed skrift ind i dokumentet, og gem indholdet samme sted, som Combofix ligger med navnet CFScript.txt Når du gemmer, skal du sikre, at der under "filtyper" står "alle filer".


Killall::
Snapshot::
File::
C:\WINDOWS\system32\283006063.dat
Driver::
89fd950
gyuwcubnkcii
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebspnlb]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\a2service.exe]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ArcaCheck.exe]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\arcavir.exe]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashDisp.exe]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashEnhcd.exe]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashServ.exe]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashUpd.exe]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\aswUpdSv.exe]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avcls.exe]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avz.exe]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avz4.exe]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avz_se.exe]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdinit.exe]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\caav.exe]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\caavguiscan.exe]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\casecuritycenter.exe]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ccupdate.exe]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfp.exe]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfpupdat.exe]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cmdagent.exe]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DRWEB32.EXE]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FAMEH32.EXE]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FPAVServer.exe]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fpscan.exe]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FPWin.exe]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsav32.exe]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsgk32st.exe]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FSMA32.EXE]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guardxservice.exe]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guardxup.exe]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navigator.exe]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NAVSTUB.EXE]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Nvcc.exe]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\outpost.exe]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\preupd.exe]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pskdr.exe]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SfFnUp.exe]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Vba32arkit.exe]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vba32ldr.exe]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Zanda.exe]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zapro.exe]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Zlh.exe]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zoneband.dll]
"Debugger"=-




Tag så fat i den nye fil med musen, og før den hen over ikonet for Combofix, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif
Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Kopier den logfil  herind.
Avatar billede trompede Nybegynder
22. maj 2009 - 20:06 #35
Hvis det ikke hjælper kan du blive nødt til at formater din harddisk og installer Windows igen (husk at gemme di vigtigste filer, som mails billeder, osv...)

Håber du kan bruge svaret til noget
Avatar billede 11cd Nybegynder
23. juni 2009 - 10:08 #36
Hej igen

Ja, - der gik lidt tid, men jeg har været nødt til at sætte projektet lidt i bero, da jeg simpelthen har haft EKSTREMT travlt med 1.000 andre ting. Jeg håber, at du/I forstår.

Jeg har ikke kørt det første af de to scripts (fra Arkil) den 29. april - kun det sidste - men jeg har først gjort det nu - håber, at det virker alligevel. Generelt virker det som om, at maskinen har det meget, meget bedre - så mange TAK :)

Her er loggen fra det sidste vi lavede:

ComboFix 09-06-22.07 - HP_Ejer 23-06-2009  9:48.4 - NTFSx86

Microsoft Windows XP Home Edition  5.1.2600.3.1252.45.1030.18.2047.1635 [GMT 2:00]

K¯rer fra: c:\documents and settings\HP_Ejer\Skrivebord\ComboFix.exe

Kommandoer benyttet :: c:\documents and settings\HP_Ejer\Skrivebord\CFScript.txt.txt



FILE ::

"c:\windows\system32\283006063.dat"

.



(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))

.



c:\windows\system32\283006063.dat



.

(((((((((((((((((((((((((((((((((((((((  Drivers/Tjenester  )))))))))))))))))))))))))))))))))))))))))))))))))

.



-------\Legacy_GYUWCUBNKCII

-------\Service_89fd950

-------\Service_gyuwcubnkcii





(((((((((((((((((((((((((((((  Filer skabt fra 2009-05-23 til 2009-06-23  )))))))))))))))))))))))))))))))))))

.



2009-06-23 07:43 . 2009-06-23 07:43    --------    dc----w-    c:\windows\system32\dllcache\cache

2009-06-10 21:39 . 2009-04-30 21:15    12800    -c----w-    c:\windows\system32\dllcache\xpshims.dll

2009-06-10 21:39 . 2009-04-30 21:15    246272    -c----w-    c:\windows\system32\dllcache\ieproxy.dll

2009-06-10 21:39 . 2009-04-30 21:15    1985024    -c----w-    c:\windows\system32\dllcache\iertutil.dll

2009-06-10 21:39 . 2009-04-30 21:15    11064832    -c----w-    c:\windows\system32\dllcache\ieframe.dll



.

((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-05-13 05:05 . 2004-11-11 18:50    915456    ----a-w-    c:\windows\system32\wininet.dll

2009-05-07 15:33 . 2004-01-01 14:25    346624    ----a-w-    c:\windows\system32\localspl.dll

2009-04-28 07:17 . 2004-12-10 14:39    71800    ----a-w-    c:\documents and settings\HP_Ejer\Lokale indstillinger\Application Data\GDIPFONTCACHEV1.DAT

2009-04-27 14:42 . 2004-01-01 15:22    84224    ----a-w-    c:\windows\system32\perfc006.dat

2009-04-27 14:42 . 2004-01-01 15:22    460698    ----a-w-    c:\windows\system32\perfh006.dat

2009-04-27 14:39 . 2009-04-27 14:39    --------    d-----w-    c:\programmer\MSBuild

2009-04-27 14:38 . 2009-04-27 14:38    --------    d-----w-    c:\programmer\Reference Assemblies

2009-04-19 19:50 . 2004-01-01 15:22    1847168    ----a-w-    c:\windows\system32\win32k.sys

2009-04-16 09:08 . 2004-12-13 10:46    36932    ----a-w-    c:\documents and settings\HP_Ejer\Application Data\Avant Browser\update.dll

2009-04-15 14:53 . 2005-01-03 13:23    585216    ----a-w-    c:\windows\system32\rpcrt4.dll

2009-04-06 13:32 . 2009-04-17 10:20    38496    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys

2009-04-06 13:32 . 2009-04-17 10:20    15504    ----a-w-    c:\windows\system32\drivers\mbam.sys

2009-04-03 10:43 . 2009-04-03 10:43    152576    ----a-w-    c:\documents and settings\HP_Ejer\Application Data\Sun\Java\jre1.6.0_13\lzma.dll

2009-03-27 19:22 . 2009-03-26 12:19    283    ----a-w-    c:\windows\system32\ub.dat

2005-05-11 17:34 . 2005-06-30 12:04    41578    ----a-w-    c:\programmer\mozilla firefox\components\jar50.dll

2005-05-11 17:34 . 2005-06-30 12:04    48228    ----a-w-    c:\programmer\mozilla firefox\components\jsd3250.dll

2005-05-11 17:34 . 2005-06-30 12:04    159340    ----a-w-    c:\programmer\mozilla firefox\components\xpinstal.dll

.



(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*BemÊrk* tomme linier & lovlige standard linier vises ikke 

REGEDIT4



[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"Sonic RecordNow!"="" [BU]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]

"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]

"SiS Windows KeyHook"="c:\windows\System32\keyhook.exe" [2004-05-20 249856]

"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]

"ATIPTA"="c:\programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-24 339968]

"DAEMON Tools-1033"="c:\programmer\D-Tools\daemon.exe" [2004-08-22 81920]

"ATICCC"="c:\programmer\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

"VTTimer"="VTTimer.exe" [BU]

"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2005-03-04 88209]

"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-07-01 73728]

"AlcWzrd"="ALCWZRD.EXE" - c:\windows\ALCWZRD.EXE [2004-07-06 2550272]



c:\documents and settings\HP_Ejer\Menuen Start\Programmer\Start\

Corel Registration.lnk - c:\programmer\Corel\Graphics9\Register\Remind32.exe [2005-3-3 67584]



c:\documents and settings\All Users\Menuen Start\Programmer\Start\

HP Digital Imaging Monitor.lnk - c:\programmer\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-29 241664]

NETGEAR WN111v2 Smart Wizard.lnk - c:\programmer\NETGEAR\WN111v2\WN111V2.exe [2008-5-9 1474631]



[HKLM\~\startupfolder\c:^documents and settings^all users^menuen start^programmer^start^adobe reader hurtigstart.lnk]

path=c:\documents and settings\All Users\Menuen Start\Programmer\Start\Adobe Reader Hurtigstart.lnk

backup=c:\windows\pss\Adobe Reader Hurtigstart.lnkCommon Startup



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"JavaQuickStarterService"=2 (0x2)

"SNDSrvc"=3 (0x3)

"ose"=3 (0x3)

"iPodService"=3 (0x3)



[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001



[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programmer\\Messenger\\msmsgs.exe"=

"c:\\Programmer\\Autodesk\\3dsMax8\\3dsmax.exe"=

"c:\\Programmer\\Autodesk\\backburner\\monitor.exe"=

"c:\\Programmer\\Autodesk\\backburner\\manager.exe"=

"c:\\Programmer\\Autodesk\\backburner\\server.exe"=

"c:\\Programmer\\SmartFTP\\SmartFTP.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=



R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [28-04-2009 10:34 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [28-04-2009 10:34 20560]

R3 jswscimd;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [12-02-2008 18:05 57440]

R3 wsimd;wsimd Service;c:\windows\system32\drivers\wsimd.sys [14-12-2007 04:31 57408]

S3 dnindis5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [24-07-2003 12:10 17149]

S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\programmer\NETGEAR\WN111v2\jswpsapi.exe [27-02-2008 11:54 360547]

S3 wn111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [31-05-2008 14:46 434688]



--- Andre Services/Drivers i Hukommelsen ---



*NewlyCreated* - AVAST!_MAIL_SCANNER

*NewlyCreated* - AVAST!_WEB_SCANNER



HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs

Ujafrofb



[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

- - - - TOMME GENVEJE FJERNET - - - -



BHO-{fe887f31-69c0-4a97-937f-e76930556d3b} - (no file)





.

------- Yderligere scanning -------

.

uStart Page = hxxp://www.google.com/

uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DA_DK&c=Q404&bd=pavilion&pf=desktop

mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DA_DK&c=Q404&bd=pavilion&pf=desktop

uInternet Connection Wizard,ShellNext = iexplore

IE: Bloker alle billeder fra den samme server - c:\programmer\Avant Browser\AddAllToADBlackList.htm

IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

IE: Marker forekomster af ord p denne side - c:\programmer\Avant Browser\Highlight.htm

IE: S¯g p ord - c:\programmer\Avant Browser\Search.htm

IE: Tilf¯j til AD Black List - c:\programmer\Avant Browser\AddToADBlackList.htm

IE: ≈ben alle links p denne side... - c:\programmer\Avant Browser\OpenAllLinks.htm

DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} - hxxps://www.sparlolland.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab

FF - ProfilePath -



---- FIREFOX POLITIKKER ----

c:\programmer\Mozilla Firefox\greprefs\all.js - pref("backups.number_of_prefs_copies", 1);

c:\programmer\Mozilla Firefox\greprefs\all.js - pref("browser.link.open_newwindow.ui", 3); // prefs UI version

c:\programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.closed", "allAccess");

c:\programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.document", "allAccess");

c:\programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.frames", "allAccess");

c:\programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.history", "allAccess");

c:\programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.length", "allAccess");

c:\programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.opener", "allAccess");

c:\programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.parent", "allAccess");

c:\programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.self", "allAccess");

c:\programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.top", "allAccess");

c:\programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.window", "allAccess");

c:\programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.DOMParser,parseFromString", "noAccess");

c:\programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.DOMParser,parseFromStream", "noAccess");

c:\programmer\Mozilla Firefox\greprefs\all.js - pref("dom.disable_window_open_feature.status",      false);

c:\programmer\Mozilla Firefox\greprefs\all.js - pref("advanced.always_load_images",        true);

c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.protocol-handler.external.help", false);

c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.http.connect.timeout",  30);    // in seconds

c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.http.request.timeout", 120);    // in seconds

c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.IDN_show_punycode", true);

c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.image.imageBehavior",        0); // 0-Accept, 1-dontAcceptForeign, 2-dontUse

c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.cookie.cookieBehavior",      3); // 0-Accept, 1-dontAcceptForeign, 2-dontUse, 3-p3p

c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel",            1); // 0=low, 1=medium, 2=high, 3=custom

c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.enablePad",                  false); // Allow client to do proxy autodiscovery

c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("app.id", "{ec8030f7-c20a-464f-9b0e-13a3a9e97384}");

c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("app.version",

c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("app.extensions.version", "1.0");

c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("app.build_id",

c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.autoUpdateEnabled", true);    // Whether or not background app updates

c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.url", "chrome://mozapps/locale/update/update.properties");

c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.updatesAvailable", false);

c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.lastUpdateDate", 0);          // UTC offset when last App update was

c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.performed", false);            // Whether or not an update has been

c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.autoUpdateEnabled", true);

c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.autoUpdate", false);    // Automatically download and install

c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.interval", 604800000);  // Check for updates to Extensions and

c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.lastUpdateDate", 0);    // UTC offset when last Extension/Theme

c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.severity.threshold", 5);// The number of pending Extension/Theme

c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.count", 0);            // The number of extension/theme/etc

c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("update.interval", 3600000);              // Check each of the above intervals

c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("update.showSlidingNotification", true);  // Windows-only slide-up taskbar

c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("update.severity", 0);

c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("general.useragent.vendor", "Firefox");

c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("general.useragent.vendorSub",

c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.update.resetHomepage",        false);

c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.startup.homepage_override.1", false);

c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.turbo.enabled", false);

c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://browser/content/searchconfig.properties");

c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom",  "chrome://browser/content/searchconfig.properties");

c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("update_notifications.enabled", true);

c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("update_notifications.provider.0.frequency", 7); // number of days

c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.xul.error_pages.enabled", false);

c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("pfs.datasource.url", "chrome://mozapps/locale/plugins/plugins.properties");

.



**************************************************************************



catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-06-23 09:52

Windows 5.1.2600 Service Pack 3 NTFS



scanner skjulte processer ... 



scanner skjulte autostarter ...



scanner skjulte filer ... 





c:\windows\TEMP\_av_proI.tm~a03456\dld1.tmp 0 bytes



scanning gennemf¯rt med succes

skjulte filer: 1



**************************************************************************

.

--------------------- DLLs startet under k¯rende Processer ---------------------



- - - - - - - > 'winlogon.exe'(572)

c:\windows\system32\Ati2evxx.dll



- - - - - - - > 'explorer.exe'(3072)

c:\windows\system32\webcheck.dll

.

------------------------ Andre k¯rende processer ------------------------

.

c:\windows\system32\ati2evxx.exe

c:\windows\system32\ati2evxx.exe

c:\programmer\Alwil Software\Avast4\aswUpdSv.exe

c:\programmer\Alwil Software\Avast4\ashServ.exe

c:\windows\system32\acs.exe

c:\programmer\FÊlles filer\Autodesk Shared\Service\AdskScSrv.exe

c:\windows\system32\drivers\CDANTSRV.EXE

c:\programmer\FÊlles filer\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\programmer\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe

c:\windows\system32\wdfmgr.exe

c:\programmer\Alwil Software\Avast4\ashMaiSv.exe

c:\programmer\Alwil Software\Avast4\ashWebSv.exe

c:\programmer\Alwil Software\Avast4\Setup\avast.setup

.

**************************************************************************

.

Gennemf¯rt tid: 2009-06-23  9:54 - maskinen blev genstartet

ComboFix-quarantined-files.txt  2009-06-23 07:54

ComboFix2.txt  2009-06-23 07:44

ComboFix3.txt  2009-04-28 07:47



Pre-K¯rsel: 134.648.971.264 byte ledig

Post-K¯rsel: 134.615.601.152 byte ledig



220    --- E O F ---    2009-06-11 01:25



Var det alt, eller skal jeg gøre mere for at være sikker? Arkil > du må gerne smide et svar.
Avatar billede arkil Nybegynder
23. juni 2009 - 20:56 #37
Din log er ren
Du fjerner Combofix ved at kopier dette ind i KØR >

Combofix /u

Deaktiver systemgendannelse (http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=4&PN=1)
vent et par minutter - aktiver systemgendannelse. Gå herefter i Start -> Programmer -> Tilbehør -> Systemværktøjer -> Systemgendannelse og lav et systemgendannelsespunkt, så du har det at vende tilbage til, hvis noget går galt.

God fornøjelse.
Avatar billede 11cd Nybegynder
24. juni 2009 - 09:42 #38
Tak for det - dejligt, at den nu er sund og rask igen :)

God sommer!!
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester