Hjælp til/mod virus? (HJT-log)

-- Hent denne fil, og pak den ud til en mappe på skrivebordet:
http://download.bleepingcomputer.com/andymanchesta/SDFix.exe

Dobbeltklik på filen, og lad den pakke sig ud til en mappe i roden af din harddisk (typisk: c:\SDfix)

-- Genstart i fejlsikret, hvis du ikke ved hvordan så kig her:
http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=23&PN=1

-- Gå så ind i mappen SDFix, som du fik oprettet tidligere. Dobbeltklik på filen RunThis.bat, for at starte værktøjet. Tryk "y" for at bekræfte, at du kører værktøjet på egen risiko. Så vil værktøjet gå i gang med at fjerne trojanservicen, og lave et par reparationer af registreringsdatabasen. På et tidspunkt vil det bede dig om at trykke en taste for at genstarte computeren. Det skal du gøre, hvorefter computeren vil genstarte efter 15 sekunder.

Genstarten vil tage lidt længere end sædvanligt, idet værktøjet skal have tid til at udføre sit arbejde. Når skrivebordet dukker op, vil værktøjet skrive "Finished". Tryk herefter en taste for at indlæse dine skrivebordsikoner igen.

Åben så SDFix-mappen, find filen Report.txt, og kopier indholdet af denne fil herind.

Lige en sidebemærkning:
Hvornår har du sidst været på windows update?
Du bruger stadig IE6...

hmm,,, ja, - det er lidt underligt med det. Når jeg prøver skriver den:
"
Webstedet har fundet et problem og kan ikke vise den side, som du forsøger at få vist. Nedenstående muligheder kan muligvis hjælpe dig med at løse problemet
"
Hvad gør jeg ved det?

Er det den første link der siger dette ?

Prøv så om du kan dette.

Hent Malwarebytes Anti-Malware herfra:
http://www.besttechie.net/tools/mbam-setup.exe
Eller herfra ->
http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

Installer programmet - når det er gjort skal du lade programmet opdatere sig. Herefter åbner et vindue, hvor du skal flytte prikken til "Kør et fuldstændigt systemscan" - klik på Skan Knappen - lad programmet arbejde. Når det er færdig (det tager lidt tid afhængig af hvor meget du har på computeren).
Derefter - Tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på "Fjern det valgte" - nu åbnes log'en og du skal gemme den et sted, hvor du kan finde den igen, kopier teksten fra den log herind i tråden.

How > Gør lige dette først.

Hent HostsXpert, og udpak den til egen mappe.

http://www.funkytoad.com/download/HostsXpert.zip
Så åbner du HostsXpert, og klikker på "Recovery - i værktøjlinjen, tryk så på - Restore MS Hosts

Tryk også på - Make Hosts readable

NB. Hvis du selv har lagt adr. ind i hosts filen, skal lægges de lægges manuelt ind igen

... hvis du endelig skal bruge HiJackThis så brug denne version af HJT -> http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe

Lige en info til spørger 11cd ( Anders Borg )

Kan se du har oprettet 2 brugere, en der hedder 11cd og en der hedder 11cd-anders.
Det er ikke tilladt at have 2 brugerkontoer :)

http://www.eksperten.dk/profil/11cd

http://www.eksperten.dk/profil/11cd-Anders

Beklager de 2 kontos, men den ene var vist med forkert mail? Jeg fik aldrig noget pass, så jeg prøvede igen.

Her er indholdet af rapporten.

Tak for de mange kommentarer, men hvad er næste skridt?

b]SDFix: Version 1.240 [/b]
Run by HP_Ejer on 16-04-2009 at 16:32
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Checking Services :

Restoring Default Security Values
Restoring Default Hosts File
Rebooting

Checking Files :
Trojan Files Found:
C:\-17442~1 - Deleted
C:\Documents and Settings\HP_Ejer\Application Data\SpeedRunner\config.cfg - Deleted
C:\Temp\1cb\syscheck.log - Deleted
C:\Programmer\iCheck\Uninstall.exe - Deleted
C:\Programmer\VnrPack\trgts.gz - Deleted
C:\DOCUME~1\HP_Ejer\LOKALE~1\Temp\TMP10.tmp - Deleted
C:\DOCUME~1\HP_Ejer\LOKALE~1\Temp\TMP11.tmp - Deleted
C:\DOCUME~1\HP_Ejer\LOKALE~1\Temp\TMP12.tmp - Deleted
C:\DOCUME~1\HP_Ejer\LOKALE~1\Temp\TMP14.tmp - Deleted
C:\DOCUME~1\HP_Ejer\LOKALE~1\Temp\TMPD.tmp - Deleted
C:\DOCUME~1\HP_Ejer\LOKALE~1\Temp\TMPE.tmp - Deleted
C:\WINDOWS\system32\cmd.com - Deleted
C:\WINDOWS\system32\netstat.com - Deleted
C:\WINDOWS\system32\pac.txt - Deleted
C:\WINDOWS\system32\ping.com - Deleted
C:\WINDOWS\system32\regedit.com - Deleted
C:\WINDOWS\system32\taskkill.com - Deleted
C:\WINDOWS\system32\tasklist.com - Deleted
C:\WINDOWS\system32\tracert.com - Deleted
C:\WINDOWS\system32\ntos.exe  - Deleted

Folder C:\Documents and Settings\HP_Ejer\Application Data\SpeedRunner - Removed
Folder C:\Programmer\iCheck - Removed
Folder C:\Programmer\InetGet2 - Removed
Folder C:\Programmer\VnrPack - Removed
Folder C:\Temp\1cb - Removed

Removing Temp Files
ADS Check :


                                Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-17 09:12:33
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\89fd950]
"ImagePath"="\SystemRoot\System32\drivers\89fd950.sys"
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000001
"F96ZK6nPB"="YmluZGVyeXNlcnZpY2UubW9iaQ=="
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40]
"khjeh"=hex:20,02,00,00,76,4c,3a,b9,4f,1a,74,20,d2,7a,3b,10,44,25,90,8b,56,..
"hj34z0"=hex:a8,3c,03,7d,6d,26,2d,64,9d,7a,87,ff,c2,5b,0c,97,82,5e,2d,b0,d4,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\89fd950]
"ImagePath"="\SystemRoot\System32\drivers\89fd950.sys"
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000001
"F96ZK6nPB"="YmluZGVyeXNlcnZpY2UubW9iaQ=="
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :


Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programmer\\Messenger\\msmsgs.exe"="C:\\Programmer\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Programmer\\Autodesk\\3dsMax8\\3dsmax.exe"="C:\\Programmer\\Autodesk\\3dsMax8\\3dsmax.exe:*:Enabled:Autodesk 3ds Max 8"
"C:\\Programmer\\Autodesk\\backburner\\monitor.exe"="C:\\Programmer\\Autodesk\\backburner\\monitor.exe:*:Enabled:backburner 2.3 monitor"
"C:\\Programmer\\Autodesk\\backburner\\manager.exe"="C:\\Programmer\\Autodesk\\backburner\\manager.exe:*:Enabled:backburner 2.3 manager"
"C:\\Programmer\\Autodesk\\backburner\\server.exe"="C:\\Programmer\\Autodesk\\backburner\\server.exe:*:Enabled:backburner 2.3 server"
"C:\\Programmer\\SmartFTP\\SmartFTP.exe"="C:\\Programmer\\SmartFTP\\SmartFTP.exe:*:Enabled:SmartFTP Client"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
Remaining Files :

File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Wed  8 Dec 2004          196 A.SHR --- "C:\BOOT.BAK"
Thu 28 Apr 2005      245,248 ...H. --- "C:\WINDOWS\system32\wodfamod.dll"
Thu 27 Oct 2005        4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 22 Dec 2004        76,568 ..SHR --- "C:\Programmer\Autodesk\Autodesk DWF Viewer\Setup.exe"
Thu 13 Jan 2005        11,360 A.SHR --- "C:\Programmer\Autodesk\Autodesk DWF Viewer\_Setupx.dll"
Thu 27 Oct 2005        4,348 ...H. --- "C:\Documents and Settings\Ejer\Dokumenter\Musik\Sikkerhedskopiering af licenser\drmv1key.bak"
Fri  4 Nov 2005            20 A..H. --- "C:\Documents and Settings\Ejer\Dokumenter\Musik\Sikkerhedskopiering af licenser\drmv1lic.bak"
Thu 27 Oct 2005          400 ...H. --- "C:\Documents and Settings\Ejer\Dokumenter\Musik\Sikkerhedskopiering af licenser\drmv2key.bak"
Fri  4 Nov 2005        1,536 A..H. --- "C:\Documents and Settings\Ejer\Dokumenter\Musik\Sikkerhedskopiering af licenser\drmv2lic.bak"
Finished!

Skal jeg bruge: HostsXpert nu?

Hej igen

Jeg er ikke helt med på, hvad du mener jeg skal gøre med HostXpert.

Jeg kan ikke se noget, som hedder "Recovery", men jeg har fundet en knap, som hedder "Restore MS Hosts File" (under "File Handling"). Det må være den du mener. Jeg har trykket på den.

Jeg kan ikke finde noget, som hedder "Make Hosts readable", men en knap, som hedder "Make ReadOnly". Når jeg trykker på kanppen "Make ReadOnly", så skifter den blot til "Make Writeable?" (med rødt). Hvad skal jeg få der til at stå?

Jeg ved ikke, hvad du mener med "NB. Hvis du selv har lagt adr. ind i hosts filen, skal lægges de lægges manuelt ind igen"? Beklager, men jeg er sku' lidt IT-dum - kan du hjælpe mig lidt mere?

Jeg har lige lavet endnu en scan med Avast og den siger, at der stadig er en virus - øv!

Jeg kan ikke se noget, som hedder "Recovery", men jeg har fundet en knap, som hedder "Restore MS Hosts File"
Det er korrekt :)

Jeg kan ikke finde noget, som hedder "Make Hosts readable", men en knap, som hedder "Make ReadOnly". Når jeg trykker på kanppen "Make ReadOnly", så skifter den blot til "Make Writeable?" (med rødt).
Det er korrekt - Hosts filen er nu kun readonly.

NB er hvis du selv har haft åbnet hosts filen i notepad og lagt adresser ind i den - men det lyder det ikke til du har :)

Pokkers, - så har jeg lavet en fejl. jeg har startet programmet Malwarebytes Anti-Malware, hvor den IKKE var ReadOnly - pis, - har det stor betydning?

hmmm,,,, jeg har ændret det underscanningen - håber, det går. Den Scanner altså ikke i safemode, - skal den det?

Jeg har ikke haft tid før nu, jeg beklager.

Glem det med hosts filen, den er nul stillet.
Lad mig se en log fra Malwarebytes.
Så dette >


--Hent Combofix, og gem den på dit skrivebord:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Luk alle andre vinduer ned.

Kør så Combofix.exe, og følg anvisningerne. (Vistabrugere skal klikke med højre-musetast på filen og vælge (Kør som administrator)

Vigtigt-> Deaktiver dit antivirus/antispyware program. Da det/de kan "forstyrre" og konflikte med Combofix, eller fjerne vigtige Combofix filer, hvilket kan få computeren til fryse.

Du må ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.

Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: combofix.txt som ligger her C:\ Combofix txt

Hvis logfilen ikke åbnes så finder du den her c:\combofix.txt
Indholdet af denne fil må du gerne lægge herind.

Her er den fra Anti-Malware:

Malwarebytes' Anti-Malware 1.36
Database version: 1992
Windows 5.1.2600 Service Pack 3

17-04-2009 14:02:19
mbam-log-2009-04-17 (14-02-10).txt

Skan type: FuldstÊndig skanning (C:\|D:\|)
Objekter skannet: 159836
Tid tilbagelagt: 1 hour(s), 25 minute(s), 56 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase N¯gler: 24
Inficerede Registeringsdatabase VÊrdier: 3
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 7
Inficerede Filer: 20

Inficerede Hukommelses Processer:
(Ingen mistÊnkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistÊnkelige filer fundet)

Inficerede Registeringsdatabase N¯gler:
HKEY_CLASSES_ROOT\bho_cpv.workhorse (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\bho_cpv.workhorse.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\xbtb07618.ietoolbar (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\xbtb07618.ietoolbar.1 (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\xbtb07618.xbtb07618 (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\xbtb07618.xbtb07618.1 (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{17e44256-51e0-4d46-a0c8-44e80ab4ba5b} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{e0f01490-dcf3-4357-95aa-169a8c2b2190} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{63334394-3da3-4b29-a041-03535909d361} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{77fbf9b8-1d37-4ff2-9ced-192d8e3aba6f} (Adware.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Bargains (Adware.Bargain.Buddy) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\xbtb07618.xbtb07618toolbar (Adware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> No action taken.

Inficerede Registeringsdatabase VÊrdier:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{77fbf9b8-1d37-4ff2-9ced-192d8e3aba6f} (Adware.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{77fbf9b8-1d37-4ff2-9ced-192d8e3aba6f} (Adware.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> No action taken.

Inficerede Registeringsdatabase Filer:
(Ingen mistÊnkelige filer fundet)

Inficerede Mapper:
C:\WINDOWS\system32\wsnpoem (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Ejer\Application Data\nidle (Trojan.Agent) -> No action taken.
C:\Programmer\WWShow (Trojan.Agent) -> No action taken.
C:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0851 (Backdoor.Bot) -> No action taken.
C:\Programmer\Jcore (Trojan.BHO) -> No action taken.
C:\Programmer\winupdate (Worm.P2P) -> No action taken.
C:\WINDOWS\system32\aNI13 (Trojan.Agent) -> No action taken.

Inficerede Filer:
C:\Programmer\WWShow\WWShow.dll (Trojan.BHO) -> No action taken.
C:\Documents and Settings\HP_Ejer\winss.exe (Trojan.Downloader) -> No action taken.
C:\Programmer\Mozilla Firefox\components\srff.dll (Adware.SurfAccuracy) -> No action taken.
C:\System Volume Information\_restore{1FD1846F-4D58-43DF-B050-006CA39AB12A}\RP567\A0051898.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{1FD1846F-4D58-43DF-B050-006CA39AB12A}\RP571\A0053418.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{1FD1846F-4D58-43DF-B050-006CA39AB12A}\RP574\A0059666.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{1FD1846F-4D58-43DF-B050-006CA39AB12A}\RP574\A0059667.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{1FD1846F-4D58-43DF-B050-006CA39AB12A}\RP574\A0059669.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{1FD1846F-4D58-43DF-B050-006CA39AB12A}\RP574\A0059670.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{1FD1846F-4D58-43DF-B050-006CA39AB12A}\RP574\A0059671.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{1FD1846F-4D58-43DF-B050-006CA39AB12A}\RP574\A0059673.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{1FD1846F-4D58-43DF-B050-006CA39AB12A}\RP574\A0059674.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{1FD1846F-4D58-43DF-B050-006CA39AB12A}\RP574\A0059677.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\bszip.dll (Worm.P2P) -> No action taken.
C:\WINDOWS\system32\MSINET.oca (Rogue.Trace) -> No action taken.
C:\WINDOWS\system32\drivers\89fd950.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\wsnpoem\audio.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\wsnpoem\audio.dll.cla (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\wsnpoem\video.dll (Trojan.Agent) -> No action taken.
C:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0851\Desktop.ini (Backdoor.Bot) -> No action taken.

jeg er igang med Combofix. Jeg ser et blåt vindue, men en streg som blinker, men der sker ikke rigtigt noget?

Hvor længe skal det tage?

hmmm,,, det er som om at installationen ikke virker - den afslutter ikke skærmbilledet, som nok er installations-programmet (det blå vinude). Hvad kan jeg gøre?

Den opretter en mappe på mit C-drev, men jeg er ikke sikker på, at startfilen er der. Hvad skal den hedde?

hmmm,,, nej, - Combofix.exe er der ikke. - hmmm...

Combofix-Download?
Combobatch?

NB NB NB: Mht din kørsel med [Malwarebytes] ( -> No action taken.) - du har fuldstændig 'glemt' denne detalje ->
Derefter - Tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på "[b]Fjern det valgte[b]" -

Såååå - ny kørsel med Malwarebytes under alle omstændigheder ...

Det huskede jeg faktisk, men det er måske den forkerte log, som jeg har smidt ind? - Hvor finder jeg den rigtige?

Vedr. Combofix:

Så længe det blå vindue er fremme med en blinkende markør arbejder programmet.

Prøv igen - det starter når du klikker på ComboFix.exe

Loggen finder du samme sted som den anden

Jeg har fundet den rigtige log fra Anti-Malware. Derudover går det også meget bedre med ComboFix efter en genstart af computeren. ComboFix er i gang i skrivende stund.

Malwarebytes' Anti-Malware 1.36
Database version: 1992
Windows 5.1.2600 Service Pack 3

17-04-2009 14:02:34
mbam-log-2009-04-17 (14-02-34).txt

Skan type: FuldstÊndig skanning (C:\|D:\|)
Objekter skannet: 159836
Tid tilbagelagt: 1 hour(s), 25 minute(s), 56 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase N¯gler: 24
Inficerede Registeringsdatabase VÊrdier: 3
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 7
Inficerede Filer: 20

Inficerede Hukommelses Processer:
(Ingen mistÊnkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistÊnkelige filer fundet)

Inficerede Registeringsdatabase N¯gler:
HKEY_CLASSES_ROOT\bho_cpv.workhorse (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_cpv.workhorse.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xbtb07618.ietoolbar (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xbtb07618.ietoolbar.1 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xbtb07618.xbtb07618 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xbtb07618.xbtb07618.1 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17e44256-51e0-4d46-a0c8-44e80ab4ba5b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e0f01490-dcf3-4357-95aa-169a8c2b2190} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{63334394-3da3-4b29-a041-03535909d361} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{77fbf9b8-1d37-4ff2-9ced-192d8e3aba6f} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Bargains (Adware.Bargain.Buddy) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\xbtb07618.xbtb07618toolbar (Adware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase VÊrdier:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{77fbf9b8-1d37-4ff2-9ced-192d8e3aba6f} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{77fbf9b8-1d37-4ff2-9ced-192d8e3aba6f} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Filer:
(Ingen mistÊnkelige filer fundet)

Inficerede Mapper:
C:\WINDOWS\system32\wsnpoem (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Ejer\Application Data\nidle (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Programmer\WWShow (Trojan.Agent) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0851 (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Programmer\Jcore (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Programmer\winupdate (Worm.P2P) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\aNI13 (Trojan.Agent) -> Quarantined and deleted successfully.

Inficerede Filer:
C:\Programmer\WWShow\WWShow.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Ejer\winss.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Programmer\Mozilla Firefox\components\srff.dll (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1FD1846F-4D58-43DF-B050-006CA39AB12A}\RP567\A0051898.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1FD1846F-4D58-43DF-B050-006CA39AB12A}\RP571\A0053418.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1FD1846F-4D58-43DF-B050-006CA39AB12A}\RP574\A0059666.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1FD1846F-4D58-43DF-B050-006CA39AB12A}\RP574\A0059667.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1FD1846F-4D58-43DF-B050-006CA39AB12A}\RP574\A0059669.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1FD1846F-4D58-43DF-B050-006CA39AB12A}\RP574\A0059670.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1FD1846F-4D58-43DF-B050-006CA39AB12A}\RP574\A0059671.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1FD1846F-4D58-43DF-B050-006CA39AB12A}\RP574\A0059673.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1FD1846F-4D58-43DF-B050-006CA39AB12A}\RP574\A0059674.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1FD1846F-4D58-43DF-B050-006CA39AB12A}\RP574\A0059677.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bszip.dll (Worm.P2P) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\MSINET.oca (Rogue.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\89fd950.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wsnpoem\audio.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wsnpoem\audio.dll.cla (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wsnpoem\video.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0851\Desktop.ini (Backdoor.Bot) -> Quarantined and deleted successfully.

Her er loggen fra ComboFix. Jeg har lige fået at vide, at vores hjemmeside har været hakket. Kan det været sket gennem denne computer? De øvrige computere her er MACs udover en enkelt anden PC, som kører med Avast-beskyttelse.

Det er fedt, at I kan hjælpe :) Hvad er næste skridt?



ComboFix 09-04-20.05 - HP_Ejer 20-04-2009 10:48.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.45.1030.18.2047.1642 [GMT 2:00]
K¯rer fra: c:\documents and settings\HP_Ejer\Skrivebord\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090419-0] *On-access scanning disabled* (Updated)
* Dannede nyt systemgendannelsespunkt
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\HP_Ejer\Lokale indstillinger\Temporary Internet Files\CPV.stt
c:\programmer\FÊlles filer\download
c:\programmer\FÊlles filer\inetget
c:\programmer\FÊlles filer\windows
c:\programmer\FÊlles filer\windows\AutoIt3.exe
c:\programmer\FÊlles filer\windows\psapi.dll
c:\windows\system32\acrnxbvc.ini
c:\windows\system32\activedsy.exe
c:\windows\system32\agxqub.dll
c:\windows\system32\ancwsolv.ini
c:\windows\system32\atxtdxaq.ini
c:\windows\system32\bhhhhutn.ini
c:\windows\system32\btjixysm.ini
c:\windows\system32\ccuoguek.ini
c:\windows\system32\crypts.dll
c:\windows\system32\digiwet.dll
c:\windows\system32\dnxtfukg.ini
c:\windows\system32\dvenjndn.ini
c:\windows\system32\dvxynpcp.ini
c:\windows\system32\ebbnvdvk.ini
c:\windows\system32\igafwpav.ini
c:\windows\system32\ijsgoufx.ini
c:\windows\system32\inctefrl.ini
c:\windows\system32\jkobtgop.ini
c:\windows\system32\lcnkrokl.ini
c:\windows\system32\lmiecxpf.ini
c:\windows\system32\loesvfvk.ini
c:\windows\system32\lubaquqi.ini
c:\windows\system32\lvdcvlja.ini
c:\windows\system32\ncskbvkj.dll
c:\windows\system32\nwypwims.ini
c:\windows\system32\ohrgohfd.dll
c:\windows\system32\oqhnlssh.ini
c:\windows\system32\pfmsjthk.ini
c:\windows\system32\ptsotlls.ini
c:\windows\system32\pxhwptio.ini
c:\windows\system32\pYJlonpo.ini
c:\windows\system32\pYJlonpo.ini2
c:\windows\system32\qfotvnrd.ini
c:\windows\system32\qmnxfyfy.dll
c:\windows\system32\rqviacqf.dll
c:\windows\system32\rtxwyqrv.ini
c:\windows\system32\rxtwehtm.ini
c:\windows\system32\skdmrg.dll
c:\windows\system32\sxavyvts.ini
c:\windows\system32\sxkedfrg.ini
c:\windows\system32\ucvheqkh.ini
c:\windows\system32\udwwsnpu.ini
c:\windows\system32\uokbeciy.ini
c:\windows\system32\vunkquiv.ini
c:\windows\system32\wsbnnl.dll
c:\windows\system32\yzqpwr.dll
D:\Autorun.inf
c:\windows\system32\drivers\str.sys . . . . lykkedes ikke at slette

.
(((((((((((((((((((((((((((((((((((((((  Drivers/Tjenester  )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SAMSSRPCSS
-------\Service_SamSsRpcSs


(((((((((((((((((((((((((((((  Filer skabt fra 2009-03-20 til 2009-04-20  )))))))))))))))))))))))))))))))))))
.

2009-04-20 08:38 . 2009-04-20 08:38    20480    --sha-w    c:\windows\system32\accessn.dll
2009-04-20 08:37 . 2009-04-20 08:38    86    --s-a-w    c:\windows\system32\283006063.dat
2009-04-17 10:20 . 2009-04-17 10:20    --------    d-----w    c:\documents and settings\HP_Ejer\Application Data\Malwarebytes
2009-04-17 10:20 . 2009-04-06 13:32    15504    ----a-w    c:\windows\system32\drivers\mbam.sys
2009-04-17 10:20 . 2009-04-06 13:32    38496    ----a-w    c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-17 10:20 . 2009-04-17 10:23    --------    d-----w    c:\programmer\Malwarebytes' Anti-Malware
2009-04-17 10:20 . 2009-04-17 10:20    --------    d-----w    c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-16 14:31 . 2009-04-16 14:31    578560    -c--a-w    c:\windows\system32\dllcache\user32.dll
2009-04-16 14:28 . 2009-04-16 14:28    --------    d-----w    c:\windows\ERUNT
2009-04-16 14:24 . 2009-04-17 07:14    --------    d-----w    C:\SDFix
2009-04-16 09:45 . 2009-04-16 09:45    --------    d-----w    c:\documents and settings\HP_Ejer\DoctorWeb
2009-04-16 08:56 . 2009-04-16 08:56    --------    d--h--r    c:\documents and settings\All Users\Application Data\Atheros
2009-04-16 08:54 . 2009-04-16 08:54    --------    d-----w    c:\programmer\NETGEAR
2009-04-16 08:54 . 2009-04-16 08:54    --------    d-----w    c:\documents and settings\All Users\Application Data\NETGEAR
2009-04-14 11:09 . 2009-04-14 11:09    --------    d-----w    c:\programmer\Alwil Software
2009-04-03 11:02 . 2009-04-03 11:02    --------    d-----w    c:\programmer\CCleaner
2009-03-26 12:19 . 2009-03-27 19:22    283    ----a-w    c:\windows\system32\ub.dat

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-16 08:56 . 2004-01-01 09:27    --------    d--h--w    c:\programmer\InstallShield Installation Information
2009-04-14 12:30 . 2005-11-30 14:55    --------    d-----w    c:\programmer\Freeprod Toolbar
2009-04-14 11:09 . 2005-12-02 09:15    --------    d-----w    c:\programmer\NaviSearch
2009-04-14 11:09 . 2005-12-02 09:15    --------    d-----w    c:\programmer\BullsEye Network
2009-04-14 11:02 . 2004-01-01 07:07    --------    d-----w    c:\programmer\Symantec
2009-04-14 11:02 . 2004-01-01 07:07    --------    d-----w    c:\programmer\FÊlles filer\Symantec Shared
2009-04-03 11:14 . 2004-01-01 15:22    75196    ----a-w    c:\windows\system32\perfc006.dat
2009-04-03 11:14 . 2004-01-01 15:22    420068    ----a-w    c:\windows\system32\perfh006.dat
2009-04-03 10:54 . 2004-01-01 07:07    --------    d-----w    c:\documents and settings\All Users\Application Data\Symantec
2009-04-03 10:44 . 2004-01-01 08:05    --------    d-----w    c:\programmer\Java
2009-03-13 08:46 . 2009-03-13 08:46    --------    d-----w    c:\documents and settings\HP_Ejer\Application Data\Twain
2009-03-09 03:19 . 2009-03-05 14:39    410984    ----a-w    c:\windows\system32\deploytk.dll
2009-03-06 09:17 . 2004-01-01 07:30    80647    ----a-w    c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-03-06 09:12 . 2004-01-01 15:22    250576    --sha-r    C:\ntldr
2009-02-09 14:07 . 2004-01-01 15:22    1846784    ----a-w    c:\windows\system32\win32k.sys
2006-07-07 10:57 . 2006-07-07 10:56    142    ----a-w    c:\documents and settings\Administrator\Lokale indstillinger\Application Data\fusioncache.dat
2005-06-10 13:20 . 2004-12-10 14:39    71800    ----a-w    c:\documents and settings\HP_Ejer\Lokale indstillinger\Application Data\GDIPFONTCACHEV1.DAT
2004-12-10 14:39 . 2004-12-08 12:09    136    ----a-w    c:\documents and settings\HP_Ejer\Lokale indstillinger\Application Data\fusioncache.dat
2005-05-11 17:2005-06-30 12:04        34:00 .    c:\programmer\mozilla firefox\components\jar50.dll
2005-05-11 17:2005-06-30 12:04        34:00 .    c:\programmer\mozilla firefox\components\jsd3250.dll
2005-05-11 17:2005-06-30 12:04        34:00 .    c:\programmer\mozilla firefox\components\xpinstal.dll
.

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*BemÊrk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"SiS Windows KeyHook"="c:\windows\System32\keyhook.exe" [2004-05-20 249856]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"ATIPTA"="c:\programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-24 339968]
"DAEMON Tools-1033"="c:\programmer\D-Tools\daemon.exe" [2004-08-22 81920]
"ATICCC"="c:\programmer\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2005-03-04 88209]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-07-01 73728]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\ALCWZRD.EXE [2004-07-06 2550272]

c:\documents and settings\HP_Ejer\Menuen Start\Programmer\Start\
Corel Registration.lnk - c:\programmer\Corel\Graphics9\Register\Remind32.exe [2005-3-3 67584]

c:\documents and settings\All Users\Menuen Start\Programmer\Start\
HP Digital Imaging Monitor.lnk - c:\programmer\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-29 241664]
NETGEAR WN111v2 Smart Wizard.lnk - c:\programmer\NETGEAR\WN111v2\WN111V2.exe [2008-5-9 1474631]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\a2service.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ArcaCheck.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\arcavir.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashDisp.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashEnhcd.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashServ.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashUpd.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\aswUpdSv.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avcls.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avz.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avz4.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avz_se.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdinit.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\caav.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\caavguiscan.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\casecuritycenter.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ccupdate.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfp.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfpupdat.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cmdagent.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DRWEB32.EXE]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FAMEH32.EXE]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FPAVServer.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fpscan.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FPWin.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsav32.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsgk32st.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FSMA32.EXE]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guardxservice.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guardxup.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navigator.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NAVSTUB.EXE]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Nvcc.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\outpost.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\preupd.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pskdr.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SfFnUp.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Vba32arkit.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vba32ldr.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Zanda.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zapro.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Zlh.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zoneband.dll]
"Debugger"=ntsd -d

[HKLM\~\startupfolder\c:^documents and settings^all users^menuen start^programmer^start^adobe reader hurtigstart.lnk]
path=c:\documents and settings\All Users\Menuen Start\Programmer\Start\Adobe Reader Hurtigstart.lnk
backup=c:\windows\pss\Adobe Reader Hurtigstart.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"JavaQuickStarterService"=2 (0x2)
"SNDSrvc"=3 (0x3)
"ose"=3 (0x3)
"iPodService"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmer\\Messenger\\msmsgs.exe"=
"c:\\Programmer\\Autodesk\\3dsMax8\\3dsmax.exe"=
"c:\\Programmer\\Autodesk\\backburner\\monitor.exe"=
"c:\\Programmer\\Autodesk\\backburner\\manager.exe"=
"c:\\Programmer\\Autodesk\\backburner\\server.exe"=
"c:\\Programmer\\SmartFTP\\SmartFTP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 89fd950;89fd950; [x]
S1 aswsp;avast! Self Protection; [x]
S2 aswfsblk;aswfsblk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S3 dnindis5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.SYS [2003-07-24 17149]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Ujafrofb

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\autorun.exe
.
- - - - TOMME GENVEJE FJERNET - - - -

BHO-{fe887f31-69c0-4a97-937f-e76930556d3b} - (no file)
HKCU-Run-Sonic RecordNow! - (no file)
HKLM-Run-VTTimer - VTTimer.exe
Notify-gebspnlb - geBspnLb.dll


.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DA_DK&c=Q404&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DA_DK&c=Q404&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
IE: Bloker alle billeder fra den samme server - c:\programmer\Avant Browser\AddAllToADBlackList.htm
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Marker forekomster af ord p denne side - c:\programmer\Avant Browser\Highlight.htm
IE: S¯g p ord - c:\programmer\Avant Browser\Search.htm
IE: Tilf¯j til AD Black List - c:\programmer\Avant Browser\AddToADBlackList.htm
IE: ≈ben alle links p denne side... - c:\programmer\Avant Browser\OpenAllLinks.htm
DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} - hxxps://www.sparlolland.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab
FF - ProfilePath -

---- FIREFOX POLITIKKER ----
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("backups.number_of_prefs_copies", 1);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("browser.link.open_newwindow.ui", 3); // prefs UI version
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.closed", "allAccess");
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.document", "allAccess");
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.frames", "allAccess");
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.history", "allAccess");
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.length", "allAccess");
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.opener", "allAccess");
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.parent", "allAccess");
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.self", "allAccess");
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.top", "allAccess");
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.window", "allAccess");
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.DOMParser,parseFromString", "noAccess");
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.DOMParser,parseFromStream", "noAccess");
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("dom.disable_window_open_feature.status",      false);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("advanced.always_load_images",        true);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.protocol-handler.external.help", false);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.http.connect.timeout",  30);    // in seconds
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.http.request.timeout", 120);    // in seconds
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.IDN_show_punycode", true);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.image.imageBehavior",        0); // 0-Accept, 1-dontAcceptForeign, 2-dontUse
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.cookie.cookieBehavior",      3); // 0-Accept, 1-dontAcceptForeign, 2-dontUse, 3-p3p
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel",            1); // 0=low, 1=medium, 2=high, 3=custom
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.enablePad",                  false); // Allow client to do proxy autodiscovery
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("app.id", "{ec8030f7-c20a-464f-9b0e-13a3a9e97384}");
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("app.version",
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("app.extensions.version", "1.0");
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("app.build_id",
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.autoUpdateEnabled", true);    // Whether or not background app updates
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.url", "chrome://mozapps/locale/update/update.properties");
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.updatesAvailable", false);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.lastUpdateDate", 0);          // UTC offset when last App update was
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.performed", false);            // Whether or not an update has been
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.autoUpdateEnabled", true);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.autoUpdate", false);    // Automatically download and install
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.interval", 604800000);  // Check for updates to Extensions and
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.lastUpdateDate", 0);    // UTC offset when last Extension/Theme
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.severity.threshold", 5);// The number of pending Extension/Theme
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.count", 0);            // The number of extension/theme/etc
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("update.interval", 3600000);              // Check each of the above intervals
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("update.showSlidingNotification", true);  // Windows-only slide-up taskbar
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("update.severity", 0);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("general.useragent.vendor", "Firefox");
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("general.useragent.vendorSub",
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.update.resetHomepage",        false);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.startup.homepage_override.1", false);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.turbo.enabled", false);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://browser/content/searchconfig.properties");
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom",  "chrome://browser/content/searchconfig.properties");
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("update_notifications.enabled", true);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("update_notifications.provider.0.frequency", 7); // number of days
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.xul.error_pages.enabled", false);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("pfs.datasource.url", "chrome://mozapps/locale/plugins/plugins.properties");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-20 10:53
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 


c:\windows\system32\drivers\str.sys 0 bytes
c:\windows\system32\drivers\rjjasotfffv.sys 31104 bytes executable

scanning gennemf¯rt med succes
skjulte filer: 2

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\gyuwcubnkcii]
"ImagePath"="\??\c:\windows\system32\drivers\rjjasotfffv.sys"
--

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SamSsRpcSs]
"ImagePath"="c:\windows\system32\activedsy.exe srv"
.
--------------------- DLLs startet under k¯rende Processer ---------------------

- - - - - - - > 'winlogon.exe'(1156)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Andre k¯rende processer ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\acs.exe
c:\programmer\FÊlles filer\Autodesk Shared\Service\AdskScSrv.exe
c:\windows\system32\drivers\CDANTSRV.EXE
c:\programmer\FÊlles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programmer\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
c:\windows\system32\wdfmgr.exe
.
**************************************************************************
.
Gennemf¯rt tid: 2009-04-20 10:56 - maskinen blev genstartet
ComboFix-quarantined-files.txt  2009-04-20 08:56

Pre-K¯rsel: 135.457.615.872 byte ledig
Post-K¯rsel: 136.051.482.624 byte ledig

369    --- E O F ---    2009-03-12 02:00

Opret lige først en Backup af reg basen.
Start > Kør > Skriv regedit > Klik ok > Marker øverst "Denne computer" > Ud i filer > Eksporter > Giv din backup et navn.
Husk at deaktiver Avast før du kører Combofix.

Åbn et Notesblokvindue, kopiér indholdet med fed skrift ind i dokumentet, og gem indholdet samme sted, som Combofix ligger med navnet CFScript.txt Når du gemmer, skal du sikre, at der under "filtyper" står "alle filer".


Killall::
File::
c:\windows\system32\accessn.dll
c:\windows\system32\283006063.dat
c:\windows\system32\drivers\str.sys
c:\windows\system32\drivers\rjjasotfffv.sys
c:\windows\system32\activedsy.exe srv
RootKit::
c:\windows\system32\accessn.dll
c:\windows\system32\283006063.dat
c:\windows\system32\drivers\str.sys
c:\windows\system32\drivers\rjjasotfffv.sys
c:\windows\system32\activedsy.exe srv
Driver::
89fd950
Registry::
[-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\gyuwcubnkcii]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SamSsRpcSs]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\a2service.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ArcaCheck.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\arcavir.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashDisp.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashEnhcd.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashServ.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashUpd.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\aswUpdSv.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avcls.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avz.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avz4.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avz_se.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdinit.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\caav.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\caavguiscan.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\casecuritycenter.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ccupdate.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfp.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfpupdat.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cmdagent.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DRWEB32.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FAMEH32.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FPAVServer.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fpscan.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FPWin.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsav32.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsgk32st.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FSMA32.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guardxservice.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guardxup.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navigator.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NAVSTUB.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Nvcc.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\outpost.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\preupd.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pskdr.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SfFnUp.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Vba32arkit.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vba32ldr.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Zanda.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zapro.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Zlh.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zoneband.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
"Ujafrofb"=-



Tag så fat i den nye fil med musen, og før den hen over ikonet for Combofix, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif
Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Kopier den logfil  herind.

PS: Gør lige det her, inden du kører CFScript.txt:
Højreklik på Avast ikonet, og vælg 'Settings'. Sæt det flueben, som er markeret med et rødt kryds på billedet her:
http://img.photobucket.com/albums/v666/sUBs/Avast.gif

Hej

Efter en mindre pause grundet et voldsomt arbejdspres er jeg nu tilbage på mission PC-anti virus. Jeg håber, at I fortsat er med mig?

Ang. Avast, så starter den slet ikke mere automatisk mere og jeg kan heller ikke få den til det ved at geninstallere programmet?

Jeg har kørt ComboFix på den måde, som I har fortalt mig. Det gik også udenmærket bort set fra, at den endte med at skrive "filer var ikke ventet pö dette tidspunkt."? Kan det være fordi at Avast har fjernet et eller andet under mine bestræbelser på at få Avast til at virke igen?

Loggen åbnede ikke automatisk, men jeg fandt den i mappen:

ComboFix 09-04-27.03 - HP_Ejer 28-04-2009  9:44:48.2 - NTFSx86

Microsoft Windows XP Home Edition  5.1.2600.3.1252.45.1030.18.2047.1631 [GMT 2:00]

K¯rer fra: C:\Documents and Settings\HP_Ejer\Skrivebord\ComboFix.exe

Kommandoer benyttet :: C:\ComboFix\CFScript.txt

* Dannede nyt systemgendannelsespunkt

.



(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))

.



C:\WINDOWS\system32\drivers\str.sys

.

---- Forrige K¯rsel -------

.

C:\Documents and Settings\HP_Ejer\Lokale indstillinger\Temporary Internet Files\CPV.stt

C:\Programmer\FÊlles filer\download

C:\Programmer\FÊlles filer\inetget

C:\Programmer\FÊlles filer\windows

C:\Programmer\FÊlles filer\windows\AutoIt3.exe

C:\Programmer\FÊlles filer\windows\psapi.dll

C:\WINDOWS\system32\acrnxbvc.ini

C:\WINDOWS\system32\activedsy.exe

C:\WINDOWS\system32\agxqub.dll

C:\WINDOWS\system32\ancwsolv.ini

C:\WINDOWS\system32\atxtdxaq.ini

C:\WINDOWS\system32\bhhhhutn.ini

C:\WINDOWS\system32\btjixysm.ini

C:\WINDOWS\system32\ccuoguek.ini

C:\WINDOWS\system32\crypts.dll

C:\WINDOWS\system32\digiwet.dll

C:\WINDOWS\system32\dnxtfukg.ini

C:\WINDOWS\system32\dvenjndn.ini

C:\WINDOWS\system32\dvxynpcp.ini

C:\WINDOWS\system32\ebbnvdvk.ini

C:\WINDOWS\system32\igafwpav.ini

C:\WINDOWS\system32\ijsgoufx.ini

C:\WINDOWS\system32\inctefrl.ini

C:\WINDOWS\system32\jkobtgop.ini

C:\WINDOWS\system32\lcnkrokl.ini

C:\WINDOWS\system32\lmiecxpf.ini

C:\WINDOWS\system32\loesvfvk.ini

C:\WINDOWS\system32\lubaquqi.ini

C:\WINDOWS\system32\lvdcvlja.ini

C:\WINDOWS\system32\ncskbvkj.dll

C:\WINDOWS\system32\nwypwims.ini

C:\WINDOWS\system32\ohrgohfd.dll

C:\WINDOWS\system32\oqhnlssh.ini

C:\WINDOWS\system32\pfmsjthk.ini

C:\WINDOWS\system32\ptsotlls.ini

C:\WINDOWS\system32\pxhwptio.ini

C:\WINDOWS\system32\pYJlonpo.ini

C:\WINDOWS\system32\pYJlonpo.ini2

C:\WINDOWS\system32\qfotvnrd.ini

C:\WINDOWS\system32\qmnxfyfy.dll

C:\WINDOWS\system32\rqviacqf.dll

C:\WINDOWS\system32\rtxwyqrv.ini

C:\WINDOWS\system32\rxtwehtm.ini

C:\WINDOWS\system32\skdmrg.dll

C:\WINDOWS\system32\sxavyvts.ini

C:\WINDOWS\system32\sxkedfrg.ini

C:\WINDOWS\system32\ucvheqkh.ini

C:\WINDOWS\system32\udwwsnpu.ini

C:\WINDOWS\system32\uokbeciy.ini

C:\WINDOWS\system32\vunkquiv.ini

C:\WINDOWS\system32\wsbnnl.dll

C:\WINDOWS\system32\yzqpwr.dll

D:\Autorun.inf

C:\WINDOWS\system32\drivers\str.sys . . . . lykkedes ikke at slette



.

(((((((((((((((((((((((((((((((((((((((  Drivers/Tjenester  )))))))))))))))))))))))))))))))))))))))))))))))))

.



-------\Legacy_SAMSSRPCSS

-------\Service_SamSsRpcSs





(((((((((((((((((((((((((((((  Filer skabt fra 2009-05-28 til 2009-4-28  )))))))))))))))))))))))))))))))))))

.



2009-04-28 07:20:53 . 2009-04-28 07:20:53    0    d-----w    C:\WINDOWS\LastGood

2009-04-27 14:44:21 . 2006-06-29 11:07:36    14048    ------w    C:\WINDOWS\system32\spmsg2.dll

2009-04-27 14:39:07 . 2009-04-27 14:44:03    0    d-----w    C:\WINDOWS\system32\XPSViewer

2009-04-27 14:39:02 . 2009-04-27 14:39:03    0    d-----w    C:\Programmer\MSBuild

2009-04-27 14:38:55 . 2009-04-27 14:38:55    0    d-----w    C:\Programmer\Reference Assemblies

2009-04-27 14:38:31 . 2008-07-06 12:06:10    117760    ------w    C:\WINDOWS\system32\prntvpt.dll

2009-04-27 14:38:31 . 2008-07-06 12:06:10    89088    -c----w    C:\WINDOWS\system32\dllcache\filterpipelineprintproc.dll

2009-04-27 14:38:31 . 2008-07-06 10:50:03    597504    -c----w    C:\WINDOWS\system32\dllcache\printfilterpipelinesvc.exe

2009-04-27 14:38:31 . 2008-07-06 12:06:10    575488    -c----w    C:\WINDOWS\system32\dllcache\xpsshhdr.dll

2009-04-27 14:38:31 . 2008-07-06 12:06:10    575488    ------w    C:\WINDOWS\system32\xpsshhdr.dll

2009-04-27 14:38:30 . 2008-07-06 12:06:10    1676288    -c----w    C:\WINDOWS\system32\dllcache\xpssvcs.dll

2009-04-27 14:38:30 . 2008-07-06 12:06:10    1676288    ------w    C:\WINDOWS\system32\xpssvcs.dll

2009-04-27 14:38:30 . 2009-04-27 14:38:42    0    d-----w    C:\5050073f2bc7af8add

2009-04-20 08:57:40 . 2009-02-06 10:10:02    227840    -c----w    C:\WINDOWS\system32\dllcache\wmiprvse.exe

2009-04-20 08:57:39 . 2009-03-06 14:20:58    284672    -c----w    C:\WINDOWS\system32\dllcache\pdh.dll

2009-04-20 08:57:39 . 2009-02-09 11:25:40    110592    -c----w    C:\WINDOWS\system32\dllcache\services.exe

2009-04-20 08:57:39 . 2009-02-09 10:53:27    401408    -c----w    C:\WINDOWS\system32\dllcache\rpcss.dll

2009-04-20 08:57:39 . 2009-02-09 10:53:27    473600    -c----w    C:\WINDOWS\system32\dllcache\fastprox.dll

2009-04-20 08:57:39 . 2009-02-09 10:53:27    682496    -c----w    C:\WINDOWS\system32\dllcache\advapi32.dll

2009-04-20 08:57:39 . 2009-02-09 10:53:28    730624    -c----w    C:\WINDOWS\system32\dllcache\lsasrv.dll

2009-04-20 08:57:38 . 2009-02-09 10:53:26    453120    -c----w    C:\WINDOWS\system32\dllcache\wmiprvsd.dll

2009-04-20 08:57:38 . 2009-02-09 10:53:27    719360    -c----w    C:\WINDOWS\system32\dllcache\ntdll.dll

2009-04-20 08:56:37 . 2008-04-21 21:15:43    217088    -c----w    C:\WINDOWS\system32\dllcache\wordpad.exe

2009-04-20 08:37:19 . 2009-04-20 08:38:22    86    --s-a-w    C:\WINDOWS\system32\283006063.dat

2009-04-17 10:20:13 . 2009-04-17 10:20:13    0    d-----w    C:\Documents and Settings\HP_Ejer\Application Data\Malwarebytes

2009-04-17 10:20:10 . 2009-04-06 13:32:46    15504    ----a-w    C:\WINDOWS\system32\drivers\mbam.sys

2009-04-17 10:20:07 . 2009-04-06 13:32:54    38496    ----a-w    C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2009-04-17 10:20:05 . 2009-04-17 10:20:05    0    d-----w    C:\Documents and Settings\All Users\Application Data\Malwarebytes

2009-04-17 10:20:05 . 2009-04-17 10:23:21    0    d-----w    C:\Programmer\Malwarebytes' Anti-Malware

2009-04-16 14:31:30 . 2009-04-16 14:31:30    578560    -c--a-w    C:\WINDOWS\system32\dllcache\user32.dll

2009-04-16 14:28:14 . 2009-04-16 14:28:29    0    d-----w    C:\WINDOWS\ERUNT

2009-04-16 14:24:14 . 2009-04-17 07:14:34    0    d-----w    C:\SDFix

2009-04-16 09:45:42 . 2009-04-16 09:45:42    0    d-----w    C:\Documents and Settings\HP_Ejer\DoctorWeb

2009-04-16 08:56:13 . 2009-04-16 08:56:13    0    d--h--r    C:\Documents and Settings\All Users\Application Data\Atheros

2009-04-16 08:54:31 . 2009-04-16 08:54:31    0    d-----w    C:\Programmer\NETGEAR

2009-04-16 08:54:15 . 2009-04-16 08:54:15    0    d-----w    C:\Documents and Settings\All Users\Application Data\NETGEAR

2009-04-14 11:09:20 . 2009-04-14 11:09:20    0    d-----w    C:\Programmer\Alwil Software

2009-04-03 11:02:58 . 2009-04-03 11:02:58    0    d-----w    C:\Programmer\CCleaner



.

((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-28 07:17:08 . 2004-12-10 14:39:04    71800    ----a-w    C:\Documents and Settings\HP_Ejer\Lokale indstillinger\Application Data\GDIPFONTCACHEV1.DAT

2009-04-27 14:42:21 . 2004-01-01 15:22:23    84224    ----a-w    C:\WINDOWS\system32\perfc006.dat

2009-04-27 14:42:21 . 2004-01-01 15:22:23    460698    ----a-w    C:\WINDOWS\system32\perfh006.dat

2009-04-16 08:56:11 . 2004-01-01 09:27:01    0    d--h--w    C:\Programmer\InstallShield Installation Information

2009-04-14 12:30:43 . 2005-11-30 14:55:24    0    d-----w    C:\Programmer\Freeprod Toolbar

2009-04-14 11:09:02 . 2005-12-02 09:15:10    0    d-----w    C:\Programmer\NaviSearch

2009-04-14 11:09:00 . 2005-12-02 09:15:08    0    d-----w    C:\Programmer\BullsEye Network

2009-04-14 11:02:50 . 2004-01-01 07:07:11    0    d-----w    C:\Programmer\Symantec

2009-04-14 11:02:47 . 2004-01-01 07:07:19    0    d-----w    C:\Programmer\FÊlles filer\Symantec Shared

2009-04-03 10:44:36 . 2004-01-01 08:05:16    0    d-----w    C:\Programmer\Java

2009-03-27 19:22:00 . 2009-03-26 12:19:00    283    ----a-w    C:\WINDOWS\system32\ub.dat

2009-03-09 03:19:08 . 2009-03-05 14:39:48    410984    ----a-w    C:\WINDOWS\system32\deploytk.dll

2009-03-06 14:20:58 . 2004-01-01 14:25:58    284672    ----a-w    C:\WINDOWS\system32\pdh.dll

2009-03-06 09:17:54 . 2004-01-01 07:30:40    80647    ----a-w    C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\index.dat

2009-02-20 08:11:52 . 2004-11-11 18:50:08    667648    ----a-w    C:\WINDOWS\system32\wininet.dll

2009-02-20 08:11:51 . 2004-08-27 00:53:34    81920    ------w    C:\WINDOWS\system32\ieencode.dll

2009-02-10 17:08:50 . 2002-09-09 21:07:24    2068608    ----a-w    C:\WINDOWS\system32\ntkrnlpa.exe

2009-02-09 14:07:12 . 2004-01-01 15:22:15    1846784    ----a-w    C:\WINDOWS\system32\win32k.sys

2009-02-09 11:26:05 . 2004-01-01 15:22:05    2191616    ----a-w    C:\WINDOWS\system32\ntoskrnl.exe

2009-02-09 11:25:40 . 2004-01-01 14:26:10    110592    ----a-w    C:\WINDOWS\system32\services.exe

2009-02-09 10:53:28 . 2004-01-01 15:22:00    730624    ----a-w    C:\WINDOWS\system32\lsasrv.dll

2009-02-09 10:53:27 . 2005-01-03 13:23:06    401408    ----a-w    C:\WINDOWS\system32\rpcss.dll

2009-02-09 10:53:27 . 2004-01-01 15:22:04    719360    ----a-w    C:\WINDOWS\system32\ntdll.dll

2009-02-09 10:53:27 . 2004-01-01 14:19:22    682496    ----a-w    C:\WINDOWS\system32\advapi32.dll

2009-02-06 10:39:08 . 2004-01-01 14:26:09    35328    ----a-w    C:\WINDOWS\system32\sc.exe

2009-02-03 19:58:19 . 2004-01-01 14:26:09    56832    ----a-w    C:\WINDOWS\system32\secur32.dll

2005-05-11 17:34:00 . 2005-06-30 12:04:46    41578    ----a-w    C:\Programmer\mozilla firefox\components\jar50.dll

2005-05-11 17:34:00 . 2005-06-30 12:04:47    48228    ----a-w    C:\Programmer\mozilla firefox\components\jsd3250.dll

2005-05-11 17:34:00 . 2005-06-30 12:04:46    159340    ----a-w    C:\Programmer\mozilla firefox\components\xpinstal.dll

.



(((((((((((((((((((((((((((((  SnapShot@2009-04-20_08.53.17  )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-07-29 19:10:04 . 2008-07-29 19:10:04    26112              C:\WINDOWS\system32\TsWpfWrp.exe

- 2005-01-27 10:23:30 . 2007-08-10 07:14:24    26488              C:\WINDOWS\system32\spupdsvc.exe

+ 2005-01-27 10:23:30 . 2007-11-30 11:18:51    26488              C:\WINDOWS\system32\spupdsvc.exe

+ 2009-04-27 14:38:41 . 2008-07-06 12:06:10    89088              C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

+ 2004-01-01 07:02:18 . 2002-10-16 15:57:10    81920              C:\WINDOWS\system32\ReinstallBackups\0018\DriverFiles\ps2.bat

+ 2004-01-01 07:17:21 . 2002-10-16 15:57:10    81920              C:\WINDOWS\system32\ReinstallBackups\0017\DriverFiles\ps2.bat

+ 2004-01-01 07:08:24 . 2002-10-16 15:57:10    81920              C:\WINDOWS\system32\ReinstallBackups\0016\DriverFiles\ps2.bat

+ 2004-01-01 07:15:11 . 2002-10-16 15:57:10    81920              C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\ps2.bat

+ 2004-01-01 07:08:27 . 2002-10-16 15:57:10    81920              C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\ps2.bat

+ 2004-01-01 07:14:39 . 2002-10-16 15:57:10    81920              C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\ps2.bat

+ 2004-12-08 12:03:47 . 2002-10-16 15:57:10    81920              C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\ps2.bat

+ 2004-01-01 07:11:45 . 2002-10-16 15:57:10    81920              C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\ps2.bat

+ 2004-01-01 09:00:34 . 2002-10-16 15:57:10    81920              C:\WINDOWS\system32\ps2.bat

+ 2008-07-29 17:59:58 . 2008-07-29 17:59:58    43544              C:\WINDOWS\system32\PresentationHostProxy.dll

+ 2004-01-01 15:22:06 . 2009-04-27 14:42:21    72712              C:\WINDOWS\system32\perfc009.dat

+ 2008-07-25 09:17:04 . 2008-07-25 09:17:04    15360              C:\WINDOWS\system32\mui\0409\mscorees.dll

+ 2008-09-10 15:43:58 . 2008-09-10 15:43:58    15872              C:\WINDOWS\system32\mui\0406\mscorees.dll

- 2005-01-03 13:23:07 . 2008-04-14 16:05:27    91648              C:\WINDOWS\system32\mtxoci.dll

+ 2005-01-03 13:23:07 . 2008-06-12 14:23:34    91648              C:\WINDOWS\system32\mtxoci.dll

+ 2005-01-03 13:23:07 . 2008-06-12 14:23:34    66560              C:\WINDOWS\system32\mtxclu.dll

- 2005-01-03 13:23:07 . 2008-04-14 16:05:27    66560              C:\WINDOWS\system32\mtxclu.dll

+ 2004-01-01 14:25:36 . 2008-06-12 14:23:34    58880              C:\WINDOWS\system32\msdtclog.dll

- 2004-01-01 14:25:36 . 2008-04-14 16:05:25    58880              C:\WINDOWS\system32\msdtclog.dll

+ 2004-01-01 07:28:58 . 2004-02-11 21:26:00    19429              C:\WINDOWS\system32\MsDtc\Trace\msdtcvtr.bat

+ 2008-07-25 09:16:58 . 2008-07-25 09:16:58    83968              C:\WINDOWS\system32\mscories.dll

+ 2008-07-29 17:24:50 . 2008-07-29 17:24:50    97800              C:\WINDOWS\system32\infocardapi.dll

+ 2008-07-29 17:24:50 . 2008-07-29 17:24:50    11264              C:\WINDOWS\system32\icardres.dll

+ 2008-07-29 19:10:04 . 2008-07-29 19:10:04    73720              C:\WINDOWS\system32\dxva2.dll

- 2009-04-14 11:09:48 . 2009-02-05 20:05:11    26944              C:\WINDOWS\system32\drivers\aavmker4.sys

+ 2009-04-20 13:43:05 . 2009-02-05 20:05:11    26944              C:\WINDOWS\system32\drivers\aavmker4.sys

- 2009-04-14 11:09:49 . 2009-02-05 20:06:20    51376              C:\WINDOWS\system32\drivers\aswTdi.sys

+ 2009-04-20 13:43:05 . 2009-02-05 20:06:20    51376              C:\WINDOWS\system32\drivers\aswTdi.sys

- 2009-04-14 11:09:50 . 2009-02-05 20:06:10    23152              C:\WINDOWS\system32\drivers\aswRdr.sys

+ 2009-04-20 13:43:06 . 2009-02-05 20:06:10    23152              C:\WINDOWS\system32\drivers\aswRdr.sys

+ 2009-04-20 13:43:03 . 2009-02-05 20:08:10    94032              C:\WINDOWS\system32\drivers\aswmon2.sys

- 2009-04-14 11:09:42 . 2009-02-05 20:08:10    94032              C:\WINDOWS\system32\drivers\aswmon2.sys

- 2009-04-14 11:09:42 . 2009-02-05 20:08:19    93296              C:\WINDOWS\system32\drivers\aswmon.sys

+ 2009-04-20 13:43:03 . 2009-02-05 20:08:19    93296              C:\WINDOWS\system32\drivers\aswmon.sys

- 2009-04-14 11:09:43 . 2009-02-05 20:07:12    20560              C:\WINDOWS\system32\drivers\aswFsBlk.sys

+ 2009-04-20 13:43:03 . 2009-02-05 20:07:12    20560              C:\WINDOWS\system32\drivers\aswFsBlk.sys

+ 2009-02-03 19:58:19 . 2009-02-03 19:58:19    56832              C:\WINDOWS\system32\dllcache\secur32.dll

+ 2004-01-01 14:26:09 . 2009-02-06 10:39:08    35328              C:\WINDOWS\system32\dllcache\sc.exe

+ 2008-06-12 14:23:34 . 2008-06-12 14:23:34    91648              C:\WINDOWS\system32\dllcache\mtxoci.dll

+ 2008-06-12 14:23:34 . 2008-06-12 14:23:34    66560              C:\WINDOWS\system32\dllcache\mtxclu.dll

+ 2008-06-12 14:23:34 . 2008-06-12 14:23:34    58880              C:\WINDOWS\system32\dllcache\msdtclog.dll

+ 2009-02-20 08:11:51 . 2009-02-20 08:11:51    81920              C:\WINDOWS\system32\dllcache\ieencode.dll

+ 2008-07-25 09:16:46 . 2008-07-25 09:16:46    96760              C:\WINDOWS\system32\dfshim.dll

+ 2004-01-01 07:33:29 . 2009-04-20 14:34:48    32768              C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Temporary Internet Files\Content.IE5\index.dat

- 2004-01-01 07:33:29 . 2009-04-20 08:52:51    32768              C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Temporary Internet Files\Content.IE5\index.dat

- 2004-01-01 07:33:29 . 2009-04-20 08:52:51    32768              C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Oversigt\History.IE5\index.dat

+ 2004-01-01 07:33:29 . 2009-04-20 14:34:48    32768              C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Oversigt\History.IE5\index.dat

- 2004-01-01 07:33:29 . 2009-04-20 08:52:51    16384              C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

+ 2004-01-01 07:33:29 . 2009-04-20 14:34:48    16384              C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

- 2009-04-14 11:09:46 . 2009-02-05 20:04:45    97480              C:\WINDOWS\system32\AvastSS.scr

+ 2009-04-20 13:43:03 . 2009-02-05 20:04:45    97480              C:\WINDOWS\system32\AvastSS.scr

+ 2008-07-29 21:40:48 . 2008-07-29 21:40:48    70648              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

+ 2008-07-29 21:40:48 . 2008-07-29 21:40:48    91136              C:\WINDOWS\Microsoft.NET\Framework\v3.5\MSBuild.exe

+ 2008-07-29 21:40:48 . 2008-07-29 21:40:48    41984              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft.VisualC.STLCLR.dll

+ 2008-07-29 21:40:48 . 2008-07-29 21:40:48    40960              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft.Data.Entity.Build.Tasks.dll

+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    89080              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.2052.dll

+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    92664              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1042.dll

+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    95224              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1041.dll

+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    89592              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1028.dll

+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    84480              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.2052.dll

+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    94720              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1042.dll

+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    97792              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1041.dll

+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    84992              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1028.dll

+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    97280              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\DeleteTemp.exe

+ 2008-10-21 19:02:30 . 2008-10-21 19:02:30    97280              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - dan\DeleteTemp.exe

+ 2008-10-23 05:21:28 . 2008-10-23 05:21:28    27912              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - dan\baseline.dat

+ 2008-07-29 21:40:48 . 2008-07-29 21:40:48    95224              C:\WINDOWS\Microsoft.NET\Framework\v3.5\EdmGen.exe

+ 2008-07-29 21:40:48 . 2008-07-29 21:40:48    78856              C:\WINDOWS\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe

+ 2008-10-23 05:23:32 . 2008-10-23 05:23:32    43864              C:\WINDOWS\Microsoft.NET\Framework\v3.5\da\MSBuild.resources.exe

+ 2008-10-23 05:23:32 . 2008-10-23 05:23:32    19288              C:\WINDOWS\Microsoft.NET\Framework\v3.5\da\EdmGen.Resources.dll

+ 2008-10-23 05:23:32 . 2008-10-23 05:23:32    16224              C:\WINDOWS\Microsoft.NET\Framework\v3.5\da\DataSvcUtil.resources.dll

+ 2008-07-29 21:40:48 . 2008-07-29 21:40:48    41984              C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInUtil.exe

+ 2008-07-29 21:40:48 . 2008-07-29 21:40:48    41992              C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInProcess32.exe

+ 2008-07-29 21:40:48 . 2008-07-29 21:40:48    41992              C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInProcess.exe

+ 2008-07-29 19:10:04 . 2008-07-29 19:10:04    46104              C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

+ 2008-07-29 17:59:58 . 2008-07-29 17:59:58    32768              C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationCFFRasterizer.dll

+ 2008-07-29 19:10:04 . 2008-07-29 19:10:04    71160              C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PenIMC.dll

+ 2008-07-29 17:32:52 . 2008-07-29 17:32:52    17448              C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\PerformanceCounterInstaller.exe

+ 2008-07-29 17:16:38 . 2008-07-29 17:16:38    32768              C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll

+ 2008-07-29 17:16:38 . 2008-07-29 17:16:38    73728              C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.Install.dll

+ 2008-07-29 17:16:38 . 2008-07-29 17:16:38    20504              C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceMonikerSupport.dll

+ 2008-07-29 17:16:38 . 2008-07-29 17:16:38    11280              C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll

+ 2008-10-23 04:02:16 . 2008-10-23 04:02:16    32768              C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\da\WsatConfig.resources.dll

+ 2008-10-23 04:02:16 . 2008-10-23 04:02:16    10240              C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\da\SMSvcHost.resources.dll

+ 2008-10-23 04:02:16 . 2008-10-23 04:02:16    28672              C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\da\ServiceModelReg.resources.dll

+ 2008-10-23 04:02:16 . 2008-10-23 04:02:16    32768              C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\da\ComSvcConfig.resources.dll

+ 2008-07-25 09:17:02 . 2008-07-25 09:17:02    37896              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll

+ 2008-07-25 09:17:02 . 2008-07-25 09:17:02    81400              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL

+ 2008-07-25 09:17:02 . 2008-07-25 09:17:02    77824              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll

+ 2008-07-25 09:17:02 . 2008-07-25 09:17:02    57392              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll

- 2005-09-23 05:28:56 . 2005-09-23 05:28:56    81920              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll

+ 2008-07-25 09:17:00 . 2008-07-25 09:17:00    81920              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll

+ 2008-07-25 09:17:00 . 2008-07-25 09:17:00    81920              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll

- 2005-09-23 05:28:56 . 2005-09-23 05:28:56    81920              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll

+ 2008-07-25 09:17:04 . 2008-07-25 09:17:04    95232              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll

+ 2008-07-25 09:17:02 . 2008-07-25 09:17:02    16896              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll

+ 2008-07-25 09:17:06 . 2008-07-25 09:17:06    61952              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe

- 2005-09-23 05:28:56 . 2005-09-23 05:28:56    32768              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

+ 2008-07-25 09:17:00 . 2008-07-25 09:17:00    32768              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

+ 2008-07-25 09:17:00 . 2008-07-25 09:17:00    53248              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

- 2005-09-23 05:28:56 . 2005-09-23 05:28:56    53248              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

+ 2008-07-25 09:17:02 . 2008-07-25 09:17:02    88584              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll

+ 2008-07-25 09:17:02 . 2008-07-25 09:17:02    24584              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\normalization.dll

+ 2008-07-25 09:17:04 . 2008-07-25 09:17:04    31744              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll

+ 2008-09-10 15:43:58 . 2008-09-10 15:43:58    31744              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MUI\0406\mscorsecr.dll

+ 2008-07-25 09:17:02 . 2008-07-25 09:17:02    19456              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscortim.dll

+ 2008-07-25 09:17:02 . 2008-07-25 09:17:02    69632              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

+ 2008-07-25 09:16:58 . 2008-07-25 09:16:58    18944              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll

+ 2008-07-25 09:17:00 . 2008-07-25 09:17:00    77312              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll

+ 2008-07-25 09:17:00 . 2008-07-25 09:17:00    94208              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorld.dll

+ 2008-07-25 09:17:00 . 2008-07-25 09:17:00    46592              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll

+ 2008-07-25 09:17:00 . 2008-07-25 09:17:00    83456              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll

+ 2008-07-25 09:16:56 . 2008-07-25 09:16:56    69632              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe

- 2005-09-23 05:28:48 . 2005-09-23 05:28:48    69632              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe

+ 2008-07-25 09:16:40 . 2008-07-25 09:16:40    97792              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll

- 2005-09-23 05:28:30 . 2005-09-23 05:28:30    12800              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

+ 2008-07-25 09:16:38 . 2008-07-25 09:16:38    12800              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

+ 2008-07-25 09:16:38 . 2008-07-25 09:16:38    32768              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll

- 2005-09-23 05:28:30 . 2005-09-23 05:28:30    32768              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll

- 2005-09-23 05:28:30 . 2005-09-23 05:28:30    28672              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll

+ 2008-07-25 09:16:38 . 2008-07-25 09:16:38    28672              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll

+ 2008-07-25 09:16:56 . 2008-07-25 09:16:56    77824              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll

+ 2008-07-25 09:16:56 . 2008-07-25 09:16:56    36864              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll

- 2005-09-23 05:28:48 . 2005-09-23 05:28:48    36864              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll

- 2005-09-23 05:28:48 . 2005-09-23 05:28:48    40960              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe

+ 2008-07-25 09:16:54 . 2008-07-25 09:16:54    40960              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe

+ 2008-07-25 09:17:00 . 2008-07-25 09:17:00    72192              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll

- 2005-09-23 05:28:56 . 2005-09-23 05:28:56    72192              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll

+ 2008-07-25 09:17:00 . 2008-07-25 09:17:00    65032              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll

+ 2008-07-25 09:17:00 . 2008-07-25 09:17:00    28672              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe

- 2005-09-23 05:28:56 . 2005-09-23 05:28:56    28672              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe

+ 2008-07-25 09:17:00 . 2008-07-25 09:17:00    77824              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEHost.dll

+ 2008-07-25 09:16:58 . 2008-07-25 09:16:58    18936              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fusion.dll

+ 2008-07-25 09:16:46 . 2008-07-25 09:16:46    62968              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfdll.dll

+ 2008-09-10 15:43:58 . 2008-09-10 15:43:58    81920              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\System.Web.Services.resources.dll

+ 2008-09-10 15:43:58 . 2008-09-10 15:43:58    36864              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\System.Web.Mobile.resources.dll

+ 2008-09-10 15:43:58 . 2008-09-10 15:43:58    16384              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\System.Transactions.resources.dll

+ 2008-09-10 15:43:58 . 2008-09-10 15:43:58    40960              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\System.ServiceProcess.resources.dll

+ 2008-09-10 15:43:58 . 2008-09-10 15:43:58    28672              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\System.Security.resources.dll

+ 2008-09-10 15:43:58 . 2008-09-10 15:43:58    11264              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\System.Runtime.Serialization.Formatters.Soap.resources.dll

+ 2008-09-10 15:43:58 . 2008-09-10 15:43:58    32768              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\System.Runtime.Remoting.resources.dll

+ 2008-09-10 15:43:58 . 2008-09-10 15:43:58    77824              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\System.Messaging.resources.dll

+ 2008-09-10 15:43:58 . 2008-09-10 15:43:58    12800              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\System.Management.resources.dll

+ 2008-09-10 15:43:58 . 2008-09-10 15:43:58    32768              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\System.EnterpriseServices.resources.dll

+ 2008-09-10 15:43:58 . 2008-09-10 15:43:58    24576              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\System.Drawing.resources.dll

+ 2008-09-10 15:43:58 . 2008-09-10 15:43:58    40960              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\System.DirectoryServices.resources.dll

+ 2008-09-10 15:43:58 . 2008-09-10 15:43:58    16896              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\System.DirectoryServices.Protocols.resources.dll

+ 2008-09-10 15:43:58 . 2008-09-10 15:43:58    36864              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\system.data.sqlxml.resources.dll

+ 2008-09-10 15:43:58 . 2008-09-10 15:43:58    49152              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\System.Configuration.resources.dll

+ 2008-09-10 15:43:58 . 2008-09-10 15:43:58    28672              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\System.Configuration.Install.resources.dll

+ 2008-09-10 15:43:58 . 2008-09-10 15:43:58    10240              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\sysglobl.resources.dll

+ 2008-09-10 15:43:58 . 2008-09-10 15:43:58    95232              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\ShFusRes.dll

+ 2008-09-10 15:43:58 . 2008-09-10 15:43:58    11264              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\Regasm.Resources.dll

+ 2008-09-10 15:43:58 . 2008-09-10 15:43:58    12800              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\MSBuild.resources.dll

+ 2008-09-10 15:44:00 . 2008-09-10 15:44:00    57344              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\Microsoft.VisualBasic.resources.dll

+ 2008-09-10 15:43:56 . 2008-09-10 15:43:56    45056              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\Microsoft.JScript.resources.dll

+ 2008-09-10 15:43:58 . 2008-09-10 15:43:58    10240              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\Microsoft.Build.Utilities.Resources.dll

+ 2008-09-10 15:43:58 . 2008-09-10 15:43:58    53248              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\Microsoft.Build.Engine.resources.dll

+ 2008-09-10 15:43:58 . 2008-09-10 15:43:58    36864              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\caspol.resources.dll

+ 2008-09-10 15:43:50 . 2008-09-10 15:43:50    36864              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\aspnet_regsql.resources.dll

+ 2008-09-10 15:43:50 . 2008-09-10 15:43:50    90624              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\aspnet_rc.dll

+ 2008-07-25 09:16:50 . 2008-07-25 09:16:50    35320              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

+ 2008-07-25 09:17:00 . 2008-07-25 09:17:00    69120              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll

+ 2008-07-25 09:17:02 . 2008-07-25 09:17:02    27136              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Culture.dll

- 2005-09-23 05:28:42 . 2005-09-23 05:28:42    13312              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll

+ 2008-07-25 09:16:50 . 2008-07-25 09:16:50    13312              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll

+ 2008-07-25 09:16:50 . 2008-07-25 09:16:50    80376              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe

+ 2008-07-25 09:17:00 . 2008-07-25 09:17:00    89608              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll

+ 2008-11-25 02:59:18 . 2008-11-25 02:59:18    31560              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe

+ 2008-07-25 09:16:40 . 2008-07-25 09:16:40    34312              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

+ 2008-07-25 09:16:40 . 2008-07-25 09:16:40    33288              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe

+ 2008-07-25 09:16:40 . 2008-07-25 09:16:40    24576              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe

+ 2008-07-25 09:16:38 . 2008-07-25 09:16:38    84480              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll

+ 2008-07-25 09:16:40 . 2008-07-25 09:16:40    33800              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll

+ 2008-07-25 09:16:40 . 2008-07-25 09:16:40    17416              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll

+ 2008-07-25 09:16:40 . 2008-07-25 09:16:40    22024              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll

+ 2008-07-25 09:16:40 . 2008-07-25 09:16:40    36864              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe

- 2005-09-23 05:28:32 . 2005-09-23 05:28:32    36864              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe

+ 2008-07-25 09:17:02 . 2008-07-25 09:17:02    58880              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe

+ 2008-07-25 09:16:44 . 2008-07-25 09:16:44    98808              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\alink.dll

+ 2008-07-25 09:17:00 . 2008-07-25 09:17:00    10752              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll

- 2005-09-23 05:28:56 . 2005-09-23 05:28:56    10752              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll

+ 2008-07-25 09:16:50 . 2008-07-25 09:16:50    13824              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll

+ 2008-07-25 09:16:42 . 2008-07-25 09:16:42    28672              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll

+ 2008-09-10 15:43:54 . 2008-09-10 15:43:54    14336              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1030\CvtResUI.dll

+ 2008-09-10 15:43:52 . 2008-09-10 15:43:52    30720              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1030\alinkui.dll

+ 2008-07-25 09:16:58 . 2008-07-25 09:16:58    96768              C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll

+ 2008-07-25 09:17:02 . 2008-07-25 09:17:02    16896              C:\WINDOWS\Microsoft.NET\Framework\SharedReg12.dll

+ 2008-07-25 09:17:02 . 2008-07-25 09:17:02    16896              C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_perfcounter.dll

+ 2008-07-25 09:17:02 . 2008-07-25 09:17:02    16896              C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_mscorwks.dll

+ 2008-07-25 09:16:58 . 2008-07-25 09:16:58    16896              C:\WINDOWS\Microsoft.NET\Framework\sbscmp10.dll

+ 2008-07-25 09:16:58 . 2008-07-25 09:16:58    82944              C:\WINDOWS\Microsoft.NET\Framework\NETFXSBS10.exe

+ 2009-04-27 14:38:31 . 2008-07-06 12:06:10    89088              C:\WINDOWS\Driver Cache\i386\filterpipelineprintproc.dll

+ 2009-04-27 14:47:03 . 2009-04-27 14:47:03    60928              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\a715aa442ef87ae99b3ade185599249d\UIAutomationProvider.ni.dll

+ 2009-04-27 14:51:26 . 2009-04-27 14:51:26    37888              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\423f794d1f4ed6e120fbb02e436491cb\System.Windows.Presentation.ni.dll

+ 2009-04-27 14:51:15 . 2009-04-27 14:51:15    36864              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\19ca1747c1ea18a3b639b302bca8df93\System.Web.DynamicData.Design.ni.dll

+ 2009-04-27 14:49:37 . 2009-04-27 14:49:37    94208              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\532438e2acfcadc469a4d468c51f8451\System.ComponentModel.DataAnnotations.ni.dll

+ 2009-04-27 14:49:36 . 2009-04-27 14:49:36    82944              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\597b20e1b053d6a510cfe033c07a63e6\System.AddIn.Contract.ni.dll

+ 2009-04-27 14:45:23 . 2009-04-27 14:45:23    47104              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\2d7408a0232f2e2efd0d7adf5dfa733a\PresentationFontCache.ni.exe

+ 2009-04-27 14:44:57 . 2009-04-27 14:44:57    39424              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\c8fd2d9233f8ea3031fb16f697635231\PresentationCFFRasterizer.ni.dll

+ 2009-04-27 14:50:48 . 2009-04-27 14:50:48    55296              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\790cf1edb17ee41b59be62ecbd59613b\Microsoft.Vsa.ni.dll

+ 2009-04-27 14:49:26 . 2009-04-27 14:49:26    65024              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e9aba2eab90d647356f65e66053da02b\Microsoft.Build.Framework.ni.dll

+ 2009-04-27 14:49:14 . 2009-04-27 14:49:14    74752              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\28343d470d992f169ca0e7cdb3cc3117\Microsoft.Build.Framework.ni.dll

+ 2009-04-27 14:49:13 . 2009-04-27 14:49:13    14336              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\dfsvc\f4e38208e88cb4cc314a1d6543b9fcc6\dfsvc.ni.exe

+ 2009-04-27 14:49:11 . 2009-04-27 14:49:11    25600              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\11eb4f6606ba01e5128805759121ea6c\Accessibility.ni.dll

+ 2009-04-27 14:39:05 . 2009-04-27 14:39:05    94208              C:\WINDOWS\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll

+ 2009-04-27 14:44:04 . 2009-04-27 14:44:04    86016              C:\WINDOWS\assembly\GAC_MSIL\WindowsBase.resources\3.0.0.0_da_31bf3856ad364e35\WindowsBase.resources.dll

+ 2009-04-27 14:39:01 . 2009-04-27 14:39:01    98304              C:\WINDOWS\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll

+ 2009-04-27 14:44:04 . 2009-04-27 14:44:04    10240              C:\WINDOWS\assembly\GAC_MSIL\UIAutomationTypes.resources\3.0.0.0_da_31bf3856ad364e35\UIAutomationTypes.resources.dll

+ 2009-04-27 14:39:01 . 2009-04-27 14:39:01    40960              C:\WINDOWS\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll

+ 2009-04-27 14:44:03 . 2009-04-27 14:44:03    12288              C:\WINDOWS\assembly\GAC_MSIL\UIAutomationClientsideProviders.resources\3.0.0.0_da_31bf3856ad364e35\UIAutomationClientsideProviders.resources.dll

+ 2009-04-27 14:44:03 . 2009-04-27 14:44:03    36864              C:\WINDOWS\assembly\GAC_MSIL\system.workflow.runtime.resources\3.0.0.0_da_31bf3856ad364e35\System.Workflow.Runtime.resources.dll

+ 2009-04-27 14:39:59 . 2009-04-27 14:39:59    12288              C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Presentation\3.5.0.0__b77a5c561934e089\System.Windows.Presentation.dll

+ 2009-04-27 14:43:44 . 2009-04-27 14:43:44    81920              C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services.resources\2.0.0.0_da_b03f5f7f11d50a3a\System.Web.Services.resources.dll

+ 2009-04-27 14:40:03 . 2009-04-27 14:40:03    61440              C:\WINDOWS\assembly\GAC_MSIL\System.Web.Routing\3.5.0.0__31bf3856ad364e35\System.Web.Routing.dll

+ 2009-04-27 14:41:54 . 2009-04-27 14:41:54    77824              C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

+ 2009-04-27 14:43:54 . 2009-04-27 14:43:54    36864              C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile.resources\2.0.0.0_da_b03f5f7f11d50a3a\System.Web.Mobile.resources.dll

+ 2009-04-27 14:44:13 . 2009-04-27 14:44:13    45056              C:\WINDOWS\assembly\GAC_MSIL\System.Web.Extensions.Design.resources\3.5.0.0_da_31bf3856ad364e35\System.Web.Extensions.Design.Resources.dll

+ 2009-04-27 14:44:13 . 2009-04-27 14:44:13    24576              C:\WINDOWS\assembly\GAC_MSIL\System.Web.Entity.resources\3.5.0.0_da_b77a5c561934e089\System.Web.Entity.Resources.dll

+ 2009-04-27 14:44:13 . 2009-04-27 14:44:13    20480              C:\WINDOWS\assembly\GAC_MSIL\System.Web.Entity.Design.resources\3.5.0.0_da_b77a5c561934e089\System.Web.Entity.Design.Resources.dll

+ 2009-04-27 14:44:13 . 2009-04-27 14:44:13    15872              C:\WINDOWS\assembly\GAC_MSIL\System.Web.DynamicData.resources\3.5.0.0_da_31bf3856ad364e35\System.Web.DynamicData.Resources.dll

+ 2009-04-27 14:40:02 . 2009-04-27 14:40:02    32768              C:\WINDOWS\assembly\GAC_MSIL\System.Web.DynamicData.Design\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll

+ 2009-04-27 14:40:01 . 2009-04-27 14:40:01    77824              C:\WINDOWS\assembly\GAC_MSIL\System.Web.Abstractions\3.5.0.0__31bf3856ad364e35\System.Web.Abstractions.dll

+ 2009-04-27 14:43:50 . 2009-04-27 14:43:50    16384              C:\WINDOWS\assembly\GAC_MSIL\System.Transactions.resources\2.0.0.0_da_b77a5c561934e089\System.Transactions.resources.dll

+ 2009-04-27 14:44:03 . 2009-04-27 14:44:03    61440              C:\WINDOWS\assembly\GAC_MSIL\System.Speech.resources\3.0.0.0_da_31bf3856ad364e35\System.Speech.resources.dll

+ 2009-04-27 14:43:50 . 2009-04-27 14:43:50    40960              C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_da_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll

+ 2009-04-27 14:44:11 . 2009-04-27 14:44:11    69632              C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel.Web.resources\3.5.0.0_da_31bf3856ad364e35\System.ServiceModel.Web.resources.dll

+ 2009-04-27 14:38:59 . 2009-04-27 14:38:59    32768              C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll

+ 2009-04-27 14:38:58 . 2009-04-27 14:38:59    73728              C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll

+ 2009-04-27 14:44:05 . 2009-04-27 14:44:05    32768              C:\WINDOWS\assembly\GAC_MSIL\system.servicemodel.install.resources\3.0.0.0_da_b77a5c561934e089\System.ServiceModel.Install.Resources.dll

+ 2009-04-27 14:43:43 . 2009-04-27 14:43:43    28672              C:\WINDOWS\assembly\GAC_MSIL\System.Security.resources\2.0.0.0_da_b03f5f7f11d50a3a\System.Security.resources.dll

+ 2009-04-27 14:44:05 . 2009-04-27 14:44:05    94208              C:\WINDOWS\assembly\GAC_MSIL\system.runtime.serialization.resources\3.0.0.0_da_b77a5c561934e089\System.RunTime.Serialization.Resources.dll

+ 2009-04-27 14:43:50 . 2009-04-27 14:43:50    11264              C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_da_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll

+ 2009-04-27 14:43:49 . 2009-04-27 14:43:50    32768              C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_da_b77a5c561934e089\System.Runtime.Remoting.resources.dll

+ 2009-04-27 14:44:03 . 2009-04-27 14:44:03    28672              C:\WINDOWS\assembly\GAC_MSIL\System.Printing.resources\3.0.0.0_da_31bf3856ad364e35\System.Printing.resources.dll

+ 2009-04-27 14:44:14 . 2009-04-27 14:44:14    28672              C:\WINDOWS\assembly\GAC_MSIL\System.Net.resources\3.5.0.0_da_b03f5f7f11d50a3a\System.Net.Resources.dll

+ 2009-04-27 14:43:53 . 2009-04-27 14:43:53    77824              C:\WINDOWS\assembly\GAC_MSIL\System.Messaging.resources\2.0.0.0_da_b03f5f7f11d50a3a\System.Messaging.resources.dll

+ 2009-04-27 14:43:49 . 2009-04-27 14:43:49    12800              C:\WINDOWS\assembly\GAC_MSIL\system.management.resources\2.0.0.0_da_b03f5f7f11d50a3a\System.Management.resources.dll

+ 2009-04-27 14:44:13 . 2009-04-27 14:44:13    10752              C:\WINDOWS\assembly\GAC_MSIL\System.Management.Instrumentation.resources\3.5.0.0_da_b77a5c561934e089\System.Management.Instrumentation.Resources.dll

+ 2009-04-27 14:44:05 . 2009-04-27 14:44:05    20480              C:\WINDOWS\assembly\GAC_MSIL\system.io.log.resources\3.0.0.0_da_b03f5f7f11d50a3a\System.IO.Log.Resources.dll

+ 2009-04-27 14:44:04 . 2009-04-27 14:44:04    53248              C:\WINDOWS\assembly\GAC_MSIL\system.identitymodel.selectors.resources\3.0.0.0_da_b77a5c561934e089\System.IdentityModel.Selectors.Resources.dll

+ 2009-04-27 14:44:05 . 2009-04-27 14:44:05    61440              C:\WINDOWS\assembly\GAC_MSIL\system.identitymodel.resources\3.0.0.0_da_b77a5c561934e089\System.IdentityModel.Resources.dll

+ 2009-04-27 14:43:49 . 2009-04-27 14:43:49    32768              C:\WINDOWS\assembly\GAC_MSIL\System.EnterpriseServices.resources\2.0.0.0_da_b03f5f7f11d50a3a\System.EnterpriseServices.resources.dll

+ 2009-04-27 14:43:53 . 2009-04-27 14:43:53    24576              C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.resources\2.0.0.0_da_b03f5f7f11d50a3a\System.Drawing.resources.dll

- 2006-10-12 23:26:56 . 2006-10-12 23:26:56    81920              C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

+ 2009-04-27 14:41:55 . 2009-04-27 14:41:55    81920              C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

+ 2009-04-27 14:43:43 . 2009-04-27 14:43:43    40960              C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.resources\2.0.0.0_da_b03f5f7f11d50a3a\System.DirectoryServices.resources.dll

+ 2009-04-27 14:43:44 . 2009-04-27 14:43:44    16896              C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols.resources\2.0.0.0_da_b03f5f7f11d50a3a\System.DirectoryServices.Protocols.resources.dll

+ 2009-04-27 14:44:12 . 2009-04-27 14:44:12    36864              C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement.resources\3.5.0.0_da_b77a5c561934e089\System.DirectoryServices.AccountManagement.resources.dll

+ 2009-04-27 14:43:48 . 2009-04-27 14:43:48    36864              C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml.resources\2.0.0.0_da_b77a5c561934e089\system.data.sqlxml.resources.dll

+ 2009-04-27 14:44:12 . 2009-04-27 14:44:12    65536              C:\WINDOWS\assembly\GAC_MSIL\System.Data.Services.resources\3.5.0.0_da_b77a5c561934e089\System.Data.Services.resources.dll

+ 2009-04-27 14:44:11 . 2009-04-27 14:44:11    32768              C:\WINDOWS\assembly\GAC_MSIL\System.Data.Services.Client.resources\3.5.0.0_da_b77a5c561934e089\System.Data.Services.Client.resources.dll

+ 2009-04-27 14:44:12 . 2009-04-27 14:44:12    53248              C:\WINDOWS\assembly\GAC_MSIL\System.Data.Linq.resources\3.5.0.0_da_b77a5c561934e089\System.Data.Linq.Resources.dll

+ 2009-04-27 14:44:13 . 2009-04-27 14:44:13    15360              C:\WINDOWS\assembly\GAC_MSIL\System.Data.Entity.Design.resources\3.5.0.0_da_b77a5c561934e089\System.Data.Entity.Design.Resources.dll

+ 2009-04-27 14:39:57 . 2009-04-27 14:39:57    53248              C:\WINDOWS\assembly\GAC_MSIL\System.Data.DataSetExtensions\3.5.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll

+ 2009-04-27 14:44:13 . 2009-04-27 14:44:13    57344              C:\WINDOWS\assembly\GAC_MSIL\System.Core.resources\3.5.0.0_da_b77a5c561934e089\System.Core.Resources.dll

+ 2009-04-27 14:43:51 . 2009-04-27 14:43:52    49152              C:\WINDOWS\assembly\GAC_MSIL\system.configuration.resources\2.0.0.0_da_b03f5f7f11d50a3a\System.Configuration.resources.dll

- 2006-10-12 23:26:54 . 2006-10-12 23:26:54    81920              C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

+ 2009-04-27 14:42:07 . 2009-04-27 14:42:07    81920              C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

+ 2009-04-27 14:43:47 . 2009-04-27 14:43:47    28672              C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install.resources\2.0.0.0_da_b03f5f7f11d50a3a\System.Configuration.Install.resources.dll

+ 2009-04-27 14:40:00 . 2009-04-27 14:40:00    57344              C:\WINDOWS\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\3.5.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll

+ 2009-04-27 14:39:55 . 2009-04-27 14:39:55    45056              C:\WINDOWS\assembly\GAC_MSIL\System.AddIn.Contract\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll

+ 2009-04-27 14:43:51 . 2009-04-27 14:43:51    10240              C:\WINDOWS\assembly\GAC_MSIL\sysglobl.resources\2.0.0.0_da_b03f5f7f11d50a3a\sysglobl.resources.dll

+ 2009-04-27 14:44:03 . 2009-04-27 14:44:03    40960              C:\WINDOWS\assembly\GAC_MSIL\ReachFramework.resources\3.0.0.0_da_31bf3856ad364e35\ReachFramework.resources.dll

+ 2009-04-27 14:39:04 . 2009-04-27 14:39:04    46104              C:\WINDOWS\assembly\GAC_MSIL\PresentationFontCache\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe

+ 2009-04-27 14:38:59 . 2009-04-27 14:38:59    32768              C:\WINDOWS\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll

+ 2009-04-27 14:44:03 . 2009-04-27 14:44:03    49152              C:\WINDOWS\assembly\GAC_MSIL\PresentationBuildTasks.resources\3.0.0.0_da_31bf3856ad364e35\PresentationBuildTasks.resources.dll

- 2006-10-12 23:26:48 . 2006-10-12 23:26:48    32768              C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

+ 2009-04-27 14:41:59 . 2009-04-27 14:41:59    32768              C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

+ 2009-04-27 14:42:01 . 2009-04-27 14:42:01    12800              C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

- 2006-10-12 23:26:48 . 2006-10-12 23:26:49    12800              C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

+ 2009-04-27 14:39:52 . 2009-04-27 14:39:52    41984              C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\1.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll

- 2006-10-12 23:26:47 . 2006-10-12 23:26:47    28672              C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

+ 2009-04-27 14:42:01 . 2009-04-27 14:42:01    28672              C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

+ 2009-04-27 14:43:55 . 2009-04-27 14:43:55    57344              C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_da_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll

+ 2009-04-27 14:44:04 . 2009-04-27 14:44:04    28672              C:\WINDOWS\assembly\GAC_MSIL\microsoft.transactions.bridge.resources\3.0.0.0_da_b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Resources.dll

+ 2009-04-27 14:43:42 . 2009-04-27 14:43:42    45056              C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Jscript.resources\8.0.0.0_da_b03f5f7f11d50a3a\Microsoft.JScript.resources.dll

+ 2009-04-27 14:42:05 . 2009-04-27 14:42:05    77824              C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

+ 2009-04-27 14:39:54 . 2009-04-27 14:39:54    94208              C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v3.5.dll

+ 2009-04-27 14:44:12 . 2009-04-27 14:44:12    11264              C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5.resources\3.5.0.0_da_b03f5f7f11d50a3a\Microsoft.Build.Utilities.v3.5.resources.dll

+ 2009-04-27 14:43:46 . 2009-04-27 14:43:46    10240              C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities.resources\2.0.0.0_da_b03f5f7f11d50a3a\Microsoft.Build.Utilities.Resources.dll

+ 2009-04-27 14:39:53 . 2009-04-27 14:39:53    36864              C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

+ 2009-04-27 14:42:04 . 2009-04-27 14:42:04    36864              C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

- 2006-10-12 23:26:51 . 2006-10-12 23:26:51    36864              C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

+ 2009-04-27 14:44:12 . 2009-04-27 14:44:12    65536              C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine.resources\3.5.0.0_da_b03f5f7f11d50a3a\Microsoft.Build.Engine.resources.dll

+ 2009-04-27 14:43:45 . 2009-04-27 14:43:45    53248              C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine.resources\2.0.0.0_da_b03f5f7f11d50a3a\Microsoft.Build.Engine.resources.dll

+ 2009-04-27 14:44:12 . 2009-04-27 14:44:12    11776              C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Conversion.v3.5.resources\3.5.0.0_da_b03f5f7f11d50a3a\Microsoft.Build.Conversion.v3.5.resources.dll

+ 2009-04-27 14:41:58 . 2009-04-27 14:41:58    77824              C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

+ 2009-04-27 14:41:57 . 2009-04-27 14:41:57    13312              C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

- 2006-10-12 23:26:50 . 2006-10-12 23:26:50    13312              C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

+ 2009-04-27 14:41:57 . 2009-04-27 14:41:57    10752              C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

- 2006-10-12 23:26:53 . 2006-10-12 23:26:53    10752              C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

+ 2009-04-27 14:42:00 . 2009-04-27 14:42:00    72192              C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

- 2006-10-12 23:27:05 . 2006-10-12 23:27:05    72192              C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

+ 2009-04-27 14:41:57 . 2009-04-27 14:41:57    69120              C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

+ 2009-04-27 14:41:57 . 2009-04-27 14:41:57    8192              C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll

+ 2008-05-05 05:25:06 . 2008-05-05 05:25:06    3072              C:\WINDOWS\system32\xpsp4res.dll

+ 2009-03-03 19:21:57 . 2008-01-18 15:13:09    2247              C:\WINDOWS\ServicePackFiles\i386\tscdsbl.bat

+ 2008-07-29 21:40:48 . 2008-07-29 21:40:48    5632              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Sentinel.v3.5Client.dll

+ 2008-10-23 05:23:32 . 2008-10-23 05:23:32    5632              C:\WINDOWS\Microsoft.NET\Framework\v3.5\da\Microsoft.Data.Entity.Build.Tasks.Resources.dll

+ 2008-07-25 09:16:38 . 2008-07-25 09:16:38    7168              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll

- 2005-09-23 05:28:30 . 2005-09-23 05:28:30    7168              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll

- 2005-09-23 05:29:10 . 2005-09-23 05:29:10    5632              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll

+ 2008-07-25 09:17:16 . 2008-07-25 09:17:16    5632              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll

+ 2008-07-25 09:17:00 . 2008-07-25 09:17:00    6656              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll

+ 2008-07-25 09:17:02 . 2008-07-25 09:17:02    8192              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll

- 2005-09-23 05:28:56 . 2005-09-23 05:28:56    8192              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll

- 2005-09-23 05:28:56 . 2005-09-23 05:28:56    9728              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe

+ 2008-07-25 09:17:00 . 2008-07-25 09:17:00    9728              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe

+ 2008-09-10 15:44:00 . 2008-09-10 15:44:00    9216              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\GAC\DA\Microsoft.VisualBasic.Compatibility.resources.dll

+ 2008-09-10 15:44:00 . 2008-09-10 15:44:00    8704              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\GAC\DA\Microsoft.VisualBasic.Compatibility.Data.resources.dll

+ 2008-07-25 09:16:46 . 2008-07-25 09:16:46    5120              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe

+ 2008-09-10 15:43:58 . 2008-09-10 15:43:58    6144              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\System.Drawing.Design.resources.dll

+ 2008-09-10 15:43:56 . 2008-09-10 15:43:56    7168              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\JSC.resources.dll

+ 2008-09-10 15:43:58 . 2008-09-10 15:43:58    4096              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\InstallUtil.resources.dll

+ 2008-09-10 15:43:50 . 2008-09-10 15:43:50    5632              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\aspnet_regbrowsers.resources.dll

+ 2008-09-10 15:43:50 . 2008-09-10 15:43:50    8192              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\aspnet_compiler.resources.dll

+ 2009-03-03 19:21:57 . 2008-01-18 15:13:09    2247              C:\WINDOWS\Installer\tsclientmsitrans\tscdsbl.bat

+ 2004-10-30 02:20:32 . 2004-02-11 14:26:00    2589              C:\WINDOWS\I386\RUNW32.BAT

+ 2009-04-27 14:44:03 . 2009-04-27 14:44:03    4608              C:\WINDOWS\assembly\GAC_MSIL\WindowsFormsIntegration.resources\3.0.0.0_da_31bf3856ad364e35\WindowsFormsIntegration.resources.dll

+ 2009-04-27 14:44:03 . 2009-04-27 14:44:04    4096              C:\WINDOWS\assembly\GAC_MSIL\UIAutomationProvider.resources\3.0.0.0_da_31bf3856ad364e35\UIAutomationProvider.resources.dll

+ 2009-04-27 14:44:03 . 2009-04-27 14:44:03    4096              C:\WINDOWS\assembly\GAC_MSIL\UIAutomationClient.resources\3.0.0.0_da_31bf3856ad364e35\UIAutomationClient.resources.dll

+ 2009-04-27 14:44:14 . 2009-04-27 14:44:14    7680              C:\WINDOWS\assembly\GAC_MSIL\System.Xml.Linq.resources\3.5.0.0_da_b77a5c561934e089\System.Xml.Linq.Resources.dll

+ 2009-04-27 14:44:14 . 2009-04-27 14:44:14    3584              C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Presentation.resources\3.5.0.0_da_b77a5c561934e089\System.Windows.Presentation.resources.dll

+ 2009-04-27 14:44:14 . 2009-04-27 14:44:14    7168              C:\WINDOWS\assembly\GAC_MSIL\System.Web.Routing.resources\3.5.0.0_da_31bf3856ad364e35\System.Web.Routing.Resources.dll

+ 2009-04-27 14:44:13 . 2009-04-27 14:44:13    4096              C:\WINDOWS\assembly\GAC_MSIL\System.Web.DynamicData.Design.resources\3.5.0.0_da_31bf3856ad364e35\System.Web.DynamicData.Design.Resources.dll

+ 2009-04-27 14:44:13 . 2009-04-27 14:44:13    3584              C:\WINDOWS\assembly\GAC_MSIL\System.Web.Abstractions.resources\3.5.0.0_da_31bf3856ad364e35\System.Web.Abstractions.Resources.dll

+ 2009-04-27 14:43:48 . 2009-04-27 14:43:48    6144              C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design.resources\2.0.0.0_da_b03f5f7f11d50a3a\System.Drawing.Design.resources.dll

+ 2009-04-27 14:44:11 . 2009-04-27 14:44:11    7680              C:\WINDOWS\assembly\GAC_MSIL\System.Data.Services.Design.resources\3.5.0.0_da_b77a5c561934e089\System.Data.Services.Design.resources.dll

+ 2009-04-27 14:44:13 . 2009-04-27 14:44:13    5120              C:\WINDOWS\assembly\GAC_MSIL\System.Data.DataSetExtensions.resources\3.5.0.0_da_b77a5c561934e089\System.Data.DataSetExtensions.Resources.dll

+ 2009-04-27 14:44:13 . 2009-04-27 14:44:13    7680              C:\WINDOWS\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations.resources\3.5.0.0_da_31bf3856ad364e35\System.ComponentModel.DataAnnotations.Resources.dll

+ 2009-04-27 14:44:05 . 2009-04-27 14:44:05    5120              C:\WINDOWS\assembly\GAC_MSIL\smdiagnostics.resources\3.0.0.0_da_b77a5c561934e089\SMDiagnostics.resources.dll

+ 2009-04-27 14:39:54 . 2009-04-27 14:39:54    5632              C:\WINDOWS\assembly\GAC_MSIL\Sentinel.v3.5Client\3.5.0.0__b03f5f7f11d50a3a\Sentinel.v3.5Client.dll

- 2006-10-12 23:26:48 . 2006-10-12 23:26:48    7168              C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

+ 2009-04-27 14:41:58 . 2009-04-27 14:41:58    7168              C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

+ 2009-04-27 14:42:06 . 2009-04-27 14:42:06    5632              C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

- 2006-10-12 23:27:14 . 2006-10-12 23:27:14    5632              C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

+ 2009-04-27 14:43:55 . 2009-04-27 14:43:55    9216              C:\WINDOWS\assembly\GAC_MSIL\microsoft.visualbasic.compatibility.resources\8.0.0.0_da_b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.resources.dll

+ 2009-04-27 14:43:55 . 2009-04-27 14:43:55    8704              C:\WINDOWS\assembly\GAC_MSIL\microsoft.visualbasic.compatibility.data.resources\8.0.0.0_da_b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.resources.dll

+ 2009-04-27 14:44:04 . 2009-04-27 14:44:04    5120              C:\WINDOWS\assembly\GAC_MSIL\microsoft.transactions.bridge.dtc.resources\3.0.0.0_da_b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.Resources.dll

+ 2009-04-27 14:41:58 . 2009-04-27 14:41:59    6656              C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll

+ 2009-04-27 14:41:57 . 2009-04-27 14:41:57    8192              C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

- 2006-10-12 23:27:04 . 2006-10-12 23:27:04    8192              C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

+ 2004-01-01 09:07:06 . 2004-01-01 09:07:06    2566              C:\WINDOWS\$NtUninstallKB810217$\spuninst\spuninst.bat

+ 2009-04-27 14:42:02 . 2009-04-27 14:42:02    113664              C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll

- 2006-10-12 23:26:49 . 2006-10-12 23:26:49    258048              C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll

+ 2009-04-27 14:42:02 . 2009-04-27 14:42:02    258048              C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll

+ 2007-11-07 00:19:32 . 2007-11-07 00:19:32    655872              C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll

+ 2007-11-07 00:19:32 . 2007-11-07 00:19:32    568832              C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll

+ 2007-11-06 19:23:56 . 2007-11-06 19:23:56    224768              C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll

+ 2008-07-25 09:17:20 . 2008-07-25 09:17:20    635904              C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll

+ 2008-07-25 09:17:20 . 2008-07-25 09:17:20    558080              C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcp80.dll

+ 2008-07-25 09:17:20 . 2008-07-25 09:17:20    479232              C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcm80.dll

+ 2008-07-29 19:26:06 . 2008-07-29 19:26:06    301568              C:\WINDOWS\system32\XPSViewer\XPSViewer.exe

- 2004-12-13 09:24:31 . 2008-04-14 16:05:38    354304              C:\WINDOWS\system32\winhttp.dll

+ 2004-12-13 09:24:31 . 2008-12-16 12:32:06    354304              C:\WINDOWS\system32\winhttp.dll

+ 2004-01-01 14:27:26 . 2009-02-06 10:10:02    227840              C:\WINDOWS\system32\wbem\wmiprvse.exe

+ 2004-01-01 14:27:26 . 2009-02-09 10:53:26    453120              C:\WINDOWS\system32\wbem\wmiprvsd.dll

+ 2004-01-01 14:24:34 . 2009-02-09 10:53:27    473600              C:\WINDOWS\system32\wbem\fastprox.dll

+ 2004-11-11 18:50:08 . 2009-02-20 08:11:53    620544              C:\WINDOWS\system32\urlmon.dll

- 2004-11-11 18:50:08 . 2008-10-16 01:01:38    620544              C:\WINDOWS\system32\urlmon.dll

+ 2008-07-29 17:59:58 . 2008-07-29 17:59:58    161296              C:\WINDOWS\system32\UIAutomationCore.dll

+ 2009-04-27 14:38:40 . 2008-07-06 12:06:10    765440              C:\WINDOWS\system32\spool\XPSEP\i386\mxdwdrv.dll

+ 2009-04-27 14:38:40 . 2008-07-06 12:06:10    765440              C:\WINDOWS\system32\spool\XPSEP\i386\i386\mxdwdrv.dll

+ 2009-04-27 14:38:40 . 2008-07-06 12:06:10    748032              C:\WINDOWS\system32\spool\XPSEP\amd64\mxdwdrv.dll

+ 2009-04-27 14:38:40 . 2008-07-06 12:06:10    748032              C:\WINDOWS\system32\spool\XPSEP\amd64\amd64\mxdwdrv.dll

+ 2009-04-27 14:38:41 . 2008-07-06 12:06:10    147456              C:\WINDOWS\system32\spool\prtprocs\x64\filterpipelineprintproc.dll

+ 2

Fortsættes... (den er vildt lang?) :

+ 2009-04-27 14:38:31 . 2008-07-06 10:50:03    597504              C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
- 2004-12-09 12:08:11 . 2007-05-15 08:08:53    761344              C:\WINDOWS\system32\spool\drivers\w32x86\3\unires.dll
+ 2004-12-09 12:08:11 . 2008-03-13 04:52:36    761344              C:\WINDOWS\system32\spool\drivers\w32x86\3\unires.dll
+ 2004-12-09 12:08:12 . 2008-07-06 12:06:10    744960              C:\WINDOWS\system32\spool\drivers\w32x86\3\unidrvui.dll
- 2004-12-09 12:08:12 . 2008-04-14 16:05:36    373248              C:\WINDOWS\system32\spool\drivers\w32x86\3\unidrv.dll
+ 2004-12-09 12:08:12 . 2008-07-06 12:06:10    373248              C:\WINDOWS\system32\spool\drivers\w32x86\3\unidrv.dll
+ 2009-04-27 14:38:31 . 2008-07-06 12:06:10    198656              C:\WINDOWS\system32\spool\drivers\w32x86\3\mxdwdui.dll
+ 2009-04-27 14:38:31 . 2008-07-06 12:06:10    765440              C:\WINDOWS\system32\spool\drivers\w32x86\3\mxdwdrv.dll
+ 2006-08-24 14:15:06 . 2006-08-24 14:15:06    150808              C:\WINDOWS\system32\rgb9rast_2.dll
+ 2008-07-29 17:59:58 . 2008-07-29 17:59:58    781344              C:\WINDOWS\system32\PresentationNative_v0300.dll
+ 2008-07-29 18:35:46 . 2008-07-29 18:35:46    326160              C:\WINDOWS\system32\PresentationHost.exe
+ 2008-07-29 17:59:58 . 2008-07-29 17:59:58    105016              C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
+ 2004-01-01 15:22:07 . 2009-04-27 14:42:21    445506              C:\WINDOWS\system32\perfh009.dat
+ 2005-01-03 13:23:07 . 2008-06-12 14:23:34    161792              C:\WINDOWS\system32\msdtcuiu.dll
- 2005-01-03 13:23:07 . 2008-04-14 16:05:25    161792              C:\WINDOWS\system32\msdtcuiu.dll
- 2005-01-03 13:23:07 . 2008-04-14 16:05:25    956928              C:\WINDOWS\system32\msdtctm.dll
+ 2005-01-03 13:23:07 . 2008-06-12 14:23:34    956928              C:\WINDOWS\system32\msdtctm.dll
+ 2005-01-03 13:23:07 . 2008-06-12 14:23:34    428032              C:\WINDOWS\system32\msdtcprx.dll
+ 2008-07-25 09:16:58 . 2008-07-25 09:16:58    158720              C:\WINDOWS\system32\mscorier.dll
+ 2008-07-25 09:16:58 . 2008-07-25 09:16:58    282112              C:\WINDOWS\system32\mscoree.dll
+ 2008-07-29 17:24:50 . 2008-07-29 17:24:50    622080              C:\WINDOWS\system32\icardagt.exe
+ 2004-01-01 07:25:36 . 2009-04-28 07:16:43    332280              C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-07-29 19:10:04 . 2008-07-29 19:10:04    493048              C:\WINDOWS\system32\evr.dll
+ 2009-04-20 13:43:03 . 2009-02-05 20:07:23    114768              C:\WINDOWS\system32\drivers\aswSP.sys
- 2009-04-14 11:09:42 . 2009-02-05 20:07:23    114768              C:\WINDOWS\system32\drivers\aswSP.sys
- 2009-03-03 19:10:14 . 2008-10-16 01:01:37    667648              C:\WINDOWS\system32\dllcache\wininet.dll
+ 2009-03-03 19:10:14 . 2009-02-20 08:11:52    667648              C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-12-16 12:32:06 . 2008-12-16 12:32:06    354304              C:\WINDOWS\system32\dllcache\winhttp.dll
- 2009-03-03 19:10:12 . 2008-10-16 01:01:38    620544              C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2009-03-03 19:10:12 . 2009-02-20 08:11:53    620544              C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-06-12 14:23:34 . 2008-06-12 14:23:34    161792              C:\WINDOWS\system32\dllcache\msdtcuiu.dll
+ 2008-06-12 14:23:34 . 2008-06-12 14:23:34    956928              C:\WINDOWS\system32\dllcache\msdtctm.dll
+ 2008-06-12 14:23:34 . 2008-06-12 14:23:34    428032              C:\WINDOWS\system32\dllcache\msdtcprx.dll
+ 2008-07-29 21:40:48 . 2008-07-29 21:40:48    196104              C:\WINDOWS\Microsoft.NET\Framework\v3.5\WFServicesReg.exe
+ 2008-07-29 21:40:48 . 2008-07-29 21:40:48    802816              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft.Build.Tasks.v3.5.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    984056              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapUI.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    107512              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    111096              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.3082.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    110072              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.2070.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    106488              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1055.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    105976              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1053.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    107000              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1049.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    107512              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1046.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    109048              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1045.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    106488              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1044.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    108536              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1043.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    110072              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1040.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    111096              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1038.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    101368              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1037.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    112120              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1036.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    106488              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1035.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    113656              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1032.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    111608              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1031.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    108536              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1030.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    108536              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1029.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    102904              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1025.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    689152              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vsscenario.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    413184              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vsbasereqs.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    632320              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs70uimgr.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    110080              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    131584              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.3082.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    131072              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.2070.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    121344              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1055.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    121344              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1053.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    123904              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1049.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    122880              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1046.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    128512              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1045.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    121856              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1044.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    129024              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1043.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    128512              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1040.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    132096              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1038.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    111104              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1037.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    133120              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1036.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    122368              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1035.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    137728              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1032.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    130048              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1031.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    126464              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1030.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    125440              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1029.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    113152              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1025.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    269304              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    177152              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\HtmlLite.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    276984              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\dlmgr.dll
+ 2008-07-29 21:15:24 . 2008-07-29 21:15:24    225490              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\baseline.dat
+ 2008-10-21 19:02:30 . 2008-10-21 19:02:30    984056              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - dan\WapUI.dll
+ 2008-10-23 03:33:54 . 2008-10-23 03:33:54    106304              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - dan\WapRes.dll
+ 2008-10-21 19:02:30 . 2008-10-21 19:02:30    689152              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - dan\vsscenario.dll
+ 2008-10-21 19:02:30 . 2008-10-21 19:02:30    413184              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - dan\vsbasereqs.dll
+ 2008-10-21 19:02:30 . 2008-10-21 19:02:30    632320              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - dan\vs70uimgr.dll
+ 2008-10-23 03:33:54 . 2008-10-23 03:33:54    124232              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - dan\setupres.dll
+ 2008-10-21 19:02:30 . 2008-10-21 19:02:30    269304              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - dan\setup.exe
+ 2008-10-22 06:38:02 . 2008-10-22 06:38:02    181064              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - dan\RebootStub.exe
+ 2008-10-21 19:02:30 . 2008-10-21 19:02:30    177152              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - dan\HtmlLite.dll
+ 2008-10-21 19:02:30 . 2008-10-21 19:02:30    276984              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - dan\dlmgr.dll
+ 2008-10-23 05:23:32 . 2008-10-23 05:23:32    159744              C:\WINDOWS\Microsoft.NET\Framework\v3.5\da\Microsoft.Build.Tasks.v3.5.resources.dll
+ 2008-07-29 21:40:48 . 2008-07-29 21:40:48    233976              C:\WINDOWS\Microsoft.NET\Framework\v3.5\1033\vbc7ui.dll
+ 2008-07-29 21:40:48 . 2008-07-29 21:40:48    168448              C:\WINDOWS\Microsoft.NET\Framework\v3.5\1033\cscompui.dll
+ 2008-10-23 05:23:32 . 2008-10-23 05:23:32    247104              C:\WINDOWS\Microsoft.NET\Framework\v3.5\1030\vbc7ui.dll
+ 2008-10-23 05:23:32 . 2008-10-23 05:23:32    182600              C:\WINDOWS\Microsoft.NET\Framework\v3.5\1030\cscompui.dll
+ 2008-07-29 18:35:46 . 2008-07-29 18:35:46    864256              C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationUI.dll
+ 2008-07-29 17:59:58 . 2008-07-29 17:59:58    132120              C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2008-07-29 19:10:04 . 2008-07-29 19:10:04    806928              C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\NaturalLanguage6.dll
+ 2008-10-23 04:20:08 . 2008-10-23 04:20:08    368640              C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\da\PresentationUI.resources.dll
+ 2008-07-29 17:16:38 . 2008-07-29 17:16:38    152576              C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe
+ 2008-07-29 17:16:38 . 2008-07-29 17:16:38    966656              C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
+ 2008-07-29 17:16:38 . 2008-07-29 17:16:38    132096              C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
+ 2008-07-29 17:16:38 . 2008-07-29 17:16:38    110592              C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2008-07-29 17:16:38 . 2008-07-29 17:16:38    156688              C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe
+ 2008-07-29 17:16:38 . 2008-07-29 17:16:38    163840              C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.Dtc.dll
+ 2008-07-29 17:16:38 . 2008-07-29 17:16:38    397312              C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.dll
+ 2008-07-29 17:24:50 . 2008-07-29 17:24:50    881664              C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
+ 2008-05-14 20:38:44 . 2008-05-14 20:38:44    864256              C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\da\infocard.resources.dll
+ 2008-07-29 17:16:38 . 2008-07-29 17:16:38    168968              C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe
+ 2008-11-25 02:59:18 . 2008-11-25 02:59:18    436040              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2008-07-25 09:17:00 . 2008-07-25 09:17:00    839680              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
+ 2008-07-25 09:17:02 . 2008-07-25 09:17:02    835584              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
- 2005-09-23 05:28:56 . 2005-09-23 05:28:56    835584              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
+ 2008-07-25 09:17:02 . 2008-07-25 09:17:02    261632              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
- 2005-09-23 05:28:56 . 2005-09-23 05:28:56    114688              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
+ 2008-07-25 09:17:00 . 2008-07-25 09:17:00    114688              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
+ 2008-07-25 09:17:00 . 2008-07-25 09:17:00    258048              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
- 2005-09-23 05:28:56 . 2005-09-23 05:28:56    258048              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
- 2005-09-23 05:28:56 . 2005-09-23 05:28:56    131072              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-07-25 09:17:00 . 2008-07-25 09:17:00    131072              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-07-25 09:17:00 . 2008-07-25 09:17:00    303104              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
- 2005-09-23 05:28:56 . 2005-09-23 05:28:56    258048              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
+ 2008-07-25 09:17:00 . 2008-07-25 09:17:00    258048              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
+ 2008-07-25 09:17:00 . 2008-07-25 09:17:00    372736              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
+ 2008-07-25 09:17:02 . 2008-07-25 09:17:02    113664              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
+ 2008-07-25 09:17:02 . 2008-07-25 09:17:02    258048              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
- 2005-09-23 05:28:56 . 2005-09-23 05:28:56    258048              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
+ 2008-07-25 09:17:00 . 2008-07-25 09:17:00    626688              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2008-07-25 09:17:02 . 2008-07-25 09:17:02    188416              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
- 2005-09-23 05:28:56 . 2005-09-23 05:28:56    188416              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
+ 2008-07-25 09:17:00 . 2008-07-25 09:17:00    401408              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
+ 2008-07-25 09:16:46 . 2008-07-25 09:16:46    970752              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
+ 2008-07-25 09:17:02 . 2008-07-25 09:17:02    745472              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
+ 2008-11-25 02:59:40 . 2008-11-25 02:59:40    486400              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
+ 2008-07-25 09:17:02 . 2008-07-25 09:17:02    425984              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
+ 2008-07-25 09:17:02 . 2008-07-25 09:17:02    110592              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
- 2005-09-23 05:28:56 . 2005-09-23 05:28:56    110592              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
+ 2008-07-25 09:17:02 . 2008-07-25 09:17:02    392184              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2008-07-25 09:17:00 . 2008-07-25 09:17:00    118784              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
+ 2008-07-25 09:16:58 . 2008-07-25 09:16:58    143360              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\peverify.dll
+ 2008-07-25 09:17:02 . 2008-07-25 09:17:02    100856              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.exe
+ 2008-07-25 09:17:02 . 2008-07-25 09:17:02    230912              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
+ 2008-07-25 09:17:04 . 2008-07-25 09:17:04    345600              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
+ 2008-07-25 09:17:00 . 2008-07-25 09:17:00    114176              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
+ 2008-11-25 02:59:40 . 2008-11-25 02:59:40    364872              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2008-07-25 09:17:00 . 2008-07-25 09:17:00    308224              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
+ 2008-11-25 02:59:40 . 2008-11-25 02:59:40    990032              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2008-07-25 09:17:12 . 2008-07-25 09:17:12    659456              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
- 2005-09-23 05:29:10 . 2005-09-23 05:29:10    372736              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
+ 2008-07-25 09:17:14 . 2008-07-25 09:17:14    372736              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
- 2005-09-23 05:29:10 . 2005-09-23 05:29:10    110592              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2008-07-25 09:17:14 . 2008-07-25 09:17:14    110592              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2008-07-25 09:16:54 . 2008-07-25 09:16:54    749568              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
+ 2008-07-25 09:16:56 . 2008-07-25 09:16:56    655360              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
+ 2008-07-25 09:16:56 . 2008-07-25 09:16:56    348160              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
+ 2008-07-25 09:17:00 . 2008-07-25 09:17:00    230904              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
+ 2008-07-25 09:17:00 . 2008-07-25 09:17:00    798224              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
+ 2008-07-25 09:17:16 . 2008-07-25 09:17:16    575496              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
+ 2008-09-10 15:43:58 . 2008-09-10 15:43:58    155648              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\System.xml.resources.dll
+ 2008-09-10 15:43:58 . 2008-09-10 15:43:58    409600              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\System.Windows.Forms.resources.dll
+ 2008-09-10 15:43:58 . 2008-09-10 15:43:58    593920              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\System.Web.resources.dll
+ 2008-09-10 15:43:58 . 2008-09-10 15:43:58    200704              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\system.resources.dll
+ 2008-09-10 15:43:58 . 2008-09-10 15:43:58    536576              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\System.Design.resources.dll
+ 2008-09-10 15:43:52 . 2008-09-10 15:43:52    393216              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\System.Deployment.resources.dll
+ 2008-09-10 15:43:58 . 2008-09-10 15:43:58    344064              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\System.Data.resources.dll
+ 2008-09-10 15:43:58 . 2008-09-10 15:43:58    110592              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\System.Data.OracleClient.resources.dll
+ 2008-09-10 15:43:58 . 2008-09-10 15:43:58    380416              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\mscorrc.dll
+ 2008-09-10 15:43:58 . 2008-09-10 15:43:58    299008              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\mscorlib.resources.dll
+ 2008-09-10 15:43:58 . 2008-09-10 15:43:58    135168              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\Microsoft.Build.Tasks.resources.dll
+ 2008-09-10 15:43:50 . 2008-09-10 15:43:50    311296              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\da\aspnetmmcext.resources.dll
- 2005-09-23 05:28:56 . 2005-09-23 05:28:56    106496              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
+ 2008-07-25 09:17:00 . 2008-07-25 09:17:00    106496              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
+ 2008-07-25 09:16:40 . 2008-07-25 09:16:40    507904              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
- 2005-09-23 05:28:32 . 2005-09-23 05:28:32    106496              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
+ 2008-07-25 09:16:40 . 2008-07-25 09:16:40    106496              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
+ 2008-07-25 09:17:02 . 2008-07-25 09:17:02    147968              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
+ 2008-07-25 09:16:36 . 2008-07-25 09:16:36    218112              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
+ 2008-07-25 09:17:10 . 2008-07-25 09:17:10    193016              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
+ 2008-07-25 09:16:48 . 2008-07-25 09:16:48    145408              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
+ 2008-09-10 15:43:50 . 2008-09-10 15:43:50    232960              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1030\Vsavb7rtUI.dll
+ 2008-09-10 15:44:00 . 2008-09-10 15:44:00    205816              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1030\vbc7ui.dll
+ 2008-09-10 15:43:54 . 2008-09-10 15:43:54    159232              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1030\cscompui.dll
+ 2009-04-27 14:38:31 . 2008-03-13 04:52:36    761344              C:\WINDOWS\Driver Cache\i386\unires.dll
+ 2009-04-27 14:38:31 . 2008-07-06 12:06:10    744960              C:\WINDOWS\Driver Cache\i386\unidrvui.dll
+ 2009-04-27 14:38:31 . 2008-07-06 12:06:10    373248              C:\WINDOWS\Driver Cache\i386\unidrv.dll
+ 2009-04-27 14:38:31 . 2008-07-06 12:06:10    198656              C:\WINDOWS\Driver Cache\i386\mxdwdui.dll
+ 2009-04-27 14:38:31 . 2008-07-06 12:06:10    765440              C:\WINDOWS\Driver Cache\i386\mxdwdrv.dll
+ 2009-04-27 14:49:09 . 2009-04-27 14:49:09    321536              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WsatConfig\2ef5bc3a2edd7570bb23886a4f32294a\WsatConfig.ni.exe
+ 2009-04-27 14:47:05 . 2009-04-27 14:47:05    240128              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\6a818099f0386e2356ae94f886a2196f\WindowsFormsIntegration.ni.dll
+ 2009-04-27 14:47:04 . 2009-04-27 14:47:04    187904              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\a6d9503962d47c722231c1478f180695\UIAutomationTypes.ni.dll
+ 2009-04-27 14:47:01 . 2009-04-27 14:47:01    447488              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\5c028c3d8db6c0f0277673ea4a2d89fb\UIAutomationClient.ni.dll
+ 2009-04-27 14:51:45 . 2009-04-27 14:51:45    400896              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\c338a470b14851ce5987bb0f0869c310\System.Xml.Linq.ni.dll
+ 2009-04-27 14:51:10 . 2009-04-27 14:51:10    129536              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\bb77ea11f46ab438b2b7ed7c180011a1\System.Web.Routing.ni.dll
+ 2009-04-27 14:51:22 . 2009-04-27 14:51:22    202240              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\6ee255220d90dcbe80c990e443051cc5\System.Web.RegularExpressions.ni.dll
+ 2009-04-27 14:51:19 . 2009-04-27 14:51:19    859648              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\58f62044fa702ea6f936071aa5520baa\System.Web.Extensions.Design.ni.dll
+ 2009-04-27 14:51:16 . 2009-04-27 14:51:16    328704              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\79c29ac85dd57dd485ab60118ac292ff\System.Web.Entity.ni.dll
+ 2009-04-27 14:51:17 . 2009-04-27 14:51:17    301056              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\d3d65e34fa60f0b6c72ca0d12ec89933\System.Web.Entity.Design.ni.dll
+ 2009-04-27 14:51:14 . 2009-04-27 14:51:14    547328              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\b7891f5659db299dbd1b3c72db7edb9f\System.Web.DynamicData.ni.dll
+ 2009-04-27 14:51:09 . 2009-04-27 14:51:09    141312              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\00ec08741a765c707bd9169346064a81\System.Web.Abstractions.ni.dll
+ 2009-04-27 14:50:56 . 2009-04-27 14:50:56    627200              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\5a555c9ae6984c40157cf940bb519f7c\System.Transactions.ni.dll
+ 2009-04-27 14:50:55 . 2009-04-27 14:50:55    212992              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\ea3366939280c1715f1c620e33ee3c8a\System.ServiceProcess.ni.dll
+ 2009-04-27 14:49:22 . 2009-04-27 14:49:23    676352              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\1c8df2da33222c048d683017f2095f04\System.Security.ni.dll
+ 2009-04-27 14:50:44 . 2009-04-27 14:50:44    311296              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\bfd6e16d8c3589cd2bd3f8d46f0a5402\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2009-04-27 14:50:49 . 2009-04-27 14:50:49    621056              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Net\519d9c618341b136f9b963ffb7495308\System.Net.ni.dll
+ 2009-04-27 14:50:45 . 2009-04-27 14:50:45    998400              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\8642fdfbf02a6cb6f01169fe6fdb5d11\System.Management.ni.dll
+ 2009-04-27 14:50:43 . 2009-04-27 14:50:43    330752              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management.I#\1d3fbbd23ce1e8637ef4f40a8d23cd32\System.Management.Instrumentation.ni.dll
+ 2009-04-27 14:48:24 . 2009-04-27 14:48:24    381440              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IO.Log\7c367a96b10d626ec8cbf8149272d845\System.IO.Log.ni.dll
+ 2009-04-27 14:48:23 . 2009-04-27 14:48:23    212992              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\68e71147704ef0d34d9a4bece7767fc5\System.IdentityModel.Selectors.ni.dll
+ 2009-04-27 14:50:42 . 2009-04-27 14:50:42    280064              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4267bd908175603006c6c90bb5d900c7\System.EnterpriseServices.Wrapper.dll
+ 2009-04-27 14:50:42 . 2009-04-27 14:50:42    627712              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4267bd908175603006c6c90bb5d900c7\System.EnterpriseServices.ni.dll
+ 2009-04-27 14:46:35 . 2009-04-27 14:46:35    208384              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\18bbe2b6717e7f1d1dd672526e9889ee\System.Drawing.Design.ni.dll
+ 2009-04-27 14:50:41 . 2009-04-27 14:50:41    455680              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c434a07332ce490711c27fd0edb7562f\System.DirectoryServices.Protocols.ni.dll
+ 2009-04-27 14:50:40 . 2009-04-27 14:50:40    881152              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\8b3bb7a2c2f3ffe94c866283f1cd5957\System.DirectoryServices.AccountManagement.ni.dll
+ 2009-04-27 14:50:34 . 2009-04-27 14:50:34    939008              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\a4b887f476fa4b8746a93a9fc2208560\System.Data.Services.Client.ni.dll
+ 2009-04-27 14:50:35 . 2009-04-27 14:50:35    354816              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1cf3acad6553d6c59df576794f4e8bd6\System.Data.Services.Design.ni.dll
+ 2009-04-27 14:50:29 . 2009-04-27 14:50:29    756736              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\392de34573f9f8ec885714f2f3e7f07f\System.Data.Entity.Design.ni.dll
+ 2009-04-27 14:49:38 . 2009-04-27 14:49:38    135680              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\1db495ff00bbd14df4af6680c4de0653\System.Data.DataSetExtensions.ni.dll
+ 2009-04-27 14:49:18 . 2009-04-27 14:49:18    971264              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\b82c00e2d24305ad6cb08556e3779b75\System.Configuration.ni.dll
+ 2009-04-27 14:50:43 . 2009-04-27 14:50:43    141312              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\de514e484e49b04b016949d57ffac03e\System.Configuration.Install.ni.dll
+ 2009-04-27 14:49:36 . 2009-04-27 14:49:36    633856              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.AddIn\ce984d754e3c0b6be4504b785cc43574\System.AddIn.ni.dll
+ 2009-04-27 14:49:09 . 2009-04-27 14:49:09    366080              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMSvcHost\045dd501b7257b1cc26083538ae69045\SMSvcHost.ni.exe
+ 2009-04-27 14:49:07 . 2009-04-27 14:49:07    256000              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9790551187e294b4ed3aaa1c221891c7\SMDiagnostics.ni.dll
+ 2009-04-27 14:49:07 . 2009-04-27 14:49:07    320512              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\10a0c9707876fc1f65e64b811a28b020\ServiceModelReg.ni.exe
+ 2009-04-27 14:45:53 . 2009-04-27 14:45:53    224768              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f475294d8c7dc2dd4febeef27bc0417e\PresentationFramework.Classic.ni.dll
+ 2009-04-27 14:45:54 . 2009-04-27 14:45:54    539648              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8003abaf6bcf70f7eb620d06837e897b\PresentationFramework.Luna.ni.dll
+ 2009-04-27 14:45:53 . 2009-04-27 14:45:53    368128              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\59a67874d8d8475faa5be1d993083d12\PresentationFramework.Aero.ni.dll
+ 2009-04-27 14:45:55 . 2009-04-27 14:45:55    258048              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2c980c9a5051d723c6ec2a78a3d0e2b3\PresentationFramework.Royale.ni.dll
+ 2009-04-27 14:49:14 . 2009-04-27 14:49:14    133632              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\MSBuild\6d38e317128608bc4516ea46ab94590e\MSBuild.ni.exe
+ 2009-04-27 14:49:05 . 2009-04-27 14:49:05    386560              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\1820d6a012fc0e16c3e1d29d973cd2d0\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2009-04-27 14:49:31 . 2009-04-27 14:49:31    144384              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\55b9eff9e23359faed4351386c062238\Microsoft.Build.Utilities.ni.dll
+ 2009-04-27 14:49:32 . 2009-04-27 14:49:32    175104              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\4217124db1ea5de5f1a1f3eea75e8d32\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2009-04-27 14:49:25 . 2009-04-27 14:49:25    839680              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\96825c34d7e1f7df1923ff2123bed8da\Microsoft.Build.Engine.ni.dll
+ 2009-04-27 14:49:24 . 2009-04-27 14:49:24    222720              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\9b321ebf67587237f576df6104a32588\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2009-04-27 14:49:23 . 2009-04-27 14:49:23    220672              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\9bea05938bee3555c5aa8763d89a68f9\CustomMarshalers.ni.dll
+ 2009-04-27 14:49:02 . 2009-04-27 14:49:02    410112              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\12629e2f3e315459bee67cbbaac85cb2\ComSvcConfig.ni.exe
+ 2009-04-27 14:49:12 . 2009-04-27 14:49:13    842240              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\b5b2feadc3943e3976daebc0bcd2b5e2\AspNetMMCExt.ni.dll
+ 2009-04-27 14:39:05 . 2009-04-27 14:39:05    385024              C:\WINDOWS\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2009-04-27 14:39:04 . 2009-04-27 14:39:04    167936              C:\WINDOWS\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2009-04-27 14:43:45 . 2009-04-27 14:43:45    155648              C:\WINDOWS\assembly\GAC_MSIL\System.XML.resources\2.0.0.0_da_b77a5c561934e089\System.xml.resources.dll
+ 2009-04-27 14:39:59 . 2009-04-27 14:39:59    139264              C:\WINDOWS\assembly\GAC_MSIL\System.Xml.Linq\3.5.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2009-04-27 14:39:50 . 2009-04-27 14:39:50    507904              C:\WINDOWS\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll
+ 2009-04-27 14:44:11 . 2009-04-27 14:44:11    102400              C:\WINDOWS\assembly\GAC_MSIL\System.WorkflowServices.resources\3.5.0.0_da_31bf3856ad364e35\System.WorkflowServices.resources.dll
+ 2009-04-27 14:39:02 . 2009-04-27 14:39:02    540672              C:\WINDOWS\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
+ 2009-04-27 14:44:02 . 2009-04-27 14:44:02    307200              C:\WINDOWS\assembly\GAC_MSIL\system.workflow.componentmodel.resources\3.0.0.0_da_31bf3856ad364e35\System.Workflow.ComponentModel.resources.dll
+ 2009-04-27 14:44:02 . 2009-04-27 14:44:02    180224              C:\WINDOWS\assembly\GAC_MSIL\system.workflow.activities.resources\3.0.0.0_da_31bf3856ad364e35\System.Workflow.Activities.resources.dll
+ 2009-04-27 14:43:51 . 2009-04-27 14:43:51    409600              C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_da_b77a5c561934e089\System.Windows.Forms.resources.dll
+ 2009-04-27 14:41:54 . 2009-04-27 14:41:54    839680              C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2009-04-27 14:43:44 . 2009-04-27 14:43:44    593920              C:\WINDOWS\assembly\GAC_MSIL\System.Web.resources\2.0.0.0_da_b03f5f7f11d50a3a\System.Web.resources.dll
- 2006-10-12 23:27:13 . 2006-10-12 23:27:13    835584              C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2009-04-27 14:41:54 . 2009-04-27 14:41:54    835584              C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2009-04-27 14:44:13 . 2009-04-27 14:44:14    626688              C:\WINDOWS\assembly\GAC_MSIL\System.Web.Extensions.resources\3.5.0.0_da_31bf3856ad364e35\System.Web.Extensions.Resources.dll
+ 2009-04-27 14:40:02 . 2009-04-27 14:40:02    335872              C:\WINDOWS\assembly\GAC_MSIL\System.Web.Extensions.Design\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll
+ 2009-04-27 14:43:07 . 2009-04-27 14:43:07    139264              C:\WINDOWS\assembly\GAC_MSIL\System.Web.Entity\3.5.0.0__b77a5c561934e089\System.Web.Entity.dll
+ 2009-04-27 14:39:59 . 2009-04-27 14:39:59    131072              C:\WINDOWS\assembly\GAC_MSIL\System.Web.Entity.Design\3.5.0.0__b77a5c561934e089\System.Web.Entity.Design.dll
+ 2009-04-27 14:43:07 . 2009-04-27 14:43:08    229376              C:\WINDOWS\assembly\GAC_MSIL\System.Web.DynamicData\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.dll
+ 2009-04-27 14:39:04 . 2009-04-27 14:39:04    688128              C:\WINDOWS\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2006-10-12 23:26:56 . 2006-10-12 23:26:56    114688              C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2009-04-27 14:41:59 . 2009-04-27 14:41:59    114688              C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2009-04-27 14:39:49 . 2009-04-27 14:39:49    569344              C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
+ 2009-04-27 14:44:05 . 2009-04-27 14:44:05    450560              C:\WINDOWS\assembly\GAC_MSIL\system.servicemodel.resources\3.0.0.0_da_b77a5c561934e089\System.ServiceModel.Resources.dll
+ 2009-04-27 14:42:02 . 2009-04-27 14:42:02    258048              C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2006-10-12 23:26:53 . 2006-10-12 23:26:53    258048              C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2009-04-27 14:38:56 . 2009-04-27 14:38:56    966656              C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2009-04-27 14:42:03 . 2009-04-27 14:42:03    131072              C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2006-10-12 23:27:10 . 2006-10-12 23:27:10    131072              C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2009-04-27 14:42:03 . 2009-04-27 14:42:03    303104              C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2009-04-27 14:43:53 . 2009-04-27 14:43:53    200704              C:\WINDOWS\assembly\GAC_MSIL\System.resources\2.0.0.0_da_b77a5c561934e089\system.resources.dll
+ 2009-04-27 14:40:01 . 2009-04-27 14:40:01    233472              C:\WINDOWS\assembly\GAC_MSIL\System.Net\3.5.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2006-10-12 23:27:12 . 2006-10-12 23:27:12    258048              C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2009-04-27 14:42:04 . 2009-04-27 14:42:04    258048              C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2009-04-27 14:42:05 . 2009-04-27 14:42:05    372736              C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2009-04-27 14:39:58 . 2009-04-27 14:39:58    143360              C:\WINDOWS\assembly\GAC_MSIL\System.Management.Instrumentation\3.5.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2009-04-27 14:38:56 . 2009-04-27 14:38:56    131072              C:\WINDOWS\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2009-04-27 14:38:56 . 2009-04-27 14:38:56    430080              C:\WINDOWS\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2009-04-27 14:39:07 . 2009-04-27 14:39:07    126976              C:\WINDOWS\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2009-04-27 14:42:04 . 2009-04-27 14:42:04    626688              C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2009-04-27 14:42:01 . 2009-04-27 14:42:01    401408              C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2006-10-12 23:26:55 . 2006-10-12 23:26:55    188416              C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2009-04-27 14:41:56 . 2009-04-27 14:41:56    188416              C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2009-04-27 14:39:51 . 2009-04-27 14:39:51    286720              C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\3.5.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2009-04-27 14:43:52 . 2009-04-27 14:43:52    536576              C:\WINDOWS\assembly\GAC_MSIL\System.Design.resources\2.0.0.0_da_b03f5f7f11d50a3a\System.Design.resources.dll
+ 2009-04-27 14:42:08 . 2009-04-27 14:42:08    970752              C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2009-04-27 14:43:42 . 2009-04-27 14:43:42    393216              C:\WINDOWS\assembly\GAC_MSIL\System.Deployment.resources\2.0.0.0_da_b03f5f7f11d50a3a\System.Deployment.resources.dll
+ 2009-04-27 14:42:08 . 2009-04-27 14:42:08    745472              C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2009-04-27 14:43:07 . 2009-04-27 14:43:07    442368              C:\WINDOWS\assembly\GAC_MSIL\System.Data.Services\3.5.0.0__b77a5c561934e089\System.Data.Services.dll
+ 2009-04-27 14:39:50 . 2009-04-27 14:39:50    114688              C:\WINDOWS\assembly\GAC_MSIL\System.Data.Services.Design\3.5.0.0__b77a5c561934e089\System.Data.Services.Design.dll
+ 2009-04-27 14:43:07 . 2009-04-27 14:43:07    294912              C:\WINDOWS\assembly\GAC_MSIL\System.Data.Services.Client\3.5.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2009-04-27 14:43:52 . 2009-04-27 14:43:52    344064              C:\WINDOWS\assembly\GAC_MSIL\System.Data.resources\2.0.0.0_da_b77a5c561934e089\System.Data.resources.dll
+ 2009-04-27 14:43:47 . 2009-04-27 14:43:48    110592              C:\WINDOWS\assembly\GAC_MSIL\System.Data.OracleClient.resources\2.0.0.0_da_b77a5c561934e089\System.Data.OracleClient.resources.dll
+ 2009-04-27 14:39:51 . 2009-04-27 14:39:51    684032              C:\WINDOWS\assembly\GAC_MSIL\System.Data.Linq\3.5.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2009-04-27 14:44:13 . 2009-04-27 14:44:13    389120              C:\WINDOWS\assembly\GAC_MSIL\System.Data.Entity.resources\3.5.0.0_da_b77a5c561934e089\System.Data.Entity.Resources.dll
+ 2009-04-27 14:39:57 . 2009-04-27 14:39:57    229376              C:\WINDOWS\assembly\GAC_MSIL\System.Data.Entity.Design\3.5.0.0__b77a5c561934e089\System.Data.Entity.Design.dll
+ 2009-04-27 14:39:56 . 2009-04-27 14:39:57    667648              C:\WINDOWS\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
+ 2009-04-27 14:42:07 . 2009-04-27 14:42:07    425984              C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2009-04-27 14:39:55 . 2009-04-27 14:39:55    163840              C:\WINDOWS\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
- 2006-10-12 23:27:10 . 2006-10-12 23:27:10    110592              C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2009-04-27 14:42:06 . 2009-04-27 14:42:06    110592              C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2009-04-27 14:38:56 . 2009-04-27 14:38:56    110592              C:\WINDOWS\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
+ 2009-04-27 14:39:00 . 2009-04-27 14:39:00    528384              C:\WINDOWS\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2009-04-27 14:39:07 . 2009-04-27 14:39:07    864256              C:\WINDOWS\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2009-04-27 14:44:04 . 2009-04-27 14:44:04    368640              C:\WINDOWS\assembly\GAC_MSIL\PresentationUI.resources\3.0.0.0_da_31bf3856ad364e35\PresentationUI.resources.dll
+ 2009-04-27 14:39:05 . 2009-04-27 14:39:05    163840              C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2009-04-27 14:44:04 . 2009-04-27 14:44:04    237568              C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_da_31bf3856ad364e35\PresentationFramework.resources.dll
+ 2009-04-27 14:39:05 . 2009-04-27 14:39:05    397312              C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2009-04-27 14:39:05 . 2009-04-27 14:39:05    139264              C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2009-04-27 14:39:05 . 2009-04-27 14:39:05    196608              C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2009-04-27 14:44:03 . 2009-04-27 14:44:03    106496              C:\WINDOWS\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_da_31bf3856ad364e35\PresentationCore.resources.dll
+ 2009-04-27 14:39:03 . 2009-04-27 14:39:03    598016              C:\WINDOWS\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
+ 2009-04-27 14:43:47 . 2009-04-27 14:43:47    299008              C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_da_b77a5c561934e089\mscorlib.resources.dll
+ 2009-04-27 14:41:59 . 2009-04-27 14:41:59    659456              C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2006-10-12 23:27:14 . 2006-10-12 23:27:14    372736              C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2009-04-27 14:41:59 . 2009-04-27 14:41:59    372736              C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2009-04-27 14:42:00 . 2009-04-27 14:42:00    110592              C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2006-10-12 23:27:14 . 2006-10-12 23:27:14    110592              C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2009-04-27 14:38:55 . 2009-04-27 14:38:55    397312              C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2009-04-27 14:42:00 . 2009-04-27 14:42:00    749568              C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2009-04-27 14:42:05 . 2009-04-27 14:42:05    655360              C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2009-04-27 14:39:54 . 2009-04-27 14:39:54    802816              C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v3.5.dll
+ 2009-04-27 14:44:12 . 2009-04-27 14:44:12    159744              C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5.resources\3.5.0.0_da_b03f5f7f11d50a3a\Microsoft.Build.Tasks.v3.5.resources.dll
+ 2009-04-27 14:43:46 . 2009-04-27 14:43:46    135168              C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks.resources\2.0.0.0_da_b03f5f7f11d50a3a\Microsoft.Build.Tasks.resources.dll
+ 2009-04-27 14:39:53 . 2009-04-27 14:39:53    733184              C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2009-04-27 14:42:03 . 2009-04-27 14:42:03    348160              C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2009-04-27 14:39:52 . 2009-04-27 14:39:52    106496              C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Conversion.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v3.5.dll
+ 2009-04-27 14:41:53 . 2009-04-27 14:41:53    507904              C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2009-04-27 14:43:42 . 2009-04-27 14:43:42    311296              C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt.resources\2.0.0.0_da_b03f5f7f11d50a3a\aspnetmmcext.resources.dll
+ 2009-04-27 14:42:02 . 2009-04-27 14:42:02    261632              C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2009-04-27 14:39:01 . 2009-04-27 14:39:01    368640              C:\WINDOWS\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2009-04-27 14:42:02 . 2009-04-27 14:42:02    113664              C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2006-10-12 23:26:49 . 2006-10-12 23:26:49    258048              C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2009-04-27 14:42:02 . 2009-04-27 14:42:02    258048              C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2009-04-27 14:42:07 . 2009-04-27 14:42:07    486400              C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2009-04-27 14:38:55 . 2009-04-27 14:38:55    163840              C:\WINDOWS\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2009-04-27 14:38:40 . 2008-07-06 12:06:10    1676288              C:\WINDOWS\system32\spool\XPSEP\i386\xpssvcs.dll
+ 2009-04-27 14:38:40 . 2008-07-06 12:06:10    1676288              C:\WINDOWS\system32\spool\XPSEP\i386\i386\xpssvcs.dll
+ 2009-04-27 14:38:40 . 2008-07-06 15:36:12    2936832              C:\WINDOWS\system32\spool\XPSEP\amd64\xpssvcs.dll
+ 2009-04-27 14:38:40 . 2008-07-06 15:36:12    2936832              C:\WINDOWS\system32\spool\XPSEP\amd64\amd64\xpssvcs.dll
+ 2009-04-27 14:38:30 . 2008-07-06 12:06:10    1676288              C:\WINDOWS\system32\spool\drivers\w32x86\3\XpsSvcs.dll
+ 2004-11-11 22:43:24 . 2009-03-02 23:11:13    1499136              C:\WINDOWS\system32\shdocvw.dll
- 2004-11-11 22:43:24 . 2008-10-16 01:01:37    1499136              C:\WINDOWS\system32\shdocvw.dll
+ 2004-12-08 13:14:27 . 2008-12-20 22:14:55    1292288              C:\WINDOWS\system32\quartz.dll
- 2004-12-08 13:14:27 . 2008-05-07 05:11:40    1292288              C:\WINDOWS\system32\quartz.dll
+ 2004-11-11 18:50:06 . 2009-02-20 08:11:54    3089408              C:\WINDOWS\system32\mshtml.dll
+ 2006-02-14 08:20:14 . 2008-03-20 16:06:36    1480232              C:\WINDOWS\system32\LegitCheckControl.dll
- 2004-01-01 14:24:53 . 2008-04-14 16:05:23    1006080              C:\WINDOWS\system32\kernel32.dll
+ 2004-01-01 14:24:53 . 2009-03-21 14:08:56    1006080              C:\WINDOWS\system32\kernel32.dll
- 2009-03-03 19:10:12 . 2008-10-16 01:01:37    1499136              C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2009-03-03 19:10:12 . 2009-03-02 23:11:13    1499136              C:\WINDOWS\system32\dllcache\shdocvw.dll
- 2008-05-07 05:11:40 . 2008-05-07 05:11:40    1292288              C:\WINDOWS\system32\dllcache\quartz.dll
+ 2008-05-07 05:11:40 . 2008-12-20 22:14:55    1292288              C:\WINDOWS\system32\dllcache\quartz.dll
+ 2009-03-03 19:09:51 . 2009-02-09 11:26:05    2191616              C:\WINDOWS\system32\dllcache\ntoskrnl.exe
+ 2009-03-03 19:09:51 . 2009-02-09 11:26:00    2026496              C:\WINDOWS\system32\dllcache\ntkrpamp.exe
- 2009-03-03 19:09:51 . 2008-08-14 13:25:41    2026496              C:\WINDOWS\system32\dllcache\ntkrpamp.exe
+ 2009-03-03 19:09:52 . 2009-02-10 17:08:50    2068608              C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
- 2009-03-03 19:09:52 . 2008-08-14 13:25:45    2068608              C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
+ 2009-03-03 19:09:52 . 2009-02-09 11:25:42    2147840              C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
- 2009-03-03 19:09:52 . 2008-08-14 13:25:42    2147840              C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
+ 2009-03-03 19:10:11 . 2009-02-20 08:11:54    3089408              C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2009-03-21 14:08:56 . 2009-03-21 14:08:56    1006080              C:\WINDOWS\system32\dllcache\kernel32.dll
+ 2009-04-20 13:42:47 . 2009-02-05 20:11:35    1256296              C:\WINDOWS\system32\aswBoot.exe
- 2009-04-14 11:09:23 . 2009-02-05 20:11:35    1256296              C:\WINDOWS\system32\aswBoot.exe
+ 2008-07-29 21:40:48 . 2008-07-29 21:40:48    1720824              C:\WINDOWS\Microsoft.NET\Framework\v3.5\vbc.exe
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    1054208              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    1364992              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\SITSetup.dll
+ 2008-07-29 16:47:34 . 2008-07-29 16:47:34    1064448              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\gencomp.dll
+ 2008-10-21 19:02:30 . 2008-10-21 19:02:30    1054208              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - dan\vs_setup.dll
+ 2008-10-21 19:02:30 . 2008-10-21 19:02:30    1364992              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - dan\SITSetup.dll
+ 2008-10-21 19:02:30 . 2008-10-21 19:02:30    1064448              C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - dan\gencomp.dll
+ 2008-07-29 21:40:48 . 2008-07-29 21:40:48    1548280              C:\WINDOWS\Microsoft.NET\Framework\v3.5\csc.exe
+ 2008-12-05 17:35:22 . 2008-12-05 17:35:22    1736528              C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll
+ 2008-07-29 19:10:04 . 2008-07-29 19:10:04    2637840              C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\NlsLexicons0009.dll
+ 2008-07-29 19:10:04 . 2008-07-29 19:10:04    4883464              C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\NlsData0009.dll
+ 2008-12-05 18:12:12 . 2008-12-05 18:12:12    5931008              C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
+ 2008-07-25 09:16:38 . 2008-07-25 09:16:38    1344000              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
+ 2008-07-25 09:17:10 . 2008-07-25 09:17:10    1172472              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe
+ 2008-11-25 02:59:40 . 2008-11-25 02:59:40    2048000              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
+ 2008-07-25 09:17:00 . 2008-07-25 09:17:00    5025792              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2008-11-25 02:59:40 . 2008-11-25 02:59:40    5242880              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2008-07-25 09:17:00 . 2008-07-25 09:17:00    3149824              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2008-07-25 09:17:00 . 2008-07-25 09:17:00    5062656              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
+ 2008-07-25 09:17:00 . 2008-07-25 09:17:00    2933248              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
+ 2008-11-25 02:59:36 . 2008-11-25 02:59:36    5813576              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2008-11-25 02:59:40 . 2008-11-25 02:59:40    4546560              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2008-07-25 09:16:50 . 2008-07-25 09:16:50    1163768              C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
+ 2009-03-03 19:09:51 . 2009-02-09 11:26:05    2191616              C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
+ 2009-03-03 19:09:51 . 2009-02-09 11:26:00    2026496              C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe
- 2009-03-03 19:09:51 . 2008-08-14 13:25:41    2026496              C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe
- 2009-03-03 19:09:52 . 2008-08-14 13:25:45    2068608              C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
+ 2009-03-03 19:09:52 . 2009-02-10 17:08:50    2068608              C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
+ 2009-03-03 19:09:52 . 2009-02-09 11:25:42    2147840              C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe
- 2009-03-03 19:09:52 . 2008-08-14 13:25:42    2147840              C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe
+ 2009-04-27 14:45:02 . 2009-04-27 14:45:02    3313664              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\14cd5f4b61d35f9b76327d6be9853755\WindowsBase.ni.dll
+ 2009-04-27 14:47:03 . 2009-04-27 14:47:03    1049600              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\f3c7957351aec85f526a3350c9718b1e\UIAutomationClientsideProviders.ni.dll
+ 2009-04-27 14:44:54 . 2009-04-27 14:44:54    7868416              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\80978a322d7dd39f0a71be1251ae395a\System.ni.dll
+ 2009-04-27 14:47:00 . 2009-04-27 14:47:00    5450752              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\773a9786013451d3baaeff003dc4230f\System.Xml.ni.dll
+ 2009-04-27 14:51:44 . 2009-04-27 14:51:44    1356288              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\ac1750e78d79520dcf19195772eff1b6\System.WorkflowServices.ni.dll
+ 2009-04-27 14:51:41 . 2009-04-27 14:51:41    1908224              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\d265da36954fcb4cb7ad5adc693ea0f2\System.Workflow.Runtime.ni.dll
+ 2009-04-27 14:51:37 . 2009-04-27 14:51:37    4514304              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\693a8fbe6f7ad6e4e429052da4317e59\System.Workflow.ComponentModel.ni.dll
+ 2009-04-27 14:51:30 . 2009-04-27 14:51:31    2992640              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\cc99fbbac0b6e4e9ca62093e49b0c16b\System.Workflow.Activities.ni.dll
+ 2009-04-27 14:51:25 . 2009-04-27 14:51:25    1840640              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\b57bb002a655920cbfa2bee29d1e22b7\System.Web.Services.ni.dll
+ 2009-04-27 14:51:22 . 2009-04-27 14:51:22    2209280              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\81197e32ec931f439b3114e9031b65d6\System.Web.Mobile.ni.dll
+ 2009-04-27 14:51:13 . 2009-04-27 14:51:13    2403328              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\7f64c9d25471b72e1e957bdfe67947c8\System.Web.Extensions.ni.dll
+ 2009-04-27 14:46:39 . 2009-04-27 14:46:40    1917440              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Speech\63cf639b6e0a3c25c1643c85016e7422\System.Speech.ni.dll
+ 2009-04-27 14:50:54 . 2009-04-27 14:50:54    1706496              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\340cad17fe57947eacbc8fa2cea780da\System.ServiceModel.Web.ni.dll
+ 2009-04-27 14:48:28 . 2009-04-27 14:48:28    2338304              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\034c91b133dee73d452652c52767b5ea\System.Runtime.Serialization.ni.dll
+ 2009-04-27 14:46:37 . 2009-04-27 14:46:37    1035264              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Printing\646ab52eef343380aa002c220dc31e13\System.Printing.ni.dll
+ 2009-04-27 14:48:22 . 2009-04-27 14:48:22    1056768              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c2de8479e54852f56996f79bc93acb13\System.IdentityModel.ni.dll
+ 2009-04-27 14:46:34 . 2009-04-27 14:46:34    1587200              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\3da96ee075bab9202626ae44c18d226c\System.Drawing.ni.dll
+ 2009-04-27 14:50:38 . 2009-04-27 14:50:38    1116672              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\543aced762f6b0c3f8e037955941afc6\System.DirectoryServices.ni.dll
+ 2009-04-27 14:50:36 . 2009-04-27 14:50:36    1801216              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\a6b58624486714fa71e5e35186850ff0\System.Deployment.ni.dll
+ 2009-04-27 14:46:14 . 2009-04-27 14:46:14    6616576              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\c70731047b0022638b3f9fb158948a03\System.Data.ni.dll
+ 2009-04-27 14:49:21 . 2009-04-27 14:49:21    2510336              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\826b09ab0d0e36f4d631b4cd335df511\System.Data.SqlXml.ni.dll
+ 2009-04-27 14:50:32 . 2009-04-27 14:50:32    1328128              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.Services\956a513dcbd44d5a6801840ef2b0b47b\System.Data.Services.ni.dll
+ 2009-04-27 14:46:20 . 2009-04-27 14:46:20    2516480              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\0bbec79460b1137df5313f9baf7b246f\System.Data.Linq.ni.dll
+ 2009-04-27 14:50:25 . 2009-04-27 14:50:26    9924096              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6479f975b105808a8d9e7a7fdc762551\System.Data.Entity.ni.dll
+ 2009-04-27 14:46:06 . 2009-04-27 14:46:06    2295296              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\47d87251e93256c635eb73403b8db33e\System.Core.ni.dll
+ 2009-04-27 14:46:02 . 2009-04-27 14:46:02    2128896              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ReachFramework\4bfb3048bf200a6a8592d1b4ba861a7f\ReachFramework.ni.dll
+ 2009-04-27 14:45:58 . 2009-04-27 14:45:58    1657856              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationUI\6bafb1a2a73794ddb9761cb321c9e7e2\PresentationUI.ni.dll
+ 2009-04-27 14:44:56 . 2009-04-27 14:44:56    1451008              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\e634bc4c4a00635a0a254febab0e2e2c\PresentationBuildTasks.ni.dll
+ 2009-04-27 14:49:34 . 2009-04-27 14:49:34    1712128              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\1c86afc399d0fdd8e069266ffbe748d1\Microsoft.VisualBasic.ni.dll
+ 2009-04-27 14:49:04 . 2009-04-27 14:49:04    1093120              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\6b2f62f5e981913fce1d223f645d9ddf\Microsoft.Transactions.Bridge.ni.dll
+ 2009-04-27 14:50:48 . 2009-04-27 14:50:48    2332160              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\b261961046545831aa60963e84905968\Microsoft.JScript.ni.dll
+ 2009-04-27 14:49:28 . 2009-04-27 14:49:28    1620992              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\bd241492d96db39f20e758c13c845033\Microsoft.Build.Tasks.ni.dll
+ 2009-04-27 14:49:31 . 2009-04-27 14:49:31    1966080              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\a47100d8f4574bed2d49d83d0ab8964e\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2009-04-27 14:49:16 . 2009-04-27 14:49:16    1888768              C:\WIN

og fortsættes igen??? (Eksperten vil ikke acceptere så lange indlæg?):

+ 2009-04-27 14:49:16 . 2009-04-27 14:49:16    1888768              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\6cfe582681724965fb817e8ece5f0909\Microsoft.Build.Engine.ni.dll
+ 2009-04-27 14:39:01 . 2009-04-27 14:39:01    1245184              C:\WINDOWS\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2009-04-27 14:42:09 . 2009-04-27 14:42:09    3149824              C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2009-04-27 14:42:10 . 2009-04-27 14:42:10    2048000              C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2009-04-27 14:39:02 . 2009-04-27 14:39:02    1630208              C:\WINDOWS\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
+ 2009-04-27 14:39:02 . 2009-04-27 14:39:02    1138688              C:\WINDOWS\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
+ 2009-04-27 14:41:55 . 2009-04-27 14:41:55    5025792              C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2009-04-27 14:43:08 . 2009-04-27 14:43:08    1277952              C:\WINDOWS\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2009-04-27 14:42:43 . 2009-04-27 14:42:43    5931008              C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2009-04-27 14:41:55 . 2009-04-27 14:41:55    5062656              C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2009-04-27 14:39:57 . 2009-04-27 14:39:57    2879488              C:\WINDOWS\assembly\GAC_MSIL\System.Data.Entity\3.5.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2009-04-27 14:42:45 . 2009-04-27 14:42:45    5283840              C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2009-04-27 14:41:53 . 2009-04-27 14:41:53    5242880              C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-04-27 14:42:08 . 2009-04-27 14:42:08    2933248              C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2009-04-27 14:38:59 . 2009-04-27 14:39:00    4210688              C:\WINDOWS\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2009-04-27 14:42:06 . 2009-04-27 14:42:06    4546560              C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2005-05-12 01:00:16 . 2009-04-06 05:57:26    24921544              C:\WINDOWS\system32\MRT.exe
+ 2009-04-27 14:41:21 . 2009-04-27 14:41:22    11072000              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP155.tmp\mscorlib.dll
+ 2009-04-27 14:46:52 . 2009-04-27 14:46:53    12430848              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\63406259e94d5c0ff5b79401dfe113ce\System.Windows.Forms.ni.dll
+ 2009-04-27 14:51:07 . 2009-04-27 14:51:07    11796992              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\3963ce03d445a8619abbf388d590134b\System.Web.ni.dll
+ 2009-04-27 14:48:58 . 2009-04-27 14:48:59    17317888              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\4146033013edebd7e0cb604e504ebfee\System.ServiceModel.ni.dll
+ 2009-04-27 14:46:31 . 2009-04-27 14:46:31    10683392              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Design\8ee220bc3cce4f7bbd7818946519ed7f\System.Design.ni.dll
+ 2009-04-27 14:45:50 . 2009-04-27 14:45:51    14327808              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\96e710f47c601cba3f2348a8d11ddede\PresentationFramework.ni.dll
+ 2009-04-27 14:45:21 . 2009-04-27 14:45:22    12216320              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\956375d487cbef36165b3250030e3574\PresentationCore.ni.dll
+ 2009-04-27 14:44:44 . 2009-04-27 14:44:44    11486720              C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\6d667f19d687361886990f3ca0f49816\mscorlib.ni.dll
.
-- Snapshot sat til dags dato --
.
(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*BemÊrk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 16:05:45 15360]
"Sonic RecordNow!"="" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 15:04:38 52736]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 19:02:48 61440]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 19:43:46 233472]
"SiS Windows KeyHook"="C:\WINDOWS\System32\keyhook.exe" [2004-05-20 08:47:18 249856]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 15:57:10 81920]
"ATIPTA"="C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-24 20:10:00 339968]
"DAEMON Tools-1033"="C:\Programmer\D-Tools\daemon.exe" [2004-08-22 15:05:02 81920]
"ATICCC"="C:\Programmer\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 15:41:22 45056]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 20:08:45 81000]
"VTTimer"="VTTimer.exe" [BU]
"AGRSMMSG"="AGRSMMSG.exe" - C:\WINDOWS\AGRSMMSG.exe [2005-03-04 10:01:56 88209]
"SoundMan"="SOUNDMAN.EXE" - C:\WINDOWS\SOUNDMAN.EXE [2004-07-01 17:58:14 73728]
"AlcWzrd"="ALCWZRD.EXE" - C:\WINDOWS\ALCWZRD.EXE [2004-07-06 00:05:48 2550272]

C:\Documents and Settings\HP_Ejer\Menuen Start\Programmer\Start\
Corel Registration.lnk - C:\Programmer\Corel\Graphics9\Register\Remind32.exe [2005-3-3 67584]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
HP Digital Imaging Monitor.lnk - C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-29 241664]
NETGEAR WN111v2 Smart Wizard.lnk - C:\Programmer\NETGEAR\WN111v2\WN111V2.exe [2008-5-9 1474631]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebspnlb]
geBspnLb.dll [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\a2service.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ArcaCheck.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\arcavir.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashDisp.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashEnhcd.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashServ.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashUpd.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\aswUpdSv.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avcls.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avz.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avz4.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avz_se.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdinit.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\caav.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\caavguiscan.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\casecuritycenter.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ccupdate.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfp.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfpupdat.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cmdagent.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DRWEB32.EXE]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FAMEH32.EXE]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FPAVServer.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fpscan.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FPWin.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsav32.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsgk32st.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FSMA32.EXE]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guardxservice.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guardxup.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navigator.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NAVSTUB.EXE]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Nvcc.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\outpost.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\preupd.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pskdr.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SfFnUp.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Vba32arkit.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vba32ldr.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Zanda.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zapro.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Zlh.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zoneband.dll]
"Debugger"=ntsd -d

[HKLM\~\startupfolder\c:^documents and settings^all users^menuen start^programmer^start^adobe reader hurtigstart.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Adobe Reader Hurtigstart.lnk
backup=C:\WINDOWS\pss\Adobe Reader Hurtigstart.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"JavaQuickStarterService"=2 (0x2)
"SNDSrvc"=3 (0x3)
"ose"=3 (0x3)
"iPodService"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmer\\Messenger\\msmsgs.exe"=
"C:\\Programmer\\Autodesk\\3dsMax8\\3dsmax.exe"=
"C:\\Programmer\\Autodesk\\backburner\\monitor.exe"=
"C:\\Programmer\\Autodesk\\backburner\\manager.exe"=
"C:\\Programmer\\Autodesk\\backburner\\server.exe"=
"C:\\Programmer\\SmartFTP\\SmartFTP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 89fd950;89fd950; [x]
R2 gyuwcubnkcii;gyuwcubnkcii; [x]
R3 jswpsapi;Jumpstart Wifi Protected Setup;C:\Programmer\NETGEAR\WN111v2\jswpsapi.exe [2008-02-27 09:54:52 360547]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20:07:12 20560]
S3 dnindis5;DNINDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\DNINDIS5.SYS [2003-07-24 10:10:34 17149]
S3 jswscimd;jswscimd Service;C:\WINDOWS\system32\DRIVERS\jswscimd.sys [2008-02-12 16:05:00 57440]
S3 wn111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;C:\WINDOWS\system32\DRIVERS\WN111v2.sys [2008-05-31 12:46:00 434688]
S3 wsimd;wsimd Service;C:\WINDOWS\system32\DRIVERS\wsimd.sys [2007-12-14 02:31:00 57408]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Ujafrofb

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\autorun.exe
.
- - - - TOMME GENVEJE FJERNET - - - -

BHO-{fe887f31-69c0-4a97-937f-e76930556d3b} - (no file)


.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DA_DK&c=Q404&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DA_DK&c=Q404&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
IE: Bloker alle billeder fra den samme server - C:\Programmer\Avant Browser\AddAllToADBlackList.htm
IE: E&ksporter til Microsoft Excel - C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Marker forekomster af ord p denne side - C:\Programmer\Avant Browser\Highlight.htm
IE: S¯g p ord - C:\Programmer\Avant Browser\Search.htm
IE: Tilf¯j til AD Black List - C:\Programmer\Avant Browser\AddToADBlackList.htm
IE: ≈ben alle links p denne side... - C:\Programmer\Avant Browser\OpenAllLinks.htm
DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} - hxxps://www.sparlolland.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab
FF - ProfilePath -

---- FIREFOX POLITIKKER ----
C:\Programmer\Mozilla Firefox\greprefs\all.js - pref("backups.number_of_prefs_copies", 1);
C:\Programmer\Mozilla Firefox\greprefs\all.js - pref("browser.link.open_newwindow.ui", 3); // prefs UI version
C:\Programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.closed", "allAccess");
C:\Programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.document", "allAccess");
C:\Programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.frames", "allAccess");
C:\Programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.history", "allAccess");
C:\Programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.length", "allAccess");
C:\Programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.opener", "allAccess");
C:\Programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.parent", "allAccess");
C:\Programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.self", "allAccess");
C:\Programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.top", "allAccess");
C:\Programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.window", "allAccess");
C:\Programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.DOMParser,parseFromString", "noAccess");
C:\Programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.DOMParser,parseFromStream", "noAccess");
C:\Programmer\Mozilla Firefox\greprefs\all.js - pref("dom.disable_window_open_feature.status",      false);
C:\Programmer\Mozilla Firefox\greprefs\all.js - pref("advanced.always_load_images",        true);
C:\Programmer\Mozilla Firefox\greprefs\all.js - pref("network.protocol-handler.external.help", false);
C:\Programmer\Mozilla Firefox\greprefs\all.js - pref("network.http.connect.timeout",  30);    // in seconds
C:\Programmer\Mozilla Firefox\greprefs\all.js - pref("network.http.request.timeout", 120);    // in seconds
C:\Programmer\Mozilla Firefox\greprefs\all.js - pref("network.IDN_show_punycode", true);
C:\Programmer\Mozilla Firefox\greprefs\all.js - pref("network.image.imageBehavior",        0); // 0-Accept, 1-dontAcceptForeign, 2-dontUse
C:\Programmer\Mozilla Firefox\greprefs\all.js - pref("network.cookie.cookieBehavior",      3); // 0-Accept, 1-dontAcceptForeign, 2-dontUse, 3-p3p
C:\Programmer\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel",            1); // 0=low, 1=medium, 2=high, 3=custom
C:\Programmer\Mozilla Firefox\greprefs\all.js - pref("network.enablePad",                  false); // Allow client to do proxy autodiscovery
C:\Programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("app.id", "{ec8030f7-c20a-464f-9b0e-13a3a9e97384}");
C:\Programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("app.version",
C:\Programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("app.extensions.version", "1.0");
C:\Programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("app.build_id",
C:\Programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.autoUpdateEnabled", true);    // Whether or not background app updates
C:\Programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.url", "chrome://mozapps/locale/update/update.properties");
C:\Programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.updatesAvailable", false);
C:\Programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.lastUpdateDate", 0);          // UTC offset when last App update was
C:\Programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.performed", false);            // Whether or not an update has been
C:\Programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.autoUpdateEnabled", true);
C:\Programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.autoUpdate", false);    // Automatically download and install
C:\Programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.interval", 604800000);  // Check for updates to Extensions and
C:\Programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.lastUpdateDate", 0);    // UTC offset when last Extension/Theme
C:\Programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.severity.threshold", 5);// The number of pending Extension/Theme
C:\Programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.count", 0);            // The number of extension/theme/etc
C:\Programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("update.interval", 3600000);              // Check each of the above intervals
C:\Programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("update.showSlidingNotification", true);  // Windows-only slide-up taskbar
C:\Programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("update.severity", 0);
C:\Programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("general.useragent.vendor", "Firefox");
C:\Programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("general.useragent.vendorSub",
C:\Programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.update.resetHomepage",        false);
C:\Programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.startup.homepage_override.1", false);
C:\Programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.turbo.enabled", false);
C:\Programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://browser/content/searchconfig.properties");
C:\Programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom",  "chrome://browser/content/searchconfig.properties");
C:\Programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("update_notifications.enabled", true);
C:\Programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("update_notifications.provider.0.frequency", 7); // number of days
C:\Programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.xul.error_pages.enabled", false);
C:\Programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("pfs.datasource.url", "chrome://mozapps/locale/plugins/plugins.properties");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-28 09:46:34
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemf¯rt med succes
skjulte filer: 0

**************************************************************************
.
--------------------- DLLs startet under k¯rende Processer ---------------------

- - - - - - - > 'winlogon.exe'(1148)
C:\WINDOWS\system32\Ati2evxx.dll
.
Gennemf¯rt tid: 2009-04-28  9:47:48
ComboFix-quarantined-files.txt  2009-04-28 07:47:39

Pre-K¯rsel: 134.471.286.784 byte ledig
Post-K¯rsel: 134.540.541.952 byte ledig

1215    --- E O F ---    2009-04-21 07:36:05

hej vi bruger avast her hjemme og vi har ikke haft noget som helst virus på vores computere efter vi tog den jeg kender andre der har den på deres computere og de er meget glade for den og den er gratis

Den blev noget lang den logfil.

Åbn et Notesblokvindue, kopiér indholdet med fed skrift ind i dokumentet, og gem indholdet samme sted, som Combofix ligger med navnet CFScript.txt Når du gemmer, skal du sikre, at der under "filtyper" står "alle filer".


Killall::
Snapshot::
File::
C:\WINDOWS\system32\283006063.dat
Driver::
89fd950
gyuwcubnkcii


Tag så fat i den nye fil med musen, og før den hen over ikonet for Combofix, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif
Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Kopier den logfil  herind.

Hvis du når at se dette indlæg så spring over det indlæg før dette og udfør dette her.
Du må gerne skrive om du kørte det her sidste indlæg når  du lægger logfilen herind, så ved jeg  det.


Åbn et Notesblokvindue, kopiér indholdet med fed skrift ind i dokumentet, og gem indholdet samme sted, som Combofix ligger med navnet CFScript.txt Når du gemmer, skal du sikre, at der under "filtyper" står "alle filer".


Killall::
Snapshot::
File::
C:\WINDOWS\system32\283006063.dat
Driver::
89fd950
gyuwcubnkcii
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebspnlb]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\a2service.exe]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ArcaCheck.exe]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\arcavir.exe]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashDisp.exe]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashEnhcd.exe]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashServ.exe]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashUpd.exe]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\aswUpdSv.exe]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avcls.exe]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avz.exe]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avz4.exe]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avz_se.exe]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdinit.exe]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\caav.exe]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\caavguiscan.exe]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\casecuritycenter.exe]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ccupdate.exe]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfp.exe]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfpupdat.exe]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cmdagent.exe]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DRWEB32.EXE]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FAMEH32.EXE]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FPAVServer.exe]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fpscan.exe]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FPWin.exe]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsav32.exe]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsgk32st.exe]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FSMA32.EXE]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guardxservice.exe]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guardxup.exe]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navigator.exe]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NAVSTUB.EXE]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Nvcc.exe]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\outpost.exe]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\preupd.exe]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pskdr.exe]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SfFnUp.exe]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Vba32arkit.exe]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vba32ldr.exe]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Zanda.exe]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zapro.exe]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Zlh.exe]
"Debugger"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zoneband.dll]
"Debugger"=-



Tag så fat i den nye fil med musen, og før den hen over ikonet for Combofix, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif
Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Kopier den logfil  herind.

Hvis det ikke hjælper kan du blive nødt til at formater din harddisk og installer Windows igen (husk at gemme di vigtigste filer, som mails billeder, osv...)

Håber du kan bruge svaret til noget

Hej igen

Ja, - der gik lidt tid, men jeg har været nødt til at sætte projektet lidt i bero, da jeg simpelthen har haft EKSTREMT travlt med 1.000 andre ting. Jeg håber, at du/I forstår.

Jeg har ikke kørt det første af de to scripts (fra Arkil) den 29. april - kun det sidste - men jeg har først gjort det nu - håber, at det virker alligevel. Generelt virker det som om, at maskinen har det meget, meget bedre - så mange TAK :)

Her er loggen fra det sidste vi lavede:

ComboFix 09-06-22.07 - HP_Ejer 23-06-2009  9:48.4 - NTFSx86

Microsoft Windows XP Home Edition  5.1.2600.3.1252.45.1030.18.2047.1635 [GMT 2:00]

K¯rer fra: c:\documents and settings\HP_Ejer\Skrivebord\ComboFix.exe

Kommandoer benyttet :: c:\documents and settings\HP_Ejer\Skrivebord\CFScript.txt.txt



FILE ::

"c:\windows\system32\283006063.dat"

.



(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))

.



c:\windows\system32\283006063.dat



.

(((((((((((((((((((((((((((((((((((((((  Drivers/Tjenester  )))))))))))))))))))))))))))))))))))))))))))))))))

.



-------\Legacy_GYUWCUBNKCII

-------\Service_89fd950

-------\Service_gyuwcubnkcii





(((((((((((((((((((((((((((((  Filer skabt fra 2009-05-23 til 2009-06-23  )))))))))))))))))))))))))))))))))))

.



2009-06-23 07:43 . 2009-06-23 07:43    --------    dc----w-    c:\windows\system32\dllcache\cache

2009-06-10 21:39 . 2009-04-30 21:15    12800    -c----w-    c:\windows\system32\dllcache\xpshims.dll

2009-06-10 21:39 . 2009-04-30 21:15    246272    -c----w-    c:\windows\system32\dllcache\ieproxy.dll

2009-06-10 21:39 . 2009-04-30 21:15    1985024    -c----w-    c:\windows\system32\dllcache\iertutil.dll

2009-06-10 21:39 . 2009-04-30 21:15    11064832    -c----w-    c:\windows\system32\dllcache\ieframe.dll



.

((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-05-13 05:05 . 2004-11-11 18:50    915456    ----a-w-    c:\windows\system32\wininet.dll

2009-05-07 15:33 . 2004-01-01 14:25    346624    ----a-w-    c:\windows\system32\localspl.dll

2009-04-28 07:17 . 2004-12-10 14:39    71800    ----a-w-    c:\documents and settings\HP_Ejer\Lokale indstillinger\Application Data\GDIPFONTCACHEV1.DAT

2009-04-27 14:42 . 2004-01-01 15:22    84224    ----a-w-    c:\windows\system32\perfc006.dat

2009-04-27 14:42 . 2004-01-01 15:22    460698    ----a-w-    c:\windows\system32\perfh006.dat

2009-04-27 14:39 . 2009-04-27 14:39    --------    d-----w-    c:\programmer\MSBuild

2009-04-27 14:38 . 2009-04-27 14:38    --------    d-----w-    c:\programmer\Reference Assemblies

2009-04-19 19:50 . 2004-01-01 15:22    1847168    ----a-w-    c:\windows\system32\win32k.sys

2009-04-16 09:08 . 2004-12-13 10:46    36932    ----a-w-    c:\documents and settings\HP_Ejer\Application Data\Avant Browser\update.dll

2009-04-15 14:53 . 2005-01-03 13:23    585216    ----a-w-    c:\windows\system32\rpcrt4.dll

2009-04-06 13:32 . 2009-04-17 10:20    38496    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys

2009-04-06 13:32 . 2009-04-17 10:20    15504    ----a-w-    c:\windows\system32\drivers\mbam.sys

2009-04-03 10:43 . 2009-04-03 10:43    152576    ----a-w-    c:\documents and settings\HP_Ejer\Application Data\Sun\Java\jre1.6.0_13\lzma.dll

2009-03-27 19:22 . 2009-03-26 12:19    283    ----a-w-    c:\windows\system32\ub.dat

2005-05-11 17:34 . 2005-06-30 12:04    41578    ----a-w-    c:\programmer\mozilla firefox\components\jar50.dll

2005-05-11 17:34 . 2005-06-30 12:04    48228    ----a-w-    c:\programmer\mozilla firefox\components\jsd3250.dll

2005-05-11 17:34 . 2005-06-30 12:04    159340    ----a-w-    c:\programmer\mozilla firefox\components\xpinstal.dll

.



(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*BemÊrk* tomme linier & lovlige standard linier vises ikke 

REGEDIT4



[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"Sonic RecordNow!"="" [BU]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]

"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]

"SiS Windows KeyHook"="c:\windows\System32\keyhook.exe" [2004-05-20 249856]

"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]

"ATIPTA"="c:\programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-24 339968]

"DAEMON Tools-1033"="c:\programmer\D-Tools\daemon.exe" [2004-08-22 81920]

"ATICCC"="c:\programmer\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

"VTTimer"="VTTimer.exe" [BU]

"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2005-03-04 88209]

"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-07-01 73728]

"AlcWzrd"="ALCWZRD.EXE" - c:\windows\ALCWZRD.EXE [2004-07-06 2550272]



c:\documents and settings\HP_Ejer\Menuen Start\Programmer\Start\

Corel Registration.lnk - c:\programmer\Corel\Graphics9\Register\Remind32.exe [2005-3-3 67584]



c:\documents and settings\All Users\Menuen Start\Programmer\Start\

HP Digital Imaging Monitor.lnk - c:\programmer\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-29 241664]

NETGEAR WN111v2 Smart Wizard.lnk - c:\programmer\NETGEAR\WN111v2\WN111V2.exe [2008-5-9 1474631]



[HKLM\~\startupfolder\c:^documents and settings^all users^menuen start^programmer^start^adobe reader hurtigstart.lnk]

path=c:\documents and settings\All Users\Menuen Start\Programmer\Start\Adobe Reader Hurtigstart.lnk

backup=c:\windows\pss\Adobe Reader Hurtigstart.lnkCommon Startup



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"JavaQuickStarterService"=2 (0x2)

"SNDSrvc"=3 (0x3)

"ose"=3 (0x3)

"iPodService"=3 (0x3)



[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001



[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programmer\\Messenger\\msmsgs.exe"=

"c:\\Programmer\\Autodesk\\3dsMax8\\3dsmax.exe"=

"c:\\Programmer\\Autodesk\\backburner\\monitor.exe"=

"c:\\Programmer\\Autodesk\\backburner\\manager.exe"=

"c:\\Programmer\\Autodesk\\backburner\\server.exe"=

"c:\\Programmer\\SmartFTP\\SmartFTP.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=



R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [28-04-2009 10:34 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [28-04-2009 10:34 20560]

R3 jswscimd;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [12-02-2008 18:05 57440]

R3 wsimd;wsimd Service;c:\windows\system32\drivers\wsimd.sys [14-12-2007 04:31 57408]

S3 dnindis5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [24-07-2003 12:10 17149]

S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\programmer\NETGEAR\WN111v2\jswpsapi.exe [27-02-2008 11:54 360547]

S3 wn111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [31-05-2008 14:46 434688]



--- Andre Services/Drivers i Hukommelsen ---



*NewlyCreated* - AVAST!_MAIL_SCANNER

*NewlyCreated* - AVAST!_WEB_SCANNER



HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs

Ujafrofb



[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

- - - - TOMME GENVEJE FJERNET - - - -



BHO-{fe887f31-69c0-4a97-937f-e76930556d3b} - (no file)





.

------- Yderligere scanning -------

.

uStart Page = hxxp://www.google.com/

uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DA_DK&c=Q404&bd=pavilion&pf=desktop

mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DA_DK&c=Q404&bd=pavilion&pf=desktop

uInternet Connection Wizard,ShellNext = iexplore

IE: Bloker alle billeder fra den samme server - c:\programmer\Avant Browser\AddAllToADBlackList.htm

IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

IE: Marker forekomster af ord p denne side - c:\programmer\Avant Browser\Highlight.htm

IE: S¯g p ord - c:\programmer\Avant Browser\Search.htm

IE: Tilf¯j til AD Black List - c:\programmer\Avant Browser\AddToADBlackList.htm

IE: ≈ben alle links p denne side... - c:\programmer\Avant Browser\OpenAllLinks.htm

DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} - hxxps://www.sparlolland.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab

FF - ProfilePath -



---- FIREFOX POLITIKKER ----

c:\programmer\Mozilla Firefox\greprefs\all.js - pref("backups.number_of_prefs_copies", 1);

c:\programmer\Mozilla Firefox\greprefs\all.js - pref("browser.link.open_newwindow.ui", 3); // prefs UI version

c:\programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.closed", "allAccess");

c:\programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.document", "allAccess");

c:\programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.frames", "allAccess");

c:\programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.history", "allAccess");

c:\programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.length", "allAccess");

c:\programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.opener", "allAccess");

c:\programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.parent", "allAccess");

c:\programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.self", "allAccess");

c:\programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.top", "allAccess");

c:\programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.window", "allAccess");

c:\programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.DOMParser,parseFromString", "noAccess");

c:\programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.DOMParser,parseFromStream", "noAccess");

c:\programmer\Mozilla Firefox\greprefs\all.js - pref("dom.disable_window_open_feature.status",      false);

c:\programmer\Mozilla Firefox\greprefs\all.js - pref("advanced.always_load_images",        true);

c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.protocol-handler.external.help", false);

c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.http.connect.timeout",  30);    // in seconds

c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.http.request.timeout", 120);    // in seconds

c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.IDN_show_punycode", true);

c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.image.imageBehavior",        0); // 0-Accept, 1-dontAcceptForeign, 2-dontUse

c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.cookie.cookieBehavior",      3); // 0-Accept, 1-dontAcceptForeign, 2-dontUse, 3-p3p

c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel",            1); // 0=low, 1=medium, 2=high, 3=custom

c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.enablePad",                  false); // Allow client to do proxy autodiscovery

c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("app.id", "{ec8030f7-c20a-464f-9b0e-13a3a9e97384}");

c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("app.version",

c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("app.extensions.version", "1.0");

c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("app.build_id",

c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.autoUpdateEnabled", true);    // Whether or not background app updates

c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.url", "chrome://mozapps/locale/update/update.properties");

c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.updatesAvailable", false);

c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.lastUpdateDate", 0);          // UTC offset when last App update was

c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.performed", false);            // Whether or not an update has been

c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.autoUpdateEnabled", true);

c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.autoUpdate", false);    // Automatically download and install

c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.interval", 604800000);  // Check for updates to Extensions and

c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.lastUpdateDate", 0);    // UTC offset when last Extension/Theme

c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.severity.threshold", 5);// The number of pending Extension/Theme

c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.count", 0);            // The number of extension/theme/etc

c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("update.interval", 3600000);              // Check each of the above intervals

c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("update.showSlidingNotification", true);  // Windows-only slide-up taskbar

c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("update.severity", 0);

c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("general.useragent.vendor", "Firefox");

c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("general.useragent.vendorSub",

c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.update.resetHomepage",        false);

c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.startup.homepage_override.1", false);

c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.turbo.enabled", false);

c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://browser/content/searchconfig.properties");

c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom",  "chrome://browser/content/searchconfig.properties");

c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("update_notifications.enabled", true);

c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("update_notifications.provider.0.frequency", 7); // number of days

c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.xul.error_pages.enabled", false);

c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("pfs.datasource.url", "chrome://mozapps/locale/plugins/plugins.properties");

.



**************************************************************************



catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-06-23 09:52

Windows 5.1.2600 Service Pack 3 NTFS



scanner skjulte processer ... 



scanner skjulte autostarter ...



scanner skjulte filer ... 





c:\windows\TEMP\_av_proI.tm~a03456\dld1.tmp 0 bytes



scanning gennemf¯rt med succes

skjulte filer: 1



**************************************************************************

.

--------------------- DLLs startet under k¯rende Processer ---------------------



- - - - - - - > 'winlogon.exe'(572)

c:\windows\system32\Ati2evxx.dll



- - - - - - - > 'explorer.exe'(3072)

c:\windows\system32\webcheck.dll

.

------------------------ Andre k¯rende processer ------------------------

.

c:\windows\system32\ati2evxx.exe

c:\windows\system32\ati2evxx.exe

c:\programmer\Alwil Software\Avast4\aswUpdSv.exe

c:\programmer\Alwil Software\Avast4\ashServ.exe

c:\windows\system32\acs.exe

c:\programmer\FÊlles filer\Autodesk Shared\Service\AdskScSrv.exe

c:\windows\system32\drivers\CDANTSRV.EXE

c:\programmer\FÊlles filer\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\programmer\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe

c:\windows\system32\wdfmgr.exe

c:\programmer\Alwil Software\Avast4\ashMaiSv.exe

c:\programmer\Alwil Software\Avast4\ashWebSv.exe

c:\programmer\Alwil Software\Avast4\Setup\avast.setup

.

**************************************************************************

.

Gennemf¯rt tid: 2009-06-23  9:54 - maskinen blev genstartet

ComboFix-quarantined-files.txt  2009-06-23 07:54

ComboFix2.txt  2009-06-23 07:44

ComboFix3.txt  2009-04-28 07:47



Pre-K¯rsel: 134.648.971.264 byte ledig

Post-K¯rsel: 134.615.601.152 byte ledig



220    --- E O F ---    2009-06-11 01:25



Var det alt, eller skal jeg gøre mere for at være sikker? Arkil > du må gerne smide et svar.

Din log er ren
Du fjerner Combofix ved at kopier dette ind i KØR >

Combofix /u

Deaktiver systemgendannelse (http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=4&PN=1)
vent et par minutter - aktiver systemgendannelse. Gå herefter i Start -> Programmer -> Tilbehør -> Systemværktøjer -> Systemgendannelse og lav et systemgendannelsespunkt, så du har det at vende tilbage til, hvis noget går galt.

God fornøjelse.

Tak for det - dejligt, at den nu er sund og rask igen :)

God sommer!!