Hej Fluii og velkommen til Spywarefri.dk

Følg venligst hele denne vejledning:

http://www.spywarefri.dk/forum/links/hjtanv.htm

... så skal vi forsøge at hjælpe dig videre Vi vil gerne se logs fra AVG Antispyware, rootchk, ComboFix, og herefter en log fra HijackThis.

AVG Antispyware finder ikke noget under Fast System Scan (En Complete tager et par døgn at gennemfører - har kørt en masse andre antispyware programmer…)

—

ComboFix 07-12-02.5 - Esben 2007-12-02 16:33:36.3 - NTFSx86
Microsoft® Windows Vista™ Ultimate   6.0.6000.0.1252.1.1030.18.940 [GMT 1:00]
Running from: C:\Users\Esben\Desktop\Ny mappe\ComboFix.exe
.

(((((((((((((((((((((((((  Files Created from 2007-11-02 to 2007-12-02 )))))))))))))))))))))))))))))))
.

2007-12-02 15:25 . 2007-12-02 15:25 <DIR> d————C:\Windows\Recent
2007-12-02 12:41 . 2007-12-02 12:41 <DIR> d————C:\Users\Esben\AppData\Roaming\Grisoft
2007-12-02 12:41 . 2007-12-02 12:41 <DIR> d————C:\Program Files\CCleaner
2007-12-02 12:40 . 2007-12-02 12:40 <DIR> d————C:\Users\All Users\Grisoft
2007-12-02 12:40 . 2007-12-02 12:40 <DIR> d————C:\ProgramData\Grisoft
2007-12-02 12:40 . 2007-05-30 13:10 10,872—a———C:\Windows\System32\drivers\AvgAsCln.sys
2007-12-02 12:35 . 2007-12-02 12:35 258,232—a———C:\Windows\System32\drivers\acpi.sys
2007-12-02 11:21 . 2007-12-02 11:21 <DIR> d————C:\Program Files\Simpli Software
2007-12-01 23:07 . 2007-12-01 23:07 54,156—ah——- C:\Windows\QTFont.qfn
2007-12-01 23:07 . 2007-12-01 23:07 1,409—a———C:\Windows\QTFont.for
2007-12-01 23:03 . 2007-12-01 23:04 1,221,897—a———C:\SDFix.exe
2007-12-01 20:19 . 2007-12-01 20:19 <DIR> d————C:\Program Files\Symantec AntiVirus
2007-12-01 20:19 . 2007-12-01 20:19 109,744—a———C:\Windows\System32\drivers\SYMEVENT.SYS
2007-12-01 20:19 . 2007-12-01 20:19 8,014—a———C:\Windows\System32\drivers\SYMEVENT.CAT
2007-12-01 20:19 . 2007-12-01 20:19 805—a———C:\Windows\System32\drivers\SYMEVENT.INF
2007-12-01 18:31 . 2007-12-01 18:31 7,680—a———C:\Windows\System32\drivers\RKL825C.tmp.sys
2007-12-01 18:11 . 2007-12-01 18:11 211,893—a———C:\Windows\System32\drivers\IsDrv122.sys
2007-12-01 13:33 . 2007-12-01 13:33 <DIR> d————C:\Program Files\kav
2007-11-25 17:04 . 2007-01-18 13:00 3,968—a———C:\Windows\System32\drivers\AvgArCln.sys
2007-11-25 15:23 . 2007-02-07 17:17 223,744—a———C:\Windows\System32\drivers\usbport.sys
2007-11-24 02:42 . 2007-11-25 17:13 <DIR> dr-h——- C:\$VAULT$.AVG
2007-11-23 17:17 . 2007-11-23 17:33 <DIR> d————C:\Users\Esben\.housecall6.6
2007-11-17 19:36 . 2007-11-17 19:36 <DIR> d————C:\Program Files\MzVistaForce
2007-11-17 12:48 . 2007-11-17 12:58 <DIR> d————C:\Users\Esben\AppData\Roaming\SQL-Front
2007-11-17 12:48 . 2007-11-17 12:48 <DIR> d————C:\Program Files\SQL-Front
2007-11-07 20:59 . 2007-11-07 21:00 <DIR> d————C:\peh
2007-11-04 14:34 . 2007-11-04 14:34 17,480—a———C:\Windows\System32\drivers\hamachi.sys
2007-11-04 11:04 . 2007-11-04 11:04 <DIR> d————C:\Users\Esben\AppData\Roaming\Radmin
2007-11-03 22:06 . 2007-11-03 22:21 <DIR> d————C:\Program Files\DVDInfoPro
2007-11-03 18:59 . 2007-11-03 18:59 <DIR> d————C:\Users\All Users\Real
2007-11-03 17:51 . 2007-06-09 14:06 22,216—a———C:\Windows\System32\mv2.dll
2007-11-03 17:51 . 2007-06-09 14:06 11,976—a———C:\Windows\System32\drivers\mv2.sys
2007-11-03 12:08 . 2007-11-03 18:39 <DIR> d————C:\Users\Esben\AppData\Roaming\ameCache

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-02 15:38————- d——-w C:\Program Files\Windows Mail
2007-12-02 15:36————- d——-w C:\Program Files\DVBViewer
2007-12-02 15:24————- d——-w C:\Program Files\uTorrent
2007-12-02 11:33————- d——-w C:\ProgramData\Microsoft Help
2007-12-01 22:28————- d——-w C:\Program Files\UltraVNC
2007-12-01 19:20————- d——-w C:\ProgramData\Symantec
2007-12-01 19:19————- d——-w C:\Program Files\Symantec
2007-12-01 19:19————- d——-w C:\Program Files\Common Files\Symantec Shared
2007-12-01 16:27————- d——-w C:\Program Files\mIRC
2007-12-01 16:24————- d——-w C:\Users\Esben\AppData\Roaming\Hamachi
2007-12-01 16:18————- d——-w C:\Users\Esben\AppData\Roaming\Skype
2007-11-25 15:33————- d——-w C:\Program Files\MPlayer for Windows
2007-11-25 15:33————- d——-w C:\Program Files\Advanced System Optimizer
2007-11-25 10:42————- d——-w C:\Program Files\FlashFXP
2007-11-17 17:36————- d——-w C:\Program Files\eMule
2007-11-17 11:47————- d——-w C:\Users\Esben\AppData\Roaming\Star-Tools
2007-11-03 20:44 3,304,543——a-w C:\Program Files\DVDInfoPro.rar
2007-11-03 17:59————- d——-w C:\Program Files\K-Lite Codec Pack
2007-11-02 23:59————- d——-w C:\Program Files\Common Files\Adobe
2007-10-28 11:13————- d——-w C:\Program Files\Windows Doctor
2007-10-26 13:58————- d——-w C:\Users\Esben\AppData\Roaming\Newsbin
2007-10-21 02:07————- d——-w C:\Program Files\The Specialists
2007-10-19 12:29————- d——-w C:\Program Files\Mozilla Firefox 2
2007-10-19 10:20————- d——-w C:\Program Files\Java
2007-10-14 15:36————- d——-w C:\Program Files\Intel
2007-10-13 16:07————- d——-w C:\Users\Esben\AppData\Roaming\Winamp
2007-10-13 15:52————- d——-r C:\Program Files\Winamp
2007-10-13 14:06————- d——-w C:\ProgramData\Skype
2007-10-13 14:06————- d——-w C:\Program Files\Common Files\Skype
2007-10-13 13:57————- d——-w C:\ProgramData\DVD Shrink
2007-10-06 22:59————- d——-w C:\Program Files\Hamachi
2007-10-06 20:15————- d——-w C:\ProgramData\Messenger Plus!
2007-08-10 15:59 174—sha-w C:\Program Files\desktop.ini
2007-04-14 22:18 10,027,298——a-w C:\Users\Esben\smw-1.7-bin.zip
.

(((((((((((((((((((((((((((((  snapshot_2007-12-01_12.57.02.29   )))))))))))))))))))))))))))))))))))))))))
.
- 2007-03-02 21:36:00 7,168——a-w C:\Windows\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2007-12-02 11:33:23 8,192——a-w C:\Windows\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2007-03-02 21:36:00 32,768——a-w C:\Windows\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll
+ 2007-12-02 11:33:23 32,768——a-w C:\Windows\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll
- 2007-03-02 21:35:59 716,800——a-w C:\Windows\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2007-12-02 11:33:27 720,896——a-w C:\Windows\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2007-03-02 21:35:59 299,008——a-w C:\Windows\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2007-12-02 11:33:24 299,008——a-w C:\Windows\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2007-03-02 21:36:00 32,768——a-w C:\Windows\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll
+ 2007-12-02 11:33:26 32,768——a-w C:\Windows\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll
- 2007-03-02 21:36:01 299,008——a-w C:\Windows\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2007-12-02 11:33:25 303,104——a-w C:\Windows\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2007-03-02 21:36:00 1,290,240——a-w C:\Windows\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll
+ 2007-12-02 11:33:26 1,294,336——a-w C:\Windows\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll
- 2007-03-02 21:36:00 1,699,840——a-w C:\Windows\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Design.dll
+ 2007-12-02 11:33:23 1,703,936——a-w C:\Windows\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Design.dll
- 2007-03-02 21:36:00 86,016——a-w C:\Windows\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2007-12-02 11:33:27 90,112——a-w C:\Windows\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2007-03-02 21:36:00 466,944——a-w C:\Windows\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2007-12-02 11:33:25 466,944——a-w C:\Windows\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2007-03-02 21:36:00 241,664——a-w C:\Windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2007-12-02 11:33:24 241,664——a-w C:\Windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2007-03-02 21:36:00 64,000——a-w C:\Windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll
+ 2007-12-02 11:33:24 66,560——a-w C:\Windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll
- 2007-03-02 21:36:00 368,640——a-w C:\Windows\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\System.Management.dll
+ 2007-12-02 11:33:26 372,736——a-w C:\Windows\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\System.Management.dll
- 2007-03-02 21:36:00 241,664——a-w C:\Windows\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2007-12-02 11:33:27 241,664——a-w C:\Windows\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2007-03-02 21:36:00 323,584——a-w C:\Windows\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2007-12-02 11:33:25 323,584——a-w C:\Windows\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2007-03-02 21:36:00 131,072——a-w C:\Windows\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2007-12-02 11:33:24 131,072——a-w C:\Windows\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2007-03-02 21:36:00 77,824——a-w C:\Windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2007-12-02 11:33:25 77,824——a-w C:\Windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
- 2007-03-02 21:36:00 126,976——a-w C:\Windows\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2007-12-02 11:33:26 126,976——a-w C:\Windows\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2007-03-02 21:36:00 819,200——a-w C:\Windows\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2007-12-02 11:33:22 819,200——a-w C:\Windows\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2007-03-02 21:36:00 57,344——a-w C:\Windows\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2007-12-02 11:33:24 57,344——a-w C:\Windows\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2007-03-02 21:36:00 569,344——a-w C:\Windows\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2007-12-02 11:33:23 573,440——a-w C:\Windows\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2007-03-02 21:36:00 1,245,184——a-w C:\Windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2007-12-02 15:15:42 1,265,664——a-w C:\Windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2007-03-02 21:36:00 2,039,808——a-w C:\Windows\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2007-12-02 11:33:24 2,052,096——a-w C:\Windows\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll
- 2007-03-02 21:36:00 1,335,296——a-w C:\Windows\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.Xml.dll
+ 2007-12-02 11:33:26 1,339,392——a-w C:\Windows\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.XML.dll
- 2007-03-02 21:36:00 1,216,512——a-w C:\Windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2007-12-02 15:15:43 1,232,896——a-w C:\Windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2007-12-02 15:15:46 61,440——a-w C:\Windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_57ccb246\CustomMarshalers.dll
+ 2007-12-02 15:15:58 118,784——a-w C:\Windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_8fc323de\CustomMarshalers.dll
+ 2007-12-02 15:15:56 3,391,488——a-w C:\Windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_403232c4\mscorlib.dll
+ 2007-12-02 15:16:05 8,908,800——a-w C:\Windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_de029b4d\mscorlib.dll
+ 2007-12-02 15:16:03 3,395,584——a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_4a1b511a\System.Design.dll
+ 2007-12-02 15:15:53 1,470,464——a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_4b2552e4\System.Design.dll
+ 2007-12-02 15:15:47 90,112——a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_c919738a\System.Drawing.Design.dll
+ 2007-12-02 15:15:58 192,512——a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_fd512998\System.Drawing.Design.dll
+ 2007-12-02 15:15:54 835,584——a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_0ef1a57a\System.Drawing.dll
+ 2007-12-02 15:16:04 2,244,608——a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_f3d74cad\System.Drawing.dll
+ 2007-12-02 15:15:49 3,018,752——a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_0261287d\System.Windows.Forms.dll
+ 2007-12-02 15:16:00 7,884,800——a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_7daa679f\System.Windows.Forms.dll
+ 2007-12-02 15:16:02 5,513,216——a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_e7cdccfa\System.Xml.dll
+ 2007-12-02 15:15:52 2,088,960——a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_fa39b187\System.Xml.dll
+ 2007-12-02 15:15:58 4,788,224——a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_9cb1a664\System.dll
+ 2007-12-02 15:15:46 1,966,080——a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_a758c7de\System.dll
- 2007-12-01 11:55:53 67,584—s-a-w C:\Windows\bootstat.dat
+ 2007-12-02 15:38:22 67,584—s-a-w C:\Windows\bootstat.dat
- 2007-11-08 15:59:01 136,704——a-w C:\Windows\catchme.exe
+ 2007-11-27 02:58:11 140,288——a-w C:\Windows\catchme.exe
+ 2007-12-02 15:35:58 6,246,400——a-w C:\Windows\erdnt\subs\SCHEMA.DAT
- 2007-07-13 05:47:44 665,600——a-w C:\Windows\inf\drvindex.dat
+ 2007-12-02 15:36:31 665,600——a-w C:\Windows\inf\drvindex.dat
- 2007-11-04 13:34:58 51,200——a-w C:\Windows\inf\infpub.dat
+ 2007-12-02 15:36:31 51,200——a-w C:\Windows\inf\infpub.dat
- 2007-11-04 13:34:58 86,016——a-w C:\Windows\inf\infstor.dat
+ 2007-12-02 15:36:30 86,016——a-w C:\Windows\inf\infstor.dat
- 2007-11-04 13:34:58 86,016——a-w C:\Windows\inf\infstrng.dat
+ 2007-12-02 15:36:30 86,016——a-w C:\Windows\inf\infstrng.dat
- 2007-12-01 11:44:24 25,214——a-r C:\Windows\Installer\{7C9E6E52-EB11-44DB-A761-82D5D873A8D9}\ARPPRODUCTICON.exe
+ 2007-12-01 19:20:09 25,214——a-r C:\Windows\Installer\{7C9E6E52-EB11-44DB-A761-82D5D873A8D9}\ARPPRODUCTICON.exe
- 2007-10-13 15:37:52 1,165,584——a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2007-12-02 11:33:58 1,165,584——a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2007-10-13 15:37:52 20,240——a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2007-12-02 11:33:58 20,240——a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2007-10-13 15:37:52 159,504——a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2007-12-02 11:33:58 159,504——a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2007-10-13 15:37:52 184,080——a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2007-12-02 11:33:58 184,080——a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2007-10-13 15:37:52 217,864——a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2007-12-02 11:33:58 217,864——a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2007-10-13 15:37:52 18,704——a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2007-12-02 11:33:58 18,704——a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2007-10-13 15:37:52 35,088——a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2007-12-02 11:33:58 35,088——a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2007-10-13 15:37:52 845,584——a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2007-12-02 11:33:58 845,584——a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2007-10-13 15:37:52 922,384——a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2007-12-02 11:33:58 922,384——a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2007-10-13 15:37:52 272,648——a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2007-12-02 11:33:58 272,648——a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2007-10-13 15:37:52 888,080——a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2007-12-02 11:33:58 888,080——a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2007-10-13 15:37:52 1,172,240——a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2007-12-02 11:33:58 1,172,240——a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2003-02-20 18:19:32 253,952——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2007-04-13 20:30:52 258,048——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2003-02-20 18:19:34 20,480——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe
+ 2004-07-15 00:49:18 20,480——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe
- 2003-02-20 18:19:38 32,768——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
+ 2004-07-15 00:49:26 32,768——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
- 2003-02-20 18:19:36 32,768——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2007-04-13 20:30:52 32,768——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2003-02-20 18:09:08 77,824——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2007-04-13 19:57:52 81,920——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2003-02-21 09:20:44 49,152——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\csc.exe
+ 2004-07-15 10:23:28 49,152——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\csc.exe
- 2003-02-21 09:21:00 626,688——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\cscomp.dll
+ 2004-07-15 10:23:44 626,688——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\cscomp.dll
- 2003-02-20 18:06:20 282,624——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\fusion.dll
+ 2004-07-14 23:24:30 282,624——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\fusion.dll
+ 2003-10-08 13:30:14 81,920——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\gacutil.exe
- 2003-02-21 06:24:38 7,168——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\IEExecRemote.dll
+ 2004-07-15 13:31:00 8,192——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\IEExecRemote.dll
- 2003-02-21 06:24:40 32,768——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\IEHost.dll
+ 2004-07-15 13:31:04 32,768——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\IEHost.dll
- 2003-02-20 18:09:40 196,608——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\ilasm.exe
+ 2004-07-14 23:35:30 196,608——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\ilasm.exe
- 2003-02-21 06:26:36 716,800——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.dll
+ 2004-07-15 13:28:58 720,896——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.dll
- 2003-02-21 06:26:38 299,008——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.dll
+ 2004-07-15 13:28:56 299,008——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.dll
- 2003-02-21 06:25:04 49,152——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\MigPol.exe
+ 2004-07-15 13:28:50 49,152——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\MigPol.exe
- 2003-02-21 06:25:04 49,152——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe
+ 2004-07-15 13:28:50 49,152——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe
- 2003-02-20 18:09:12 77,824——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscordbc.dll
+ 2004-07-14 23:32:44 86,016——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscordbc.dll
- 2003-02-20 18:09:12 233,472——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscordbi.dll
+ 2004-07-14 23:32:46 233,472——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscordbi.dll
- 2003-02-20 18:09:14 86,016——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2007-04-13 19:57:58 86,016——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2003-02-20 18:06:32 311,296——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2007-04-13 19:56:30 315,392——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2003-02-20 18:09:16 98,304——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2007-04-13 19:58:00 102,400——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2003-02-21 06:26:34 2,088,960——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2007-04-13 19:50:46 2,142,208——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2003-02-20 18:09:18 143,360——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorrc.dll
+ 2004-07-14 23:33:22 143,360——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorrc.dll
- 2003-02-20 18:09:18 81,920——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorsec.dll
+ 2004-07-14 23:33:24 81,920——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorsec.dll
- 2003-02-20 18:09:18 77,824——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2007-04-13 19:58:02 77,824——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2003-02-20 18:07:34 2,494,464——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2007-04-13 19:57:00 2,523,136——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2003-02-20 18:08:32 2,482,176——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2007-04-13 19:57:28 2,514,944——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2007-01-15 15:11:26 73,728——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
- 2003-02-20 18:09:30 90,112——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\PerfCounter.dll
+ 2004-07-14 23:34:50 94,208——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\PerfCounter.dll
- 2003-02-21 06:26:46 32,768——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\RegCode.dll
+ 2004-07-15 13:28:48 32,768——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\RegCode.dll
+ 2004-07-15 00:49:16 258,048——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1140\_aspnet_isapi.dll
+ 2004-07-14 23:32:22 81,920——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1140\_CORPerfMonExt.dll
+ 2004-07-14 23:24:30 282,624——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1140\_fusion.dll
+ 2004-07-14 23:25:06 315,392——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1140\_mscorjit.dll
+ 2004-07-15 13:29:02 2,138,112——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1140\_mscorlib.dll
+ 2003-02-20 18:09:18 77,824——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1140\_mscorsn.dll
+ 2004-07-14 23:26:52 2,510,848——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1140\_mscorsvr.dll
+ 2004-07-14 23:28:34 2,502,656——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1140\_mscorwks.dll
+ 2003-02-21 03:42:22 348,160——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1140\_msvcr71.dll
+ 2004-07-14 23:34:50 94,208——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1140\_PerfCounter.dll
- 2003-02-20 18:09:34 319,488——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SOS.dll
+ 2004-07-14 23:35:04 319,488——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SOS.dll
- 2003-02-21 06:26:38 1,290,240——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Data.dll
+ 2004-07-15 13:32:00 1,294,336——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Data.dll
- 2003-02-21 06:25:42 299,008——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Data.OracleClient.dll
+ 2004-07-15 13:31:14 303,104——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Data.OracleClient.dll
- 2003-02-21 06:26:42 1,699,840——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Design.dll
+ 2004-07-15 13:29:02 1,703,936——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Design.dll
- 2003-02-21 06:26:44 86,016——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.DirectoryServices.dll
+ 2004-07-15 13:28:54 90,112——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.DirectoryServices.dll
- 2003-02-21 06:26:46 1,216,512——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2007-04-13 20:35:38 1,232,896——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2003-02-21 06:26:50 466,944——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Drawing.dll
+ 2004-07-15 13:28:58 466,944——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Drawing.dll
- 2003-02-21 06:26:50 241,664——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.dll
+ 2004-07-15 13:28:56 241,664——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.dll
- 2003-02-20 18:09:36 64,000——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.Thunk.dll
+ 2004-07-14 23:35:12 66,560——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.Thunk.dll
- 2003-02-21 06:26:52 368,640——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Management.dll
+ 2004-07-15 13:31:58 372,736——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Management.dll
- 2003-02-21 06:26:54 241,664——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Messaging.dll
+ 2004-07-15 13:31:12 241,664——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Messaging.dll
- 2003-02-21 06:26:56 323,584——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Remoting.dll
+ 2004-07-15 13:28:58 323,584——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Remoting.dll
- 2003-02-21 06:26:56 131,072——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll
+ 2004-07-15 13:31:54 131,072——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll
- 2003-02-21 06:26:58 77,824——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2004-07-15 13:28:52 77,824——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
- 2003-02-21 06:27:00 126,976——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.ServiceProcess.dll
+ 2004-07-15 13:28:54 126,976——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.ServiceProcess.dll
- 2003-02-21 06:27:02 1,245,184——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2007-04-13 20:35:46 1,265,664——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2003-02-21 06:27:06 819,200——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Mobile.dll
+ 2004-07-15 13:28:58 819,200——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Mobile.dll
- 2003-02-21 06:24:18 57,344——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Web.RegularExpressions.dll
+ 2004-07-15 13:28:52 57,344——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Web.RegularExpressions.dll
- 2003-02-21 06:27:06 569,344——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Services.dll
+ 2004-07-15 13:31:16 573,440——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Services.dll
- 2003-02-21 06:27:08 2,039,808——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll
+ 2004-07-15 13:32:02 2,052,096——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll
- 2003-02-21 06:27:10 1,335,296——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.XML.dll
+ 2004-07-15 13:29:00 1,339,392——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.XML.dll
+ 2004-06-22 12:51:38 53,248——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
- 2003-02-21 09:20:38 737,280——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\vbc.exe
+ 2004-07-15 10:23:20 737,280——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\vbc.exe
- 2003-02-21 04:04:18 1,032,192——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\VsaVb7rt.dll
+ 2004-07-15 07:15:14 1,032,192——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\VsaVb7rt.dll
- 2003-02-20 19:10:40 31,744——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\WMINet_Utils.dll
+ 2004-07-15 01:11:56 31,744——a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\WMINet_Utils.dll
- 2007-10-13 15:36:43 262,144——a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2007-12-02 11:34:48 262,144——a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2007-12-01 11:56:04 1,310,720—sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2007-12-02 15:38:52 1,310,720—sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2007-10-13 15:37:29 262,144——a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2007-12-02 11:35:35 262,144——a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2007-12-01 11:56:04 1,572,864—sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2007-12-02 15:40:11 1,572,864—sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2007-12-02 14:44:17 6,644——a-w C:\Windows\SoftwareDistribution\EventCache\{EC37146A-8B38-47DC-8D62-1BD5F33713F6}.bin
- 2007-11-25 16:31:13 16,384—sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-12-02 15:38:41 32,768—sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-12-02 13:30:32 32,768—sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012007120220071203\index.dat
- 2007-11-25 16:31:13 32,768—sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-12-02 15:38:41 32,768—sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-11-25 16:31:13 32,768—sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-12-02 15:38:41 32,768—sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-12-01 11:51:43 262,144——a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2007-12-02 15:33:32 262,144——a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2007-12-02 15:33:32 262,144—-ha-w C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1
+ 2007-12-02 11:35:42 258,232——a-w C:\Windows\System32\DriverStore\FileRepository\acpi.inf_c74dd533\acpi.sys
+ 2007-12-02 11:35:42 28,344——a-w C:\Windows\System32\DriverStore\FileRepository\acpi.inf_c74dd533\battc.sys
+ 2007-12-02 11:35:42 20,920——a-w C:\Windows\System32\DriverStore\FileRepository\acpi.inf_c74dd533\compbatt.sys
+ 2007-12-02 11:35:42 11,264——a-w C:\Windows\System32\DriverStore\FileRepository\acpi.inf_c74dd533\wmiacpi.sys
+ 2007-12-02 11:35:42 28,344——a-w C:\Windows\System32\DriverStore\FileRepository\battery.inf_68d2ccc3\battc.sys
+ 2007-12-02 11:35:42 14,208——a-w C:\Windows\System32\DriverStore\FileRepository\battery.inf_68d2ccc3\CmBatt.sys
+ 2007-12-02 11:35:42 21,504——a-w C:\Windows\System32\DriverStore\FileRepository\battery.inf_68d2ccc3\hidbatt.sys
+ 2007-12-02 11:35:42 81,592——a-w C:\Windows\System32\DriverStore\FileRepository\sbp2.inf_cdabeeda\sbp2port.sys
- 2007-09-28 05:19:39 18,089,592——a-w C:\Windows\System32\mrt.exe
+ 2007-11-02 07:12:57 18,238,072——a-w C:\Windows\System32\mrt.exe
- 2007-11-25 17:11:54 112,784——a-w C:\Windows\System32\perfc006.dat
+ 2007-12-02 15:22:05 112,784——a-w C:\Windows\System32\perfc006.dat
- 2007-11-25 17:11:54 130,326——a-w C:\Windows\System32\perfc009.dat
+ 2007-12-02 15:22:05 130,326——a-w C:\Windows\System32\perfc009.dat
- 2007-11-25 17:11:54 563,766——a-w C:\Windows\System32\perfh006.dat
+ 2007-12-02 15:22:05 563,766——a-w C:\Windows\System32\perfh006.dat
- 2007-11-25 17:11:54 683,166——a-w C:\Windows\System32\perfh009.dat
+ 2007-12-02 15:22:05 683,166——a-w C:\Windows\System32\perfh009.dat
- 2007-11-25 09:26:35 6,291,456——a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2007-12-02 15:39:02 6,246,400——a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2007-11-25 17:08:13 9,036——a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-299502267-484061587-725345543-1003_UserData.bin
+ 2007-12-02 09:46:28 9,732——a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-299502267-484061587-725345543-1003_UserData.bin
- 2007-11-25 17:08:13 89,540——a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-12-02 09:46:28 91,196——a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2007-11-25 15:27:07 48,676——a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2007-12-02 09:46:25 49,492——a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2007-12-02 11:33:37 864,256——a-w C:\Windows\winsxs\msil_ehepg_31bf3856ad364e35_6.0.6000.16551_none_d987e8d0d1e98511\ehepg.dll
+ 2007-12-02 11:33:37 864,256——a-w C:\Windows\winsxs\msil_ehepg_31bf3856ad364e35_6.0.6000.20670_none_d9fae579eb184366\ehepg.dll
+ 2007-12-02 11:33:36 135,168——a-w C:\Windows\winsxs\msil_ehexthost_31bf3856ad364e35_6.0.6000.16551_none_bccd6586c1d8e85c\ehexthost.exe
+ 2007-12-02 11:33:36 135,168——a-w C:\Windows\winsxs\msil_ehexthost_31bf3856ad364e35_6.0.6000.20670_none_bd40622fdb07a6b1\ehexthost.exe
+ 2007-12-02 11:33:36 77,824——a-w C:\Windows\winsxs\msil_ehiextens_31bf3856ad364e35_6.0.6000.16551_none_fbb06c6b09de4651\ehiExtens.dll
+ 2007-12-02 11:33:36 77,824——a-w C:\Windows\winsxs\msil_ehiextens_31bf3856ad364e35_6.0.6000.20670_none_fc236914230d04a6\ehiExtens.dll
+ 2007-12-02 11:33:36 4,370,432——a-w C:\Windows\winsxs\msil_ehshell_31bf3856ad364e35_6.0.6000.16551_none_897b0411449d1363\ehshell.dll
+ 2007-12-02 11:33:35 4,382,720——a-w C:\Windows\winsxs\msil_ehshell_31bf3856ad364e35_6.0.6000.20670_none_89ee00ba5dcbd1b8\ehshell.dll
+ 2007-12-02 11:33:36 1,196,032——a-w C:\Windows\winsxs\msil_microsoft.mediacenter.shell_31bf3856ad364e35_6.0.6000.16551_none_4e78a7c898e189f9\Microsoft.MediaCenter.Shell.dll
+ 2007-12-02 11:33:36 1,269,760——a-w C:\Windows\winsxs\msil_microsoft.mediacenter.shell_31bf3856ad364e35_6.0.6000.20670_none_4eeba471b210484e\Microsoft.MediaCenter.Shell.dll
+ 2007-12-02 11:33:36 2,342,912——a-w C:\Windows\winsxs\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6000.16551_none_3106f6785a358713\Microsoft.MediaCenter.UI.dll
+ 2007-12-02 11:33:35 2,351,104——a-w C:\Windows\winsxs\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6000.20670_none_3179f32173644568\Microsoft.MediaCenter.UI.dll
+ 2007-12-02 11:33:36 217,088——a-w C:\Windows\winsxs\msil_microsoft.mediacenter_31bf3856ad364e35_6.0.6000.16551_none_23624f6bcf4df329\Microsoft.MediaCenter.dll
+ 2007-12-02 11:33:36 217,088——a-w C:\Windows\winsxs\msil_microsoft.mediacenter_31bf3856ad364e35_6.0.6000.20670_none_23d54c14e87cb17e\Microsoft.MediaCenter.dll
+ 2007-12-02 11:35:42 258,232——a-w C:\Windows\winsxs\x86_acpi.inf_31bf3856ad364e35_6.0.6000.16553_none_206f74b9d10718ea\acpi.sys
+ 2007-12-02 11:35:42 28,344——a-w C:\Windows\winsxs\x86_acpi.inf_31bf3856ad364e35_6.0.6000.16553_none_206f74b9d10718ea\battc.sys
+ 2007-12-02 11:35:42 20,920——a-w C:\Windows\winsxs\x86_acpi.inf_31bf3856ad364e35_6.0.6000.16553_none_206f74b9d10718ea\compbatt.sys
+ 2007-12-02 11:35:42 11,264——a-w C:\Windows\winsxs\x86_acpi.inf_31bf3856ad364e35_6.0.6000.16553_none_206f74b9d10718ea\wmiacpi.sys
+ 2007-12-02 11:35:42 258,232——a-w C:\Windows\winsxs\x86_acpi.inf_31bf3856ad364e35_6.0.6000.20672_none_20e27162ea35d73f\acpi.sys
+ 2007-12-02 11:35:42 28,344——a-w C:\Windows\winsxs\x86_acpi.inf_31bf3856ad364e35_6.0.6000.20672_none_20e27162ea35d73f\battc.sys
+ 2007-12-02 11:35:42 20,920——a-w C:\Windows\winsxs\x86_acpi.inf_31bf3856ad364e35_6.0.6000.20672_none_20e27162ea35d73f\compbatt.sys
+ 2007-12-02 11:35:42 11,264——a-w C:\Windows\winsxs\x86_acpi.inf_31bf3856ad364e35_6.0.6000.20672_none_20e27162ea35d73f\wmiacpi.sys
+ 2007-12-02 11:35:42 28,344——a-w C:\Windows\winsxs\x86_battery.inf_31bf3856ad364e35_6.0.6000.16553_none_140e43a256cf6f52\battc.sys
+ 2007-12-02 11:35:42 14,208——a-w C:\Windows\winsxs\x86_battery.inf_31bf3856ad364e35_6.0.6000.16553_none_140e43a256cf6f52\CmBatt.sys
+ 2007-12-02 11:35:42 21,504——a-w C:\Windows\winsxs\x86_battery.inf_31bf3856ad364e35_6.0.6000.16553_none_140e43a256cf6f52\hidbatt.sys
+ 2007-12-02 11:35:42 28,344——a-w C:\Windows\winsxs\x86_battery.inf_31bf3856ad364e35_6.0.6000.20672_none_1481404b6ffe2da7\battc.sys
+ 2007-12-02 11:35:42 14,208——a-w C:\Windows\winsxs\x86_battery.inf_31bf3856ad364e35_6.0.6000.20672_none_1481404b6ffe2da7\CmBatt.sys
+ 2007-12-02 11:35:42 21,504——a-w C:\Windows\winsxs\x86_battery.inf_31bf3856ad364e35_6.0.6000.20672_none_1481404b6ffe2da7\hidbatt.sys
+ 2007-12-02 11:33:36 252,416——a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6000.16551_none_129c2835a2b3e4c1\ehReplay.dll
+ 2007-12-02 11:33:36 254,464——a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6000.20670_none_130f24debbe2a316\ehReplay.dll
+ 2007-12-02 11:33:36 6,656——a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.16551_none_320e988bdcfb491f\McrMgr.dll
+ 2007-12-02 11:33:36 173,056——a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.16551_none_320e988bdcfb491f\McrMgr.exe
+ 2007-12-02 11:33:36 6,656——a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.20670_none_32819534f62a0774\McrMgr.dll
+ 2007-12-02 11:33:36 172,544——a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.20670_none_32819534f62a0774\McrMgr.exe
+ 2007-12-02 11:33:36 21,504——a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehdebug_31bf3856ad364e35_6.0.6000.16551_none_2dc267438543208f\ehdebug.dll
+ 2007-12-02 11:33:36 21,504——a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehdebug_31bf3856ad364e35_6.0.6000.20670_none_2e3563ec9e71dee4\ehdebug.dll
+ 2007-12-02 11:33:36 103,936——a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6000.16551_none_24ad47ba64fb3b5e\ehPresenter.dll
+ 2007-12-02 11:33:35 103,936——a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6000.20670_none_252044637e29f9b3\ehPresenter.dll
+ 2007-12-02 11:33:36 10,094,080——a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehres_31bf3856ad364e35_6.0.6000.16551_none_4ff0b41753794310\ehres.dll
+ 2007-12-02 11:33:36 10,103,808——a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehres_31bf3856ad364e35_6.0.6000.20670_none_5063b0c06ca80165\ehres.dll
+ 2007-12-02 11:33:36 18,944——a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehtrace_31bf3856ad364e35_6.0.6000.16551_none_36a1794316e10625\ehtrace.dll
+ 2007-12-02 11:33:36 18,944——a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehtrace_31bf3856ad364e35_6.0.6000.20670_none_371475ec300fc47a\ehtrace.dll
+ 2007-12-02 11:33:36 517,120——a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6000.16551_none_cca8cc6dcc68d92a\ehui.dll
+ 2007-12-02 11:33:36 521,216——a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6000.20670_none_cd1bc916e597977f\ehui.dll
+ 2007-12-02 11:33:36 1,497,600——a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehuihlp_31bf3856ad364e35_6.0.6000.16551_none_39efbea42e3e8dcc\ehuihlp.dll
+ 2007-12-02 11:33:35 1,498,112——a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehuihlp_31bf3856ad364e35_6.0.6000.20670_none_3a62bb4d476d4c21\ehuihlp.dll
+ 2007-12-02 11:35:42 2,923,520——a-w C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
+ 2007-12-02 11:35:42 2,923,520——a-w C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
+ 2007-12-02 11:33:35 1,244,672——a-w C:\Windows\winsxs\x86_microsoft-windows-m..mediadeliveryengine_31bf3856ad364e35_6.0.6000.16551_none_3d0f195f628540b4\mcmde.dll
+ 2007-12-02 11:33:35 1,244,672——a-w C:\Windows\winsxs\x86_microsoft-windows-m..mediadeliveryengine_31bf3856ad364e35_6.0.6000.20670_none_3d8216087bb3ff09\mcmde.dll
+ 2007-12-02 11:33:39 2,414,136——a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16588_none_f0535c886e8d6f4f\OESpamFilter.dat
+ 2007-12-02 11:33:39 2,414,136——a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.20711_none_f121a8a787789748\OESpamFilter.dat
+ 2007-12-02 11:35:43 3,504,824——a-w C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16551_none_6a1511c2b724295c\ntkrnlpa.exe
+ 2007-12-02 11:35:43 3,471,032——a-w C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16551_none_6a1511c2b724295c\ntoskrnl.exe
+ 2007-12-02 11:35:43 3,504,824——a-w C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.20670_none_6a880e6bd052e7b1\ntkrnlpa.exe
+ 2007-12-02 11:35:43 3,471,544——a-w C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.20670_none_6a880e6bd052e7b1\ntoskrnl.exe
+ 2007-12-02 11:35:43 704,000——a-w C:\Windows\winsxs\x86_microsoft-windows-photoscreensaver_31bf3856ad364e35_6.0.6000.16552_none_69b42f445b762fd4\PhotoScreensaver.scr
+ 2007-12-02 11:35:43 704,000——a-w C:\Windows\winsxs\x86_microsoft-windows-photoscreensaver_31bf3856ad364e35_6.0.6000.20671_none_6a272bed74a4ee29\PhotoScreensaver.scr
+ 2007-12-02 11:35:42 542,720——a-w C:\Windows\winsxs\x86_microsoft-windows-s..mmaintenanceservice_31bf3856ad364e35_6.0.6000.16551_none_3b32a26ce33869cb\sysmain.dll
+ 2007-12-02 11:35:42 542,720——a-w C:\Windows\winsxs\x86_microsoft-windows-s..mmaintenanceservice_31bf3856ad364e35_6.0.6000.20670_none_3ba59f15fc672820\sysmain.dll
+ 2007-12-02 11:35:43 24,064——a-w C:\Windows\winsxs\x86_microsoft-windows-t..services-publicapis_31bf3856ad364e35_6.0.6000.16553_none_c5179c13c95485bd\wtsapi32.dll
+ 2007-12-02 11:35:43 24,064——a-w C:\Windows\winsxs\x86_microsoft-windows-t..services-publicapis_31bf3856ad364e35_6.0.6000.20672_none_c58a98bce2834412\wtsapi32.dll
+ 2007-12-02 11:35:43 2,027,008——a-w C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.16551_none_b6d829dc9d87e0b4\win32k.sys
+ 2007-12-02 11:35:42 2,028,544——a-w C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.20670_none_b74b2685b6b69f09\win32k.sys
+ 2007-12-02 11:35:41 14,827——a-w C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16551_none_9a28f27507e7382c\gatherWirelessInfo.vbs
+ 2007-12-02 11:35:42 47,104——a-w C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16551_none_9a28f27507e7382c\wlanapi.dll
+ 2007-12-02 11:35:42 67,584——a-w C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16551_none_9a28f27507e7382c\wlanhlp.dll
+ 2007-12-02 11:35:42 290,816——a-w C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16551_none_9a28f27507e7382c\wlanmsm.dll
+ 2007-12-02 11:35:41 297,984——a-w C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16551_none_9a28f27507e7382c\wlansec.dll
+ 2007-12-02 11:35:41 502,784——a-w C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16551_none_9a28f27507e7382c\wlansvc.dll
+ 2007-12-02 11:35:41 14,827——a-w C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.20670_none_9a9bef1e2115f681\gatherWirelessInfo.vbs
+ 2007-12-02 11:35:41 47,104——a-w C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.20670_none_9a9bef1e2115f681\wlanapi.dll
+ 2007-12-02 11:35:41 67,584——a-w C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.20670_none_9a9bef1e2115f681\wlanhlp.dll
+ 2007-12-02 11:35:41 289,280——a-w C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.20670_none_9a9bef1e2115f681\wlanmsm.dll
+ 2007-12-02 11:35:41 299,008——a-w C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.20670_none_9a9bef1e2115f681\wlansec.dll
+ 2007-12-02 11:35:41 502,784——a-w C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.20670_none_9a9bef1e2115f681\wlansvc.dll
+ 2007-12-02 11:35:43 356,352——a-w C:\Windows\winsxs\x86_microsoft-windows-wmi-core-wbemcomn-dll_31bf3856ad364e35_6.0.6000.16553_none_0161deb32631b63d\wbemcomn.dll
+ 2007-12-02 11:35:43 356,352——a-w C:\Windows\winsxs\x86_microsoft-windows-wmi-core-wbemcomn-dll_31bf3856ad364e35_6.0.6000.20672_none_01d4db5c3f607492\wbemcomn.dll
+ 2007-12-02 11:35:42 81,592——a-w C:\Windows\winsxs\x86_sbp2.inf_31bf3856ad364e35_6.0.6000.16554_none_432055ecf9219c67\sbp2port.sys
+ 2007-12-02 11:35:42 81,592——a-w C:\Windows\winsxs\x86_sbp2.inf_31bf3856ad364e35_6.0.6000.20673_none_4393529612505abc\sbp2port.sys
.
—Snapshot reset to current date—
.
(((((((((((((((((((((((((((((((((((((  Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Sidebar”=“C:\Program Files\Windows Sidebar\sidebar.exe” [2006-11-02 13:33]
“MsnMsgr”=“C:\Program Files\MSN Messenger\MsnMsgr.exe” [2007-01-19 12:55]
“ehTray.exe”=“C:\Windows\ehome\ehTray.exe” [2006-11-02 13:34]
“DAEMON Tools”=“C:\Program Files\DAEMON Tools\daemon.exe” [2007-08-29 16:09]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Windows Defender”=“C:\Program Files\Windows Defender\MSASCui.exe” [2007-04-13 06:12]
“DeeEnEs”=“C:\Esben\DeeEnEs.exe” [2005-01-01 14:41]
“HPDJ Taskbar Utility”=“C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe” [2001-11-19 15:21]
“Launch LGDCore”=“C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe” [2007-04-26 16:22]
“PCSuiteTrayApplication”=“C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe” [2006-06-15 11:36]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 00:11]
“Kernel and Hardware Abstraction Layer”=“KHALMNPR.EXE” [2007-04-11 14:32 C:\Windows\KHALMNPR.Exe]
“GrooveMonitor”=“C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe” [2006-10-27 00:47]
“Acrobat Assistant 8.0”=“C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe” [2007-03-29 21:14]
“OODefragTray”=“C:\Windows\system32\oodtray.exe” [2007-05-11 01:08]
“SoundMAXPnP”=“C:\Program Files\Analog Devices\Core\smax4pnp.exe” [2006-12-18 20:34]
“IAAnotif”=“C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe” [2007-07-12 15:36]
“Adobe_ID0EYTHM”=“C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE” [2007-03-20 16:40]
“ccApp”=“C:\Program Files\Common Files\Symantec Shared\ccApp.exe” [2006-11-22 17:12]
“vptray”=“C:\PROGRA~1\SYMANT~1\VPTray.exe” [2006-11-28 06:34]
“!AVG Anti-Spyware”=“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” [2007-06-11 10:25]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-06-07 17:05:38]
ColorVisionStartup.lnk - C:\Program Files\ColorVision\Utility\ColorVisionStartup.exe [2007-02-13 09:34:02]
Logitech SetPoint.lnk - C:\Programmer\Logitech\SetPoint\SetPoint.exe [2007-02-25 14:30:24]
UltraVNC Server.lnk - C:\Program Files\UltraVNC\winvnc.exe [2006-09-12 11:15:40]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“ConsentPromptBehaviorAdmin”= 1 (0x1)
“EnableLUA”= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
“DisableChangePassword”= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
“NoFavoritesMenu”= 1 (0x1)
“NoRecentDocsHistory”= 0 (0x0)
“NoRecentDocsMenu”= 1 (0x1)
“NoRecentDocsNetHood”= 1 (0x1)
“NoSMMyDocs”= 1 (0x1)
“NoSMMyPictures”= 1 (0x1)
“NoStartMenuMyMusic”= 1 (0x1)
“NoResolveTrack”= 0 (0x0)
“NoFileAssociate”= 0 (0x0)
“NoSMHelp”= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
“NoFavoritesMenu”= 1 (0x1)
“NoLogoff”= 0 (0x0)
“NoRecentDocsMenu”= 1 (0x1)
“NoRecentDocsNetHood”= 1 (0x1)
“NoSharedDocuments”= 1 (0x1)
“NoSMHelp”= 1 (0x1)
“NoSMMyDocs”= 1 (0x1)
“NoSMMyPictures”= 1 (0x1)
“NoStartMenuMyMusic”= 1 (0x1)
“NoViewOnDrive”= 0 (0x0)
“NoRecentDocsHistory”= 0 (0x0)
“NoTrayItemsDisplay”= 0 (0x0)
“NoInstrumentation”= 1 (0x1)
“NoDesktopCleanupWizard”= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
iissvcs w3svc was

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{34f0f1ee-c4d6-11db-a1a7-001731e91cb9}]
\shell\AutoRun\command - G:\setup.exe -q

*Newly Created Service* - VMM
.
Contents of the ‘Scheduled Tasks’ folder
“2007-12-01 15:46:23 C:\Windows\Tasks\User_Feed_Synchronization-{25F9F9F3-1A1E-461B-9D8D-A02EDA8E7A82}.job”
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-02 16:39:57
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-02 16:41:05 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-01 12:57
C:\ComboFix3.txt ... 2007-11-25 17:02
.
—- E O F—-

—

********************************* ROOTCHK-(25-11-07)-LOG, by ejvindh
02-12-2007 16:56:12,37

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-02 16:56:15
Windows 6.0.6000
scanning hidden processes ...

scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
“s1”=dword:03ee45bc
“s2”=dword:6fb49f83
“h0”=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
“h0”=dword:00000000
“khjeh”=hex:e4,00,33,d9,af,3b,90,af,5a,2c,98,83,3f,63,81,fb,20,1f,07,19,43,..
“p0”=“C:\Program Files\DAEMON Tools\”
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
“khjeh”=hex:20,d2,ee,34,33,a0,3a,47,8f,4a,19,df,1a,75,bc,29,f1,e5,3c,b0,20,..
“a0”=hex:20,01,00,00,76,a0,db,52,9f,e4,d5,8b,a2,df,a8,f5,26,ab,05,81,78,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
“khjeh”=hex:f4,75,99,09,b8,b8,fb,f2,65,65,a7,3d,e8,48,a9,a4,3c,dd,af,de,9f,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
“khjeh”=hex:79,ca,28,8f,0e,21,0c,4f,8d,6a,0b,49,d8,46,2b,af,fd,c7,76,a3,69,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
“h0”=dword:00000000
“khjeh”=hex:e4,00,33,d9,af,3b,90,af,5a,2c,98,83,3f,63,81,fb,20,1f,07,19,43,..
“p0”=“C:\Program Files\DAEMON Tools\”
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
“khjeh”=hex:20,d2,ee,34,33,a0,3a,47,8f,4a,19,df,1a,75,bc,29,f1,e5,3c,b0,20,..
“a0”=hex:20,01,00,00,76,a0,db,52,9f,e4,d5,8b,a2,df,a8,f5,26,ab,05,81,78,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
“khjeh”=hex:f4,75,99,09,b8,b8,fb,f2,65,65,a7,3d,e8,48,a9,a4,3c,dd,af,de,9f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
“khjeh”=hex:79,ca,28,8f,0e,21,0c,4f,8d,6a,0b,49,d8,46,2b,af,fd,c7,76,a3,69,..

scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\Scheduler]
“Heartbeat”=hex(b):b5,65,ae,d5,fb,34,c8,01
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
“OODEFRAG08.00.00.01WORKSTATION”=“AA1A25DF1F54E4555575244CD804A6582A9BF478BCCD6557D056825BCBF10E80CAEA080120FB78D571326799AA7D3DAC7BF201E388151B721B12A660644A6C50299896D26AAF31935D7C8D1848E1226B1848E34F414C58F5C0093A45D144839CAB0B3940DDECB3BF98706112FA75A834BA8EE77EB91D408E541F276B0E0F68C1DF3F996841872506CA41EB03714FAA9F434C996B2803FE610E511C697AAB36FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933FEBC9E127BECC74CFEBC9E127BECC74CA2D97226D213B555D3FBBB40613685195B5C0E71D0F16DD9D0F010BA4DA087F52CF6AB08A223D4F6B190A4FC87ECB39E8021902313A5F4A46EB71028FD594878B40A65ADB9BE711DEBF95024D10752865B39433E24C1431910EADEEB65CE3BAD4F6346E7EFE148A5CFEF3D5C6F91D811C4B41A8A527ED2EABE92068B8B03FE58D2A48C20ACF43C051FCB7D0F467E0E060D459B919D7570CFF4D92153B0578441091388810CC705B5110B36E76E248FACF6C363A0BCA63F822491DED1479595B22D971F7C5D0AAEB2CDCFA3D9B4BECD54B829204B99F6B342AE2D85DA746BCA7D70BD4B44245118FCF5DF9218996B0DCEFE9496E7CF2C98D0EE446D06946793F3F7B798521897F6199826E59D502CE7F067CA1C0FB2720B752F1302ACB57FB26FDD5AA9E2A339D1113EAE13A5C268499405AF1D20C7587D7A30FAC3EE190A3E4B2E9DB2756778846F5F2CA5338DE9F217DF51983C475234AE25FC4631B6C523E5E9207D4DB67ABEC66AF53B0A80DF79DA72DCA1CA20B74B64B642B29739D19D2307A1E6F319C905A9428306B421DAC544AB245F747242AE730218C511FCB1426C6D8560B54AD1AEB2BB74CC7F26D293BEEEA00F299593A0B5946CCE4A17CFF62B7AD7EF21B8E4E6FCA189697BFDA2F437926B7D9A122EB78974D43336CCF7F6D0FEC32E8C09B8ADAAB12ACA7EC8074F9EE1C40EBDA479DBD11A08E88D19D9CF50419A480F93E557601E5FF1A059A358EB1C0EB9CD40C04D756E617FCA2A8A66A078507F83E06B0CC40CD5F5BFBAFDA017744F0A4809B39BDED462942C62026F3ED3FE2A8CB328C6069661017CA881071F91B2A0EF59E4AD7D9FAEDDB5589D77297263308C7EE3D655CB77D13D127C3F840F87AE4ABFCD3D42970DA22FD71CDBE3E95D8FAC6747E065AD32BA2A9D9FD3CE7A40FBA2FB4757A4786A3F225DA2CF7643F3D958CBDF5C71314E20302283A185D975E2850491DF9FF156A4DF9C39DAEDFBCDB2403A1E95B4C1AE7F812EA158B7A0DFD44681510A32A78458F97C4ED6D78438D557F6582C6E3C58641280D8FDF63CDE53FAD20C605E33CCEFC696AFF2C8C1A58ED7F84792E5F276F19B0E6A69D78AF6F67D882FC12B9F”
“OODEFRAG10.00.00.01WORKSTATION”=“3A97823E544304E3B906733FCA13009EBEA888DFCA6917C6BFD50C509286FEDA0287B4114D83B77833156C0BAA7127AD8940AF0A0F51330A8110767757D5F88A20012D699E7A10D249FEC009A4665AB2A933B93D36236700291D63AD309CE742F2840B928CF930A38E3146D87E41C6C2807B520C25CA8D448724781B4585EE3DDF858D681E8BA2ED958D77AB41887FC67388CE1D05EBDFC2F4C1047C816E1010CCEE195D21E8548978697048BA71FB7A6DBCA52DC5D97EBD4C07F3A214EBB421A59C38F4248218A1D28F75097BFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933FEBC9E127BECC74CFEBC9E127BECC74CA2D97226D213B5559CA6BA2EB27C71CF1FD1FA0E6F71549183F0E8DE3739BA70680EA8E4B85566B830BC583EA690DBC794D7CCB63204BBEA0BD41B34DBB47752FAAAE9268ABA528A3FBBA2117B00AF0DFE60E324FD0736DD4C774D5D7EC73ABD9F839644681908E015E4F7AAC72B6B478618E10853149593ED0989602FE4CA7B99F3BB358B5CE44830DB0A1294189FE3870ABF1E2AE84278C7A02CC6EEA3849A5D3C3D752793D68E432AE1D25EEFF19291A8C8A0EAE7343DE437E61FB6BED46D94FD4E03DC73E348B3BA587D167D9A4866C81DD0F3177A58872DBDF86F94C08A9DC1F95FC5D3A4CB9C5F1DA420B4673AFEA330F3179F388223C4096B79A8604B09739E136D30C434CD4BB26157273A6806574AD21BCF23B961A3F690A8A05BCD1C62EC27D32A84604797EE4D079008905BE486B8B99A043D1D558684C1C9F47451BF6AABED82B7F4C1C0FE0BF04B5A3813B1D4F7A0143C13E7468C6A81107FE5D526F2B2A2234756A6265FBACADA4DA5740778E37277BB8407C934E71788600B8A0FB1524E98AF33958D64063BE213E57B938BD5C4A1091F721678A524E91413865A2A2542900178DF1FB319E22BF1CA55E6F6A9A1163F335547A9D0C08E2AF090CBB14B4061DFD80C6649224FA240E56877FBC108F70BD59159ED1C777546D82A09F065818103CCD454F1D508596E91CB9D2E816894B1E1BBB03D3E48411F4501A0679C338CB88FA9BDD2EB0504FC68C898755129D786F21C91646E2539FE76FCFEE699F2C3DF1FACD9E01FB37B7F4A61080E9DA5D3F4E9AEA8046CF4C7466C37F8148A560A6DBE3446E7AE733DA0DCC8720659AABD7BEC240312F7137C686DFBC5E82464E76977CA8286DF9CEA9D08644143F5F9712B65E192D5D84F0AEC054E80B21C9A88EF912EF4AE7AF4C6C7F652C0FB6F4A6BACFE012FECD7EBC66E7F63A915ACE73C311F51E2A8483BBB031B60A2BBBFC5CE382B4B1348C19FAF1B7025230414B1F673715C7B0E9A20D6CBA6147DE3E70A5F9C20C35B2BE79660392EAEB5C9974E500C9FA7CCCD”
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\\xc0\x203a9\x8d]
“CacheSizeInMB”=dword:00000000
“CacheStatus”=dword:00000002
“USBVersion”=dword:00020000
“ReadSpeedKBs”=dword:00000000
“WriteSpeedKBs”=dword:00000000
“PhysicalDeviceSizeMB”=dword:00074701
“RecommendedCacheSizeMB”=dword:00000000
“HasSlowRegions”=dword:00000000
“DoRetestDevice”=dword:00000000
“DeviceStatus”=dword:00000001
“LastTestedTime”=hex(b):00,00,00,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\\xc0\x203a9\x8d]
“CacheSizeInMB”=dword:00000000
“CacheStatus”=dword:00000002
“USBVersion”=dword:00020000
“ReadSpeedKBs”=dword:000002ac
“WriteSpeedKBs”=dword:00000000
“PhysicalDeviceSizeMB”=dword:00074701
“RecommendedCacheSizeMB”=dword:00000000
“HasSlowRegions”=dword:00000000
“DoRetestDevice”=dword:00000000
“DeviceStatus”=dword:00000004
“LastTestedTime”=hex(b):b7,36,97,75,24,9e,c7,01
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CA3AECF8-886F-3147-5C9D-43106FCD29AD}]
“abbfmkbdaeffdanocakclanimahgmlfoio”=hex:6a,61,6d,66,65,6e,67,67,63,66,62,64,62,6b,68,6f,62,67,64,69,00,..
“ialgkbledknegecfli”=hex:61,61,00,00
“habfmkbdaeffdano”=hex:61,61,00,00
“iaphopjjbfpneilkgi”=hex:61,61,00,00
“bblgkbledknegecflimeddpmcaelhafcpndn”=hex:6a,61,6d,66,65,6e,67,67,63,66,62,64,62,6b,68,6f,62,67,64,69,00,..
“bblgkbledknegecflimeddpmcaelabcdppep”=hex:6a,61,6d,66,65,6e,67,67,63,66,62,64,62,6b,68,6f,62,67,64,69,00,..
“abbfmkbdaeffdanocakclanimamgniaojh”=hex:6a,61,6d,66,65,6e,67,67,63,66,62,64,62,6b,68,6f,62,67,64,69,00,..

scanning hidden files ...

hidden processes: 0
hidden services: 0
hidden files: 0

—

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:03:20, on 02-12-2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Windows\System32\oodtray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\GRISOFT\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Program Files\UltraVNC\winvnc.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Windows\explorer.exe
C:\Users\Esben\Desktop\Ny mappe\HiJackThis.exe
C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.fluii.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [DeeEnEs] C:\Esben\DeeEnEs.exe /autoexit
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Launch LGDCore] “C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe” /SHOWHIDE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe”
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [GrooveMonitor] “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] “C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe”
O4 - HKLM\..\Run: [OODefragTray] C:\Windows\system32\oodtray.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IAAnotif] “C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe”
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [ccApp] “C:\Program Files\Common Files\Symantec Shared\ccApp.exe”
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] “C:\Program Files\MSN Messenger\MsnMsgr.Exe” /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools] “C:\Program Files\DAEMON

Afinstaller uTorrent, eMule og Messenger Plus i Tilføj/fjern programmer.
Drop fildeling >> http://spywarefri.dk/forum/topic.asp?TOPIC_ID=40284

Hent Ccleaner her:
http://www.filehippo.com/download_ccleaner/
Installer Ccleaner, husk at fjerne fluebenet udfor installation af Yahoo toolbar.
Start programmet, fjern fluebenet i cookies.
Klik på kør Cleaner og lad den fjerne hvad den finder.
Klik så på Problemer ovre i venstre side (den blå terning), klik på Skan efter problemer, når den er færdig, klik på Udbedre valgte problemer, lav evt. en backup af registreringsdatabasen, klik så på udbedre alle valgte problemer.
Klik på OK, klik på Luk når den er færdig.
Genstart.
———————————————————-
Hent og installer denne scanner:
http://www.superantispyware.com/downloads/SUPERAntiSpyware1241.exe

Start programmet, klik på Check for updates, når det er opdateret, luk programmet, du skal ikke scanne endnu.
———————————————————-
Kopiér indholdet mellem de bølgede linier ind i et notepad-vindue, og gem indholdet i samme mappe, som Combofix ligger med navnet CFScript.txt. Når du gemmer, skal du sikre, at der under “filtyper” står “alle filer”.

~~~~~~~~~~~~~~~~~~~~~~~~~~

Killall::

Snapshot::

File::
C:\Windows\System32\drivers\IsDrv122.sys
C:\Windows\System32\drivers\cdralw.sys
C:\Windows\System32\drivers\RKL825C.tmp.sys

Folder::
“C:\Program Files\uTorrent”
“C:\Program Files\eMule”
“C:\ProgramData\Messenger Plus!”

Driver::
IsDrv122
cdralw
RKL825C

~~~~~~~~~~~~~~~~~~~~~~~~~~
Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du “giver slip” med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif
Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
———————————————————-
Genstart i fejlsikret (tryk på <F8> under opstarten)
Start SuperAntiSpyware, klik på Scan your Computer, sæt flueben i de drev der skal scannes.
(Fixed disk betyder harddisk)
Flyt prikken til Perform complete scan og klik på Næste, så kører scanningen.

Når den er færdig kommer der et vindue med en opsummering, klik på OK, klik så på næste og så på Udfør.

Der kommer et vindue med Quarantine and removal Complete, klik på OK, klik på Udfør.
Luk programmet, genstart normalt.
———————————————————-
Start SuperAntiSpyware igen, klik på Preferences, skift til fanebladet Statistics/Logs, i vinduet dobbeltklikker du på SUPERAntiSpyware Scan Log, den åbner i notesblok, kopier resultatet herind.
Vi skal også se en frisk hijackthislog, samt den nye combofixlog.