Ser i fodbold alle sammen??

Hent og kør dette program:
http://bleepingcomputer.com/sUBs/SafeBootKeyRepair.exe
Det tager et øjeblik, programmet laver en log, den skal du kopiere ind i dit næste svar.
Den ligger her:
C:\SafeBoot_Repair.txt.

Klik på Start->Kør skriv SFC /scannow(bemærk mellemrum), klik OK.
Din XP-CD skal sidde i drevet.
Genstart.

Når de to ting er gjort, laver du en frisk Combofix log og kopierer den herind.

Ok, tak for svaret. Jeg tror altså kun jeg har et par gendannelses cd’er og ingen xp cd….hvad gør jeg så??

Der bør være XP på en af dem, ellers er det ikke nemt at få installeret et styresystem

Hej
det er en pc fra bilka der kom med xp præinstalleret hvorefter vi skulle kreere 2-3 cd/dvd med gendannelse, nærmest som et ghost. Så xp er der naturligvis, det er bare ikke en ren winxp instal. cd! Kan jeg evt låne en andens, eller skal det være den, der er installeret på pc’en?

Ingen installations CD:
Kør sfc /scannow og se hvad der sker…

Virker det ikke (programmet vil have en CD), så søg efter folderen i386.
Er den der ikke, så må du låne en CD (Samme XP/Vista version).

Er i386 til stede:
[Start] [Kør] [Regedit]
Find nøglen: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup
Findes “SourcePath” i vinduet til højre, så dobbeltklik på den og tilpasVærdidata til f.eks. C: (hvis det er der i386 er).

Findes Sourcepath ikke, så højreklik på “Setup” (venstre vindue) og opret en ny “Strengværdi”, døb den “SourcePath” og tilpas “Værdidata” (med stien til i386)

Afslut Regedit og genstart computeren.

Her er friske logs. skulle ikke bruge xp cd iøvrigt….
tak for hjælpen!!

Reg export of SafeBoot key after repair:
========================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot]
“AlternateShell”=“cmd.exe”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\AppMgmt]
@=“Service”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Base]
@=“Driver Group”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot Bus Extender]
@=“Driver Group”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot file system]
@=“Driver Group”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\CryptSvc]
@=“Service”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\DcomLaunch]
@=“Service”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmadmin]
@=“Service”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmboot.sys]
@=“Driver”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmio.sys]
@=“Driver”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmload.sys]
@=“Driver”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmserver]
@=“Service”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\EventLog]
@=“Service”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\File system]
@=“Driver Group”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Filter]
@=“Driver Group”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\HelpSvc]
@=“Service”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\lpS14.sys]
@=“Driver”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Netlogon]
@=“Service”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\nqT81.sys]
@=“Driver”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PCI Configuration]
@=“Driver Group”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PlugPlay]
@=“Service”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PNP Filter]
@=“Driver Group”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Primary disk]
@=“Driver Group”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PSEXESVC]
@=“Service”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\quX71.sys]
@=“Driver”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\RpcSs]
@=“Service”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\ruX13.sys]
@=“Driver”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SCSI Class]
@=“Driver Group”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sermouse.sys]
@=“Driver”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sr.sys]
@=“FSFilter System Recovery”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SRService]
@=“Service”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\System Bus Extender]
@=“Driver Group”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\TDSSserv.sys]
@=“driver”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vds]
@=“Service”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vga.sys]
@=“Driver”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vgasave.sys]
@=“Driver”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vyC24.sys]
@=“Driver”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vyC47.sys]
@=“Driver”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\WinMgmt]
@=“Service”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\ydF57.sys]
@=“Driver”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
@=“Universal Serial Bus controllers”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@=“CD-ROM Drive”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@=“DiskDrive”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@=“Standard floppy disk controller”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@=“Hdc”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@=“Keyboard”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@=“Mouse”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@=“PCMCIA Adapters”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@=“SCSIAdapter”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@=“System”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@=“Floppy disk drive”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@=“Volume shadow copy”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@=“Volume”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@=“Human Interface Devices”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AFD]
@=“Service”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AppMgmt]
@=“Service”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Base]
@=“Driver Group”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot Bus Extender]
@=“Driver Group”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot file system]
@=“Driver Group”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Browser]
@=“Service”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\CryptSvc]
@=“Service”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DcomLaunch]
@=“Service”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Dhcp]
@=“Service”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmadmin]
@=“Service”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmboot.sys]
@=“Driver”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmio.sys]
@=“Driver”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmload.sys]
@=“Driver”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmserver]
@=“Service”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DnsCache]
@=“Service”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\EventLog]
@=“Service”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\File system]
@=“Driver Group”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Filter]
@=“Driver Group”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\HelpSvc]
@=“Service”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ip6fw.sys]
@=“Driver”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ipnat.sys]
@=“Driver”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanServer]
@=“Service”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanWorkstation]
@=“Service”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LmHosts]
@=“Service”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\lpS14.sys]
@=“Driver”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Messenger]
@=“Service”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS]
@=“Driver Group”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS Wrapper]
@=“Driver Group”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Ndisuio]
@=“Service”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOS]
@=“Service”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOSGroup]
@=“Driver Group”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBT]
@=“Service”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetDDEGroup]
@=“Driver Group”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Netlogon]
@=“Service”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetMan]
@=“Service”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Network]
@=“Driver Group”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetworkProvider]
@=“Driver Group”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\nqT81.sys]
@=“Driver”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NtLmSsp]
@=“Service”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PCI Configuration]
@=“Driver Group”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PlugPlay]
@=“Service”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP Filter]
@=“Driver Group”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP_TDI]
@=“Driver Group”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Primary disk]
@=“Driver Group”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PSEXESVC]
@=“Service”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\quX71.sys]
@=“Driver”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpcdd.sys]
@=“Driver”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpdd.sys]
@=“Driver”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpwd.sys]
@=“Driver”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdsessmgr]
@=“Service”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\RpcSs]
@=“Service”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ruX13.sys]
@=“Driver”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SCSI Class]
@=“Driver Group”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sermouse.sys]
@=“Driver”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sharedaccess]
@=“Service”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sr.sys]
@=“FSFilter System Recovery”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SRService]
@=“Service”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Streams Drivers]
@=“Driver Group”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\System Bus Extender]
@=“Driver Group”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Tcpip]
@=“Service”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\TDI]
@=“Driver Group”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdpipe.sys]
@=“Driver”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\TDSSserv.sys]
@=“driver”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdtcp.sys]
@=“Driver”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\termservice]
@=“Service”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\UploadMgr]
@=“Service”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vga.sys]
@=“Driver”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vgasave.sys]
@=“Driver”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vyC24.sys]
@=“Driver”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vyC47.sys]
@=“Driver”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WinMgmt]
@=“Service”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WZCSVC]
@=“Service”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ydF57.sys]
@=“Driver”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
@=“Universal Serial Bus controllers”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@=“CD-ROM Drive”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@=“DiskDrive”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@=“Standard floppy disk controller”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@=“Hdc”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@=“Keyboard”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@=“Mouse”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
@=“Net”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
@=“NetClient”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
@=“NetService”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
@=“NetTrans”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@=“PCMCIA Adapters”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@=“SCSIAdapter”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@=“System”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@=“Floppy disk drive”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@=“Volume”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@=“Human Interface Devices”

========================

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\lpS14.sys
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\nqT81.sys
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\PSEXESVC
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\quX71.sys
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\ruX13.sys
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\TDSSserv.sys
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\vyC24.sys
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\vyC47.sys
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\ydF57.sys

ComboFix 08-09-19.02 - niels peter 2008-09-19 20:17:31.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1030.18.225 [GMT 2:00]
Running from: C:\Documents and Settings\niels peter\Skrivebord\Spywarefri\ComboFix.exe
* Created a new restore point
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
(((((((((((((((((((((((((((((((((((((((  Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

———-\Legacy_NSESVC
———-\Service_nsesvc

(((((((((((((((((((((((((  Files Created from 2008-08-19 to 2008-09-19 )))))))))))))))))))))))))))))))
.

2008-09-19 20:11 . 2001-08-17 21:28 794,654—a———C:\WINDOWS\system32\dllcache\usr1801.sys
2008-09-19 20:10 . 2001-10-04 16:47 899,274—a———C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-09-19 20:09 . 2008-04-14 17:45 2,026,496—a———C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-09-19 20:08 . 2001-08-17 21:28 802,683—a———C:\WINDOWS\system32\dllcache\ltsm.sys
2008-09-19 20:07 . 2001-10-04 17:07 1,733,120—a———C:\WINDOWS\system32\dllcache\g400d.dll
2008-09-19 20:06 . 2001-08-17 20:14 952,007—a———C:\WINDOWS\system32\dllcache\diwan.sys
2008-09-19 20:05 . 2001-10-04 16:34 980,034—a———C:\WINDOWS\system32\dllcache\cicap.sys
2008-09-19 20:04 . 2001-08-17 21:28 871,388—a———C:\WINDOWS\system32\dllcache\bcmdm.sys
2008-09-19 20:03 . 2008-04-14 17:44 2,147,840—a———C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-09-19 18:35 . 2008-09-19 18:35 <DIR> d————C:\Documents and Settings\niels peter\Application Data\Windows Search
2008-09-19 18:34 . 2008-09-19 18:34 <DIR> d————C:\Documents and Settings\niels peter\Application Data\Windows Desktop Search
2008-09-19 18:33 . 2008-09-19 18:33 <DIR> d————C:\WINDOWS\system32\GroupPolicy
2008-09-19 18:33 . 2008-09-19 18:33 <DIR> d————C:\Programmer\Windows Desktop Search
2008-09-19 18:33 . 2008-09-19 18:33 1,374—a———C:\WINDOWS\imsins.BAK
2008-09-17 19:02 .  <DIR>  C:\Documents and Settings\Gµst\Lokale indstillinger
2008-09-17 19:02 .  <DIR>  C:\Documents and Settings\Gµst\Lokale indstillinger
2008-09-17 19:02 . 2008-09-17 19:02 <DIR> d————C:\Documents and Settings\Gæst
2008-09-17 18:35 . 2008-09-17 18:35 <DIR> d————C:\Programmer\Malwarebytes’ Anti-Malware
2008-09-17 18:35 . 2008-09-10 00:04 38,528—a———C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-17 18:35 . 2008-09-10 00:03 17,200—a———C:\WINDOWS\system32\drivers\mbam.sys
2008-09-17 18:29 . 2008-09-17 18:29 <DIR> d————C:\Programmer\CCleaner
2008-08-25 17:28 . 2008-08-25 18:45 144—ahs——C:\WINDOWS\system32\688789246.dat

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-02 10:48 19,512——a-w C:\WINDOWS\system32\drivers\nvcw32mf.sys
2008-07-18 20:10 94,920——a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 20:10 94,920——a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448——a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 53,448——a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 20:10 45,768——a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552——a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:10 36,552——a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 20:09 563,912——a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 563,912——a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 20:09 325,832——a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 325,832——a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 20:09 205,000——a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 205,000——a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 20:09 1,811,656——a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:09 1,811,656——a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-18 20:07 270,880——a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976——a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:29 253,952——a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:29 253,952——a-w C:\WINDOWS\system32\dllcache\es.dll
2008-06-24 16:44 74,240——a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:44 74,240——a-w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-24 16:12 295,936———w C:\WINDOWS\system32\wmpeffects.dll
2008-06-24 08:33 3,592,192——a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-06-23 09:20 13,824———w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-23 09:19 70,656——a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-06-23 09:19 625,664——a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-06-21 05:23 161,792——a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-06-20 17:48 246,784——a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:48 246,784——a-w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:48 147,968——a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 11:40 138,496——a-w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 11:08 225,856——a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2001-07-26 14:58 47——a-w C:\Programmer\ACMonitor_X73.ini
2001-07-05 10:46 8,116——a-w C:\Programmer\OSLO3071b2.USB
2001-05-11 09:39 53,248——a-w C:\Programmer\ACMonitor_X73.exe
2001-05-08 14:36 114,688——a-w C:\Programmer\lxarscan.dll
2001-04-23 12:22 1,437——a-w C:\Programmer\gtx73.ini
2001-02-22 07:54 768——a-w C:\Programmer\x73_lut.dat
2008-05-11 19:12 32,768—sha-w C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Oversigt\History.IE5\MSHist012008051120080512\index.dat
.

———- Sigcheck———-

2008-06-20 13:51 361600 9425b72f40257b45d45d24773273dad0 C:\WINDOWS\system32\drivers\tcpip.sys
2005-05-25 21:04 359808 88763a98a4c26c409741b4aa162720c9 C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys
2004-08-04 07:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys
2005-05-25 21:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-01-13 18:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 14:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 17:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 13:59 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2006-01-13 03:28 359808 583e063fdc888ca30d05c2724b0d7ef4 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2007-10-30 18:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2008-04-13 21:20 361344 accf5a9a1ffaa490f33dba1c632b95e1 C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2006-04-20 13:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2008-04-13 21:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
.
(((((((((((((((((((((((((((((  snapshot@2008-09-17_19.02.08.67   )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-13 18:46:18 53,376——a-w C:\WINDOWS\system32\dllcache\1394bus.sys
+ 2001-08-17 20:06:48 11,264——a-w C:\WINDOWS\system32\dllcache\1394vdbg.sys
+ 2001-08-17 19:28:00 762,780——a-w C:\WINDOWS\system32\dllcache\3cwmcru.sys
+ 2001-10-04 15:07:06 689,216——a-w C:\WINDOWS\system32\dllcache\3dfxvs.dll
+ 2001-08-17 18:48:32 148,352——a-w C:\WINDOWS\system32\dllcache\3dfxvsm.sys
+ 2008-04-13 18:40:50 12,288——a-w C:\WINDOWS\system32\dllcache\4mmdat.sys
+ 2008-04-13 18:46:20 48,128——a-w C:\WINDOWS\system32\dllcache\61883.sys
+ 2008-04-14 16:05:18 100,352——a-w C:\WINDOWS\system32\dllcache\6to4svc.dll
+ 2001-10-04 15:07:06 38,400——a-w C:\WINDOWS\system32\dllcache\8514a.dll
+ 2003-09-23 07:10:00 720,896——a-w C:\WINDOWS\system32\dllcache\a3d.dll
+ 2001-10-04 15:07:18 462,848——a-w C:\WINDOWS\system32\dllcache\a3dapi.dll
+ 2001-08-17 19:52:00 23,552——a-w C:\WINDOWS\system32\dllcache\abp480n5.sys
+ 2002-08-28 21:00:48 231,552——a-w C:\WINDOWS\system32\dllcache\ac97ali.sys
+ 2001-08-17 18:20:04 96,256——a-w C:\WINDOWS\system32\dllcache\ac97intc.sys
+ 2001-08-17 18:20:16 297,728——a-w C:\WINDOWS\system32\dllcache\ac97sis.sys
+ 2002-08-28 21:00:56 84,480——a-w C:\WINDOWS\system32\dllcache\ac97via.sys
+ 2008-04-14 16:05:40 186,880——a-w C:\WINDOWS\system32\dllcache\accwiz.exe
+ 2001-10-04 15:07:18 61,440——a-w C:\WINDOWS\system32\dllcache\acerscad.dll
+ 2008-04-14 16:05:18 1,852,928——a-w C:\WINDOWS\system32\dllcache\acgenral.dll
+ 2008-04-14 16:05:18 451,072——a-w C:\WINDOWS\system32\dllcache\aclayers.dll
+ 2008-04-14 16:05:18 141,312——a-w C:\WINDOWS\system32\dllcache\aclua.dll
+ 2008-04-14 16:05:18 117,760——a-w C:\WINDOWS\system32\dllcache\aclui.dll
+ 2008-04-14 15:34:28 188,032——a-w C:\WINDOWS\system32\dllcache\acpi.sys
+ 2001-10-09 18:00:00 11,776——a-w C:\WINDOWS\system32\dllcache\acpiec.sys
+ 2008-04-14 16:05:18 245,248——a-w C:\WINDOWS\system32\dllcache\acspecfc.dll
+ 2008-04-14 16:05:18 193,536——a-w C:\WINDOWS\system32\dllcache\activeds.dll
+ 2008-04-14 16:05:40 4,096——a-w C:\WINDOWS\system32\dllcache\actmovie.exe
+ 2008-04-14 16:05:18 98,304——a-w C:\WINDOWS\system32\dllcache\actxprxy.dll
+ 2008-04-14 16:05:18 116,224——a-w C:\WINDOWS\system32\dllcache\acxtrnal.dll
+ 2001-08-17 19:53:02 7,424——a-w C:\WINDOWS\system32\dllcache\adicvls.sys
+ 2001-08-17 18:11:18 20,160——a-w C:\WINDOWS\system32\dllcache\adm8511.sys
+ 2001-08-17 18:19:10 584,448——a-w C:\WINDOWS\system32\dllcache\adm8810.sys
+ 2001-08-17 18:19:14 553,984——a-w C:\WINDOWS\system32\dllcache\adm8820.sys
+ 2001-08-17 18:19:14 747,392——a-w C:\WINDOWS\system32\dllcache\adm8830.sys
+ 2008-04-14 16:05:18 20,540——a-w C:\WINDOWS\system32\dllcache\admin.dll
+ 2008-04-14 16:05:42 16,439——a-w C:\WINDOWS\system32\dllcache\admin.exe
+ 2002-08-28 21:00:48 10,880——a-w C:\WINDOWS\system32\dllcache\admjoy.sys
+ 2001-08-17 18:11:16 46,112——a-w C:\WINDOWS\system32\dllcache\adptsf50.sys
+ 2001-08-17 20:07:32 101,888——a-w C:\WINDOWS\system32\dllcache\adpu160m.sys
+ 2008-04-14 16:05:18 175,616——a-w C:\WINDOWS\system32\dllcache\adsldp.dll
+ 2008-04-14 16:05:18 143,360——a-w C:\WINDOWS\system32\dllcache\adsldpc.dll
+ 2008-04-14 16:05:18 68,096——a-w C:\WINDOWS\system32\dllcache\adsmsext.dll
+ 2008-04-14 16:05:18 263,680——a-w C:\WINDOWS\system32\dllcache\adsnt.dll
+ 2008-04-14 16:05:18 4,255——a-w C:\WINDOWS\system32\dllcache\adv01nt5.dll
+ 2008-04-14 16:05:18 3,967——a-w C:\WINDOWS\system32\dllcache\adv02nt5.dll
+ 2008-04-14 16:05:18 3,615——a-w C:\WINDOWS\system32\dllcache\adv05nt5.dll
+ 2008-04-14 16:05:18 3,647——a-w C:\WINDOWS\system32\dllcache\adv07nt5.dll
+ 2008-04-14 16:05:18 3,135——a-w C:\WINDOWS\system32\dllcache\adv08nt5.dll
+ 2008-04-14 16:05:18 3,711——a-w C:\WINDOWS\system32\dllcache\adv09nt5.dll
+ 2008-04-14 16:05:18 3,775——a-w C:\WINDOWS\system32\dllcache\adv11nt5.dll
+ 2008-04-14 16:05:18 682,496——a-w C:\WINDOWS\system32\dllcache\advapi32.dll
+ 2008-04-13 16:39:24 142,592——a-w C:\WINDOWS\system32\dllcache\aec.sys
+ 2008-04-14 16:05:18 24,064——a-w C:\WINDOWS\system32\dllcache\agentanm.dll
+ 2008-04-14 16:05:18 214,016——a-w C:\WINDOWS\system32\dllcache\agentctl.dll
+ 2008-04-14 16:05:18 42,496——a-w C:\WINDOWS\system32\dllcache\agentdp2.dll
+ 2008-04-14 16:05:18 57,344——a-w C:\WINDOWS\system32\dllcache\agentdpv.dll
+ 2008-04-14 16:05:18 49,152——a-w C:\WINDOWS\system32\dllcache\agentmpx.dll
+ 2008-04-14 16:05:18 24,064——a-w C:\WINDOWS\system32\dllcache\agentpsh.dll
+ 2008-04-14 16:05:18 44,032——a-w C:\WINDOWS\system32\dllcache\agentsr.dll
+ 2008-04-14 16:05:42 256,512——a-w C:\WINDOWS\system32\dllcache\agentsvr.exe
+ 2008-04-13 18:36:38 42,368——a-w C:\WINDOWS\system32\dllcache\agp440.sys
+ 2008-04-13 18:36:40 44,928——a-w C:\WINDOWS\system32\dllcache\agpcpq.sys
+ 2007-04-02 18:26:00 19,456——a-w C:\WINDOWS\system32\dllcache\agt0401.dll
+ 2007-04-02 18:26:00 19,456——a-w C:\WINDOWS\system32\dllcache\agt0404.dll
+ 2007-04-02 18:26:00 19,456——a-w C:\WINDOWS\system32\dllcache\agt0405.dll
+ 2007-04-02 18:26:00 19,456——a-w C:\WINDOWS\system32\dllcache\agt0406.dll
+ 2007-04-02 18:26:00 21,504——a-w C:\WINDOWS\system32\dllcache\agt0407.dll
+ 2007-04-02 18:26:00 22,016——a-w C:\WINDOWS\system32\dllcache\agt0408.dll
+ 2008-04-13 17:32:28 19,968——a-w C:\WINDOWS\system32\dllcache\agt0409.dll
+ 2007-04-02 18:26:00 19,456——a-w C:\WINDOWS\system32\dllcache\agt040b.dll
+ 2007-04-02 18:26:00 21,504——a-w C:\WINDOWS\system32\dllcache\agt040c.dll
+ 2007-04-02 18:26:00 19,456——a-w C:\WINDOWS\system32\dllcache\agt040d.dll
+ 2007-04-02 18:26:00 19,968——a-w C:\WINDOWS\system32\dllcache\agt040e.dll
+ 2007-04-02 18:26:00 20,992——a-w C:\WINDOWS\system32\dllcache\agt0410.dll
+ 2007-04-02 18:26:00 19,456——a-w C:\WINDOWS\system32\dllcache\agt0411.dll
+ 2007-04-02 18:26:00 19,456——a-w C:\WINDOWS\system32\dllcache\agt0412.dll
+ 2007-04-02 18:26:02 20,992——a-w C:\WINDOWS\system32\dllcache\agt0413.dll
+ 2007-04-02 18:26:02 19,456——a-w C:\WINDOWS\system32\dllcache\agt0414.dll
+ 2007-04-02 18:26:02 19,456——a-w C:\WINDOWS\system32\dllcache\agt0415.dll
+ 2007-04-02 18:26:02 20,480——a-w C:\WINDOWS\system32\dllcache\agt0416.dll
+ 2007-04-02 18:26:02 19,456——a-w C:\WINDOWS\system32\dllcache\agt0419.dll
+ 2007-04-02 18:26:02 19,456——a-w C:\WINDOWS\system32\dllcache\agt041d.dll
+ 2007-04-02 18:26:02 19,456——a-w C:\WINDOWS\system32\dllcache\agt041f.dll
+ 2007-04-02 18:26:02 19,456——a-w C:\WINDOWS\system32\dllcache\agt0804.dll
+ 2007-04-02 18:26:02 20,992——a-w C:\WINDOWS\system32\dllcache\agt0816.dll
+ 2007-04-02 18:26:02 20,480——a-w C:\WINDOWS\system32\dllcache\agt0c0a.dll
+ 2008-04-14 16:05:20 24,064——a-w C:\WINDOWS\system32\dllcache\agtintl.dll
+ 2001-08-17 19:52:02 12,800——a-w C:\WINDOWS\system32\dllcache\aha154x.sys
+ 2008-04-14 16:05:42 98,304——a-w C:\WINDOWS\system32\dllcache\ahui.exe
+ 2001-08-17 20:07:36 55,168——a-w C:\WINDOWS\system32\dllcache\aic78u2.sys
+ 2001-08-17 20:07:38 56,960——a-w C:\WINDOWS\system32\dllcache\aic78xx.sys
+ 2008-04-14 16:05:42 44,544——a-w C:\WINDOWS\system32\dllcache\alg.exe
+ 2001-08-17 18:11:18 27,678——a-w C:\WINDOWS\system32\dllcache\ali5261.sys
+ 2001-08-17 19:49:02 26,624——a-w C:\WINDOWS\system32\dllcache\alifir.sys
+ 2001-08-17 19:51:56 5,248——a-w C:\WINDOWS\system32\dllcache\aliide.sys
+ 2008-04-13 18:36:38 42,752——a-w C:\WINDOWS\system32\dllcache\alim1541.sys
+ 2008-04-14 16:05:20 17,408——a-w C:\WINDOWS\system32\dllcache\alrsvc.dll
+ 2001-08-17 18:11:20 16,969——a-w C:\WINDOWS\system32\dllcache\amb8002.sys
+ 2008-04-13 18:36:40 43,008——a-w C:\WINDOWS\system32\dllcache\amdagp.sys
+ 2008-04-14 15:35:34 41,216——a-w C:\WINDOWS\system32\dllcache\amdk6.sys
+ 2008-04-14 15:35:34 41,600——a-w C:\WINDOWS\system32\dllcache\amdk7.sys
+ 2001-08-17 19:52:04 12,032——a-w C:\WINDOWS\system32\dllcache\amsint.sys
+ 2008-04-14 16:05:20 70,656——a-w C:\WINDOWS\system32\dllcache\amstream.dll
+ 2002-08-28 20:59:12 36,224——a-w C:\WINDOWS\system32\dllcache\an983.sys
+ 2001-08-17 19:47:22 6,272——a-w C:\WINDOWS\system32\dllcache\apmbatt.sys
+ 2008-04-14 16:05:20 125,952——a-w C:\WINDOWS\system32\dllcache\apphelp.dll
+ 2008-04-14 16:05:20 332,800——a-w C:\WINDOWS\system32\dllcache\aqueue.dll
+ 2008-04-13 18:51:26 60,800——a-w C:\WINDOWS\system32\dllcache\arp1394.sys
+ 2001-08-17 19:52:00 26,496——a-w C:\WINDOWS\system32\dllcache\asc.sys
+ 2001-08-17 19:52:04 22,400——a-w C:\WINDOWS\system32\dllcache\asc3350p.sys
+ 2001-08-17 19:51:58 14,848——a-w C:\WINDOWS\system32\dllcache\asc3550.sys
+ 2001-08-17 18:12:34 97,354——a-w C:\WINDOWS\system32\dllcache\aspndis3.sys
+ 2008-04-14 16:05:20 65,024——a-w C:\WINDOWS\system32\dllcache\asycfilt.dll
+ 2008-04-13 18:57:28 14,336——a-w C:\WINDOWS\system32\dllcache\asyncmac.sys
+ 2008-04-14 16:05:42 25,088——a-w C:\WINDOWS\system32\dllcache\at.exe
+ 2008-04-13 18:40:30 96,512——a-w C:\WINDOWS\system32\dllcache\atapi.sys
+ 2001-10-04 15:07:06 96,128——a-w C:\WINDOWS\system32\dllcache\ati.dll
+ 2001-10-04 14:30:10 77,696——a-w C:\WINDOWS\system32\dllcache\ati.sys
+ 2004-08-04 04:29:30 56,623——a-w C:\WINDOWS\system32\dllcache\ati1btxx.sys
+ 2004-08-04 04:29:30 11,615——a-w C:\WINDOWS\system32\dllcache\ati1mdxx.sys
+ 2004-08-04 04:29:30 12,047——a-w C:\WINDOWS\system32\dllcache\ati1pdxx.sys
+ 2004-08-04 04:29:30 30,671——a-w C:\WINDOWS\system32\dllcache\ati1raxx.sys
+ 2004-08-04 04:29:30 63,663——a-w C:\WINDOWS\system32\dllcache\ati1rvxx.sys
+ 2004-08-04 04:29:32 26,367——a-w C:\WINDOWS\system32\dllcache\ati1snxx.sys
+ 2004-08-04 04:29:32 21,343——a-w C:\WINDOWS\system32\dllcache\ati1ttxx.sys
+ 2004-08-04 04:29:32 36,463——a-w C:\WINDOWS\system32\dllcache\ati1tuxx.sys
+ 2004-08-04 04:29:32 29,455——a-w C:\WINDOWS\system32\dllcache\ati1xbxx.sys
+ 2004-08-04 04:29:32 34,735——a-w C:\WINDOWS\system32\dllcache\ati1xsxx.sys
+ 2008-04-14 16:05:20 229,376——a-w C:\WINDOWS\system32\dllcache\ati2cqag.dll
+ 2008-04-14 16:05:20 201,728——a-w C:\WINDOWS\system32\dllcache\ati2dvag.dll
+ 2008-04-14 16:05:20 377,984——a-w C:\WINDOWS\system32\dllcache\ati2dvaa.dll
+ 2004-08-26 23:48:14 701,440——a-w C:\WINDOWS\system32\dllcache\ati2mtag.sys
+ 2004-08-26 23:48:14 327,040——a-w C:\WINDOWS\system32\dllcache\ati2mtaa.sys
+ 2008-04-14 16:05:20 870,784——a-w C:\WINDOWS\system32\dllcache\ati3d1ag.dll
+ 2008-04-14 16:05:20 1,888,992——a-w C:\WINDOWS\system32\dllcache\ati3duag.dll
+ 2001-08-17 18:49:04 46,464——a-w C:\WINDOWS\system32\dllcache\atibt829.sys
+ 2001-10-04 15:07:06 382,592——a-w C:\WINDOWS\system32\dllcache\atidrab.dll
+ 2001-10-04 15:07:06 137,216——a-w C:\WINDOWS\system32\dllcache\atidrae.dll
+ 2001-10-04 15:07:06 268,160——a-w C:\WINDOWS\system32\dllcache\atidvai.dll
+ 2001-10-04 15:07:40 37,376——a-w C:\WINDOWS\system32\dllcache\atievxx.exe
+ 2001-10-04 14:30:14 289,664——a-w C:\WINDOWS\system32\dllcache\atimpab.sys
+ 2001-10-04 14:30:16 75,264——a-w C:\WINDOWS\system32\dllcache\atimpae.sys
+ 2001-10-04 14:30:16 281,600——a-w C:\WINDOWS\system32\dllcache\atimtai.sys
+ 2004-08-04 04:29:28 57,856——a-w C:\WINDOWS\system32\dllcache\atinbtxx.sys
+ 2004-08-04 04:29:28 13,824——a-w C:\WINDOWS\system32\dllcache\atinmdxx.sys
+ 2004-08-04 04:29:30 14,336——a-w C:\WINDOWS\system32\dllcache\atinpdxx.sys
+ 2004-08-04 04:29:30 52,224——a-w C:\WINDOWS\system32\dllcache\atinraxx.sys
+ 2004-08-04 04:29:30 104,960——a-w C:\WINDOWS\system32\dllcache\atinrvxx.sys
+ 2004-08-04 04:29:30 28,672——a-w C:\WINDOWS\system32\dllcache\atinsnxx.sys
+ 2004-08-04 04:29:30 13,824——a-w C:\WINDOWS\system32\dllcache\atinttxx.sys
+ 2004-08-04 04:29:32 73,216——a-w C:\WINDOWS\system32\dllcache\atintuxx.sys
+ 2004-08-04 04:29:32 31,744——a-w C:\WINDOWS\system32\dllcache\atinxbxx.sys
+ 2004-08-04 04:29:32 63,488——a-w C:\WINDOWS\system32\dllcache\atinxsxx.sys
+ 2001-08-17 18:49:36 10,240——a-w C:\WINDOWS\system32\dllcache\atipcxxx.sys
+ 2001-10-04 15:07:06 104,832——a-w C:\WINDOWS\system32\dllcache\atiraged.dll
+ 2001-10-04 14:30:18 70,656——a-w C:\WINDOWS\system32\dllcache\atiragem.sys
+ 2001-08-17 18:49:12 49,920——a-w C:\WINDOWS\system32\dllcache\atirtcap.sys
+ 2001-08-17 18:49:18 26,880——a-w C:\WINDOWS\system32\dllcache\atirtsnd.sys
+ 2001-08-17 18:49:22 17,152——a-w C:\WINDOWS\system32\dllcache\atitunep.sys
+ 2001-08-17 18:49:28 17,152——a-w C:\WINDOWS\system32\dllcache\atitvsnd.sys
+ 2001-08-17 18:49:38 9,472——a-w C:\WINDOWS\system32\dllcache\ativmdcd.sys
+ 2008-04-14 16:05:20 32,768——a-w C:\WINDOWS\system32\dllcache\ativtmxx.dll
+ 2001-08-17 18:49:44 19,456——a-w C:\WINDOWS\system32\dllcache\ativttxx.sys
+ 2008-04-14 16:05:20 516,768——a-w C:\WINDOWS\system32\dllcache\ativvaxx.dll
+ 2001-08-17 18:49:48 26,624——a-w C:\WINDOWS\system32\dllcache\ativxbar.sys
+ 2001-08-17 18:49:34 23,552——a-w C:\WINDOWS\system32\dllcache\atixbar.sys
+ 2008-04-14 16:05:20 58,880——a-w C:\WINDOWS\system32\dllcache\atl.dll
+ 2008-04-14 16:05:42 11,776——a-w C:\WINDOWS\system32\dllcache\atmadm.exe
+ 2008-04-13 18:51:26 59,904——a-w C:\WINDOWS\system32\dllcache\atmarpc.sys
+ 2008-04-14 16:03:40 285,696——a-w C:\WINDOWS\system32\dllcache\atmfd.dll
+ 2008-04-13 18:51:30 55,808——a-w C:\WINDOWS\system32\dllcache\atmlane.sys
+ 2008-04-14 16:05:20 30,208——a-w C:\WINDOWS\system32\dllcache\atmlib.dll
+ 2008-04-14 16:05:42 12,288——a-w C:\WINDOWS\system32\dllcache\attrib.exe
+ 2008-04-14 16:05:20 21,183——a-w C:\WINDOWS\system32\dllcache\atv01nt5.dll
+ 2008-04-14 16:05:20 11,359——a-w C:\WINDOWS\system32\dllcache\atv02nt5.dll
+ 2008-04-14 16:05:20 25,471——a-w C:\WINDOWS\system32\dllcache\atv04nt5.dll
+ 2008-04-14 16:05:20 14,143——a-w C:\WINDOWS\system32\dllcache\atv06nt5.dll
+ 2008-04-14 16:05:20 17,279——a-w C:\WINDOWS\system32\dllcache\atv10nt5.dll
+ 2008-04-14 16:05:20 42,496——a-w C:\WINDOWS\system32\dllcache\audiosrv.dll
+ 2008-04-14 16:05:42 14,336——a-w C:\WINDOWS\system32\dllcache\auditusr.exe
+ 2001-08-17 19:59:44 3,072——a-w C:\WINDOWS\system32\dllcache\audstub.sys
+ 2008-04-14 16:05:20 20,540——a-w C:\WINDOWS\system32\dllcache\author.dll
+ 2008-04-14 16:05:42 16,439——a-w C:\WINDOWS\system32\dllcache\author.exe
+ 2008-04-14 16:05:20 62,464——a-w C:\WINDOWS\system32\dllcache\authz.dll
+ 2008-04-14 16:05:42 601,600——a-w C:\WINDOWS\system32\dllcache\autochk.exe
+ 2008-04-14 16:05:42 615,424——a-w C:\WINDOWS\system32\dllcache\autoconv.exe
+ 2008-04-14 16:05:44 593,408——a-w C:\WINDOWS\system32\dllcache\autofmt.exe
+ 2008-04-14 16:05:44 11,264——a-w C:\WINDOWS\system32\dllcache\autolfn.exe
+ 2008-04-13 18:46:20 38,912——a-w C:\WINDOWS\system32\dllcache\avc.sys
+ 2001-08-17 20:01:12 36,096——a-w C:\WINDOWS\system32\dllcache\avcaudio.sys
+ 2008-04-13 18:46:08 13,696——a-w C:\WINDOWS\system32\dllcache\avcstrm.sys
+ 2008-04-14 16:05:20 85,504——a-w C:\WINDOWS\system32\dllcache\avifil32.dll
+ 2001-10-04 15:07:18 87,552——a-w C:\WINDOWS\system32\dllcache\avmcoxp.dll
+ 2001-10-04 15:07:18 144,384——a-w C:\WINDOWS\system32\dllcache\avmenum.dll
+ 2001-08-17 18:13:48 37,568——a-w C:\WINDOWS\system32\dllcache\avmwan.sys
+ 2008-04-14 16:05:20 233,472——a-w C:\WINDOWS\system32\dllcache\azroles.dll
+ 2001-08-17 18:19:16 36,992——a-w C:\WINDOWS\system32\dllcache\aztw2320.sys
+ 2001-08-17 18:13:56 89,952——a-w C:\WINDOWS\system32\dllcache\b1cbase.sys
+ 2001-10-04 14:30:48 97,152——a-w C:\WINDOWS\system32\dllcache\b57xp32.sys
+ 2001-10-04 15:07:06 342,336——a-w C:\WINDOWS\system32\dllcache\banshee.dll
+ 2001-08-17 18:48:28 36,128——a-w C:\WINDOWS\system32\dllcache\banshee.sys
+ 2008-04-14 16:05:20 52,736——a-w C:\WINDOWS\system32\dllcache\basesrv.dll
+ 2008-04-14 16:05:20 29,184——a-w C:\WINDOWS\system32\dllcache\batmeter.dll
+ 2008-04-14 16:05:20 8,704——a-w C:\WINDOWS\system32\dllcache\batt.dll
+ 2008-04-13 18:36:32 14,208——a-w C:\WINDOWS\system32\dllcache\battc.sys
+ 2001-08-17 18:11:28 66,557——a-w C:\WINDOWS\system32\dllcache\bcm42u.sys
+ 2001-08-17 18:11:26 54,271——a-w C:\WINDOWS\system32\dllcache\bcm42xx5.sys
+ 2001-08-17 18:11:30 26,568——a-w C:\WINDOWS\system32\dllcache\bcm4e5.sys
+ 2008-04-13 18:46:22 11,776——a-w C:\WINDOWS\system32\dllcache\bdasup.sys
+ 2008-04-14 16:05:20 17,408——a-w C:\WINDOWS\system32\dllcache\bidispl.dll
+ 2001-10-04 15:07:18 102,400——a-w C:\WINDOWS\system32\dllcache\binlsvc.dll
+ 2008-04-14 16:05:20 8,192——a-w C:\WINDOWS\system32\dllcache\bitsprx2.dll
+ 2008-04-14 16:05:20 7,168——a-w C:\WINDOWS\system32\dllcache\bitsprx3.dll
+ 2008-04-14 16:05:20 7,168——a-w C:\WINDOWS\system32\dllcache\bitsprx4.dll
+ 2008-04-14 16:05:44 71,680——a-w C:\WINDOWS\system32\dllcache\blastcln.exe
+ 2001-10-04 15:07:20 19,456——a-w C:\WINDOWS\system32\dllcache\brbidiif.dll
+ 2001-10-04 15:07:20 9,728——a-w C:\WINDOWS\system32\dllcache\brcoinst.dll
+ 2001-10-04 15:07:20 12,800——a-w C:\WINDOWS\system32\dllcache\brevif.dll
+ 2001-08-17 19:12:12 2,944——a-w C:\WINDOWS\system32\dllcache\brfilt.sys
+ 2001-08-17 19:12:22 12,160——a-w C:\WINDOWS\system32\dllcache\brfiltlo.sys
+ 2001-08-17 19:12:24 3,968——a-w C:\WINDOWS\system32\dllcache\brfiltup.sys
+ 2008-04-13 18:53:24 71,552——a-w C:\WINDOWS\system32\dllcache\bridge.sys
+ 2001-10-04 15:07:20 15,360——a-w C:\WINDOWS\system32\dllcache\brmfbidi.dll
+ 2001-10-04 15:07:20 81,920——a-w C:\WINDOWS\system32\dllcache\brmfcwia.dll
+ 2001-10-04 15:07:20 29,696——a-w C:\WINDOWS\system32\dllcache\brmflpt.dll
+ 2001-10-04 15:07:42 32,256——a-w C:\WINDOWS\system32\dllcache\brmfrsmg.exe
+ 2001-10-04 15:07:20 41,472——a-w C:\WINDOWS\system32\dllcache\brmfusb.dll
+ 2008-04-14 15:37:42 65,536——a-w C:\WINDOWS\system32\dllcache\browselc.dll
+ 2008-04-14 16:05:20 77,824——a-w C:\WINDOWS\system32\dllcache\browser.dll
+ 2008-04-14 16:05:20 1,025,024——a-w C:\WINDOWS\system32\dllcache\browseui.dll
+ 2008-04-14 16:05:20 78,336——a-w C:\WINDOWS\system32\dllcache\browsewm.dll
+ 2001-08-17 19:12:24 3,168——a-w C:\WINDOWS\system32\dllcache\brparimg.sys
+ 2001-10-04 14:32:30 39,680——a-w C:\WINDOWS\system32\dllcache\brparwdm.sys
+ 2001-10-04 15:07:20 5,120——a-w C:\WINDOWS\system32\dllcache\brscnrsm.dll
+ 2001-10-04 15:07:20 9,728——a-w C:\WINDOWS\system32\dllcache\brserif.dll
+ 2001-08-17 19:12:20 60,416——a-w C:\WINDOWS\system32\dllcache\brserwdm.sys
+ 2001-08-17 19:12:20 11,008——a-w C:\WINDOWS\system32\dllcache\brusbmdm.sys
+ 2001-08-17 19:12:22 10,368——a-w C:\WINDOWS\system32\dllcache\brusbscn.sys
+ 2001-08-17 18:11:24 31,529——a-w C:\WINDOWS\system32\dllcache\brzwlan.sys
+ 2008-04-14 16:05:20 20,992——a-w C:\WINDOWS\system32\dllcache\bthci.dll
+ 2008-04-13 18:46:34 17,024——a-w C:\WINDOWS\system32\dllcache\bthenum.sys
+ 2008-04-13 18:46:34 37,888——a-w C:\WINDOWS\system32\dllcache\bthmodem.sys
+ 2008-04-13 18:51:34 101,120——a-w C:\WINDOWS\system32\dllcache\bthpan.sys
+ 2008-04-13 18:46:32 36,480——a-w C:\WINDOWS\system32\dllcache\bthprint.sys
+ 2008-04-14 16:05:20 30,208——a-w C:\WINDOWS\system32\dllcache\bthserv.dll
+ 2008-04-13 18:46:30 18,944——a-w C:\WINDOWS\system32\dllcache\bthusb.sys
+ 2008-04-14 16:05:20 50,688——a-w C:\WINDOWS\system32\dllcache\btpanui.dll
+ 2001-10-04 14:32:38 13,824——a-w C:\WINDOWS\system32\dllcache\bulltlp3.sys
+ 2008-04-14 16:05:20 218,112——a-w C:\WINDOWS\system32\dllcache\c_g18030.dll
+ 2008-04-14 16:05:20 60,416——a-w C:\WINDOWS\system32\dllcache\cabinet.dll
+ 2008-04-14 16:05:20 84,992——a-w C:\WINDOWS\system32\dllcache\cabview.dll
+ 2008-04-14 16:05:44 19,968——a-w C:\WINDOWS\system32\dllcache\cacls.exe
+ 2008-04-14 16:05:20 385,024——a-w C:\WINDOWS\system32\dllcache\callcont.dll
+ 2001-08-17 20:05:48 314,752——a-w C:\WINDOWS\system32\dllcache\camdro21.sys
+ 2001-08-17 20:04:46 223,232——a-w C:\WINDOWS\system32\dllcache\camdrv21.sys
+ 2001-08-17 20:04:48 171,264——a-w C:\WINDOWS\system32\dllcache\camdrv30.sys
+ 2001-10-04 15:07:20 74,240——a-w C:\WINDOWS\system32\dllcache\camexo20.dll
+ 2001-10-04 15:07:20 236,032——a-w C:\WINDOWS\system32\dllcache\camext20.dll
+ 2008-04-14 16:05:20 121,856——a-w C:\WINDOWS\system32\dllcache\camext30.dll
+ 2008-04-14 16:05:20 50,688——a-w C:\WINDOWS\system32\dllcache\camocx.dll
+ 2008-04-14 16:05:20 151,040——a-w C:\WINDOWS\system32\dllcache\capesnpn.dll
+ 2008-04-14 16:05:20 226,304——a-w C:\WINDOWS\system32\dllcache\catsrv.dll
+ 2008-04-14 16:05:20 85,504——a-w C:\WINDOWS\system32\dllcache\catsrvps.dll
+ 2008-04-14 16:05:20 625,664——a-w C:\WINDOWS\system32\dllcache\catsrvut.dll
+ 2001-08-17 18:12:16 37,916——a-w C:\WINDOWS\system32\dllcache\cb102.sys
+ 2001-08-17 18:12:42 39,680——a-w C:\WINDOWS\system32\dllcache\cb325.sys
+ 2001-08-17 18:13:14 46,108——a-w C:\WINDOWS\system32\dllcache\cben5.sys
+ 2001-10-09 18:00:00 13,952——a-w C:\WINDOWS\system32\dllcache\cbidf2k.sys
+ 2001-10-04 14:33:42 714,826——a-w C:\WINDOWS\system32\dllcache\cbmdmkxx.sys
+ 2008-04-13 18:46:24 17,024——a-w C:\WINDOWS\system32\dllcache\ccdecode.sys
+ 2001-08-17 19:52:06 7,680——a-w C:\WINDOWS\system32\dllcache\cd20xrnt.sys
+ 2001-10-09 18:00:00 18,688——a-w C:\WINDOWS\system32\dllcache\cdaudio.sys
+ 2008-04-13 19:14:22 63,744——a-w C:\WINDOWS\system32\dllcache\cdfs.sys
+ 2008-04-14 16:05:20 151,552——a-w C:\WINDOWS\system32\dllcache\cdfview.dll
+ 2008-04-14 16:05:20 2,091,520——a-w C:\WINDOWS\system32\dllcache\cdosys.dll
+ 2008-04-13 18:40:46 62,976——a-w C:\WINDOWS\system32\dllcache\cdrom.sys
+ 2001-10-04 14:33:50 21,530——a-w C:\WINDOWS\system32\dllcache\ce2n5.sys
+ 2001-10-04 14:33:50 27,164——a-w C:\WINDOWS\system32\dllcache\ce3n5.sys
+ 2001-10-04 14:33:52 22,556——a-w C:\WINDOWS\system32\dllcache\cem28n5.sys
+ 2001-10-04 14:33:52 22,556——a-w C:\WINDOWS\system32\dllcache\cem33n5.sys
+ 2001-10-04 14:33:52 49,182——a-w C:\WINDOWS\system32\dllcache\cem56n5.sys
+ 2008-04-14 16:05:20 198,144——a-w C:\WINDOWS\system32\dllcache\certcli.dll
+ 2008-04-14 16:05:20 460,288——a-w C:\WINDOWS\system32\dllcache\certmgr.dll
+ 2008-04-14 16:05:20 38,912——a-w C:\WINDOWS\system32\dllcache\cfgbkend.dll
+ 2008-04-14 16:03:42 16,896——a-w C:\WINDOWS\system32\dllcache\cfgmgr32.dll
+ 2008-04-14 16:05:44 188,480——a-w C:\WINDOWS\system32\dllcache\cfgwiz.exe
+ 2008-04-14 16:05:20 15,423——a-w C:\WINDOWS\system32\dllcache\ch7xxnt5.dll
+ 2008-04-13 18:40:58 8,192——a-w C:\WINDOWS\system32\dllcache\changer.sys
+ 2008-04-14 16:05:20 148,480——a-w C:\WINDOWS\system32\dllcache\cic.dll
+ 2008-04-14 16:05:20 1,358,848——a-w C:\WINDOWS\system32\dllcache\cimwin32.dll
+ 2001-10-04 14:34:28 272,640——a-w C:\WINDOWS\system32\dllcache\cinemclc.sys
+ 2001-10-09 18:00:00 262,528——a-w C:\WINDOWS\system32\dllcache\cinemst2.sys
+ 2008-04-14 16:05:20 69,120——a-w C:\WINDOWS\system32\dllcache\ciodm.dll
+ 2001-10-04 15:07:06 91,264——a-w C:\WINDOWS\system32\dllcache\cirrus.dll
+ 2001-08-17 19:57:16 45,696——a-w C:\WINDOWS\system32\dllcache\cirrus.sys
+ 2008-04-14 16:05:44 5,632——a-w C:\WINDOWS\system32\dllcache\cisvc.exe
+ 2001-10-04 15:07:06 111,232——a-w C:\WINDOWS\system32\dllcache\cl5465.dll
+ 2001-10-04 15:07:06 170,880——a-w C:\WINDOWS\system32\dllcache\cl546x.dll
+ 2001-08-17 19:57:36 248,064——a-w C:\WINDOWS\system32\dllcache\cl546xm.sys
+ 2008-04-13 19:16:22 49,536——a-w C:\WINDOWS\system32\dllcache\classpnp.sys
+ 2008-04-14 16:05:20 110,592——a-w C:\WINDOWS\system32\dllcache\clbcatex.dll
+ 2008-04-14 16:05:20 498,688——a-w C:\WINDOWS\system32\dllcache\clbcatq.dll
+ 2008-04-14 16:05:44 64,512——a-w C:\WINDOWS\system32\dllcache\cleanmgr.exe
+ 2008-04-14 16:05:46 103,424——a-w C:\WINDOWS\system32\dllcache\clipbrd.exe
+ 2008-04-14 16:05:46 33,280——a-w C:\WINDOWS\system32\dllcache\clipsrv.exe
+ 2008-04-14 16:05:20 58,368——a-w C:\WINDOWS\system32\dllcache\clusapi.dll
+ 2008-04-13 18:36:38 13,952——a-w C:\WINDOWS\system32\dllcache\cmbatt.sys
+ 2001-10-04 14:34:56 20,864——a-w C:\WINDOWS\system32\dllcache\cmbp0wdm.sys
+ 2008-04-14 16:05:20 15,872——a-w C:\WINDOWS\system32\dllcache\cmcfg32.dll
+ 2008-04-14 16:05:46 391,680——a-w C:\WINDOWS\system32\dllcache\cmd.exe
+ 2008-04-14 16:05:20 346,624——a-w C:\WINDOWS\system32\dllcache\cmdial32.dll
+ 2001-10-04 14:34:58 6,656——a-w C:\WINDOWS\system32\dllcache\cmdide.sys
+ 2008-04-14 16:05:46 25,600——a-w C:\WINDOWS\system32\dllcache\cmdl32.exe
+ 2008-04-14 16:05:46 39,936——a-w C:\WINDOWS\system32\dllcache\cmmon32.exe
+ 2008-04-14 16:05:20 186,368——a-w C:\WINDOWS\system32\dllcache\cmprops.dll
+ 2008-04-14 16:05:20 13,312——a-w C:\WINDOWS\system32\dllcache\cmsetacl.dll
+ 2008-04-14 16:05:46 64,000——a-w C:\WINDOWS\system32\dllcache\cmstp.exe
+ 2008-04-14 16:05:20 40,448——a-w C:\WINDOWS\system32\dllcache\cmutil.dll
+ 2008-04-14 16:05:20 48,640——a-w C:\WINDOWS\system32\dllcache\cnbjmon.dll
+ 2001-10-04 15:07:20 44,032——a-w C:\WINDOWS\system32\dllcache\cnusd.dll
+ 2001-08-17 18:11:42 39,936——a-w C:\WINDOWS\system32\dllcache\cnxt1803.sys
+ 2008-04-13 16:44:16 17,920——a-w C:\WINDOWS\system32\dllcache\cobramsg.dll
+ 2008-04-14 16:05:20 60,416——a-w C:\WINDOWS\system32\dllcache\colbact.dll
+ 2008-04-14 16:05:20 28,160——a-w C:\WINDOWS\system32\dllcache\comaddin.dll
+ 2008-04-14 16:05:20 195,072——a-w C:\WINDOWS\system32\dllcache\comadmin.dll
+ 2008-04-14 16:05:20 617,472——a-w C:\WINDOWS\system32\dllcache\comctl32.dll
+ 2008-04-14 16:05:20 279,040——a-w C:\WINDOWS\system32\dllcache\comdlg32.dll
+ 2008-04-14 16:05:20 252,928——a-w C:\WINDOWS\system32\dllcache\compatui.dll
+ 2008-04-13 18:36:38 10,240——a-w C:\WINDOWS\system32\dllcache\compbatt.sys
+ 2008-04-14 16:05:20 229,376——a-w C:\WINDOWS\system32\dllcache\compstui.dll
+ 2008-04-14 16:05:20 97,792——a-w C:\WINDOWS\system32\dllcache\comrepl.dll
+ 2008-04-14 16:05:46 9,728——a-w C:\WINDOWS\system32\dllcache\comrepl.exe
+ 2008-04-14 16:05:46 6,144——a-w C:\WINDOWS\system32\dllcache\comrereg.exe
+ 2008-04-14 16:05:20 804,352——a-w C:\WINDOWS\system32\dllcache\comres.dll
+ 2008-04-14 16:05:20 274,944——a-w C:\WINDOWS\system32\dllcache\comsetup.dll
+ 2008-04-14 16:05:20 167,424——a-w C:\WINDOWS\system32\dllcache\comsnap.dll
+ 2008-04-14 16:05:20 1,267,200——a-w C:\WINDOWS\system32\dllcache\comsvcs.dll
+ 2008-04-14 16:03:44 539,648——a-w C:\WINDOWS\system32\dllcache\comuid.dll
+ 2008-04-14 16:05:46 1,032,192——a-w C:\WINDOWS\system32\dllcache\conf.exe
+ 2008-04-14 16:05:20 45,056——a-w C:\WINDOWS\system32\dllcache\confmrsl.dll
+ 2008-04-14 16:05:20 358,400——a-w C:\WINDOWS\system32\dllcache\confmsp.dll
+ 2008-04-14 16:05:46 27,648——a-w C:\WINDOWS\system32\dllcache\conime.exe
+ 2008-04-14 16:05:20 35,328——a-w C:\WINDOWS\system32\dllcache\corpol.dll
+ 2001-08-17 19:52:06 14,976——a-w C:\WINDOWS\system32\dllcache\cpqarray.sys
+ 2001-10-09 18:00:00 11,776——a-w C:\WINDOWS\system32\dllcache\cpqdap01.sys
+ 2001-10-04 14:37:18 22,045——a-w C:\WINDOWS\system32\dllcache\cpqndis5.sys
+ 2001-10-04 14:37:18 61,482——a-w C:\WINDOWS\system32\dllcache\cpqtrnd5.sys
+ 2001-10-04 15:07:20 216,064——a-w C:\WINDOWS\system32\dllcache\cpscan.dll
+ 2008-04-14 16:05:20 12,800——a-w C:\WINDOWS\system32\dllcache\credssp.dll
+ 2008-04-14 16:05:20 164,352——a-w C:\WINDOWS\system32\dllcache\credui.dll
+ 2001-08-17 18:19:18 42,112——a-w C:\WINDOWS\system32\dllcache\crtaud.sys
+ 2008-04-14 15:41:32 40,576——a-w C:\WINDOWS\system32\dllcache\crusoe.sys
+ 2008-04-14 16:05:20 602,112——a-w C:\WINDOWS\system32\dllcache\crypt32.dll
+ 2008-04-14 16:05:20 74,752——a-w C:\WINDOWS\system32\dllcache\cryptdlg.dll
+ 2008-04-14 16:05:20 33,280——a-w C:\WINDOWS\system32\dllcache\cryptdll.dll
+ 2008-04-14 16:05:20 54,272——a-w C:\WINDOWS\system32\dllcache\cryptext.dll
+ 2008-04-14 16:05:20 64,512——a-w C:\WINDOWS\system32\dllcache\cryptnet.dll
+ 2008-04-14 16:05:20 62,464——a-w C:\WINDOWS\system32\dllcache\cryptsvc.dll
+ 2008-04-14 16:05:20 517,632——a-w C:\WINDOWS\system32\dllcache\cryptui.dll
+ 2001-10-04 15:07:20 175,104——a-w C:\WINDOWS\system32\dllcache\csamsp.dll
+ 2008-04-14 16:05:20 101,888——a-w C:\WINDOWS\system32\dllcache\cscdll.dll
+ 2008-04-14 16:05:20 329,728——a-w C:\WINDOWS\system32\dllcache\cscui.dll
+ 2008-04-14 16:05:20 32,256——a-w C:\WINDOWS\system32\dllcache\csrsrv.dll
+ 2008-04-14 16:05:46 6,144——a-w C:\WINDOWS\system32\dllcache\csrss.exe
+ 2008-04-14 16:05:46 15,360——a-w C:\WINDOWS\system32\dllcache\ctfmon.exe
+ 2001-08-17 18:19:28 6,912——a-w C:\WINDOWS\system32\dllcache\ctlfacem.sys
+ 2001-08-17 18:19:20 3,712——a-w C:\WINDOWS\system32\dllcache\ctljystk.sys
+ 2001-08-17 18:19:20 96,256——a-w C:\WINDOWS\system32\dllcache\ctlsb16.sys
+ 2008-04-14 16:05:20 250,880——a-w C:\WINDOWS\system32\dllcache\ctmasetp.dll
+ 2001-10-04 15:07:20 4,096——a-w C:\WINDOWS\system32\dllcache\ctwdm32.dll
- 2006-11-07 19:03:36 33,792——a-w C:\WINDOWS\system32\dllcache\custsat.dll
+ 2004-05-11 22:18:58 28,672——a-w C:\WINDOWS\system32\dllcache\custsat.dll
+ 2001-08-17 18:19:24 3,072——a-w C:\WINDOWS\system32\dllcache\cwbase.sys
+ 2001-08-17 18:19:26 3,072——a-w C:\WINDOWS\system32\dllcache\cwbmidi.sys
+ 2001-08-17 18:19:28 72,832——a-w C:\WINDOWS\system32\dllcache\cwbwdm.sys
+ 2001-08-17 18:19:30 3,584——a-w C:\WINDOWS\system32\dllcache\cwcosnt5.sys
+ 2001-08-17 18:19:36 111,872——a-w C:\WINDOWS\system32\dllcache\cwcspud.sys
+ 2001-08-17 18:19:48 93,952——a-w C:\WINDOWS\system32\dllcache\cwcwdm.sys
+ 2004-08-04 04:32:26 48,640——a-w C:\WINDOWS\system32\dllcache\cwrwdm.sys
+ 2001-10-04 14:38:24 17,408——a-w C:\WINDOWS\system32\dllcache\cyclad-z.sys
+ 2001-10-04 14:38:24 14,976——a-w C:\WINDOWS\system32\dllcache\cyclom-y.sys
+ 2001-10-04 15:07:20 28,672——a-w C:\WINDOWS\system32\dllcache\cyycoins.dll
+ 2001-10-04 14:38:26 50,432——a-w C:\WINDOWS\system32\dllcache\cyyport.sys
+ 2001-10-04 15:07:20 27,648——a-w C:\WINDOWS\system32\dllcache\cyyports.dll
+ 2001-10-04 15:07:20 27,648——a-w C:\WINDOWS\system32\dllcache\cyzcoins.dll
+ 2001-10-04 14:38:28 49,920——a-w C:\WINDOWS\system32\dllcache\cyzport.sys
+ 2001-10-04 15:07:20 27,648——a-w C:\WINDOWS\system32\dllcache\cyzports.dll
+ 2001-10-04 14:38:30 118,272——a-w C:\WINDOWS\system32\dllcache\d100ib5.sys
+ 2008-04-14 16:05:20 1,179,648——a-w C:\WINDOWS\system32\dllcache\d3d8.dll
+ 2008-04-14 16:05:20 8,192——a-w C:\WINDOWS\system32\dllcache\d3d8thk.dll
+ 2008-04-14 16:05:20 1,689,088——a-w C:\WINDOWS\system32\dllcache\d3d9.dll
+ 2008-04-14 16:05:20 824,320——a-w C:\WINDOWS\system32\dllcache\d3dim700.dll
+ 2001-08-17 19:52:16 179,584——a-w C:\WINDOWS\system32\dllcache\dac2w2k.sys
+ 2001-08-17 19:52:16 14,720——a-w C:\WINDOWS\system32\dllcache\dac960nt.sys
+ 2008-04-14 16:05:20 1,056,256——a-w C:\WINDOWS\system32\dllcache\danim.dll
+ 2008-01-19 11:04:48 554,008——a-w C:\WINDOWS\system32\dllcache\dao360.dll
+ 2008-04-14 16:05:20 54,272——a-w C:\WINDOWS\system32\dllcache\dataclen.dll
+ 2008-04-14 16:05:20 165,376——a-w C:\WINDOWS\system32\dllcache\datime.dll
+ 2008-04-14 16:05:20 25,600——a-w C:\WINDOWS\system32\dllcache\davclnt.dll
+ 2008-04-14 16:05:20 640,000——a-w C:\WINDOWS\system32\dllcache\dbghelp.dll
+ 2008-04-14 16:05:20 110,592——a-w C:\WINDOWS\system32\dllcache\dbnetlib.dll
+ 2001-10-04 15:07:20 25,600——a-w C:\WINDOWS\system32\dllcache\dc210_32.dll
+ 2001-10-04 15:07:20 81,408——a-w C:\WINDOWS\system32\dllcache\dc210usd.dll
+ 2001-08-17 18:12:02 63,208——a-w C:\WINDOWS\system32\dllcache\dc21x4.sys
+ 2001-10-04 15:07:20 86,528——a-w C:\WINDOWS\system32\dllcache\dc240usd.dll
+ 2001-10-04 15:07:20 111,104——a-w C:\WINDOWS\system32\dllcache\dc260usd.dll
+ 2008-04-14 16:05:20 40,960——a-w C:\WINDOWS\system32\dllcache\dcap32.dll
+ 2008-04-14 16:05:20 8,704——a-w C:\WINDOWS\system32\dllcache\dciman32.dll
+ 2008-04-14 16:05:46 6,144——a-w C:\WINDOWS\system32\dllcache\dcomcnfg.exe
+ 2008-04-14 16:05:46 30,720——a-w C:\WINDOWS\system32\dllcache\ddeshare.exe
+ 2008-04-14 16:05:20 279,552——a-w C:\WINDOWS\system32\dllcache\ddraw.dll
+ 2008-04-14 16:05:20 27,136——a-w C:\WINDOWS\system32\dllcache\ddrawex.dll
+ 2001-08-17 19:52:58 7,424——a-w C:\WINDOWS\system32\dllcache\ddsmc.sys
+ 2001-08-17 18:11:44 20,928——a-w C:\WINDOWS\system32\dllcache\defpa.sys
+ 2008-04-14 16:05:46 25,088——a-w C:\WINDOWS\system32\dllcache\defrag.exe
+ 2001-10-04 15:07:20 256,512——a-w C:\WINDOWS\system32\dllcache\devcon32.dll
+ 2008-04-14 16:05:20 59,904——a-w C:\WINDOWS\system32\dllcache\devenum.dll
+ 2001-10-04 15:07:44 24,064——a-w C:\WINDOWS\system32\dllcache\devldr32.exe
+ 2008-04-14 16:05:20 282,624——a-w C:\WINDOWS\system32\dllcache\devmgr.dll
+ 2001-08-17 18:11:48 24,648——a-w C:\WINDOWS\system32\dllcache\dfe650.sys
+ 2001-08-17 18:11:48 24,649——a-w C:\WINDOWS\system32\dllcache\dfe650d.sys
+ 2008-04-14 16:05:46 82,944——a-w C:\WINDOWS\system32\dllcache\dfrgfat.exe
+ 2008-04-14 16:05:46 105,472——a-w C:\WINDOWS\system32\dllcache\dfrgntfs.exe
+ 2008-04-14 16:05:20 39,424——a-w C:\WINDOWS\system32\dllcache\dfrgsnap.dll
+ 2008-04-14 16:05:20 124,416——a-w C:\WINDOWS\system32\dllcache\dfrgui.dll
+ 2008-04-14 16:05:20 28,672——a-w C:\WINDOWS\system32\dllcache\dfsshlex.dll
+ 2001-10-04 14:39:28 29,627——a-w C:\WINDOWS\system32\dllcache\dgapci.sys
+ 2001-10-04 15:07:20 420,381——a-w C:\WINDOWS\system32\dllcache\dgconfig.dll
+ 2008-04-14 16:05:20 112,128——a-w C:\WINDOWS\system32\dllcache\dgnet.dll
+ 2008-04-14 16:05:20 126,976——a-w C:\WINDOWS\system32\dllcache\dhcpcsvc.dll
+ 2008-04-14 16:05:20 394,752——a-w C:\WINDOWS\system32\dllcache\dhcpmon.dll
+ 2008-04-14 16:05:20 48,640——a-w C:\WINDOWS\system32\dllcache\dhcpqec.dll
+ 2008-04-14 16:05:48 542,720——a-w C:\WINDOWS\system32\dllcache\dialer.exe
+ 2008-04-14 16:05:48 87,040——a-w C:\WINDOWS\system32\dllcache\diantz.exe
+ 2001-08-17 18:13:48 164,923——a-w C:\WINDOWS\system32\dllcache\diapi2.sys
+ 2001-10-04 15:07:22 32,256——a-w C:\WINDOWS\system32\dllcache\diapi2NT.dll
+ 2008-04-14 16:05:20 68,608——a-w C:\WINDOWS\system32\dllcache\digest.dll
+ 2001-10-04 15:07:22 65,622——a-w C:\WINDOWS\system32\dllcache\digiasyn.dll
+ 2001-10-04 14:39:46 37,863——a-w C:\WINDOWS\system32\dllcache\digiasyn.sys
+ 2001-10-04 15:07:22 131,156——a-w C:\WINDOWS\system32\dllcache\digidbp.dll
+ 2001-10-04 14:39:48 103,460——a-w C:\WINDOWS\system32\dllcache\digidxb.sys
+ 2001-10-04 14:39:48 90,717——a-w C:\WINDOWS\system32\dllcache\digifep5.sys
+ 2001-10-04 15:07:22 229,462——a-w C:\WINDOWS\system32\dllcache\digifwrk.dll
+ 2001-10-04 15:07:22 159,828——a-w C:\WINDOWS\system32\dllcache\digihlc.dll
+ 2001-10-04 15:07:22 102,484——a-w C:\WINDOWS\system32\dllcache\digiinf.dll
+ 2001-10-04 15:07:22 41,046——a-w C:\WINDOWS\system32\dllcache\digiisdn.dll
+ 2001-08-17 18:14:44 21,606——a-w C:\WINDOWS\system32\dllcache\digiisdn.sys
+ 2001-10-04 15:07:22 110,621——a-w C:\WINDOWS\system32\dllcache\digirlpt.dll
+ 2001-10-04 14:39:54 42,496——a-w C:\WINDOWS\system32\dllcache\digirlpt.sys
+ 2001-10-04 15:07:44 618,525——a-w C:\WINDOWS\system32\dllcache\digiview.exe
+ 2001-08-17 18:13:52 91,305——a-w C:\WINDOWS\system32\dllcache\dimaint.sys
+ 2008-04-14 16:05:20 19,456——a-w C:\WINDOWS\system32\dllcache\dimsntfy.dll
+ 2008-04-14 16:05:20 39,936——a-w C:\WINDOWS\system32\dllcache\dimsroam.dll
+ 2008-04-14 16:05:20 161,792——a-w C:\WINDOWS\system32\dllcache\dinput.dll
+ 2008-04-14 16:05:20 184,832——a-w C:\WINDOWS\system32\dllcache\dinput8.dll
+ 2008-04-14 16:05:20 86,528——a-w C:\WINDOWS\system32\dllcache\directdb.dll
+ 2008-04-13 18:40:48 36,352——a-w C:\WINDOWS\system32\dllcache\disk.sys
+ 2008-04-14 16:05:20 1,504,256——a-w C:\WINDOWS\system32\dllcache\diskcopy.dll
+ 2008-04-13 18:40:44 14,208——a-w C:\WINDOWS\system32\dllcache\diskdump.sys
+ 2008-04-14 16:05:48 163,840——a-w C:\WINDOWS\system32\dllcache\diskpart.exe
+ 2008-04-14 16:05:20 32,768——a-w C:\WINDOWS\system32\dllcache\dispex.dll
+ 2001-10-04 15:05:34 6,729——a-w C:\WINDOWS\system32\dllcache\disrvci.dll
+ 2001-10-04 15:07:22 31,305——a-w C:\WINDOWS\system32\dllcache\disrvpp.dll
+ 2001-10-04 15:07:22 38,985——a-w C:\WINDOWS\system32\dllcache\disrvsu.dll
+ 2001-08-18 04:36:42 236,060——a-w C:\WINDOWS\system32\dllcache\ditrace.exe
+ 2001-10-04 15:05:34 6,216——a-w C:\WINDOWS\system32\dllcache\divaci.dll
+ 2001-10-04 15:07:22 37,962——a-w C:\WINDOWS\system32\dllcache\divaprop.dll
+ 2001-10-04 15:07:22 29,768——a-w C:\WINDOWS\system32\dllcache\divasu.dll
+ 2001-08-17 18:11:44 26,698——a-w C:\WINDOWS\system32\dllcache\dlh5xnd5.sys
+ 2008-04-14 16:05:48 5,120——a-w C:\WINDOWS\system32\dllcache\dllhost.exe
+ 2008-04-13 18:40:52 8,320——a-w C:\WINDOWS\system32\dllcache\dlttape.sys
+ 2001-08-17 18:11:42 29,696——a-w C:\WINDOWS\system32\dllcache\dm9pci5.sys
+ 2008-04-14 16:05:48 225,280——a-w C:\WINDOWS\system32\dllcache\dmadmin.exe
+ 2008-04-14 16:05:20 28,672——a-w C:\WINDOWS\system32\dllcache\dmband.dll
+ 2008-04-14 15:43:04 800,000——a-w C:\WINDOWS\system32\dllcache\dmboot.sys
+ 2008-04-14 16:05:20 61,440——a-w C:\WINDOWS\system32\dllcache\dmcompos.dll
+ 2008-04-14 16:05:20 285,184——a-w C:\WINDOWS\system32\dllcache\dmdlgs.dll
+ 2008-04-14 16:05:20 200,704——a-w C:\WINDOWS\system32\dllcache\dmdskmgr.dll
+ 2008-04-14 16:05:20 181,248——a-w C:\WINDOWS\system32\dllcache\dmime.dll
+ 2008-04-14 15:43:10 153,600——a-w C:\WINDOWS\system32\dllcache\dmio.sys
+ 2008-04-14 16:05:20 35,840——a-w C:\WINDOWS\system32\dllcache\dmloader.dll
+ 2008-04-14 16:05:48 15,872——a-w C:\WINDOWS\system32\dllcache\dmremote.exe
+ 2008-04-14 16:05:20 82,432——a-w C:\WINDOWS\system32\dllcache\dmscript.dll
+ 2008-04-14 16:05:20 23,552——a-w C:\WINDOWS\system32\dllcache\dmserver.dll
+ 2008-04-14 16:05:20 105,984——a-w C:\WINDOWS\system32\dllcache\dmstyle.dll
+ 2008-04-14 16:05:20 103,424——a-w C:\WINDOWS\system32\dllcache\dmsynth.dll
+ 2008-04-14 16:05:20 104,448——a-w C:\WINDOWS\system32\dllcache\dmusic.dll
+ 2008-04-13 18:45:02 52,864——a-w C:\WINDOWS\system32\dllcache\dmusic.sys
+ 2008-04-14 16:05:20 52,224——a-w C:\WINDOWS\system32\dllcache\dmutil.dll
+ 2008-04-14 16:05:20 45,568——a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
+ 2008-04-14 16:05:20 48,128——a-w C:\WINDOWS\system32\dllcache\docprop2.dll
+ 2004-08-04 04:51:24 53,904——a-w C:\WINDOWS\system32\dllcache\dosx.exe
+ 2008-04-14 16:05:20 26,624——a-w C:\WINDOWS\system32\dllcache\dot3api.dll
+ 2008-04-14 16:05:20 59,904——a-w C:\WINDOWS\system32\dllcache\dot3cfg.dll
+ 2008-04-14 16:05:20 39,936——a-w C:\WINDOWS\system32\dllcache\dot3clnt.dll
+ 2008-04-14 16:05:20 9,216——a-w C:\WINDOWS\system32\dllcache\dot3dlg.dll
+ 2008-04-14 16:05:20 56,832——a-w C:\WINDOWS\system32\dllcache\dot3msm.dll
+ 2008-04-14 16:05:22 132,608——a-w C:\WINDOWS\system32\dllcache\dot3svc.dll
+ 2008-04-14 16:05:22 651,264——a-w C:\WINDOWS\system32\dllcache\dot3ui.dll
+ 2008-04-13 18:39:46 206,976——a-w C:\WINDOWS\system32\dllcache\dot4.sys
+ 2001-08-17 19:47:32 12,928——a-w C:\WINDOWS\system32\dllcache\dot4prt.sys
+ 2001-08-17 19:47:32 8,704——a-w C:\WINDOWS\system32\dllcache\dot4scan.sys
+ 2001-10-04 14:40:34 23,936——a-w C:\WINDOWS\system32\dllcache\dot4usb.sys
+ 2001-08-17 18:12:32 28,062——a-w C:\WINDOWS\system32\dllcache\dp83820.sys
+ 2008-04-14 15:36:08 103,424——a-w C:\WINDOWS\system32\dllcache\dpcdll.dll
+ 2008-04-14 16:05:48 29,696——a-w C:\WINDOWS\system32\dllcache\dplaysvr.exe
+ 2008-04-14 16:05:22 229,888——a-w C:\WINDOWS\system32\dllcache\dplayx.dll
+ 2008-04-14 16:05:22 23,552——a-w C:\WINDOWS\system32\dllcache\dpmodemx.dll
+ 2008-04-14 16:03:50 3,072——a-w C:\WINDOWS\system32\dllcache\dpnaddr.dll
+ 2008-04-14 16:05:22 375,296——a-w C:\WINDOWS\system32\dllcache\dpnet.dll
+ 2008-04-14 16:05:22 35,328——a-w C:\WINDOWS\system32\dllcache\dpnhpast.dll
+ 2008-04-14 16:05:22 60,928——a-w C:\WINDOWS\system32\dllcache\dpnhupnp.dll
+ 2008-04-14 16:03:50 3,072——a-w C:\WINDOWS\system32\dllcache\dpnlobby.dll
+ 2008-04-14 16:05:48 18,432——a-w C:\WINDOWS\system32\dllcache\dpnsvr.exe
+ 2001-08-17 20:07:44 20,192——a-w C:\WINDOWS\system32\dllcache\dpti2o.sys
+ 2008-04-14 16:05:22 21,504——a-w C:\WINDOWS\system32\dllcache\dpvacm.dll
+ 2008-04-14 16:05:22 212,480——a-w C:\WINDOWS\system32\dllcache\dpvoice.dll
+ 2008-04-14 16:05:48 83,456——a-w C:\WINDOWS\system32\dllcache\dpvsetup.exe
+ 2008-04-14 16:05:22 116,736——a-w C:\WINDOWS\system32\dllcache\dpvvox.dll
+ 2008-04-14 16:05:22 57,856——a-w C:\WINDOWS\system32\dllcache\dpwsockx.dll
+ 2008-04-13 18:45:14 60,160——a-w C:\WINDOWS\system32\dllcache\drmk.sys
+ 2008-04-13 18:45:14 2,944——a-w C:\WINDOWS\system32\dllcache\drmkaud.sys
+ 2008-04-14 16:05:22 14,336——a-w C:\WINDOWS\system32\dllcache\drprov.dll
+ 2001-08-17 18:20:18 334,208——a-w C:\WINDOWS\system32\dllcache\ds1wdm.sys
+ 2008-04-14 16:05:22 16,384——a-w C:\WINDOWS\system32\dllcache\ds32gt.dll
+ 2008-04-14 16:05:22 181,248——a-w C:\WINDOWS\system32\dllcache\dsdmo.dll
+ 2008-04-14 16:05:22 71,680——a-w C:\WINDOWS\system32\dllcache\dsdmoprp.dll
+ 2008-04-14

Hent denne fil:
http://www.fromsej.saknet.dk/download/tcpip.sys
Gem den i mappen C:\tcpip ellers vil det efterfølgende ikke virke.

Åbn et Notesblokvindue, kopiér indholdet mellem de bølgede linier ind i dokumentet, og gem indholdet i samme mappe, som Combofix ligger med navnet CFScript.txt. Når du gemmer, skal du sikre, at der under “filtyper” står “alle filer”.

~~~~~~~~~~~~~~~~~~~~~~~~~~

Killall::
Snapshot::
Fcopy::
C:\tcpip|C:\WINDOWS\system32\drivers\tcpip.sys
C:\tcpip|C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys
C:\tcpip|C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys
C:\tcpip|C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
C:\tcpip|C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
C:\tcpip|C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
C:\tcpip|C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
C:\tcpip|C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
C:\tcpip|C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
C:\tcpip|C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
C:\tcpip|C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
C:\tcpip|C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
C:\tcpip|C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys

~~~~~~~~~~~~~~~~~~~~~~~~~~
Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du “giver slip” med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif
Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Kopier den nye Combofixlog herind.

her ny combofix log. Tak igen!

ComboFix 08-09-19.06 - niels peter 2008-09-20 10:17:32.3 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1030.18.348 [GMT 2:00]
Running from: C:\Documents and Settings\niels peter\Skrivebord\Spywarefri\ComboFix.exe
Command switches used :: C:\Documents and Settings\niels peter\Skrivebord\Spywarefri\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((  Files Created from 2008-08-20 to 2008-09-20 )))))))))))))))))))))))))))))))
.

2008-09-20 10:13 . 2008-09-20 10:13 361,600—a———C:\tcpip.sys
2008-09-19 20:11 . 2001-08-17 21:28 794,654—a———C:\WINDOWS\system32\dllcache\usr1801.sys
2008-09-19 20:10 . 2001-10-04 16:47 899,274—a———C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-09-19 20:09 . 2008-04-14 17:45 2,026,496—a———C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-09-19 20:08 . 2001-08-17 21:28 802,683—a———C:\WINDOWS\system32\dllcache\ltsm.sys
2008-09-19 20:07 . 2001-10-04 17:07 1,733,120—a———C:\WINDOWS\system32\dllcache\g400d.dll
2008-09-19 20:06 . 2001-08-17 20:14 952,007—a———C:\WINDOWS\system32\dllcache\diwan.sys
2008-09-19 20:05 . 2001-10-04 16:34 980,034—a———C:\WINDOWS\system32\dllcache\cicap.sys
2008-09-19 20:04 . 2001-08-17 21:28 871,388—a———C:\WINDOWS\system32\dllcache\bcmdm.sys
2008-09-19 20:03 . 2008-04-14 17:44 2,147,840—a———C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-09-19 18:35 . 2008-09-19 18:35 <DIR> d————C:\Documents and Settings\niels peter\Application Data\Windows Search
2008-09-19 18:34 . 2008-09-19 18:34 <DIR> d————C:\Documents and Settings\niels peter\Application Data\Windows Desktop Search
2008-09-19 18:33 . 2008-09-19 18:33 <DIR> d————C:\WINDOWS\system32\GroupPolicy
2008-09-19 18:33 . 2008-09-19 18:33 <DIR> d————C:\Programmer\Windows Desktop Search
2008-09-19 18:33 . 2008-09-19 18:33 1,374—a———C:\WINDOWS\imsins.BAK
2008-09-17 19:02 .  <DIR>  C:\Documents and Settings\Gµst\Lokale indstillinger
2008-09-17 19:02 .  <DIR>  C:\Documents and Settings\Gµst\Lokale indstillinger
2008-09-17 19:02 . 2008-09-17 19:02 <DIR> d————C:\Documents and Settings\Gæst
2008-09-17 18:35 . 2008-09-17 18:35 <DIR> d————C:\Programmer\Malwarebytes’ Anti-Malware
2008-09-17 18:35 . 2008-09-10 00:04 38,528—a———C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-17 18:35 . 2008-09-10 00:03 17,200—a———C:\WINDOWS\system32\drivers\mbam.sys
2008-09-17 18:29 . 2008-09-17 18:29 <DIR> d————C:\Programmer\CCleaner
2008-08-25 17:28 . 2008-08-25 18:45 144—ahs——C:\WINDOWS\system32\688789246.dat

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-02 10:48 19,512——a-w C:\WINDOWS\system32\drivers\nvcw32mf.sys
2008-07-18 20:10 94,920——a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 20:10 94,920——a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448——a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 53,448——a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 20:10 45,768——a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552——a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:10 36,552——a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 20:09 563,912——a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 563,912——a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 20:09 325,832——a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 325,832——a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 20:09 205,000——a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 205,000——a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 20:09 1,811,656——a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:09 1,811,656——a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-18 20:07 270,880——a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976——a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:29 253,952——a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:29 253,952——a-w C:\WINDOWS\system32\dllcache\es.dll
2008-06-24 16:44 74,240——a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:44 74,240——a-w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-24 16:12 295,936———w C:\WINDOWS\system32\wmpeffects.dll
2008-06-24 08:33 3,592,192——a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-06-23 09:20 13,824———w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-23 09:19 70,656——a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-06-23 09:19 625,664——a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-06-21 05:23 161,792——a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-06-20 17:48 246,784——a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:48 246,784——a-w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:48 147,968——a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 11:40 138,496——a-w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 11:08 225,856——a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2001-07-26 14:58 47——a-w C:\Programmer\ACMonitor_X73.ini
2001-07-05 10:46 8,116——a-w C:\Programmer\OSLO3071b2.USB
2001-05-11 09:39 53,248——a-w C:\Programmer\ACMonitor_X73.exe
2001-05-08 14:36 114,688——a-w C:\Programmer\lxarscan.dll
2001-04-23 12:22 1,437——a-w C:\Programmer\gtx73.ini
2001-02-22 07:54 768——a-w C:\Programmer\x73_lut.dat
2008-05-11 19:12 32,768—sha-w C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Oversigt\History.IE5\MSHist012008051120080512\index.dat
.

———- Sigcheck———-

2008-06-20 13:51 361600 9425b72f40257b45d45d24773273dad0 C:\WINDOWS\system32\drivers\tcpip.sys
2005-05-25 21:04 359808 88763a98a4c26c409741b4aa162720c9 C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys
2004-08-04 07:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys
2005-05-25 21:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-01-13 18:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 14:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 17:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 13:59 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2006-01-13 03:28 359808 583e063fdc888ca30d05c2724b0d7ef4 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2007-10-30 18:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2008-04-13 21:20 361344 accf5a9a1ffaa490f33dba1c632b95e1 C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2006-04-20 13:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2008-04-13 21:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
.
(((((((((((((((((((((((((((((((((((((  Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2008-04-14 15360]
“swg”=“C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2008-04-08 68856]
“updateMgr”=“C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe” [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“SunJavaUpdateSched”=“C:\Programmer\Java\j2re1.4.2_01\bin\jusched.exe” [2003-08-19 32873]
“PrinTray”=“C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe” [2001-10-12 36864]
“hcenter”=“C:\Programmer\Support.com\bin\tgcmd.exe” [2003-07-07 1916928]
“PaperPort PTD”=“C:\Programmer\ScanSoft\PaperPort\pptd40nt.exe” [2005-03-18 57393]
“Norman ZANDA”=“C:\Norman\Npm\Bin\ZLH.EXE” [2008-06-02 277616]
“Disk Monitor”=“C:\Programmer\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe” [2003-06-18 466944]
“IndexSearch”=“C:\Programmer\ScanSoft\PaperPort\IndexSearch.exe” [2005-03-18 40960]
“SoundMan”=“SOUNDMAN.EXE” [2003-09-23 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [2008-04-14 15360]
“NvMediaCenter”=“C:\WINDOWS\System32\NVMCTRAY.DLL” [2003-07-23 49152]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Adobe Reader Hurtigstart.lnk - C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Windows Search.lnk - C:\Programmer\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
“NoDispSettingPage”= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
“{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”= “C:\Programmer\SUPERAntiSpyware\SASSEH.DLL” [2006-02-16 77824]
“{56F9679E-7826-4C84-81F3-532071A8BCC5}”= “C:\Programmer\Windows Desktop Search\MSNLNamespaceMgr.dll” [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SASWinLogon]
2006-03-08 11:32 258048 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lpS14.sys]
@=“Driver”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\nqT81.sys]
@=“Driver”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\quX71.sys]
@=“Driver”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ruX13.sys]
@=“Driver”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vyC24.sys]
@=“Driver”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vyC47.sys]
@=“Driver”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ydF57.sys]
@=“Driver”

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“AntiVirusDisableNotify”=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\\system32\\sessmgr.exe”=
“C:\\Programmer\\Messenger\\MSMSGS.EXE”=
“%windir%\\Network Diagnostic\\xpnetdiag.exe”=
“C:\\Programmer\\Support.com\\TDCKabel\\hcenter.exe”=
“C:\\Programmer\\Support.com\\BIN\\TGCMD.EXE”=

R1 msikbd2k;Multimedia Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\msikbd2k.sys [2006-09-24 6656]
R2 Ndiskio;Ndiskio;C:\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 20448]
R2 nhksrv;Netropa NHK Server;C:\Programmer\Office keyboard utility\1.1\nhksrv.exe [2006-09-24 28672]
R2 NVOY;Norman’s Very Own supplY of resources;C:\Norman\npm\bin\nvoy.exe [2008-02-07 121912]
R3 C4C_BSC2;C4C_BSC2;C:\WINDOWS\system32\DRIVERS\C4C_BSC2.sys [2002-07-08 84788]
R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2008-09-02 19512]
R3 nvcoas;Norman Virus Control on-access component;C:\Norman\Nvc\bin\nvcoas.exe [2008-04-30 191544]
R3 NVCScheduler;Norman Virus Control Scheduler;C:\Norman\Npm\bin\NVCSCHED.EXE [2007-09-18 154680]
S3 nvcfsr;nvcfsr;C:\Norman\Nvc\bin\nvcfsr.sys [2007-01-09 6712]
S3 nvcoafl51;nvcoafl51;C:\Norman\Nvc\bin\nvcoafl51.sys [2007-01-09 30264]
S3 nvcoaft51;nvcoaft51;C:\Norman\Nvc\bin\nvcoaft51.sys [2007-01-09 129848]
S3 nvcoarc51;nvcoarc51;C:\Norman\Nvc\bin\nvcoarc51.sys [2007-01-09 23224]
.
Contents of the ‘Scheduled Tasks’ folder

2008-09-19 C:\WINDOWS\Tasks\User_Feed_Synchronization-{157DD564-5305-476A-93B6-3F8F893B9081}.job
- C:\WINDOWS\system32\msfeedssync.exe [2006-10-17 11:58]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-20 10:20:59
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
————————————Other Running Processes————————————
.
C:\NORMAN\NPM\BIN\ELOGSVC.EXE
C:\NORMAN\NPM\BIN\ZANDA.EXE
C:\WINDOWS\SYSTEM32\LEXBCES.EXE
C:\WINDOWS\SYSTEM32\BRSS01A.EXE
C:\PROGRAMMER\EWIDO\SECURITY SUITE\EWIDOCTRL.EXE
C:\WINDOWS\SYSTEM32\SEARCHINDEXER.EXE
C:\NORMAN\NPM\BIN\NJEEVES.EXE
C:\Norman\Nvc\Bin\Nip.exe
C:\Norman\Nvc\Bin\cclaw.exe
.
**************************************************************************
.
Completion time: 2008-09-20 10:24:24 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-20 08:24:20
ComboFix3.txt 2008-09-17 17:02:54
ComboFix2.txt 2008-09-19 18:23:32

Pre-Run: 149.023.752.192 byte ledig
Post-Run: 149,026,045,952 byte ledig

192—- E O F—- 2008-09-10 17:14:45

Prøv lige 19/09/2008 :  22:09:46 en gang til, denne gang i fejlsikret.

Kan desværre ikke lige nu, men skal nok prøve senere….combo gik fint i gang da jeg førte textfilen over den, men forsvinder effekten, når combofix efter lidt til genstarter fordi programmet opdaterer sig til en ny version??

Godt spørgsmål, men prøv.

Så fik vi prøvet det. Efter combofix var færdig genstartede pc’en i normal tilstand, håber det er ok?!

ComboFix 08-09-19.06 - niels peter 2008-09-21 12:19:00.4 - FAT32x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1030.18.390 [GMT 2:00]
Running from: C:\Documents and Settings\niels peter\Skrivebord\Spywarefri\ComboFix.exe
Command switches used :: C:\Documents and Settings\niels peter\Skrivebord\Spywarefri\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((  Files Created from 2008-08-21 to 2008-09-21 )))))))))))))))))))))))))))))))
.

2008-09-20 10:13 . 2008-09-20 10:13 361,600—a———C:\tcpip.sys
2008-09-19 20:11 . 2001-08-17 21:28 794,654—a———C:\WINDOWS\system32\dllcache\usr1801.sys
2008-09-19 20:10 . 2001-10-04 16:47 899,274—a———C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-09-19 20:09 . 2008-04-14 17:45 2,026,496—a———C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-09-19 20:08 . 2001-08-17 21:28 802,683—a———C:\WINDOWS\system32\dllcache\ltsm.sys
2008-09-19 20:07 . 2001-10-04 17:07 1,733,120—a———C:\WINDOWS\system32\dllcache\g400d.dll
2008-09-19 20:06 . 2001-08-17 20:14 952,007—a———C:\WINDOWS\system32\dllcache\diwan.sys
2008-09-19 20:05 . 2001-10-04 16:34 980,034—a———C:\WINDOWS\system32\dllcache\cicap.sys
2008-09-19 20:04 . 2001-08-17 21:28 871,388—a———C:\WINDOWS\system32\dllcache\bcmdm.sys
2008-09-19 20:03 . 2008-04-14 17:44 2,147,840—a———C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-09-19 18:35 . 2008-09-19 18:35 <DIR> d————C:\Documents and Settings\niels peter\Application Data\Windows Search
2008-09-19 18:34 . 2008-09-19 18:34 <DIR> d————C:\Documents and Settings\niels peter\Application Data\Windows Desktop Search
2008-09-19 18:33 . 2008-09-19 18:33 <DIR> d————C:\WINDOWS\system32\GroupPolicy
2008-09-19 18:33 . 2008-09-19 18:33 <DIR> d————C:\Programmer\Windows Desktop Search
2008-09-19 18:33 . 2008-09-19 18:33 1,374—a———C:\WINDOWS\imsins.BAK
2008-09-17 19:02 .  <DIR>  C:\Documents and Settings\Gµst\Lokale indstillinger
2008-09-17 19:02 .  <DIR>  C:\Documents and Settings\Gµst\Lokale indstillinger
2008-09-17 19:02 . 2008-09-17 19:02 <DIR> d————C:\Documents and Settings\Gæst
2008-09-17 18:35 . 2008-09-17 18:35 <DIR> d————C:\Programmer\Malwarebytes’ Anti-Malware
2008-09-17 18:35 . 2008-09-10 00:04 38,528—a———C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-17 18:35 . 2008-09-10 00:03 17,200—a———C:\WINDOWS\system32\drivers\mbam.sys
2008-09-17 18:29 . 2008-09-17 18:29 <DIR> d————C:\Programmer\CCleaner
2008-08-25 17:28 . 2008-08-25 18:45 144—ahs——C:\WINDOWS\system32\688789246.dat

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-02 10:48 19,512——a-w C:\WINDOWS\system32\drivers\nvcw32mf.sys
2008-07-18 20:10 94,920——a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 20:10 94,920——a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448——a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 53,448——a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 20:10 45,768——a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552——a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:10 36,552——a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 20:09 563,912——a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 563,912——a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 20:09 325,832——a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 325,832——a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 20:09 205,000——a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 205,000——a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 20:09 1,811,656——a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:09 1,811,656——a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-18 20:07 270,880——a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976——a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:29 253,952——a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:29 253,952——a-w C:\WINDOWS\system32\dllcache\es.dll
2008-06-24 16:44 74,240——a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:44 74,240——a-w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-24 16:12 295,936———w C:\WINDOWS\system32\wmpeffects.dll
2008-06-24 08:33 3,592,192——a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-06-23 09:20 13,824———w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-23 09:19 70,656——a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-06-23 09:19 625,664——a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-06-21 05:23 161,792——a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2001-07-26 14:58 47——a-w C:\Programmer\ACMonitor_X73.ini
2001-07-05 10:46 8,116——a-w C:\Programmer\OSLO3071b2.USB
2001-05-11 09:39 53,248——a-w C:\Programmer\ACMonitor_X73.exe
2001-05-08 14:36 114,688——a-w C:\Programmer\lxarscan.dll
2001-04-23 12:22 1,437——a-w C:\Programmer\gtx73.ini
2001-02-22 07:54 768——a-w C:\Programmer\x73_lut.dat
2008-05-11 19:12 32,768—sha-w C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Oversigt\History.IE5\MSHist012008051120080512\index.dat
.

———- Sigcheck———-

2008-06-20 13:51 361600 9425b72f40257b45d45d24773273dad0 C:\WINDOWS\system32\drivers\tcpip.sys
2005-05-25 21:04 359808 88763a98a4c26c409741b4aa162720c9 C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys
2004-08-04 07:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys
2005-05-25 21:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-01-13 18:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 14:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 17:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 13:59 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2006-01-13 03:28 359808 583e063fdc888ca30d05c2724b0d7ef4 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2007-10-30 18:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2008-04-13 21:20 361344 accf5a9a1ffaa490f33dba1c632b95e1 C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2006-04-20 13:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2008-04-13 21:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
.
(((((((((((((((((((((((((((((((((((((  Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2008-04-14 15360]
“swg”=“C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2008-04-08 68856]
“updateMgr”=“C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe” [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“SunJavaUpdateSched”=“C:\Programmer\Java\j2re1.4.2_01\bin\jusched.exe” [2003-08-19 32873]
“PrinTray”=“C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe” [2001-10-12 36864]
“hcenter”=“C:\Programmer\Support.com\bin\tgcmd.exe” [2003-07-07 1916928]
“PaperPort PTD”=“C:\Programmer\ScanSoft\PaperPort\pptd40nt.exe” [2005-03-18 57393]
“Norman ZANDA”=“C:\Norman\Npm\Bin\ZLH.EXE” [2008-06-02 277616]
“Disk Monitor”=“C:\Programmer\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe” [2003-06-18 466944]
“IndexSearch”=“C:\Programmer\ScanSoft\PaperPort\IndexSearch.exe” [2005-03-18 40960]
“SoundMan”=“SOUNDMAN.EXE” [2003-09-23 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [2008-04-14 15360]
“NvMediaCenter”=“C:\WINDOWS\System32\NVMCTRAY.DLL” [2003-07-23 49152]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Adobe Reader Hurtigstart.lnk - C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Windows Search.lnk - C:\Programmer\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
“NoDispSettingPage”= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
“{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”= “C:\Programmer\SUPERAntiSpyware\SASSEH.DLL” [2006-02-16 77824]
“{56F9679E-7826-4C84-81F3-532071A8BCC5}”= “C:\Programmer\Windows Desktop Search\MSNLNamespaceMgr.dll” [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SASWinLogon]
2006-03-08 11:32 258048 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lpS14.sys]
@=“Driver”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\nqT81.sys]
@=“Driver”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\quX71.sys]
@=“Driver”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ruX13.sys]
@=“Driver”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vyC24.sys]
@=“Driver”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vyC47.sys]
@=“Driver”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ydF57.sys]
@=“Driver”

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“AntiVirusDisableNotify”=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\\system32\\sessmgr.exe”=
“C:\\Programmer\\Messenger\\MSMSGS.EXE”=
“%windir%\\Network Diagnostic\\xpnetdiag.exe”=
“C:\\Programmer\\Support.com\\TDCKabel\\hcenter.exe”=
“C:\\Programmer\\Support.com\\BIN\\TGCMD.EXE”=

R1 msikbd2k;Multimedia Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\msikbd2k.sys [2006-09-24 6656]
R2 Ndiskio;Ndiskio;C:\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 20448]
R2 nhksrv;Netropa NHK Server;C:\Programmer\Office keyboard utility\1.1\nhksrv.exe [2006-09-24 28672]
R2 NVOY;Norman’s Very Own supplY of resources;C:\Norman\npm\bin\nvoy.exe [2008-02-07 121912]
R3 C4C_BSC2;C4C_BSC2;C:\WINDOWS\system32\DRIVERS\C4C_BSC2.sys [2002-07-08 84788]
R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2008-09-02 19512]
R3 nvcoas;Norman Virus Control on-access component;C:\Norman\Nvc\bin\nvcoas.exe [2008-04-30 191544]
R3 NVCScheduler;Norman Virus Control Scheduler;C:\Norman\Npm\bin\NVCSCHED.EXE [2007-09-18 154680]
S3 nvcfsr;nvcfsr;C:\Norman\Nvc\bin\nvcfsr.sys [2007-01-09 6712]
S3 nvcoafl51;nvcoafl51;C:\Norman\Nvc\bin\nvcoafl51.sys [2007-01-09 30264]
S3 nvcoaft51;nvcoaft51;C:\Norman\Nvc\bin\nvcoaft51.sys [2007-01-09 129848]
S3 nvcoarc51;nvcoarc51;C:\Norman\Nvc\bin\nvcoarc51.sys [2007-01-09 23224]
.
Contents of the ‘Scheduled Tasks’ folder

2008-09-21 C:\WINDOWS\Tasks\User_Feed_Synchronization-{157DD564-5305-476A-93B6-3F8F893B9081}.job
- C:\WINDOWS\system32\msfeedssync.exe [2006-10-17 11:58]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-21 12:21:42
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
————————————Other Running Processes————————————
.
C:\NORMAN\NPM\BIN\ELOGSVC.EXE
C:\NORMAN\NPM\BIN\ZANDA.EXE
C:\WINDOWS\SYSTEM32\LEXBCES.EXE
C:\WINDOWS\SYSTEM32\BRSS01A.EXE
C:\PROGRAMMER\EWIDO\SECURITY SUITE\EWIDOCTRL.EXE
C:\WINDOWS\SYSTEM32\SEARCHINDEXER.EXE
C:\NORMAN\NPM\BIN\NJEEVES.EXE
C:\Norman\Nvc\Bin\Nip.exe
C:\Norman\Nvc\Bin\cclaw.exe
.
**************************************************************************
.
Completion time: 2008-09-21 12:24:09 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-21 10:24:00
ComboFix4.txt 2008-09-17 17:02:54
ComboFix3.txt 2008-09-19 18:23:32
ComboFix2.txt 2008-09-20 08:24:28

Pre-Run: 149.669.740.544 byte ledig
Post-Run: 149,027,520,512 byte ledig

187—- E O F—- 2008-09-10 17:14:45

Jeg flytter dig til Rootkits, der må du desværre påregne noget længere svartider.

Åbn et Notesblokvindue, kopiér indholdet mellem de bølgede linier ind i dokumentet, og gem indholdet i samme mappe, som Combofix ligger med navnet CFScript.txt. Når du gemmer, skal du sikre, at der under “filtyper” står “alle filer”.

~~~~~~~~~~~~~~~~~~~~~~~~~~
Fcopy::
C:\tcpip.SYS|C:\WINDOWS\system32\drivers\tcpip.sys

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lpS14.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\nqT81.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\quX71.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ruX13.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vyC24.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vyC47.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ydF57.sys]
~~~~~~~~~~~~~~~~~~~~~~~~~~
Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du “giver slip” med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif
Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Kopier den nye Combofixlog herind.