Gå til innhold

Explorer.exe klikker alltid ved mappe-kikking

padrepio

Av padrepio
i IKT-drift og sikkerhet

Anbefalte innlegg

padrepio

padrepio

Skrevet
Skrevet

Når jeg browser rundt i mapper på maskinen henger explorer.exe seg omtrent alltid.

Henger seg når jeg gjør handlinger, ikke når jeg bare har en mappe oppe.

Er ingen sammenheng over når den klikker.

 

Maskinen er stabil ellers

 

Hijackthis logg

Klikk for å se/fjerne spoilerteksten nedenfor
Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:43:51, on 28.10.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\ATKKBService.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\XP-CD47A25C.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe

C:\Programfiler\Microsoft ActiveSync\wcescomm.exe

C:\Programfiler\MSN Messenger\msnmsgr.exe

C:\PROGRA~1\MICROS~3\rapimgr.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programfiler\Mozilla Firefox\firefox.exe

C:\WINDOWS\explorer.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cn/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66008

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66008

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programfiler\BitComet\tools\BitCometBHO_1.1.9.24.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O4 - HKLM\..\Run: [XP-CD47A25C] C:\WINDOWS\system32\XP-CD47A25C.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\RunOnce: [spybotDeletingA6192] command /c del "C:\Programfiler\Everest Poker\casino.exe"

O4 - HKLM\..\RunOnce: [spybotDeletingC4285] cmd /c del "C:\Programfiler\Everest Poker\casino.exe"

O4 - HKLM\..\RunOnce: [spybotDeletingA4356] command /c del "C:\Programfiler\Everest Poker\gvcrt.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingC2801] cmd /c del "C:\Programfiler\Everest Poker\gvcrt.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingA7551] command /c del "C:\Programfiler\Everest Poker\gvmain.exe"

O4 - HKLM\..\RunOnce: [spybotDeletingC2517] cmd /c del "C:\Programfiler\Everest Poker\gvmain.exe"

O4 - HKLM\..\RunOnce: [spybotSnD] "C:\Programfiler\Spybot - Search & Destroy\SpybotSD.exe" /autocheck

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programfiler\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: ¡¡¡¡¡¡.lnk = C:\WINDOWS\system32\XP-CD47A25C.EXE

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Programfiler\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Programfiler\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Programfiler\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Programfiler\BitComet\tools\BitCometBHO_1.1.9.24.dll

O9 - Extra button: Doyles Room Poker - {725E77D3-B919-4eef-8EEE-D09DE618B6C1} - C:\Microgaming\Poker\DoylesRoomMPP\MPPoker.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1195316866765

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1195316860843

O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.tvkoo.com/update/UKooPlayer.ocx

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL

O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programfiler\WinPcap\rpcapd.exe

 

--

End of file - 7518 bytes

 

 

 

ComboFix Logg

Klikk for å se/fjerne spoilerteksten nedenfor
ComboFix 08-10-28.01 - PadrePio 2008-10-28 18:51:35.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.1615 [GMT 1:00]

Running from: C:\Documents and Settings\PadrePio\Skrivebord\ComboFix.exe

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

ADS - WINDOWS: deleted 48 bytes in 1 streams.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\DOCUME~1\PadrePio\LOKALE~1\Temp\E_4

C:\DOCUME~1\PadrePio\LOKALE~1\Temp\E_4\com.run

C:\DOCUME~1\PadrePio\LOKALE~1\Temp\E_4\dp1.fne

C:\DOCUME~1\PadrePio\LOKALE~1\Temp\E_4\eAPI.fne

C:\DOCUME~1\PadrePio\LOKALE~1\Temp\E_4\krnln.fnr

C:\DOCUME~1\PadrePio\LOKALE~1\Temp\E_4\shell.fne

C:\server.exe

C:\WINDOWS\system32\_000051_.tmp.dll

C:\WINDOWS\system32\com.run

C:\WINDOWS\system32\dp1.fne

C:\WINDOWS\system32\eAPI.fne

C:\WINDOWS\system32\internet.fne

C:\WINDOWS\system32\og.dll

C:\WINDOWS\system32\og.edt

C:\WINDOWS\system32\RegEx.fnr

C:\WINDOWS\system32\shell.fne

C:\WINDOWS\system32\spec.fne

C:\WINDOWS\system32\ul.dll

C:\WINDOWS\system32\winsecurityxp

C:\WINDOWS\system32\winsecurityxp\mswinup.exe

C:\WINDOWS\system32\winsecurityxp\rk.exe

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_NPF

-------\Service_NPF

 

 

((((((((((((((((((((((((( Files Created from 2008-09-28 to 2008-10-28 )))))))))))))))))))))))))))))))

.

 

2008-10-28 18:57 . 2008-10-28 18:57 1,097,728 ---h----- C:\WINDOWS\system32\krnln.fnr

2008-10-28 18:47 . 2008-10-28 18:47 <DIR> dr-h----- C:\Documents and Settings\PadrePio\Siste

2008-10-25 19:16 . 2008-10-25 19:16 15,360 ---hs---- C:\WINDOWS\system32\winncreg.exe

2008-10-23 11:38 . 2008-10-23 11:38 <DIR> d-------- C:\Poker

2008-10-23 00:17 . 2008-10-23 11:33 <DIR> d-------- C:\Programfiler\Everest Poker

2008-10-22 02:18 . 2008-10-22 02:18 <DIR> d-------- C:\Microgaming

2008-10-22 02:13 . 2008-10-22 02:14 <DIR> d-------- C:\Programfiler\Prime Poker

2008-10-21 22:51 . 2008-10-21 22:51 <DIR> d-------- C:\Programfiler\Spybot - Search & Destroy

2008-10-21 22:51 . 2008-10-22 23:41 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Programdata\Spybot - Search & Destroy

2008-10-21 22:33 . 2008-10-28 18:24 <DIR> d-------- C:\Programfiler\Malwarebytes' Anti-Malware

2008-10-21 22:33 . 2008-10-21 22:33 <DIR> d-------- C:\Documents and Settings\PadrePio\Programdata\Malwarebytes

2008-10-21 22:33 . 2008-10-21 22:33 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Programdata\Malwarebytes

2008-10-21 22:33 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-10-21 22:33 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-10-21 21:57 . 2008-10-21 21:57 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni

2008-10-20 22:41 . 2008-10-20 22:41 <DIR> d-------- C:\Programfiler\Adobe Media Player

2008-10-20 22:35 . 2008-10-20 22:35 <DIR> d-------- C:\Programfiler\Fellesfiler\Adobe AIR

2008-10-16 23:56 . 2008-10-21 22:29 <DIR> d-------- C:\Programfiler\Pi-Sys Labs

2008-10-14 05:18 . 2008-10-14 05:18 15,360 ---hs---- C:\WINDOWS\system32\winmcreg.exe

2008-10-08 22:48 . 2008-10-08 22:48 <DIR> d-------- C:\Programfiler\Canon

2008-10-01 00:41 . 2008-10-01 00:41 16,384 ---hs---- C:\WINDOWS\system32\winlcreg.exe

2008-10-01 00:41 . 2008-10-26 10:44 15,360 --a------ C:\WINDOWS\system32\59682D.EXE

2008-10-01 00:39 . 2008-10-01 00:39 1,509,051 -r-hs---- C:\WINDOWS\system32\XP-CD47A25C.EXE

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-28 17:44 --------- d-----w C:\Documents and Settings\PadrePio\Programdata\Azureus

2008-10-24 00:10 --------- d-----w C:\Documents and Settings\PadrePio\Programdata\Microgaming

2008-10-21 22:00 --------- d-----w C:\Documents and Settings\PadrePio\Programdata\vlc

2008-10-21 21:28 --------- d-----w C:\Programfiler\WMR11

2008-10-21 21:28 --------- d-----w C:\Programfiler\PageBreeze

2008-10-21 21:24 --------- d-----w C:\Programfiler\SlySoft

2008-10-21 20:55 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Programdata\iolo

2008-10-21 20:26 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2008-10-21 20:24 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Programdata\BVRP Software

2008-10-21 20:16 --------- d-----w C:\Programfiler\CyberLink

2008-10-20 21:40 --------- d-----w C:\Programfiler\Fellesfiler\Adobe

2008-10-15 15:07 --------- d-----w C:\Documents and Settings\PadrePio\Programdata\dvdcss

2008-10-08 22:02 --------- d-----w C:\Programfiler\FlashGet

2008-10-08 13:52 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Programdata\DVD Shrink

2008-09-30 23:38 2,173,888 ----a-w C:\AnyDVDtray.exe

2008-09-24 20:36 --------- d-----w C:\Programfiler\Azureus

2008-09-23 09:19 --------- d-----w C:\Documents and Settings\LocalService\Programdata\iolo

2008-09-22 19:57 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Programdata\SlySoft

2008-09-22 19:37 --------- d-----w C:\Programfiler\ImgBurn

2008-09-20 21:37 --------- d-----w C:\Documents and Settings\PadrePio\Programdata\iolo

2008-09-20 21:16 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Programdata\CyberLink

2008-09-20 21:14 --------- d-----w C:\Documents and Settings\PadrePio\Programdata\CyberLink

2008-09-16 19:58 --------- d-----w C:\Programfiler\Google

2008-09-13 11:19 --------- d-----w C:\Programfiler\adidas

2008-09-12 20:59 --------- d-----w C:\Documents and Settings\PadrePio\Programdata\Samsung

2008-09-12 20:58 5,632 ----a-w C:\WINDOWS\system32\drivers\StarOpen.sys

2008-09-12 20:36 --------- d-----w C:\Programfiler\Samsung

2008-09-11 14:31 --------- d-----w C:\Documents and Settings\PadrePio\Programdata\Skype

2008-09-11 14:03 --------- d-----w C:\Documents and Settings\PadrePio\Programdata\skypePM

2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys

.

 

------- Sigcheck -------

 

2003-04-25 13:00 515584 6d0c4ec1a62d7b95b1cc2f15879968ca C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

2004-08-04 09:03 501248 765b39061ca16d01abfea752c5e2db8f C:\WINDOWS\ServicePackFiles\i386\winlogon.exe

2008-04-14 17:23 506880 15ccfec060818dab936b8c5faeee21f9 C:\WINDOWS\SoftwareDistribution\Download\6b87f018d0fb69e9c5ccb760afc4cb7b\winlogon.exe

2007-12-16 11:06 501248 67f180580f73de7b9678756744bfe9cb C:\WINDOWS\system32\winlogon.exe

.

((((((((((((((((((((((((((((( snapshot@2008-06-16_23.40.53.60 )))))))))))))))))))))))))))))))))))))))))

.

+ 2007-11-30 12:39:50 17,784 ----a-w C:\WINDOWS\$hf_mig$\KB938464\spmsg.dll

+ 2007-11-30 12:39:50 232,824 ----a-w C:\WINDOWS\$hf_mig$\KB938464\spuninst.exe

+ 2007-11-30 12:39:50 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB938464\update\spcustom.dll

+ 2007-11-30 11:19:50 760,696 ----a-w C:\WINDOWS\$hf_mig$\KB938464\update\update.exe

+ 2007-11-30 12:39:50 385,912 ----a-w C:\WINDOWS\$hf_mig$\KB938464\update\updspapi.dll

+ 2008-05-02 13:42:01 83,968 ----a-w C:\WINDOWS\$hf_mig$\KB946648\SP2QFE\msgsc.dll

+ 2008-05-02 14:05:59 83,968 ----a-w C:\WINDOWS\$hf_mig$\KB946648\SP3GDR\msgsc.dll

+ 2008-05-02 13:46:33 83,968 ----a-w C:\WINDOWS\$hf_mig$\KB946648\SP3QFE\msgsc.dll

+ 2007-11-30 12:39:50 17,784 ----a-w C:\WINDOWS\$hf_mig$\KB946648\spmsg.dll

+ 2007-11-30 12:39:50 232,824 ----a-w C:\WINDOWS\$hf_mig$\KB946648\spuninst.exe

+ 2007-11-30 12:39:50 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB946648\update\spcustom.dll

+ 2007-11-30 11:19:50 760,696 ----a-w C:\WINDOWS\$hf_mig$\KB946648\update\update.exe

+ 2007-11-30 12:39:50 385,912 ----a-w C:\WINDOWS\$hf_mig$\KB946648\update\updspapi.dll

+ 2008-07-07 20:23:14 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP2QFE\es.dll

+ 2008-07-07 20:29:49 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP3GDR\es.dll

+ 2008-07-07 20:26:07 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP3QFE\es.dll

+ 2007-11-30 12:39:50 17,784 ----a-w C:\WINDOWS\$hf_mig$\KB950974\spmsg.dll

+ 2007-11-30 12:39:50 232,824 ----a-w C:\WINDOWS\$hf_mig$\KB950974\spuninst.exe

+ 2007-11-30 12:39:50 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\spcustom.dll

+ 2007-11-30 12:39:47 760,696 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\update.exe

+ 2007-11-30 12:39:48 385,912 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\updspapi.dll

+ 2008-04-11 18:41:30 683,520 ----a-w C:\WINDOWS\$hf_mig$\KB951066\SP2QFE\inetcomm.dll

+ 2008-04-11 19:06:47 691,712 ----a-w C:\WINDOWS\$hf_mig$\KB951066\SP3GDR\inetcomm.dll

+ 2008-04-11 22:24:02 691,712 ----a-w C:\WINDOWS\$hf_mig$\KB951066\SP3QFE\inetcomm.dll

+ 2007-11-30 12:39:50 17,784 ----a-w C:\WINDOWS\$hf_mig$\KB951066\spmsg.dll

+ 2007-11-30 12:39:50 232,824 ----a-w C:\WINDOWS\$hf_mig$\KB951066\spuninst.exe

+ 2007-11-30 12:39:50 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951066\update\spcustom.dll

+ 2007-12-03 15:26:01 760,696 ----a-w C:\WINDOWS\$hf_mig$\KB951066\update\update.exe

+ 2007-11-30 12:39:50 385,912 ----a-w C:\WINDOWS\$hf_mig$\KB951066\update\updspapi.dll

+ 2008-07-14 11:03:00 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP2QFE\tzchange.exe

+ 2008-07-11 12:42:28 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP3GDR\tzchange.exe

+ 2008-07-11 12:51:51 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP3QFE\tzchange.exe

+ 2007-11-30 11:19:51 17,784 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\spmsg.dll

+ 2007-11-30 11:19:51 232,824 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\spuninst.exe

+ 2007-11-30 11:19:51 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\spcustom.dll

+ 2007-11-30 12:39:50 760,696 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\update.exe

+ 2007-11-30 12:39:50 385,912 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\updspapi.dll

+ 2008-06-14 18:06:18 272,256 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\SP2QFE\bthport.sys

+ 2008-06-14 17:36:44 272,256 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\SP3GDR\bthport.sys

+ 2008-06-14 17:42:06 272,256 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\SP3QFE\bthport.sys

+ 2007-11-30 11:19:51 17,784 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\spmsg.dll

+ 2007-11-30 11:19:51 232,824 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\spuninst.exe

+ 2007-11-30 11:19:51 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\update\spcustom.dll

+ 2007-11-30 11:19:51 760,696 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\update\update.exe

+ 2007-11-30 11:19:51 385,912 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\update\updspapi.dll

+ 2006-08-16 12:14:55 100,352 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\6to4svc.dll

+ 2008-06-20 10:44:08 138,368 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys

+ 2008-06-20 17:37:54 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\dnsapi.dll

+ 2008-06-20 17:37:54 246,784 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll

+ 2008-06-20 10:44:42 360,960 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys

+ 2008-06-20 09:32:39 225,920 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip6.sys

+ 2008-06-20 11:40:08 138,496 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys

+ 2008-06-20 17:49:37 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\dnsapi.dll

+ 2008-06-20 17:49:37 246,784 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll

+ 2008-06-20 11:51:12 361,600 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys

+ 2008-06-20 11:08:27 225,856 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip6.sys

+ 2008-06-20 11:48:03 138,496 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys

+ 2008-06-20 17:45:13 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\dnsapi.dll

+ 2008-06-20 17:45:13 246,784 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll

+ 2008-06-20 11:59:02 361,600 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys

+ 2008-06-20 11:16:44 225,856 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip6.sys

+ 2007-11-30 12:39:50 17,784 ----a-w C:\WINDOWS\$hf_mig$\KB951748\spmsg.dll

+ 2007-11-30 12:39:50 232,824 ----a-w C:\WINDOWS\$hf_mig$\KB951748\spuninst.exe

+ 2007-11-30 12:39:50 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\spcustom.dll

+ 2007-11-30 12:39:47 760,696 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\update.exe

+ 2007-11-30 12:39:48 385,912 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\updspapi.dll

+ 2008-05-01 15:06:20 331,776 ----a-w C:\WINDOWS\$hf_mig$\KB952287\SP2QFE\msadce.dll

+ 2008-05-01 14:38:39 331,776 ----a-w C:\WINDOWS\$hf_mig$\KB952287\SP3GDR\msadce.dll

+ 2008-05-01 14:41:02 331,776 ----a-w C:\WINDOWS\$hf_mig$\KB952287\SP3QFE\msadce.dll

+ 2007-11-30 11:19:51 17,784 ----a-w C:\WINDOWS\$hf_mig$\KB952287\spmsg.dll

+ 2007-11-30 11:19:51 232,824 ----a-w C:\WINDOWS\$hf_mig$\KB952287\spuninst.exe

+ 2007-11-30 11:19:51 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB952287\update\spcustom.dll

+ 2007-11-30 11:19:51 760,696 ----a-w C:\WINDOWS\$hf_mig$\KB952287\update\update.exe

+ 2007-11-30 11:19:51 385,912 ----a-w C:\WINDOWS\$hf_mig$\KB952287\update\updspapi.dll

+ 2008-06-24 16:31:15 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP2QFE\mscms.dll

+ 2008-06-24 16:46:40 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP3GDR\mscms.dll

+ 2008-06-24 16:54:35 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP3QFE\mscms.dll

+ 2007-11-30 12:39:50 17,784 ----a-w C:\WINDOWS\$hf_mig$\KB952954\spmsg.dll

+ 2007-11-30 12:39:50 232,824 ----a-w C:\WINDOWS\$hf_mig$\KB952954\spuninst.exe

+ 2007-11-30 12:39:50 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\spcustom.dll

+ 2007-11-30 12:39:50 760,696 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\update.exe

+ 2007-11-30 12:39:50 385,912 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\updspapi.dll

+ 2008-06-23 15:42:16 124,928 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\advpack.dll

+ 2008-06-23 15:42:16 347,136 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\dxtmsft.dll

+ 2008-06-23 15:42:16 214,528 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\dxtrans.dll

+ 2008-06-23 15:42:16 132,608 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\extmgr.dll

+ 2008-06-23 15:42:16 63,488 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\icardie.dll

+ 2008-06-23 08:23:18 70,656 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\ie4uinit.exe

+ 2008-06-23 15:42:16 153,088 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\ieakeng.dll

+ 2008-06-23 15:42:17 230,400 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\ieaksie.dll

+ 2008-06-21 05:23:53 161,792 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\ieakui.dll

+ 2007-04-17 09:32:38 2,455,488 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\ieapfltr.dat

+ 2008-06-23 15:42:17 383,488 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\ieapfltr.dll

+ 2008-06-23 15:42:17 388,608 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\iedkcs32.dll

+ 2008-06-23 15:42:20 6,068,736 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\ieframe.dll

+ 2008-06-23 15:42:20 44,544 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\iernonce.dll

+ 2008-06-23 15:42:20 267,776 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\iertutil.dll

+ 2008-06-23 08:23:18 13,824 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\ieudinit.exe

+ 2008-06-23 08:23:52 625,664 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\iexplore.exe

+ 2008-06-23 15:42:21 27,648 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\jsproxy.dll

+ 2008-06-23 15:42:21 459,264 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\msfeeds.dll

+ 2008-06-23 15:42:21 52,224 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\msfeedsbs.dll

+ 2008-06-23 15:42:23 3,594,240 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\mshtml.dll

+ 2008-06-23 15:42:24 477,696 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\mshtmled.dll

+ 2008-06-23 15:42:24 193,024 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\msrating.dll

+ 2008-06-23 15:42:24 671,232 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\mstime.dll

+ 2008-06-23 15:42:24 102,912 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\occache.dll

+ 2008-06-23 15:42:24 44,544 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\pngfilt.dll

+ 2008-06-23 15:42:24 105,984 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\url.dll

+ 2008-06-23 15:42:25 1,162,752 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\urlmon.dll

+ 2008-06-23 15:42:25 233,472 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\webcheck.dll

+ 2008-06-23 15:42:26 827,904 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll

+ 2007-03-06 02:01:46 14,560 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\spmsg.dll

+ 2007-03-06 02:01:51 214,752 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\spuninst.exe

+ 2007-03-06 02:01:44 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\update\spcustom.dll

+ 2007-03-06 02:02:09 721,120 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\update\update.exe

+ 2007-03-06 02:03:01 374,496 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\update\updspapi.dll

+ 2007-11-30 12:39:50 17,784 ----a-w C:\WINDOWS\$hf_mig$\KB953839\spmsg.dll

+ 2007-11-30 12:39:50 232,824 ----a-w C:\WINDOWS\$hf_mig$\KB953839\spuninst.exe

+ 2007-11-30 12:39:50 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB953839\update\spcustom.dll

+ 2007-11-30 12:39:50 760,696 ----a-w C:\WINDOWS\$hf_mig$\KB953839\update\update.exe

+ 2007-11-30 12:39:50 385,912 ----a-w C:\WINDOWS\$hf_mig$\KB953839\update\updspapi.dll

+ 2007-11-30 12:39:50 232,824 -c----w C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe

+ 2007-11-30 12:39:50 385,912 -c----w C:\WINDOWS\$NtUninstallKB938464$\spuninst\updspapi.dll

+ 2004-08-04 08:03:16 82,944 -c----w C:\WINDOWS\$NtUninstallKB946648$\msgsc.dll

+ 2007-11-30 12:39:50 232,824 -c----w C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe

+ 2007-11-30 12:39:50 385,912 -c----w C:\WINDOWS\$NtUninstallKB946648$\spuninst\updspapi.dll

+ 2005-07-26 04:43:11 243,200 -c----w C:\WINDOWS\$NtUninstallKB950974$\es.dll

+ 2007-11-30 12:39:50 232,824 -c----w C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe

+ 2007-11-30 12:39:48 385,912 -c----w C:\WINDOWS\$NtUninstallKB950974$\spuninst\updspapi.dll

+ 2007-08-21 06:18:26 683,520 -c----w C:\WINDOWS\$NtUninstallKB951066$\inetcomm.dll

+ 2007-11-30 12:39:50 232,824 -c----w C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe

+ 2007-11-30 12:39:50 385,912 -c----w C:\WINDOWS\$NtUninstallKB951066$\spuninst\updspapi.dll

+ 2007-11-30 11:19:51 232,824 -c----w C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe

+ 2007-11-30 12:39:50 385,912 -c----w C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\updspapi.dll

+ 2007-11-13 11:31:11 60,416 -c----w C:\WINDOWS\$NtUninstallKB951072-v2$\tzchange.exe

+ 2008-04-14 15:54:25 272,256 -c----w C:\WINDOWS\$NtUninstallKB951376-v2$\bthport.sys

+ 2007-11-30 11:19:51 232,824 -c----w C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe

+ 2007-11-30 11:19:51 385,912 -c----w C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\updspapi.dll

+ 2004-08-04 06:14:14 138,496 -c----w C:\WINDOWS\$NtUninstallKB951748$\afd.sys

+ 2008-02-20 05:39:05 148,992 -c----w C:\WINDOWS\$NtUninstallKB951748$\dnsapi.dll

+ 2004-08-04 08:03:18 246,784 -c----w C:\WINDOWS\$NtUninstallKB951748$\mswsock.dll

+ 2007-11-30 12:39:50 232,824 -c----w C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe

+ 2007-11-30 12:39:48 385,912 -c----w C:\WINDOWS\$NtUninstallKB951748$\spuninst\updspapi.dll

+ 2007-10-30 17:20:55 360,064 -c----w C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys

+ 2006-08-16 09:37:30 225,664 -c----w C:\WINDOWS\$NtUninstallKB951748$\tcpip6.sys

+ 2004-08-04 08:03:15 331,776 -c----w C:\WINDOWS\$NtUninstallKB952287$\msadce.dll

+ 2007-11-30 11:19:51 232,824 -c----w C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe

+ 2007-11-30 11:19:51 385,912 -c----w C:\WINDOWS\$NtUninstallKB952287$\spuninst\updspapi.dll

+ 2005-06-29 01:53:12 74,240 -c----w C:\WINDOWS\$NtUninstallKB952954$\mscms.dll

+ 2007-11-30 12:39:50 232,824 -c----w C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe

+ 2007-11-30 12:39:50 385,912 -c----w C:\WINDOWS\$NtUninstallKB952954$\spuninst\updspapi.dll

+ 2007-11-30 12:39:50 232,824 -c----w C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe

+ 2007-11-30 12:39:50 385,912 -c----w C:\WINDOWS\$NtUninstallKB953839$\spuninst\updspapi.dll

+ 2005-06-28 08:23:30 214,752 -c----w C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe

+ 2007-07-27 08:41:48 382,840 -c----w C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\updspapi.dll

+ 2006-10-18 20:47:20 295,936 -c----w C:\WINDOWS\$NtUninstallKB954154_WM11$\wmpeffects.dll

+ 2008-09-01 00:13:56 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll

+ 2008-09-01 00:13:56 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll

+ 2008-09-01 00:13:56 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll

+ 2008-09-01 00:13:53 2,676,224 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2008-09-01 00:13:54 2,846,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2008-09-01 00:13:54 563,712 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2008-09-01 00:13:55 567,296 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2008-09-01 00:13:55 576,000 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2008-09-01 00:13:55 577,024 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2008-09-01 00:13:55 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2008-09-01 00:13:55 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2008-09-01 00:13:56 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2008-09-01 00:13:56 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2008-09-01 00:13:56 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll

+ 2008-09-01 00:13:57 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll

+ 2008-09-01 00:13:57 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll

+ 2008-09-01 00:13:57 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll

+ 2008-09-01 00:13:56 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll

+ 2004-05-13 12:56:06 593,408 ----a-w C:\WINDOWS\avcodec.dll

- 2008-04-14 15:54:25 272,256 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys

+ 2008-06-14 18:00:44 272,256 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys

- 2007-02-28 16:05:16 2,138,112 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe

+ 2008-08-14 13:48:09 2,138,112 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe

- 2007-02-28 16:05:26 2,059,392 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe

+ 2008-08-14 13:48:14 2,059,520 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe

- 2007-02-28 16:05:16 2,017,792 ------w C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe

+ 2008-08-14 13:48:08 2,017,792 ------w C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe

- 2007-02-28 16:05:27 2,182,144 ------w C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe

+ 2008-08-14 13:48:14 2,182,144 ------w C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe

- 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE

+ 2005-10-20 19:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE

- 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE

+ 2005-10-20 19:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE

+ 2008-04-23 04:22:22 124,928 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\advpack.dll

+ 2008-04-23 04:22:22 347,136 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\dxtmsft.dll

+ 2008-04-23 04:22:22 214,528 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\dxtrans.dll

+ 2008-04-23 04:22:22 133,120 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\extmgr.dll

+ 2008-04-23 04:22:22 63,488 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\icardie.dll

+ 2008-04-22 07:43:26 70,656 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ie4uinit.exe

+ 2008-04-23 04:22:22 153,088 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieakeng.dll

+ 2008-04-23 04:22:22 230,400 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieaksie.dll

+ 2008-04-20 05:07:51 161,792 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieakui.dll

+ 2008-04-23 04:22:22 383,488 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieapfltr.dll

+ 2008-04-23 04:22:22 384,512 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iedkcs32.dll

+ 2008-04-23 04:22:23 6,066,176 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieframe.dll

+ 2008-04-23 04:22:23 44,544 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iernonce.dll

+ 2008-04-23 04:22:23 267,776 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iertutil.dll

+ 2008-04-22 07:39:58 13,824 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieudinit.exe

+ 2008-04-22 07:43:46 625,664 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iexplore.exe

+ 2008-04-23 04:22:23 27,648 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\jsproxy.dll

+ 2008-04-23 04:22:23 459,264 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\msfeeds.dll

+ 2008-04-23 04:22:23 52,224 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\msfeedsbs.dll

+ 2008-04-23 20:22:24 3,591,680 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\mshtml.dll

+ 2008-04-23 04:22:23 478,208 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\mshtmled.dll

+ 2008-04-23 04:22:23 193,024 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\msrating.dll

+ 2008-04-23 04:22:23 671,232 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\mstime.dll

+ 2008-04-23 04:22:23 102,912 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\occache.dll

+ 2008-04-23 04:22:23 44,544 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\pngfilt.dll

+ 2007-03-06 02:01:51 214,752 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe

+ 2007-03-06 02:03:01 374,496 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\updspapi.dll

+ 2008-04-23 04:22:23 105,984 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\url.dll

+ 2008-04-23 04:22:23 1,159,680 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\urlmon.dll

+ 2008-04-23 04:22:23 233,472 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\webcheck.dll

+ 2008-04-23 04:22:23 826,368 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\wininet.dll

+ 2008-06-23 16:57:25 124,928 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\advpack.dll

+ 2008-06-23 16:57:25 347,136 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\dxtmsft.dll

+ 2008-06-23 16:57:25 214,528 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\dxtrans.dll

+ 2008-06-23 16:57:26 133,120 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\extmgr.dll

+ 2008-06-23 16:57:26 63,488 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\icardie.dll

+ 2008-06-23 09:22:59 70,656 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ie4uinit.exe

+ 2008-06-23 16:57:27 153,088 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieakeng.dll

+ 2008-06-23 16:57:27 230,400 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieaksie.dll

+ 2008-06-21 05:23:54 161,792 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieakui.dll

+ 2008-06-23 16:57:27 383,488 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieapfltr.dll

+ 2008-06-23 16:57:27 384,512 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iedkcs32.dll

+ 2008-06-23 16:57:31 6,066,176 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieframe.dll

+ 2008-06-23 16:57:31 44,544 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iernonce.dll

+ 2008-06-23 16:57:31 267,776 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iertutil.dll

+ 2008-06-23 09:20:26 13,824 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieudinit.exe

+ 2008-06-23 09:23:15 625,664 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iexplore.exe

+ 2008-06-23 16:57:33 27,648 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\jsproxy.dll

+ 2008-06-23 16:57:33 459,264 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\msfeeds.dll

+ 2008-06-23 16:57:33 52,224 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\msfeedsbs.dll

+ 2008-06-24 08:57:38 3,592,192 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\mshtml.dll

+ 2008-06-23 16:57:37 477,696 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\mshtmled.dll

+ 2008-06-23 16:57:38 193,024 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\msrating.dll

+ 2008-06-23 16:57:38 671,232 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\mstime.dll

+ 2008-06-23 16:57:39 102,912 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\occache.dll

+ 2008-06-23 16:57:39 44,544 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\pngfilt.dll

+ 2007-03-06 02:01:51 214,752 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe

+ 2007-03-06 02:03:01 374,496 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\updspapi.dll

+ 2008-06-23 16:57:39 105,984 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\url.dll

+ 2008-06-23 16:57:39 1,159,680 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\urlmon.dll

+ 2008-06-23 16:57:40 233,472 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\webcheck.dll

+ 2008-06-23 16:57:40 826,368 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\wininet.dll

+ 2006-10-26 19:12:56 396,592 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\MOC.EXE

+ 2007-05-08 10:10:18 16,874,376 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\MSO.DLL

+ 2007-03-21 17:56:50 8,425,856 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\OARTCONV.DLL

+ 2006-10-27 14:18:34 1,658,152 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\OGL.DLL

+ 2007-05-10 08:04:28 846,248 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\OICE.EXE

+ 2007-05-10 09:11:42 1,767,256 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\PPCNV.DLL

+ 2007-03-21 18:00:06 72,096 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\PXBCOM.EXE

+ 2007-09-14 19:45:58 16,901,168 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6215\MSO.DLL

+ 2007-08-28 22:19:24 1,654,648 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6215\OGL.DLL

+ 2007-04-19 11:53:52 127,328 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\IMPMAIL.DLL

+ 2007-04-19 11:53:44 106,336 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OUTLMIME.DLL

+ 2007-05-31 11:35:22 6,420,320 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\POWERPNT.EXE

- 2008-06-15 03:44:44 593,920 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe

+ 2008-10-15 01:02:24 593,920 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe

- 2008-06-15 03:44:44 12,288 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe

+ 2008-10-15 01:02:24 12,288 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe

- 2008-06-15 03:44:44 86,016 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe

+ 2008-10-15 01:02:24 86,016 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe

- 2008-06-15 03:44:44 135,168 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe

+ 2008-10-15 01:02:23 135,168 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe

- 2008-06-15 03:44:44 11,264 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe

+ 2008-10-15 01:02:24 11,264 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe

- 2008-06-15 03:44:44 27,136 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe

+ 2008-10-15 01:02:24 27,136 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe

- 2008-06-15 03:44:44 4,096 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe

+ 2008-10-15 01:02:24 4,096 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe

- 2008-06-15 03:44:44 794,624 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe

+ 2008-10-15 01:02:24 794,624 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe

- 2008-06-15 03:44:44 249,856 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe

+ 2008-10-15 01:02:24 249,856 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe

- 2008-06-15 03:44:44 61,440 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe

+ 2008-10-15 01:02:24 61,440 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe

- 2008-06-15 03:44:44 23,040 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe

+ 2008-10-15 01:02:24 23,040 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe

- 2008-06-15 03:44:44 286,720 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe

+ 2008-10-15 01:02:23 286,720 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe

- 2008-06-15 03:44:44 409,600 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe

+ 2008-10-15 01:02:23 409,600 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe

- 2008-06-15 03:43:27 38,240 ----a-r C:\WINDOWS\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe

+ 2008-10-15 01:01:02 38,240 ----a-r C:\WINDOWS\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe

+ 2008-07-05 01:30:55 22,486 ----a-r C:\WINDOWS\Installer\{99052DB7-9592-4522-A558-5417BBAD48EE}\ARPPRODUCTICON.exe

+ 2008-07-05 01:30:55 22,486 ----a-r C:\WINDOWS\Installer\{99052DB7-9592-4522-A558-5417BBAD48EE}\WCESMgrIcon.exe

+ 2005-03-18 14:23:10 53,248 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.AudioVideoPlayback.dll

+ 2005-03-18 14:23:10 12,800 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Diagnostics.dll

+ 2005-03-18 14:23:14 473,600 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3D.dll

+ 2004-09-29 10:38:58 2,676,224 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3DX.dll

+ 2005-03-18 14:23:10 145,920 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectDraw.dll

+ 2005-03-18 14:23:10 159,232 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectInput.dll

+ 2005-03-18 14:23:14 364,544 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectPlay.dll

+ 2005-03-18 14:23:12 178,176 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectSound.dll

+ 2005-03-18 14:23:14 223,232 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.dll

+ 2004-12-01 13:53:06 2,846,720 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2903.0\Microsoft.DirectX.Direct3DX.dll

+ 2005-02-05 17:32:54 563,712 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2904.0\Microsoft.DirectX.Direct3DX.dll

+ 2005-03-18 15:23:14 567,296 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2905.0\Microsoft.DirectX.Direct3DX.dll

+ 2005-05-26 13:15:56 576,000 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2906.0\Microsoft.DirectX.Direct3DX.dll

+ 2005-07-22 15:21:34 577,024 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2907.0\Microsoft.DirectX.Direct3DX.dll

+ 2005-09-28 12:11:52 577,536 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2908.0\Microsoft.DirectX.Direct3DX.dll

+ 2005-12-05 15:20:50 577,536 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2909.0\Microsoft.DirectX.Direct3DX.dll

+ 2006-02-03 05:40:48 578,560 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2910.0\Microsoft.DirectX.Direct3DX.dll

+ 2006-03-31 09:27:50 578,560 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2911.0\Microsoft.DirectX.Direct3DX.dll

- 2008-04-19 10:46:21 1,597 ----a-w C:\WINDOWS\mozver.dat

+ 2008-06-28 11:35:10 1,846 ----a-w C:\WINDOWS\mozver.dat

- 2000-08-31 06:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe

+ 2000-08-31 07:00:00 28,672 ----a-w C:\WINDOWS\Nircmd.exe

- 2000-08-31 06:00:00 161,792 ----a-w C:\WINDOWS\swreg.exe

+ 2000-08-31 07:00:00 161,792 ----a-w C:\WINDOWS\swreg.exe

+ 2008-06-17 14:12:42 114,688 ----a-w C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

+ 2008-06-17 14:23:02 202,168 ----a-w C:\WINDOWS\system32\Adobe\Director\SwDir.dll

+ 2008-06-17 14:13:22 487,424 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\Control.dll

+ 2008-06-17 13:36:00 1,798,144 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\dirapi.dll

+ 2008-06-17 14:13:26 9,216 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\DynaPlayer.dll

+ 2008-06-17 13:32:18 892,928 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\iml32.dll

+ 2008-06-17 14:11:56 253,952 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\Plugin.dll

+ 2008-06-17 14:15:00 446,464 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\Proj.dll

+ 2008-06-17 14:22:46 439,736 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1100458.exe

+ 2008-06-17 14:15:44 114,688 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\SwInit.exe

+ 2008-06-17 14:11:44 94,208 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\SwMenu.dll

+ 1999-06-25 08:55:30 149,504 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\UNWISE.EXE

- 2008-04-23 04:22:22 124,928 ----a-w C:\WINDOWS\system32\advpack.dll

+ 2008-08-26 08:30:43 124,928 ----a-w C:\WINDOWS\system32\advpack.dll

+ 2005-08-16 15:26:00 241,664 ----a-w C:\WINDOWS\system32\AMR.dll

+ 2005-08-16 15:26:00 57,344 ----a-w C:\WINDOWS\system32\AMRDSF.dll

- 2007-07-30 18:19:20 92,504 ----a-w C:\WINDOWS\system32\cdm.dll

+ 2008-07-18 20:10:48 94,920 ----a-w C:\WINDOWS\system32\cdm.dll

- 2006-06-21 18:54:10 20,264 ----a-w C:\WINDOWS\system32\ceutil.dll

+ 2006-11-13 11:38:40 22,824 ----a-w C:\WINDOWS\system32\ceutil.dll

+ 2007-03-12 14:42:30 1,123,696 ----a-w C:\WINDOWS\system32\D3DCompiler_33.dll

+ 2007-05-16 14:45:16 1,124,720 ----a-w C:\WINDOWS\system32\D3DCompiler_34.dll

+ 2007-07-19 16:14:42 1,358,192 ----a-w C:\WINDOWS\system32\D3DCompiler_35.dll

+ 2007-10-12 13:14:00 1,374,232 ----a-w C:\WINDOWS\system32\D3DCompiler_36.dll

+ 2008-03-05 13:56:58 1,420,824 ----a-w C:\WINDOWS\system32\D3DCompiler_37.dll

+ 2008-05-30 12:11:46 1,491,992 ----a-w C:\WINDOWS\system32\D3DCompiler_38.dll

+ 2007-03-15 14:57:58 443,752 ----a-w C:\WINDOWS\system32\d3dx10_33.dll

+ 2007-05-16 14:45:16 443,752 ----a-w C:\WINDOWS\system32\d3dx10_34.dll

+ 2007-07-19 16:14:42 444,776 ----a-w C:\WINDOWS\system32\d3dx10_35.dll

+ 2007-10-02 07:56:34 444,776 ----a-w C:\WINDOWS\system32\d3dx10_36.dll

+ 2008-02-05 21:07:36 462,864 ----a-w C:\WINDOWS\system32\d3dx10_37.dll

+ 2008-05-30 12:11:46 467,984 ----a-w C:\WINDOWS\system32\d3dx10_38.dll

+ 2005-02-05 17:45:26 2,222,800 ----a-w C:\WINDOWS\system32\d3dx9_24.dll

+ 2005-03-18 15:19:58 2,337,488 ----a-w C:\WINDOWS\system32\d3dx9_25.dll

+ 2005-05-26 13:34:52 2,297,552 ----a-w C:\WINDOWS\system32\d3dx9_26.dll

+ 2005-07-22 17:59:04 2,319,568 ----a-w C:\WINDOWS\system32\d3dx9_27.dll

+ 2005-12-05 16:09:18 2,323,664 ----a-w C:\WINDOWS\system32\d3dx9_28.dll

+ 2006-02-03 06:43:16 2,332,368 ----a-w C:\WINDOWS\system32\d3dx9_29.dll

+ 2006-03-31 10:40:58 2,388,176 ----a-w C:\WINDOWS\system32\d3dx9_30.dll

+ 2006-09-28 14:05:20 2,414,360 ----a-w C:\WINDOWS\system32\d3dx9_31.dll

+ 2006-11-29 11:06:18 3,426,072 ----a-w C:\WINDOWS\system32\d3dx9_32.dll

+ 2007-03-12 14:42:30 3,495,784 ----a-w C:\WINDOWS\system32\d3dx9_33.dll

+ 2007-05-16 14:45:16 3,497,832 ----a-w C:\WINDOWS\system32\d3dx9_34.dll

+ 2007-07-19 16:14:42 3,727,720 ----a-w C:\WINDOWS\system32\d3dx9_35.dll

+ 2007-10-12 13:14:00 3,734,536 ----a-w C:\WINDOWS\system32\d3dx9_36.dll

+ 2008-03-05 13:56:58 3,786,760 ----a-w C:\WINDOWS\system32\D3DX9_37.dll

+ 2008-05-30 12:11:46 3,850,760 ----a-w C:\WINDOWS\system32\D3DX9_38.dll

- 2008-04-23 04:22:22 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll

+ 2008-08-26 08:30:43 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll

+ 2008-08-14 09:51:43 138,368 -c----w C:\WINDOWS\system32\dllcache\afd.sys

- 2008-04-14 15:54:25 272,256 -c----w C:\WINDOWS\system32\dllcache\bthport.sys

+ 2008-06-14 18:00:44 272,256 -c----w C:\WINDOWS\system32\dllcache\bthport.sys

- 2007-07-30 18:19:20 92,504 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll

+ 2008-07-18 20:10:48 94,920 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll

- 2008-02-20 05:39:05 148,992 -c----w C:\WINDOWS\system32\dllcache\dnsapi.dll

+ 2008-06-20 17:43:13 148,992 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll

- 2008-04-23 04:22:22 347,136 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll

+ 2008-08-26 08:30:43 347,136 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll

- 2008-04-23 04:22:22 214,528 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll

+ 2008-08-26 08:30:43 214,528 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll

+ 2008-07-07 20:33:05 253,952 -c----w C:\WINDOWS\system32\dllcache\es.dll

- 2008-04-23 04:22:22 133,120 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll

+ 2008-08-26 08:30:43 133,120 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll

- 2008-04-23 04:22:22 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll

+ 2008-08-26 08:30:43 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll

- 2008-04-22 07:43:26 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe

+ 2008-08-25 08:41:09 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe

- 2008-04-23 04:22:22 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll

+ 2008-08-26 08:30:43 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll

- 2008-04-23 04:22:22 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll

+ 2008-08-26 08:30:43 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll

- 2008-04-20 05:07:51 161,792 -c----w C:\WINDOWS\system32\dllcache\ieakui.dll

+ 2008-08-23 05:54:51 161,792 -c----w C:\WINDOWS\system32\dllcache\ieakui.dll

- 2008-04-23 04:22:22 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll

+ 2008-08-26 08:30:43 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll

- 2008-04-23 04:22:22 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll

+ 2008-08-26 08:30:43 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll

- 2008-04-23 04:22:23 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll

+ 2008-10-03 17:31:14 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll

- 2008-04-23 04:22:23 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll

+ 2008-08-26 08:30:44 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll

- 2008-04-23 04:22:23 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll

+ 2008-08-26 08:30:44 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll

- 2008-04-22 07:39:58 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe

+ 2008-08-25 08:38:00 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe

- 2008-04-22 07:43:46 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe

+ 2008-08-23 05:56:15 635,848 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe

- 2007-08-21 06:18:26 683,520 -c----w C:\WINDOWS\system32\dllcache\inetcomm.dll

+ 2008-04-11 18:52:25 683,520 -c----w C:\WINDOWS\system32\dllcache\inetcomm.dll

- 2008-04-23 04:22:23 27,648 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll

+ 2008-08-26 08:30:44 27,648 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll

+ 2008-05-01 14:34:30 331,776 -c----w C:\WINDOWS\system32\dllcache\msadce.dll

+ 2008-06-24 16:24:51 74,240 -c----w C:\WINDOWS\system32\dllcache\mscms.dll

- 2008-04-23 04:22:23 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll

+ 2008-08-26 08:30:44 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll

- 2008-04-23 04:22:23 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll

+ 2008-08-26 08:30:44 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll

- 2008-04-23 20:22:24 3,591,680 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll

+ 2008-08-27 09:30:46 3,593,216 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll

- 2008-04-23 04:22:23 478,208 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll

+ 2008-08-26 08:30:45 477,696 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll

- 2008-04-23 04:22:23 193,024 -c----w C:\WINDOWS\system32\dllcache\msrating.dll

+ 2008-08-26 08:30:45 193,024 -c----w C:\WINDOWS\system32\dllcache\msrating.dll

- 2008-04-23 04:22:23 671,232 -c----w C:\WINDOWS\system32\dllcache\mstime.dll

+ 2008-08-26 08:30:45 671,232 -c----w C:\WINDOWS\system32\dllcache\mstime.dll

+ 2008-06-20 17:43:14 246,784 -c----w C:\WINDOWS\system32\dllcache\mswsock.dll

- 2006-08-17 12:30:01 332,288 -c----w C:\WINDOWS\system32\dllcache\netapi32.dll

+ 2008-10-15 17:01:26 332,800 -c----w C:\WINDOWS\system32\dllcache\netapi32.dll

- 2007-02-28 16:05:16 2,138,112 -c----w C:\WINDOWS\system32\dllcache\ntkrnlmp.exe

+ 2008-08-14 13:48:09 2,138,112 -c----w C:\WINDOWS\system32\dllcache\ntkrnlmp.exe

- 2007-02-28 16:05:26 2,059,392 -c----w C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

+ 2008-08-14 13:48:14 2,059,520 -c----w C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

- 2007-02-28 16:05:16 2,017,792 -c----w C:\WINDOWS\system32\dllcache\ntkrpamp.exe

+ 2008-08-14 13:48:08 2,017,792 -c----w C:\WINDOWS\system32\dllcache\ntkrpamp.exe

- 2007-02-28 16:05:27 2,182,144 -c----w C:\WINDOWS\system32\dllcache\ntoskrnl.exe

+ 2008-08-14 13:48:14 2,182,144 -c----w C:\WINDOWS\system32\dllcache\ntoskrnl.exe

- 2008-04-23 04:22:23 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll

+ 2008-08-26 08:30:45 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll

- 2008-04-23 04:22:23 44,544 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll

+ 2008-08-26 08:30:45 44,544 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll

- 2006-08-14 10:34:41 332,928 -c----w C:\WINDOWS\system32\dllcache\srv.sys

+ 2008-08-28 10:04:17 333,056 -c----w C:\WINDOWS\system32\dllcache\srv.sys

- 2007-10-30 17:20:55 360,064 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys

+ 2008-06-20 10:45:13 360,320 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys

- 2006-08-16 09:37:30 225,664 -c----w C:\WINDOWS\system32\dllcache\tcpip6.sys

+ 2008-06-20 09:52:06 225,920 -c--a-w C:\WINDOWS\system32\dllcache\tcpip6.sys

- 2008-04-23 04:22:23 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll

+ 2008-08-26 08:30:45 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll

- 2008-04-23 04:22:23 1,159,680 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll

+ 2008-08-26 08:30:45 1,159,680 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll

+ 2004-08-04 07:03:24 53,760 -c--a-w C:\WINDOWS\system32\dllcache\vfwwdm32.dll

- 2008-04-23 04:22:23 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll

+ 2008-08-26 08:30:45 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll

- 2008-03-20 08:11:33 1,845,248 -c----w C:\WINDOWS\system32\dllcache\win32k.sys

+ 2008-09-15 15:42:12 1,846,016 -c----w C:\WINDOWS\system32\dllcache\win32k.sys

- 2008-04-23 04:22:23 826,368 -c----w C:\WINDOWS\system32\dllcache\wininet.dll

+ 2008-08-26 08:30:45 826,368 -c----w C:\WINDOWS\system32\dllcache\wininet.dll

+ 2008-07-18 20:09:44 563,912 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll

- 2007-07-30 18:19:16 53,080 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe

+ 2008-07-18 20:10:42 53,448 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe

- 2007-07-30 18:19:42 1,712,984 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll

+ 2008-07-18 20:09:42 1,811,656 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll

+ 2008-07-18 20:09:46 325,832 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll

+ 2008-07-18 20:10:20 36,552 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll

+ 2008-07-18 20:09:44 205,000 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll

- 2008-02-20 05:39:05 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll

+ 2008-06-20 17:43:13 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll

- 2004-08-04 06:14:14 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys

+ 2008-08-14 09:51:43 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys

- 2008-04-14 15:54:25 272,256 ------w C:\WINDOWS\system32\drivers\bthport.sys

+ 2008-06-14 18:00:44 272,256 ------w C:\WINDOWS\system32\drivers\bthport.sys

+ 2007-04-26 12:01:00 22,144 ----a-w C:\WINDOWS\system32\drivers\ptO2_bus.sys

+ 2007-04-26 12:01:00 4,608 ----a-w C:\WINDOWS\system32\drivers\ptO2_flt.sys

+ 2007-04-26 12:01:00 39,808 ----a-w C:\WINDOWS\system32\drivers\ptO2_mdm.sys

+ 2007-04-26 12:02:00 38,528 ----a-w C:\WINDOWS\system32\drivers\ptO2_prt.sys

- 2008-01-16 14:52:08 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys

+ 2008-06-25 22:14:03 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys

+ 2007-05-02 09:11:16 83,592 ----a-w C:\WINDOWS\system32\drivers\ss_bus.sys

+ 2007-05-02 09:11:16 12,424 ----a-w C:\WINDOWS\system32\drivers\ss_cm.sys

+ 2007-05-02 09:11:16 12,424 ----a-w C:\WINDOWS\system32\drivers\ss_cmnt.sys

+ 2007-05-02 09:11:18 15,112 ----a-w C:\WINDOWS\system32\drivers\ss_mdfl.sys

+ 2007-05-02 09:11:18 109,704 ----a-w C:\WINDOWS\system32\drivers\ss_mdm.sys

+ 2007-05-02 09:11:18 12,424 ----a-w C:\WINDOWS\system32\drivers\ss_wh.sys

+ 2007-05-02 09:11:18 12,424 ----a-w C:\WINDOWS\system32\drivers\ss_whnt.sys

- 2007-10-30 17:20:55 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

+ 2008-06-20 10:45:13 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

- 2006-08-16 09:37:30 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

+ 2008-06-20 09:52:06 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

- 2008-04-23 04:22:22 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll

+ 2008-08-26 08:30:43 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll

- 2008-04-23 04:22:22 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll

+ 2008-08-26 08:30:43 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll

- 2005-07-26 04:43:11 243,200 ----a-w C:\WINDOWS\system32\es.dll

+ 2008-07-07 20:33:05 253,952 ----a-w C:\WINDOWS\system32\es.dll

+ 2005-08-16 15:26:00 57,344 ----a-w C:\WINDOWS\system32\EvrcDecDll.dll

- 2008-04-23 04:22:22 133,120 ------w C:\WINDOWS\system32\extmgr.dll

+ 2008-08-26 08:30:43 133,120 ------w C:\WINDOWS\system32\extmgr.dll

- 2008-06-15 11:21:56 1,501,432 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT

+ 2008-10-15 11:59:30 1,501,432 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT

+ 2006-05-03 20:53:54 174,592 ----a-w C:\WINDOWS\system32\framedyn.dll

+ 2006-03-21 13:49:22 2,729,472 ----a-w C:\WINDOWS\system32\fun_avcodec.dll

+ 2006-08-07 11:55:08 77,824 ----a-w C:\WINDOWS\system32\fun_mp4_dec.dll

+ 2006-08-03 09:29:54 684,032 ----a-w C:\WINDOWS\system32\fun_mp4_enc.dll

- 2008-04-23 04:22:22 63,488 ----a-w C:\WINDOWS\system32\icardie.dll

+ 2008-08-26 08:30:43 63,488 ----a-w C:\WINDOWS\system32\icardie.dll

- 2008-04-22 07:43:26 70,656 ------w C:\WINDOWS\system32\ie4uinit.exe

+ 2008-08-25 08:41:09 70,656 ------w C:\WINDOWS\system32\ie4uinit.exe

- 2008-04-23 04:22:22 153,088 ------w C:\WINDOWS\system32\ieakeng.dll

+ 2008-08-26 08:30:43 153,088 ------w C:\WINDOWS\system32\ieakeng.dll

- 2008-04-23 04:22:22 230,400 ------w C:\WINDOWS\system32\ieaksie.dll

+ 2008-08-26 08:30:43 230,400 ------w C:\WINDOWS\system32\ieaksie.dll

- 2008-04-20 05:07:51 161,792 ------w C:\WINDOWS\system32\ieakui.dll

+ 2008-08-23 05:54:51 161,792 ------w C:\WINDOWS\system32\ieakui.dll

- 2008-04-23 04:22:22 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll

+ 2008-08-26 08:30:43 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll

- 2008-04-23 04:22:22 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll

+ 2008-08-26 08:30:43 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll

- 2008-04-23 04:22:23 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll

+ 2008-10-03 17:31:14 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll

- 2008-04-23 04:22:23 44,544 ------w C:\WINDOWS\system32\iernonce.dll

+ 2008-08-26 08:30:44 44,544 ------w C:\WINDOWS\system32\iernonce.dll

- 2008-04-23 04:22:23 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll

+ 2008-08-26 08:30:44 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll

- 2008-04-22 07:39:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe

+ 2008-08-25 08:38:00 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe

- 2007-08-21 06:18:26 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll

+ 2008-04-11 18:52:25 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll

- 2007-09-24 21:30:28 135,168 ----a-w C:\WINDOWS\system32\java.exe

+ 2008-06-09 23:21:01 135,168 ----a-w C:\WINDOWS\system32\java.exe

- 2007-09-24 21:30:30 135,168 ----a-w C:\WINDOWS\system32\javaw.exe

+ 2008-06-09 23:21:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe

- 2007-09-24 22:31:42 139,264 ----a-w C:\WINDOWS\system32\javaws.exe

+ 2008-06-10 00:32:34 139,264 ----a-w C:\WINDOWS\system32\javaws.exe

- 2008-04-23 04:22:23 27,648 ------w C:\WINDOWS\system32\jsproxy.dll

+ 2008-08-26 08:30:44 27,648 ------w C:\WINDOWS\system32\jsproxy.dll

+ 2007-02-16 10:14:00 53,248 ----a-w C:\WINDOWS\system32\lfani14nu.dll

+ 2007-02-16 10:14:00 61,440 ----a-w C:\WINDOWS\system32\lfbmp14nu.dll

+ 2007-02-16 10:14:00 405,504 ----a-w C:\WINDOWS\system32\lfcmp14nu.DLL

+ 2007-02-16 10:14:00 65,536 ----a-w C:\WINDOWS\system32\lfgif14nu.dll

+ 2007-02-16 10:14:00 49,152 ----a-w C:\WINDOWS\system32\lfimg14nu.dll

+ 2007-02-16 10:14:00 53,248 ----a-w C:\WINDOWS\system32\lftga14nu.dll

+ 2007-02-16 10:14:00 311,296 ----a-w C:\WINDOWS\system32\LTDIS14nu.dll

+ 2007-02-16 10:14:00 180,224 ----a-w C:\WINDOWS\system32\ltfil14nu.DLL

+ 2007-02-16 10:14:00 954,368 ----a-w C:\WINDOWS\system32\ltimg14nu.dll

+ 2007-02-16 10:14:00 503,808 ----a-w C:\WINDOWS\system32\ltkrn14nu.dll

+ 2008-03-14 21:31:26 57,344 ----a-w C:\WINDOWS\system32\Macromed\Common\SwSupport.dll

- 2007-06-11 12:34:00 2,115,816 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

+ 2008-03-25 03:21:18 2,889,088 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

- 2007-06-11 12:34:00 190,696 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe

+ 2008-03-25 03:21:20 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe

+ 2008-07-25 14:37:21 70,264 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

+ 2008-03-14 21:29:22 581,632 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Control.dll

+ 2008-03-14 21:12:30 1,490,944 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\dirapiX.dll

+ 2008-03-14 21:29:58 24,576 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\DynaPlayer.dll

+ 2008-03-14 21:10:06 606,208 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\iml32X.dll

+ 2008-03-14 21:28:48 339,968 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Plugin.dll

+ 2008-03-14 21:28:56 475,136 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\PluginPing.dll

+ 2008-03-14 21:21:52 180,224 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Proj.dll

+ 2008-03-14 21:31:28 77,824 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwInit.exe

+ 2008-03-15 09:38:08 86,016 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwMenuX.dll

+ 2008-03-14 21:31:28 98,304 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwOnce.dll

+ 2008-09-20 21:36:33 74,703 ----a-w C:\WINDOWS\system32\mfc45.dll

+ 2004-12-09 15:24:38 49,152 ----a-w C:\WINDOWS\system32\MFC71KOR.DLL

+ 2004-12-09 15:22:14 1,056,768 ----a-w C:\WINDOWS\system32\MFC71L.DLL

+ 2005-08-30 13:35:00 1,046,528 ----a-w C:\WINDOWS\system32\MFC71LU.DLL

- 2003-03-18 19:12:12 1,047,552 ----a-w C:\WINDOWS\system32\mfc71u.dll

+ 2003-03-19 12:12:12 1,047,552 ----a-w C:\WINDOWS\system32\MFC71u.dll

+ 2006-03-02 18:38:08 77,824 ----a-w C:\WINDOWS\system32\mp4_vcodec.dll

+ 2005-08-16 15:26:00 122,880 ----a-w C:\WINDOWS\system32\Mpeg4DSF.dll

+ 2005-08-16 15:26:00 827,392 ----a-w C:\WINDOWS\system32\Mpeg4System.dll

+ 2005-08-16 15:26:00 167,936 ----a-w C:\WINDOWS\system32\Mpeg4Tools.dll

- 2008-05-29 23:35:11 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe

+ 2008-10-07 10:19:42 16,721,856 ----a-w C:\WINDOWS\system32\MRT.exe

- 2005-06-29 01:53:12 74,240 ----a-w C:\WINDOWS\system32\mscms.dll

+ 2008-06-24 16:24:51 74,240 ----a-w C:\WINDOWS\system32\mscms.dll

+ 2000-06-28 08:47:10 24,848 ----a-r C:\WINDOWS\system32\msdart32.dll

- 2008-04-23 04:22:23 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll

+ 2008-08-26 08:30:44 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll

- 2008-04-23 04:22:23 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll

+ 2008-08-26 08:30:44 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll

- 2008-04-23 20:22:24 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll

+ 2008-08-27 09:30:46 3,593,216 ----a-w C:\WINDOWS\system32\mshtml.dll

- 2008-04-23 04:22:23 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll

+ 2008-08-26 08:30:45 477,696 ----a-w C:\WINDOWS\system32\mshtmled.dll

+ 2008-07-31 08:16:54 947,472 ----a-w C:\WINDOWS\system32\msjava.dll

+ 2005-08-30 13:35:00 507,904 ----a-w C:\WINDOWS\system32\MSLUP71.DLL

+ 2004-12-07 15:54:20 774,144 ----a-w C:\WINDOWS\system32\MSLUP71D.DLL

+ 2005-08-30 13:35:00 352,256 ----a-w C:\WINDOWS\system32\MSLUR71.DLL

+ 2004-12-07 15:54:16 557,056 ----a-w C:\WINDOWS\system32\MSLUR71D.DLL

- 2008-04-23 04:22:23 193,024 ------w C:\WINDOWS\system32\msrating.dll

+ 2008-08-26 08:30:45 193,024 ------w C:\WINDOWS\system32\msrating.dll

- 2008-04-23 04:22:23 671,232 ------w C:\WINDOWS\system32\mstime.dll

+ 2008-08-26 08:30:45 671,232 ------w C:\WINDOWS\system32\mstime.dll

+ 2002-01-05 14:37:00 344,064 ----a-w C:\WINDOWS\system32\msvcr70.dll

- 2006-06-22 12:29:04 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll

+ 2003-02-21 16:42:22 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll

+ 2003-03-19 07:03:52 544,768 ----a-w C:\WINDOWS\system32\msvcr71d.dll

- 2004-08-04 08:03:18 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll

+ 2008-06-20 17:43:14 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll

+ 2001-03-08 16:30:00 24,064 ------w C:\WINDOWS\system32\msxml3a.dll

- 2007-07-30 18:19:10 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll

+ 2008-07-18 20:07:34 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll

- 2007-07-30 18:18:34 207,736 ----a-w C:\WINDOWS\system32\muweb.dll

+ 2008-07-18 20:07:32 210,976 ----a-w C:\WINDOWS\system32\muweb.dll

+ 2004-11-04 11:31:22 835,584 ----a-w C:\WINDOWS\system32\NCTAudioCDGrabber2.dll

+ 2005-03-29 05:57:22 2,084,864 ----a-w C:\WINDOWS\system32\NCTAudioDesign2.dll

+ 2005-03-28 13:56:36 417,792 ----a-w C:\WINDOWS\system32\NCTAudioDisplay2.dll

+ 2005-04-15 10:08:02 880,640 ----a-w C:\WINDOWS\system32\NCTAudioEditor2.dll

+ 2005-05-17 10:37:44 1,986,560 ----a-w C:\WINDOWS\system32\NCTAudioFile2.dll

+ 2005-05-18 09:52:40 1,212,416 ----a-w C:\WINDOWS\system32\NCTAudioInformation2.dll

+ 2005-04-25 11:01:12 458,752 ----a-w C:\WINDOWS\system32\NCTAudioPlayer2.dll

+ 2005-04-25 11:01:38 458,752 ----a-w C:\WINDOWS\system32\NCTAudioRecord2.dll

+ 2005-04-04 15:21:32 602,112 ----a-w C:\WINDOWS\system32\NCTAudioTransform2.dll

+ 2005-03-28 13:54:42 479,232 ----a-w C:\WINDOWS\system32\NCTAudioVisualization2.dll

+ 2005-03-28 13:54:02 475,136 ----a-w C:\WINDOWS\system32\NCTAudioVisualizationEx2.dll

+ 2005-03-28 13:52:12 417,792 ----a-w C:\WINDOWS\system32\NCTTextToAudio2.dll

+ 2005-02-24 09:51:38 348,160 ----a-w C:\WINDOWS\system32\NCTWMAFile2.dll

- 2006-08-17 12:30:01 332,288 ----a-w C:\WINDOWS\system32\netapi32.dll

+ 2008-10-15 17:01:26 332,800 ----a-w C:\WINDOWS\system32\netapi32.dll

- 2007-02-28 16:05:16 2,017,792 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe

+ 2008-08-14 13:48:08 2,017,792 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe

- 2007-02-28 16:05:16 2,138,112 ----a-w C:\WINDOWS\system32\ntoskrnl.exe

+ 2008-08-14 13:48:09 2,138,112 ----a-w C:\WINDOWS\system32\ntoskrnl.exe

- 2008-04-23 04:22:23 102,912 ------w C:\WINDOWS\system32\occache.dll

+ 2008-08-26 08:30:45 102,912 ------w C:\WINDOWS\system32\occache.dll

+ 2005-08-16 15:26:00 49,152 ----a-w C:\WINDOWS\system32\Pal.dll

- 2008-05-04 15:27:48 60,624 ----a-w C:\WINDOWS\system32\perfc009.dat

+ 2008-10-26 02:37:00 60,624 ----a-w C:\WINDOWS\system32\perfc009.dat

- 2008-05-04 15:27:49 68,918 ----a-w C:\WINDOWS\system32\perfc014.dat

+ 2008-10-26 02:37:00 68,918 ----a-w C:\WINDOWS\system32\perfc014.dat

- 2008-05-04 15:27:48 400,464 ----a-w C:\WINDOWS\system32\perfh009.dat

+ 2008-10-26 02:37:00 400,464 ----a-w C:\WINDOWS\system32\perfh009.dat

- 2008-05-04 15:27:49 404,682 ----a-w C:\WINDOWS\system32\perfh014.dat

+ 2008-10-26 02:37:00 404,682 ----a-w C:\WINDOWS\system32\perfh014.dat

- 2008-04-23 04:22:23 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll

+ 2008-08-26 08:30:45 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll

+ 2001-10-06 12:02:34 5,632 ----a-w C:\WINDOWS\system32\ptpusb.dll

+ 2004-08-04 07:03:20 159,232 ----a-w C:\WINDOWS\system32\ptpusd.dll

- 2006-06-21 18:55:10 129,832 ----a-w C:\WINDOWS\system32\rapi.dll

+ 2006-11-13 11:39:28 138,024 ----a-w C:\WINDOWS\system32\rapi.dll

+ 2007-05-02 09:11:16 83,592 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\1\i386\ss_bus.sys

+ 2007-05-02 09:11:16 12,424 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\1\i386\ss_cmnt.sys

+ 2007-05-02 09:11:18 15,112 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\1\i386\ss_mdfl.sys

+ 2007-05-02 09:11:18 109,704 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\1\i386\ss_mdm.sys

+ 2007-05-02 09:11:18 12,424 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\1\i386\ss_whnt.sys

+ 2007-05-02 09:11:12 72,968 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe

+ 2007-05-02 09:12:34 83,592 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\2\i386\ssm_bus.sys

+ 2007-05-02 09:12:34 12,424 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\2\i386\ssm_cmnt.sys

+ 2007-05-02 09:12:36 15,112 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\2\i386\ssm_mdfl.sys

+ 2007-05-02 09:12:36 109,704 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\2\i386\ssm_mdm.sys

+ 2007-05-02 09:12:36 12,424 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\2\i386\ssm_whnt.sys

+ 2007-05-02 09:12:28 72,968 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe

+ 2007-07-03 14:54:24 80,552 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\3\i386\sscdbus.sys

+ 2007-07-03 14:56:00 9,256 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\3\i386\sscdcmnt.sys

+ 2007-07-03 14:57:24 11,944 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\3\i386\sscdmdfl.sys

+ 2007-07-03 14:58:20 106,792 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\3\i386\sscdmdm.sys

+ 2007-07-03 14:59:10 86,824 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\3\i386\sscdserd.sys

+ 2007-07-03 15:00:16 9,256 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\3\i386\sscdwhnt.sys

+ 2007-07-03 14:53:24 70,824 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe

+ 2007-07-05 10:37:34 83,456 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\5\i386\sssdbus.sys

+ 2007-07-05 10:37:34 12,160 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\5\i386\sssdcmnt.sys

+ 2007-07-05 10:37:34 14,848 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\5\i386\sssdmdfl.sys

+ 2007-07-05 10:37:34 109,696 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\5\i386\sssdmdm.sys

+ 2007-07-05 10:37:34 103,808 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\5\i386\sssdmgmt.sys

+ 2007-07-05 10:37:36 99,712 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\5\i386\sssdobex.sys

+ 2007-07-05 10:37:36 12,160 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\5\i386\sssdwhnt.sys

+ 2007-07-19 07:44:10 70,904 ----a-w C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe

+ 2008-07-18 20:10:20 36,552 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.784\wups.dll

+ 2008-07-18 20:10:40 45,768 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.784\wups2.dll

- 2007-11-13 11:31:11 60,416 ------w C:\WINDOWS\system32\tzchange.exe

+ 2008-07-14 11:09:18 62,976 ------w C:\WINDOWS\system32\tzchange.exe

+ 2003-04-20 19:09:50 245,408 ----a-w C:\WINDOWS\system32\UNICOWS.DLL

- 2008-04-23 04:22:23 105,984 ----a-w C:\WINDOWS\system32\url.dll

+ 2008-08-26 08:30:45 105,984 ----a-w C:\WINDOWS\system32\url.dll

- 2008-04-23 04:22:23 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll

+ 2008-08-26 08:30:45 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll

+ 2004-08-04 07:03:24 53,760 ----a-w C:\WINDOWS\system32\vfwwdm32.dll

- 2008-04-23 04:22:23 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll

+ 2008-08-26 08:30:45 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll

- 2008-03-20 08:11:33 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys

+ 2008-09-15 15:42:12 1,846,016 ----a-w C:\WINDOWS\system32\win32k.sys

- 2008-04-23 04:22:23 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

+ 2008-08-26 08:30:45 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

- 2006-10-18 20:47:20 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll

+ 2008-06-24 16:12:58 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll

- 2007-07-30 18:19:36 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll

+ 2008-07-18 20:09:44 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll

- 2007-07-30 18:19:16 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe

+ 2008-07-18 20:10:42 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe

- 2007-07-30 18:19:42 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll

+ 2008-07-18 20:09:42 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll

- 2007-07-30 18:19:32 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll

+ 2008-07-18 20:09:46 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll

- 2007-07-30 18:18:40 33,624 ----a-w C:\WINDOWS\system32\wups.dll

+ 2008-07-18 20:10:20 36,552 ----a-w C:\WINDOWS\system32\wups.dll

- 2007-07-30 18:19:12 43,352 ----a-w C:\WINDOWS\system32\wups2.dll

+ 2008-07-18 20:10:40 45,768 ----a-w C:\WINDOWS\system32\wups2.dll

- 2007-07-30 18:19:46 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll

+ 2008-07-18 20:09:44 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll

+ 2006-02-03 06:41:26 14,032 ----a-w C:\WINDOWS\system32\x3daudio1_0.dll

+ 2007-03-05 10:42:18 15,128 ----a-w C:\WINDOWS\system32\x3daudio1_1.dll

+ 2007-10-22 01:37:16 17,928 ----a-w C:\WINDOWS\system32\X3DAudio1_2.dll

+ 2008-03-05 14:00:06 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_3.dll

+ 2008-05-30 12:17:00 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_4.dll

+ 2006-02-03 06:42:06 230,096 ----a-w C:\WINDOWS\system32\xactengine2_0.dll

+ 2006-03-31 10:39:48 229,584 ----a-w C:\WINDOWS\system32\xactengine2_1.dll

+ 2007-10-22 01:39:54 267,272 ----a-w C:\WINDOWS\system32\xactengine2_10.dll

+ 2006-05-31 05:24:16 230,168 ----a-w C:\WINDOWS\system32\xactengine2_2.dll

+ 2006-07-28 07:30:32 236,824 ----a-w C:\WINDOWS\system32\xactengine2_3.dll

+ 2006-09-28 14:05:56 237,848 ----a-w C:\WINDOWS\system32\xactengine2_4.dll

+ 2006-12-08 10:02:00 251,672 ----a-w C:\WINDOWS\system32\xactengine2_5.dll

+ 2007-01-24 13:27:30 255,848 ----a-w C:\WINDOWS\system32\xactengine2_6.dll

+ 2007-04-04 16:55:00 261,480 ----a-w C:\WINDOWS\system32\xactengine2_7.dll

+ 2007-06-20 18:46:04 266,088 ----a-w C:\WINDOWS\system32\xactengine2_8.dll

+ 2007-07-19 22:57:12 267,112 ----a-w C:\WINDOWS\system32\xactengine2_9.dll

+ 2008-03-05 14:03:20 238,088 ----a-w C:\WINDOWS\system32\xactengine3_0.dll

+ 2008-05-30 12:18:52 238,088 ----a-w C:\WINDOWS\system32\xactengine3_1.dll

+ 2008-05-30 12:17:30 65,032 ----a-w C:\WINDOWS\system32\XAPOFX1_0.dll

+ 2008-03-05 14:03:54 479,752 ----a-w C:\WINDOWS\system32\XAudio2_0.dll

+ 2008-05-30 12:19:18 507,400 ----a-w C:\WINDOWS\system32\XAudio2_1.dll

+ 2006-03-31 10:39:24 62,672 ----a-w C:\WINDOWS\system32\xinput1_1.dll

+ 2006-07-28 07:30:14 62,744 ----a-w C:\WINDOWS\system32\xinput1_2.dll

+ 2007-04-04 16:53:42 81,768 ----a-w C:\WINDOWS\system32\xinput1_3.dll

+ 2005-12-05 16:07:30 61,136 ----a-w C:\WINDOWS\system32\xinput9_1_0.dll

+ 2005-02-24 21:49:00 2,338,816 ----a-w C:\WINDOWS\system32\XTP9600LibL.dll

+ 2005-03-25 02:02:54 2,338,816 ----a-w C:\WINDOWS\system32\XTP9601LibA.dll

+ 2005-03-25 18:39:06 2,359,296 ----a-w C:\WINDOWS\system32\XTP9601LibL.dll

+ 2005-03-25 01:47:54 2,334,720 ----a-w C:\WINDOWS\system32\XTP9601LibU.dll

- 2008-06-14 14:31:37 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat

+ 2008-07-04 13:45:02 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat

+ 2007-08-22 22:18:08 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll

+ 2007-08-22 22:18:08 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll

+ 2007-08-22 22:18:08 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll

+ 2005-09-22 23:16:02 1,093,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80.dll

+ 2005-09-22 23:16:06 1,079,808 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80u.dll

+ 2005-09-22 23:16:08 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80.dll

+ 2005-09-22 23:16:10 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80u.dll

+ 2006-12-01 22:25:52 1,101,824 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll

+ 2006-12-01 22:25:56 1,093,120 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll

+ 2006-12-01 22:25:58 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll

+ 2006-12-01 22:26:00 57,856 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll

+ 2006-12-01 22:08:00 40,960 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll

+ 2006-12-01 22:08:00 45,056 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll

+ 2006-12-01 22:08:00 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll

+ 2006-12-01 22:08:00 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll

+ 2006-12-01 22:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll

+ 2006-12-01 22:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll

+ 2006-12-01 22:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll

+ 2006-12-01 22:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll

+ 2006-12-01 22:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll

+ 2008-04-15 18:01:34 1,724,416 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\GdiPlus.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]

"SpybotSD TeaTimer"="C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]

"H/PC Connection Agent"="C:\Programfiler\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

"msnmsgr"="C:\Programfiler\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"XP-CD47A25C"="C:\WINDOWS\system32\XP-CD47A25C.EXE" [2008-10-01 1509051]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 7700480]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 15360]

 

C:\Documents and Settings\PadrePio\Start-meny\Programmer\Oppstart\

­­­­­­.lnk - C:\WINDOWS\system32\XP-CD47A25C.EXE [2008-10-01 1509051]

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start-meny^Programmer^Oppstart^TrueSync Launcher.lnk]

path=C:\Documents and Settings\All Users.WINDOWS\Start-meny\Programmer\Oppstart\TrueSync Launcher.lnk

backup=C:\WINDOWS\pss\TrueSync Launcher.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^PadrePio^Start-meny^Programmer^Oppstart^¡¡¡¡¡¡.lnk]

path=C:\Documents and Settings\PadrePio\Start-meny\Programmer\Oppstart\¡¡¡¡¡¡.lnk

backup=C:\WINDOWS\pss\¡¡¡¡¡¡.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

C:\WINDOWS\system32\dumprep 0 -k [X]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2007-10-10 19:51 39792 C:\Programfiler\Adobe\Reader 8.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]

--a------ 2008-08-14 06:58 611712 C:\Programfiler\Fellesfiler\Adobe\CS4ServiceManager\CS4ServiceManager.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]

--a------ 2007-11-07 16:06 1881400 C:\Programfiler\BitComet\BitComet.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

--a------ 2008-04-01 10:39 486856 C:\Programfiler\DAEMON Tools Lite\daemon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]

--a------ 2006-11-13 12:39 1289000 C:\Programfiler\Microsoft ActiveSync\wcescomm.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\miCoachSynchronizer]

--a------ 2008-08-01 14:42 1466368 C:\Programfiler\adidas\miCoach Synchronizer\miCoachSynchronizer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-01-19 12:54 5674352 C:\Programfiler\MSN Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

--a------ 2006-10-22 12:22 7700480 C:\WINDOWS\system32\nvcpl.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

--a------ 2006-10-22 12:22 86016 C:\WINDOWS\system32\nvmctray.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-01-31 22:13 385024 C:\Programfiler\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

-ra------ 2008-05-30 14:54 21718312 C:\Programfiler\Skype\Phone\Skype.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyU2M]

--a------ 2007-09-08 05:44 905216 C:\Programfiler\SkyU2M\SkyU2M.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2007-09-25 01:11 132496 C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XP-CD47A25C]

-r-hs---- 2008-10-01 00:39 1509051 C:\WINDOWS\system32\XP-CD47A25C.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

-r------- 2005-05-03 11:43 69632 C:\WINDOWS\Alcmtr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]

--------- 2003-12-17 09:50 19968 C:\WINDOWS\LOGI_MWX.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

-r------- 2007-05-10 11:08 16342528 C:\WINDOWS\RTHDCPL.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%SystemDir%\\winsecurityxp\\mswinup.exe"=

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programfiler\\BitComet\\BitComet.exe"=

"C:\\Programfiler\\Ipswitch\\WS_FTP Professional\\wsftpgui.exe"=

"C:\\Programfiler\\Ipswitch\\WS_FTP Professional\\UpWiz.exe"=

"C:\\Programfiler\\Ipswitch\\WS_FTP Professional\\ftpsync.exe"=

"C:\\Programfiler\\Ipswitch\\WS_FTP Professional\\ftpscrpt.exe"=

"C:\\Programfiler\\Ipswitch\\WS_FTP Professional\\ftpsched.exe"=

"C:\\Programfiler\\Ipswitch\\WS_FTP Professional\\ftpfind.exe"=

"C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\MSN Messenger\\livecall.exe"=

"C:\\Programfiler\\Motorola\\RSD Lite\\SDL.exe"=

"C:\\Programfiler\\Azureus\\Azureus.exe"=

"C:\\Programfiler\\Mozilla Firefox\\firefox.exe"=

"C:\\Programfiler\\VideoLAN\\VLC\\vlc.exe"=

"C:\\Programfiler\\Bonjour\\mDNSResponder.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\Programfiler\Microsoft ActiveSync\rapimgr.exe"= C:\Programfiler\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"C:\Programfiler\Microsoft ActiveSync\wcescomm.exe"= C:\Programfiler\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"C:\Programfiler\Microsoft ActiveSync\WCESMgr.exe"= C:\Programfiler\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"C:\\Programfiler\\Skype\\Phone\\Skype.exe"=

"C:\\Programfiler\\Fellesfiler\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"11831:TCP"= 11831:TCP:BitComet 11831 TCP

"11831:UDP"= 11831:UDP:BitComet 11831 UDP

"27527:TCP"= 27527:TCP:BitComet 27527 TCP

"27527:UDP"= 27527:UDP:BitComet 27527 UDP

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

"5353:TCP"= 5353:TCP:Adobe CSI CS4

 

S2 EFAW;EFAW;C:\WINDOWS\system32\Drivers\efasw.sys [2002-10-10 16680]

S2 INIT4;INIT4;C:\WINDOWS\system32\Drivers\efasinit.sys [2006-08-17 11815]

S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys [ ]

S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [ ]

S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [ ]

S3 ptO2_bus;O2 Composite Device;C:\WINDOWS\system32\Drivers\ptO2_bus.sys [2007-04-26 22144]

S3 ptO2_flt;O2 USB Filter Service;C:\WINDOWS\system32\DRIVERS\ptO2_flt.sys [2007-04-26 4608]

S3 ptO2_mdm;O2 USB Modem;C:\WINDOWS\system32\Drivers\ptO2_mdm.sys [2007-04-26 39808]

S3 ptO2_prt;O2 Diagnostic Serial Port;C:\WINDOWS\system32\Drivers\ptO2_prt.sys [2007-04-26 38528]

S3 SetupNTGLM7X;SetupNTGLM7X;H:\NTGLM7X.sys [ ]

S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2007-05-02 83592]

S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2007-05-02 15112]

S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2007-05-02 109704]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{34af0db4-dbb9-11dc-9221-8000600fe800}]

\Shell\AutoRun\command - I:\PMB_P.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3beb5f2c-c443-11dc-9209-0019dbccfafa}]

\Shell\AutoRun\command - I:\Setup.exe

\Shell\readme\command - notepad readme.txt

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8fc82fee-85cf-11dd-99ef-0019dbccfafa}]

\Shell\1\Command - I:\Recycled.exe

\Shell\2\Command - I:\

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f677887e-8f48-11dd-99f9-0019dbccfafa}]

\Shell\1\Command - I:\Recycled.exe

\Shell\2\Command - I:\

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22C8D182-DE0A-F30F-5051-861F7A3D61C6}]

C:\server.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{406646C8-7CC6-AE61-BEEE-4C0175901B0E}]

C:\WINDOWS\system32:Win Update.exe

.

- - - - ORPHANS REMOVED - - - -

 

BHO-{2ec67eef-9578-42e0-82ab-60a9273f8dc7} - (no file)

HKLM-Run-pi - C:\server.exe

MSConfigStartUp-24805728 - C:\WINDOWS\system32\vgoltucn.dll

MSConfigStartUp-AlcoholAutomount - C:\Programfiler\Alcohol Soft\Alcohol 120\axcmd.exe

MSConfigStartUp-AnyDVD - C:\Programfiler\SlySoft\AnyDVD\AnyDVD.exe

MSConfigStartUp-BM27b364b4 - C:\WINDOWS\system32\wfsgnxgn.dll

MSConfigStartUp-CloneCDTray - C:\Programfiler\SlySoft\CloneCD\CloneCDTray.exe

MSConfigStartUp-RemoteControl - C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe

MSConfigStartUp-UIWatcher - C:\Programfiler\Ashampoo\Ashampoo UnInstaller 3\UIWatcher.exe

MSConfigStartUp-ZoneAlarm Client - C:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe

 

 

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Documents and Settings\PadrePio\Programdata\Mozilla\Firefox\Profiles\kk4ukxot.default\

.

.

------- File Associations -------

.

JSEFile=NOTEPAD.EXE %1

VBEFile=NOTEPAD.EXE %1

VBSFile=NOTEPAD.EXE %1

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-28 18:57:29

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

 

C:\WINDOWS\system32\ul.dll 2404 bytes

C:\WINDOWS\system32\og.dll 872 bytes

C:\WINDOWS\system32\og.EDT 2560 bytes

 

scan completed successfully

hidden files: 3

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\ATKKBService.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\PROGRA~1\MICROS~3\rapimgr.exe

C:\WINDOWS\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2008-10-28 19:07:33 - machine was rebooted

ComboFix-quarantined-files.txt 2008-10-28 18:07:13

ComboFix2.txt 2008-06-16 21:41:20

 

Pre-Run: 33 765 429 248 byte ledig

Post-Run: 33,743,515,648 byte ledig

 

1030 --- E O F --- 2008-10-24 16:40:55

Lenke til kommentar

Videoannonse

Videoannonse
Annonse
norbat

norbat

Skrevet
Skrevet

Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt.

Dra deretter fila over Combofix-iconet. Combofix vil starte igjen.

 

File::

C:\WINDOWS\system32\krnln.fnr

C:\WINDOWS\system32\winncreg.exe

C:\WINDOWS\system32\winlcreg.exe

C:\WINDOWS\system32\59682D.EXE

C:\WINDOWS\system32\ul.dll

C:\WINDOWS\system32\og.dll

C:\WINDOWS\system32\og.EDT

C:\WINDOWS\system32\XP-CD47A25C.EXE

 

Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"XP-CD47A25C"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XP-CD47A25C]

[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{406646C8-7CC6-AE61-BEEE-4C0175901B0E}]

[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22C8D182-DE0A-F30F-5051-861F7A3D61C6}]

 

Post loggen sammen med en ny hjt-logg.

Lenke til kommentar
padrepio

padrepio

Skrevet
  • Forfatter
Skrevet

Ny hijackthis logg

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:12:15, on 28.10.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\ATKKBService.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Microsoft ActiveSync\wcescomm.exe

C:\PROGRA~1\MICROS~3\rapimgr.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\explorer.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cn/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66008

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66008

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programfiler\BitComet\tools\BitCometBHO_1.1.9.24.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programfiler\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: ¡¡¡¡¡¡.lnk = C:\WINDOWS\system32\XP-CD47A25C.EXE

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Programfiler\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Programfiler\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Programfiler\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Programfiler\BitComet\tools\BitCometBHO_1.1.9.24.dll

O9 - Extra button: Doyles Room Poker - {725E77D3-B919-4eef-8EEE-D09DE618B6C1} - C:\Microgaming\Poker\DoylesRoomMPP\MPPoker.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1195316866765

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1195316860843

O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.tvkoo.com/update/UKooPlayer.ocx

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL

O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programfiler\WinPcap\rpcapd.exe

 

--

End of file - 6661 bytes

 

 

Lenke til kommentar
padrepio

padrepio

Skrevet
  • Forfatter
Skrevet

Ny logg :

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:41:52, on 28.10.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\userinit.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe

C:\Programfiler\Microsoft ActiveSync\wcescomm.exe

C:\Programfiler\MSN Messenger\msnmsgr.exe

C:\PROGRA~1\MICROS~3\rapimgr.exe

C:\WINDOWS\ATKKBService.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\System32\svchost.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cn/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66008

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66008

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programfiler\BitComet\tools\BitCometBHO_1.1.9.24.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programfiler\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Programfiler\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Programfiler\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Programfiler\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Programfiler\BitComet\tools\BitCometBHO_1.1.9.24.dll

O9 - Extra button: Doyles Room Poker - {725E77D3-B919-4eef-8EEE-D09DE618B6C1} - C:\Microgaming\Poker\DoylesRoomMPP\MPPoker.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1195316866765

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1195316860843

O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.tvkoo.com/update/UKooPlayer.ocx

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL

O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programfiler\WinPcap\rpcapd.exe

 

--

End of file - 6597 bytes

 

 

 

Explorer klikker fortsatt:/

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
Gå til emneliste

  • Hvem er aktive   0 medlemmer

    • Ingen innloggede medlemmer aktive
×
×
  • Opprett ny...