Home » Viren, Trojaner & Malware Forum » Virus W32/Virut.AX im Windows » Themenansicht

Firefox Tipp: Instantfox - Quick Search Add-On!

Seite(n): 1

Antworten

Virus W32/Virut.AX im Windows

20.06.2008, 22:08

Scarry

Member

Beiträge: 11

#1 Der Fehler "W32/Virut.AX" kommt immer beim versuch etwas zu installieren.

Anti Virus Programme sind nicht mehr installier bar und nach der Zeit wird alles blockiert. Schon 3 mal versucht den virus durch Formatieren weg zu bekommen.

Hier der HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:04:44, on 20.06.2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\WINDOWS\System32\wpabaln.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Versatel\Versatel.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.versatel.de/internet-cd/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.versatel.de/internet-cd/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.versatel.de/internet-cd/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer von Versatel
F2 - REG:system.ini: Shell=explorer.exe "C:\WINDOWS\Fonts\wmsncs.exe"
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Wmsncs Service] C:\WINDOWS\Fonts\wmsncs.exe
O4 - HKLM\..\Run: [NvidMediaCenter] C:\Programme\Gemeinsame Dateien\System\wmsncs.exe
O4 - HKLM\..\Run: [Spool Driver Service] C:\WINDOWS\System32\spool\drivers\wmsncs.exe
O4 - HKLM\..\Run: [Wins Service] C:\WINDOWS\System32\wins\wmsncs.exe
O4 - HKLM\..\Run: [Windowss Modeer Verifier] bxss.exe
O4 - HKLM\..\RunServices: [Windowss Modeer Verifier] bxss.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Spool Driver Service] C:\WINDOWS\System32\spool\drivers\wmsncs.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Wins Service] C:\WINDOWS\System32\wins\wmsncs.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: wmsncs.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O14 - IERESET.INF: START_PAGE_URL=http://www.versatel.de/internet-cd/
O17 - HKLM\System\CCS\Services\Tcpip\..\{360935CC-25EF-47AD-93B8-BF2A093FAFBE}: NameServer = 82.144.41.8 62.220.18.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{360935CC-25EF-47AD-93B8-BF2A093FAFBE}: NameServer = 82.144.41.8 62.220.18.8
O23 - Service: Avira AntiVir Personal – Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: System Stability Monitor (ssmon) - Unknown owner - C:\WINDOWS\system32\syssmon.exe (file missing)

--
End of file - 3606 bytes

Hoffe auf schnelle hilfe.

Mfg Scarry

20.06.2008, 22:39

Sabina

Ehrenmitglied

Beiträge: 29434

#2 Hallo, Scarry

«
Start > Ausführen --> reinschreiben --> cmd
und ok. kopiere rein

Zitat

dir /s /a "c:\wmsncs*.*" > c:\find.txt & start notepad c:\find.txt

kopiere die find.txt ab - und hier in den Thread

-----------------------------------------------
«
mit dem HijackThis löschen ("fixen")
Klicke: "Do a system scan only"
Setze ein Häckchen in das Kästchen vor den genannten Eintrag
und wähle fix checked + PC neustarten

Zitat

O4 - HKLM\..\Run: [Wmsncs Service] C:\WINDOWS\Fonts\wmsncs.exe

O4 - HKLM\..\Run: [NvidMediaCenter] C:\Programme\Gemeinsame Dateien\System\wmsncs.exe

O4 - HKLM\..\Run: [Spool Driver Service] C:\WINDOWS\System32\spool\drivers\wmsncs.exe

O4 - HKLM\..\Run: [Wins Service] C:\WINDOWS\System32\wins\wmsncs.exe

O4 - HKLM\..\Run: [Windowss Modeer Verifier] bxss.exe

O4 - HKLM\..\RunServices: [Windowss Modeer Verifier] bxss.exe

O4 - HKUS\S-1-5-18\..\Run: [Spool Driver Service] C:\WINDOWS\System32\spool\drivers\wmsncs.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [Wins Service] C:\WINDOWS\System32\wins\wmsncs.exe (User 'SYSTEM')

O4 - Global Startup: wmsncs.exe

O23 - Service: System Stability Monitor (ssmon) - Unknown owner - C:\WINDOWS\system32\syssmon.exe (file missing)

2.
http://virus-protect.org/artikel/tools/sdfix.html
lade sdfix , im normalmodus anwenden -
RunThis.bat doppelt klicken
schreibe : A
es wird ein report erstellt - poste das log hier
__________
MfG Sabina

rund um die PC-Sicherheit

20.06.2008, 22:58

Scarry

Member

Themenstarter

Beiträge: 11

#3 So hab das 1 ausgeführt aber beim 2 ist das problem das keine installationen gehen

20.06.2008, 23:05

Sabina

Ehrenmitglied

Beiträge: 29434

#4 Start > Ausführen --> reinschreiben --> cmd
und ok. kopiere rein

Zitat

dir /s /a "c:\wmsncs*.*" > c:\find.txt & start notepad c:\find.txt

kopiere die find.txt ab - und hier in den Thread
__________
MfG Sabina

rund um die PC-Sicherheit

20.06.2008, 23:12

Scarry

Member

Themenstarter

Beiträge: 11

#5 Ok ging jetzt doch hier ist der report.

System Report
*************

Run on 20.06.2008 at 23:07

Microsoft Windows XP [Version 5.1.2600]

Current user is an administrator

Running Processes:

\SystemRoot\System32\smss.exe [124]
\??\C:\WINDOWS\system32\csrss.exe [176]
\??\C:\WINDOWS\system32\winlogon.exe [200]
C:\WINDOWS\system32\services.exe [244]
C:\WINDOWS\system32\lsass.exe [256]
C:\WINDOWS\system32\svchost.exe [420]
C:\WINDOWS\system32\svchost.exe [444]
C:\WINDOWS\explorer.exe [704]

Drivers - Running:

ACPI
atapi
avgntdd
avgntmgr
Beep
Cdfs
Cdrom
Disk
Fastfat
Fdc
Flpydisk
Ftdisk
hidusb
i8042prt
Imapi
isapnp
Kbdclass
kbdhid
KSecDD
Mouclass
mouhid
MountMgr
Msfs
Mup
NDIS
Npfs
Ntfs
Null
PartMgr
PCI
redbook
sr
swenum
TermDD
Update
usbccgp
usbhub
usbuhci
VgaSave
viaagp
ViaIde
VolSnap

Drivers - Stopped:

Abiosdsk
abp480n5
ACPIEC
adpu160m
AFD
Aha154x
aic78u2
aic78xx
AliIde
amsint
asc
asc3350p
asc3550
AsyncMac
Atdisk
Atmarpc
audstub
avipbb
cbidf2k
cd20xrnt
Cdaudio
Changer
CmdIde
Cpqarray
dac960nt
dmboot
dmio
dmload
dpti2o
Fips
Gpc
hpn
hpt3xx
i2omgmt
i2omp
ini910u
IntelIde
IpFilterDriver
IpInIp
IpNat
IPSec
IRENUM
lbrtfdc
Ltx83
mnmdd
Modem
mraid35x
MRxDAV
MRxSmb
NdisTapi
Ndisuio
NdisWan
NDProxy
NetBIOS
NetBT
nv4
NwlnkFlt
NwlnkFwd
P3
Parport
ParVdm
PCIDump
PCIIde
Pcmcia
PDCOMP
PDFRAME
PDRELI
PDRFRAME
perc2
perc2hib
PptpMiniport
PSched
Ptilink
ql1080
Ql10wnt
ql12160
ql1240
ql1280
RasAcd
Rasl2tp
RasPppoe
Raspti
Rdbss
RDPCDD
RDPWD
rtl8029
rtl8139
Secdrv
serenum
Serial
Sfloppy
Simbad
Sparrow
Srv
ssmdrv
symc810
symc8xx
sym_hi
sym_u3
Tcpip
TDPIPE
TDTCP
TosIde
Udfs
ultra
Wanarp
WDICA

Services - Running:

CryptSvc
Eventlog
helpsvc
PlugPlay
RpcSs
srservice
winmgmt

Services - Stopped:

Alerter
ALG
AntiVirScheduler
AntiVirService
AppMgmt
AudioSrv
BITS
Browser
cisvc
ClipSrv
COMSysApp
Dhcp
dmadmin
dmserver
Dnscache
ERSvc
EventSystem
FastUserSwitchingCompatibility
HidServ
ImapiService
lanmanserver
lanmanworkstation
LmHosts
Messenger
mnmsrvc
MSDTC
MSIServer
NET
NetDDE
NetDDEdsdm
Netlogon
Netman
Nla
Norman
Norman
NtLmSsp
NtmsSvc
PolicyAgent
ProtectedStorage
RasAuto
RasMan
RDSessMgr
RemoteAccess
RpcLocator
RSVP
SamSs
SCardDrv
SCardSvr
Schedule
seclogon
SENS
SharedAccess
ShellHWDetection
Spooler
SSDPSRV
ssmon
stisvc
SwPrv
SysmonLog
TapiSrv
TermService
Themes
TrkWks
uploadmgr
upnphost
UPS
VSS
W32Time
WebClient
WmdmPmSp
WmiApSrv
wuauserv
WZCSVC

Files Created/Modified - 60 Days:

C:\

20 Jun 2008 18:35:20 2 A.... "C:\-1127398355"
18 Jun 2008 20:01:20 0 A.... "C:\AUTOEXEC.BAT"
18 Jun 2008 19:54:52 194 ..SH. "C:\boot.ini"
18 Jun 2008 20:01:20 0 A.... "C:\CONFIG.SYS"
18 Jun 2008 20:01:20 0 A.SHR "C:\IO.SYS"
18 Jun 2008 20:01:20 0 A.SHR "C:\MSDOS.SYS"
20 Jun 2008 23:05:26 402.653.184 A.SH. "C:\pagefile.sys"

C:\WINDOWS\

20 Jun 2008 23:02:58 0 A.... "C:\WINDOWS\0.log"
20 Jun 2008 23:05:34 2.048 A.S.. "C:\WINDOWS\bootstat.dat"
18 Jun 2008 20:04:32 15.734 A.... "C:\WINDOWS\comsetup.log"
18 Jun 2008 20:01:20 0 A.... "C:\WINDOWS\control.ini"
18 Jun 2008 19:57:34 128 A.... "C:\WINDOWS\DtcInstall.log"
18 Jun 2008 19:57:56 11.538 A.... "C:\WINDOWS\FaxSetup.log"
18 Jun 2008 20:04:32 698 A.... "C:\WINDOWS\iis6.log"
18 Jun 2008 20:04:32 4.382 A.... "C:\WINDOWS\imsins.log"
18 Jun 2008 19:57:56 821 A.... "C:\WINDOWS\msgsocm.log"
20 Jun 2008 18:32:52 0 A.... "C:\WINDOWS\nsreg.dat"
20 Jun 2008 23:07:32 94.582 A.... "C:\WINDOWS\ntbtlog.txt"
18 Jun 2008 20:04:32 7.754 A.... "C:\WINDOWS\ntdtcsetup.log"
18 Jun 2008 19:57:56 12.817 A.... "C:\WINDOWS\ocgen.log"
18 Jun 2008 19:57:56 1.065 A.... "C:\WINDOWS\ocmsn.log"
18 Jun 2008 20:01:06 4.161 A.... "C:\WINDOWS\ODBCINST.INI"
18 Jun 2008 20:10:46 820 A.... "C:\WINDOWS\OEWABLog.txt"
18 Jun 2008 20:05:20 8.192 A.... "C:\WINDOWS\REGLOCS.OLD"
18 Jun 2008 20:50:14 1.348 A.... "C:\WINDOWS\regopt.log"
20 Jun 2008 23:04:30 2.986 A.... "C:\WINDOWS\SchedLgU.Txt"
18 Jun 2008 19:57:30 1.060 A.... "C:\WINDOWS\sessmgr.setup.log"
20 Jun 2008 18:22:10 171.751 A.... "C:\WINDOWS\setupact.log"
20 Jun 2008 18:27:14 191.851 A.... "C:\WINDOWS\setupapi.log"
18 Jun 2008 20:49:14 0 A.... "C:\WINDOWS\setuperr.log"
18 Jun 2008 20:10:24 731.511 A.... "C:\WINDOWS\setuplog.txt"
18 Jun 2008 20:53:12 0 A.... "C:\WINDOWS\Sti_Trace.log"
18 Jun 2008 20:50:14 231 A.... "C:\WINDOWS\system.ini"
18 Jun 2008 20:04:32 8.315 A.... "C:\WINDOWS\tsoc.log"
18 Jun 2008 19:57:40 36 A.... "C:\WINDOWS\vb.ini"
18 Jun 2008 19:57:40 37 A.... "C:\WINDOWS\vbaddin.ini"
20 Jun 2008 18:26:46 1.128 A.... "C:\WINDOWS\Versatel.log"
18 Jun 2008 20:53:14 509 A.... "C:\WINDOWS\wiadebug.log"
18 Jun 2008 20:53:14 50 A.... "C:\WINDOWS\wiaservc.log"
18 Jun 2008 20:01:20 504 A.... "C:\WINDOWS\win.ini"
18 Jun 2008 20:00:40 240 A.... "C:\WINDOWS\Windows Update.log"
18 Jun 2008 19:59:42 749 A..HR "C:\WINDOWS\WindowsShell.Manifest"
18 Jun 2008 20:01:14 299.552 A.... "C:\WINDOWS\WMSysPrx.prx"
20 Jun 2008 18:26:46 31 A.... "C:\WINDOWS\wwwbatch.ini"
18 Jun 2008 19:55:32 2.575 A.... "C:\WINDOWS\Debug\NetSetup.LOG"
20 Jun 2008 23:02:56 0 A.... "C:\WINDOWS\Debug\oakley.log"
20 Jun 2008 22:55:16 0 A.... "C:\WINDOWS\Debug\oakley.log.sav"
20 Jun 2008 23:05:36 0 A.... "C:\WINDOWS\Debug\PASSWD.LOG"
18 Jun 2008 19:59:52 65 ...H. "C:\WINDOWS\Downloaded Program Files\desktop.ini"
18 Jun 2008 20:00:50 67 A.SH. "C:\WINDOWS\Fonts\desktop.ini"
20 Jun 2008 18:29:36 133.991 ..... "C:\WINDOWS\Fonts\wmsncs.exe"
18 Jun 2008 20:49:48 16.528 A.... "C:\WINDOWS\inf\1394.PNF"

18 Jun 2008 20:50:24 17.644 A.... "C:\WINDOWS\inf\communic.PNF"
18 Jun 2008 20:50:24 134.892 A.... "C:\WINDOWS\inf\comnt5.PNF"

18 Jun 2008 19:57:42 52 A.... "C:\WINDOWS\Registration\R000000000001.clb"
18 Jun 2008 19:57:50 21.740 A.... "C:\WINDOWS\Registration\R000000000003.clb"
18 Jun 2008 20:01:00 22.672 A.... "C:\WINDOWS\Registration\R000000000006.clb"
18 Jun 2008 20:01:00 22.672 A.... "C:\WINDOWS\Registration\R000000000007.clb"
18 Jun 2008 20:01:26 1.048.576 A.... "C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{8B09BDD4-2FC1-4A86-B641-AE0A744DA559}.crmlog"

18 Jun 2008 20:54:50 0 A.... "C:\WINDOWS\system32\h323log.txt"
20 Jun 2008 18:39:44 116.224 A..H. "C:\WINDOWS\system32\hwcsjnup.exe"
20 Jun 2008 18:51:48 78 A.... "C:\WINDOWS\system32\i"

18 Jun 2008 19:59:42 749 A..HR "C:\WINDOWS\system32\sapi.cpl.manifest"
20 Jun 2008 18:59:50 0 A...R "C:\WINDOWS\system32\TFTP11540"
20 Jun 2008 18:38:12 412.672 A...R "C:\WINDOWS\system32\TFTP3896"
20 Jun 2008 18:40:28 625.382 A...R "C:\WINDOWS\system32\TFTP4956"
20 Jun 2008 18:40:28 134.656 A...R "C:\WINDOWS\system32\TFTP5220"
18 Jun 2008 19:59:52 488 A..HR "C:\WINDOWS\system32\WindowsLogon.manifest"
18 Jun 2008 20:10:44 25.065 A.... "C:\WINDOWS\system32\wmpscheme.xml"
20 Jun 2008 23:01:52 2.256 A.... "C:\WINDOWS\system32\wpa.dbl"
18 Jun 2008 19:59:42 749 A..HR "C:\WINDOWS\system32\wuaucpl.cpl.manifest"
20 Jun 2008 18:57:10 116.224 A..H. "C:\WINDOWS\system32\yssxk.exe"
20 Jun 2008 23:04:30 6 A..H. "C:\WINDOWS\Tasks\SA.DAT"
20 Jun 2008 19:06:18 1.251 A.... "C:\WINDOWS\Temp\1.reg"
20 Jun 2008 23:07:38 17.715 A.... "C:\WINDOWS\Temp\scs37.tmp"
20 Jun 2008 17:34:32 4.632 A.... "C:\WINDOWS\Downloaded Installations\{C662257B-73DF-4697-955C-D15A18808585}\0x0409.ini"
20 Jun 2008 17:34:36 1.385.472 A.... "C:\WINDOWS\Downloaded Installations\{C662257B-73DF-4697-955C-D15A18808585}\Trust Keyboard 15036.msi"

18 Jun 2008 20:06:36 78 A.... "C:\WINDOWS\system32\Restore\MachineGuid.txt"
20 Jun 2008 18:29:36 133.991 ..SHR "C:\WINDOWS\system32\wins\wmsncs.exe"
18 Jun 2008 19:59:56 1.440.054 A.... "C:\WINDOWS\Web\Wallpaper\Grne Idylle.bmp"

20 Jun 2008 23:05:38 820 A.... "C:\WINDOWS\system32\drivers\etc\hosts"

18 Jun 2008 20:04:36 24.576 A.... "C:\WINDOWS\system32\MsDtc\Trace\dtctrace.log"
20 Jun 2008 18:29:36 133.991 ..SHR "C:\WINDOWS\system32\spool\drivers\wmsncs.exe"

18 Jun 2008 20:00:34 8.509 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\monitor_right.gif"
18 Jun 2008 20:00:34 180 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\outlook.gif"
18 Jun 2008 20:00:34 410 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\outlook_express.gif"

C:\Programme\

29 May 2008 22:41:54 9.715.200 A.... "C:\Programme\Mozilla Firefox\xul.dll"
18 Jun 2008 20:06:34 20 A..H. "C:\Programme\WindowsUpdate\pingstatus.dat"
20 Jun 2008 18:29:36 133.991 ..SHR "C:\Programme\Gemeinsame Dateien\System\wmsncs.exe"
20 Jun 2008 22:49:38 63.488 A.... "C:\Programme\InstallShield Installation Information\{466F76BB-39CC-49DE-9B43-965D6E82134E}\Setup.exe"
29 May 2008 22:41:54 23.040 A.... "C:\Programme\Mozilla Firefox\components\browserdirprovider.dll"
29 May 2008 22:41:54 134.144 A.... "C:\Programme\Mozilla Firefox\components\brwsrcmp.dll"
20 Jun 2008 18:32:48 142.665 A.... "C:\Programme\Mozilla Firefox\components\compreg.dat"
20 Jun 2008 18:32:46 95.978 A.... "C:\Programme\Mozilla Firefox\components\xpti.dat"
29 May 2008 22:41:54 65.536 A.... "C:\Programme\Mozilla Firefox\plugins\npnul32.dll"
29 May 2008 16:24:14 117 A.... "C:\Programme\Mozilla Firefox\res\hiddenWindow.html"
29 May 2008 22:41:52 508.576 A.... "C:\Programme\Mozilla Firefox\uninstall\helper.exe"
20 Jun 2008 17:29:26 403.968 A.... "C:\Programme\Trend Micro\HijackThis\HijackThis.exe"
20 Jun 2008 18:29:36 133.991 A.... "C:\Programme\Trend Micro\HijackThis\backups\backup-20080620-224230-371-wmsncs.exe"
20 Jun 2008 22:49:38 618.628 A.... "C:\Programme\Gemeinsame Dateien\InstallShield\Engine\6\Intel 32\IKernel.exe"

Files with hidden attributes:

Fri 20 Jun 2008 116,224 A..H. --- "C:\WINDOWS\system32\hwcsjnup.exe"
Fri 20 Jun 2008 116,224 A..H. --- "C:\WINDOWS\system32\yssxk.exe"
Fri 20 Jun 2008 133,991 ..SHR --- "C:\Programme\Gemeinsame Dateien\System\wmsncs.exe"
Fri 20 Jun 2008 133,991 ..SHR --- "C:\WINDOWS\system32\wins\wmsncs.exe"
Fri 20 Jun 2008 133,991 ..SHR --- "C:\WINDOWS\system32\spool\drivers\wmsncs.exe"
Fri 20 Jun 2008 133,991 ..SHR --- "C:\Dokumente und Einstellungen\All Users\Startmen\Programme\Autostart\wmsncs.exe"

Program Folders:

C:\Programme\

Avira
ComPlus Applications
Gemeinsame Dateien
InstallShield Installation Information
Internet Explorer
Messenger
microsoft frontpage
Movie Maker
Mozilla Firefox
MSN
MSN Gaming Zone
NetMeeting
Online Services
Online-Dienste
Opera
Outlook Express
Trend Micro
Trust
Uninstall Information
Versatel
Windows Media Player
Windows NT
WindowsUpdate
xerox

C:\Programme\Gemeinsame Dateien\

Dienste
InstallShield
Microsoft Shared
MSSoap
ODBC
SpeechEngines
System

Add/Remove Programs:

Avira AntiVir Personal – Free Antivirus
HijackThis 2.0.2
Mozilla Firefox (3.0)
Versatel
VIRUSfighter
Opera 9.27
Trust Keyboard 15036

Run Values:

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"avgnt"="\"C:\\Programme\\Avira\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"Wmsncs Service"="C:\\WINDOWS\\Fonts\\wmsncs.exe"
"NvidMediaCenter"="C:\\Programme\\Gemeinsame Dateien\\System\\wmsncs.exe"
"Spool Driver Service"="C:\\WINDOWS\\System32\\spool\\drivers\\wmsncs.exe"
"Wins Service"="C:\\WINDOWS\\System32\\wins\\wmsncs.exe"
"Norman ZANDA"="C:\\VIRUSfighter\\bin\\ZLH.EXE /LOAD /SPLASH"
"UserFaultCheck"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,\
6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,\
00,64,00,75,00,6d,00,70,00,72,00,65,00,70,00,20,00,30,00,20,00,2d,00,75,00,\
00,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Windowss Modeer Verifier"="bxss.exe"

Bot Check:

SERVICE_NAME: sharedaccess
DISPLAY_NAME : Internetverbindungsfirewall/Gemeinsame Nutzung der Internetverbindung
START_TYPE : 4 DISABLED

SERVICE_NAME: wuauserv
DISPLAY_NAME : Automatische Updates
START_TYPE : 4 DISABLED

SERVICE_NAME: srservice
DISPLAY_NAME : Systemwiederherstellungsdienst
START_TYPE : 2 AUTO_START

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
"DoNotAllowXPSP2"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
"EnableDCOM"="N"
"EnableRemoteConnect"="N"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"restrictanonymous"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"EnableFirewall"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"WaitToKillServiceTimeout"="20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"SFCDisable"=dword:00000000
"Shell"="explorer.exe \"C:\\WINDOWS\\Fonts\\wmsncs.exe\""
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shell extensions]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters]
"TransportBindName"=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\parameters]
"AutoShareWks"=dword:00000000
"AutoShareServer"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters]
"AutoShareServer"=dword:00000000
"AutoShareWks"=dword:00000000

ShellExecuteHooks:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

Environment:

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\environment
ComSpec REG_EXPAND_SZ %SystemRoot%\system32\cmd.exe
Path REG_EXPAND_SZ %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
windir REG_EXPAND_SZ %SystemRoot%
OS REG_SZ Windows_NT
PATHEXT REG_SZ .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
TEMP REG_EXPAND_SZ %SystemRoot%\TEMP
TMP REG_EXPAND_SZ %SystemRoot%\TEMP
SAFEBOOT_OPTION REG_SZ MINIMAL

SecurityProviders:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders
SecurityProviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

Authentication Packages:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0

Subsystem Startup:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]
"Windows"="%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"

Midi Drivers:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

Non-Default IFEO Debugger:

Non-Default Installed Components:

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{103l3c30-c3b3-4130-9363-e59e1375perm}
StubPath REG_SZ C:\WINDOWS\Fonts\wmsncs.exe

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{acc563bc-4266-43f0-b6ed-9d38c4202c7e}
<NO NAME> REG_SZ Zugang zu Internet Explorer
StubPath REG_EXPAND_SZ rundll32 iesetup.dll,IEAccessUserInst
Version REG_SZ 6,0,2600,0000

Non-Default Safeboot Minimal:

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\ltx83.sys
<NO NAME> REG_SZ Driver

File Associations:

[HKEY_CLASSES_ROOT\batfile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\cmdfile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\comfile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\htafile\shell\open\command]
@="C:\\WINDOWS\\System32\\mshta.exe \"%1\" %*"

[HKEY_CLASSES_ROOT\http\shell\open\command]
@="\"C:\\Programme\\Internet Explorer\\iexplore.exe\" -nohome"

[HKEY_CLASSES_ROOT\htmlfile\shell\open\command]
@="\"C:\\Programme\\Internet Explorer\\iexplore.exe\" -nohome"

[HKEY_CLASSES_ROOT\regedit\shell\open\command]
@="regedit.exe %1"

[HKEY_CLASSES_ROOT\regfile\shell\open\command]
@="regedit.exe \"%1\""

[HKEY_CLASSES_ROOT\scrfile\shell\open\command]
@="\"%1\" /S"

[HKEY_CLASSES_ROOT\txtfile\shell\open\command]
@="%SystemRoot%\system32\NOTEPAD.EXE %1"

Finished!

20.06.2008, 23:31

Sabina

Ehrenmitglied

Beiträge: 29434

#6 0.
lade combofix + poste den report
http://virus-protect.org/artikel/tools/combofix.html

1.
gehe in die Registry
Start - Ausführen - regedit

klicke dich durch zum Schlüssel:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="explorer.exe \"C:\\WINDOWS\\Fonts\\wmsncs.exe\"" - lösche nur aus, was ich rot gekennzeichnet habe

------------

Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als cfscript.txt mit 'Speichern unter' auf dem Desktop. Gib an "Alle Dateien" - Speichern

Zitat

KILLALL::

Driver::
ltx83
wmsncs

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Wmsncs Service"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Windowss Modeer Verifier"=-
[-HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\ltx83.sys]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{103l3c30-c3b3-4130-9363-e59e1375perm}]

File::
C:\-1127398355
C:\WINDOWS\system32\yssxk.exe
C:\WINDOWS\system32\TFTP3896
C:\WINDOWS\system32\TFTP4956
C:\WINDOWS\system32\TFTP5220
C:\WINDOWS\system32\TFTP11540
C:\WINDOWS\system32\hwcsjnup.exe
C:\Programme\Gemeinsame Dateien\System\wmsncs.exe
C:\WINDOWS\system32\wins\wmsncs.exe
C:\WINDOWS\system32\spool\drivers\wmsncs.exe
C:\Dokumente und Einstellungen\All Users\Startmen\Programme\Autostart\wmsncs.exe
C:\Programme\Trend Micro\HijackThis\backups\backup-20080620-224230-371-wmsncs.exe
C:\WINDOWS\Fonts\wmsncs.exe
C:\WINDOWS\system32\i
C:\WINDOWS\System32\drivers\ltx83.sys

Man sollte jetzt auf dem Desktop diese Datei cfscript.txt finden.

cfscript.txt und mit der rechten Maustaste auf das Symbol von Combofix ziehen

danach: Combofix noch einmal anwenden

-----------

poste das neue Log von Combofix danach
__________
MfG Sabina

rund um die PC-Sicherheit

21.06.2008, 08:56

Scarry

Member

Themenstarter

Beiträge: 11

#7 ComboFix log:

ComboFix 08-06-20.4 - Sheila 2008-06-21 8:44:50.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.0.1252.1.1031.18.137 [GMT 2:00]
ausgeführt von:: C:\Dokumente und Einstellungen\Sheila\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt

[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

((((((((((((((((((((((( Dateien erstellt von 2008-05-21 bis 2008-06-21 ))))))))))))))))))))))))))))))
.

2008-06-20 23:06 . 2008-06-20 23:06 <DIR> dr------- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien
2008-06-20 23:05 . 2008-06-18 19:56 <DIR> d--h----- C:\Dokumente und Einstellungen\Administrator\Vorlagen
2008-06-20 23:05 . 2008-06-18 20:49 <DIR> dr------- C:\Dokumente und Einstellungen\Administrator\Startmenü
2008-06-20 23:05 . 2008-06-18 20:49 <DIR> d--h----- C:\Dokumente und Einstellungen\Administrator\Netzwerkumgebung
2008-06-20 23:05 . 2008-06-21 08:45 <DIR> d--h----- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen
2008-06-20 23:05 . 2008-06-20 23:06 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator\Favoriten
2008-06-20 23:05 . 2008-06-18 20:49 <DIR> d--h----- C:\Dokumente und Einstellungen\Administrator\Druckumgebung
2008-06-20 23:05 . 2008-06-18 20:49 <DIR> dr-h----- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten
2008-06-20 23:05 . 2008-06-20 23:06 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator
2008-06-20 22:50 . 2008-06-20 22:55 <DIR> d-------- C:\VIRUSfighter
2008-06-20 22:50 . 2008-06-20 22:50 <DIR> d--h----- C:\Programme\InstallShield Installation Information
2008-06-20 22:48 . 2008-06-20 23:07 <DIR> d-------- C:\SDFix
2008-06-20 18:59 . 2008-06-20 18:59 0 -ra------ C:\WINDOWS\system32\TFTP11540
2008-06-20 18:56 . 2008-06-20 18:57 116,224 --ah----- C:\WINDOWS\system32\yssxk.exe
2008-06-20 18:40 . 2008-06-20 18:40 134,656 -ra------ C:\WINDOWS\system32\TFTP5220
2008-06-20 18:39 . 2008-06-20 18:40 625,382 -ra------ C:\WINDOWS\system32\TFTP4956
2008-06-20 18:36 . 2008-06-20 18:38 412,672 -ra------ C:\WINDOWS\system32\TFTP3896
2008-06-20 18:35 . 2008-06-20 18:39 116,224 --ah----- C:\WINDOWS\system32\hwcsjnup.exe
2008-06-20 18:35 . 2008-06-20 18:35 2 --a------ C:\-1127398355
2008-06-20 18:32 . 2008-06-20 18:32 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-20 18:29 . 2008-06-20 18:51 78 --a------ C:\WINDOWS\system32\i
2008-06-20 18:26 . 2008-06-20 18:27 <DIR> d-------- C:\Programme\Versatel
2008-06-20 18:26 . 2004-03-23 21:28 119,923 --a------ C:\WINDOWS\Versatel_UTIL.exe
2008-06-20 18:26 . 2004-06-21 10:52 84,256 --a------ C:\WINDOWS\Init.wbc
2008-06-20 18:26 . 2003-11-12 16:50 45,056 --a------ C:\WINDOWS\wsutil.exe
2008-06-20 18:26 . 2008-06-20 18:26 31 --a------ C:\WINDOWS\wwwbatch.ini
2008-06-20 18:25 . 2003-06-30 12:44 359,120 --a------ C:\WINDOWS\WBDDB34I.DLL
2008-06-20 18:25 . 2004-01-13 13:31 172,032 --a------ C:\WINDOWS\WsBtn.dll
2008-06-20 18:25 . 2003-03-17 23:46 102,469 --a------ C:\WINDOWS\wwctl34i.dll
2008-06-20 18:25 . 2002-12-27 08:04 53,317 --a------ C:\WINDOWS\wwsop34i.dll
2008-06-20 18:25 . 2002-12-27 08:01 53,317 --a------ C:\WINDOWS\WWREG34I.DLL
2008-06-20 18:25 . 2002-12-27 08:01 49,221 --a------ C:\WINDOWS\wwras34i.dll
2008-06-20 18:25 . 2003-01-12 21:42 25,984 --a------ C:\WINDOWS\WILX34I.DLL
2008-06-20 18:25 . 2000-05-02 22:57 21,776 --a------ C:\WINDOWS\SHFOLDER.DLL
2008-06-20 17:35 . 2008-06-20 17:35 <DIR> d-------- C:\Programme\Trust
2008-06-20 17:34 . 2008-06-20 17:34 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-06-20 17:34 . 2008-06-20 22:50 <DIR> d-------- C:\Programme\Gemeinsame Dateien\InstallShield
2008-06-20 17:29 . 2008-06-20 17:29 <DIR> d-------- C:\Programme\Trend Micro
2008-06-20 17:29 . 2008-06-20 17:29 <DIR> d-------- C:\Programme\Opera
2008-06-18 20:53 . 2001-08-17 14:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2008-06-18 20:52 . 2001-08-18 05:52 1,738,496 --a------ C:\WINDOWS\system32\nv4.dll
2008-06-18 20:52 . 2001-08-17 13:50 731,648 --a------ C:\WINDOWS\system32\drivers\nv4.sys
2008-06-18 20:52 . 2001-08-18 05:33 55,936 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-06-18 20:52 . 2001-08-18 05:53 19,456 --a------ C:\WINDOWS\system32\hidserv.dll
2008-06-18 20:51 . 2001-08-18 05:54 70,144 --a------ C:\WINDOWS\system32\usbui.dll
2008-06-18 20:51 . 2001-08-17 14:58 27,392 --a------ C:\WINDOWS\system32\drivers\VIAAGP.SYS
2008-06-18 20:51 . 2001-08-17 13:12 23,070 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2008-06-18 20:51 . 2001-08-17 13:12 19,017 --a------ C:\WINDOWS\system32\drivers\RTL8029.sys
2008-06-18 20:49 . 2008-06-20 18:27 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2008-06-18 20:49 . 2008-06-18 19:56 <DIR> d--h----- C:\Dokumente und Einstellungen\Default User\Vorlagen
2008-06-18 20:49 . 2008-06-18 20:49 <DIR> dr------- C:\Dokumente und Einstellungen\Default User\Startmenü
2008-06-18 20:49 . 2008-06-18 20:49 <DIR> d--h----- C:\Dokumente und Einstellungen\Default User\Netzwerkumgebung
2008-06-18 20:49 . 2008-06-18 20:49 <DIR> dr-h----- C:\Dokumente und Einstellungen\Default User\Lokale Einstellungen
2008-06-18 20:49 . 2008-06-18 20:49 <DIR> d-------- C:\Dokumente und Einstellungen\Default User\Favoriten
2008-06-18 20:49 . 2008-06-18 20:49 <DIR> d--h----- C:\Dokumente und Einstellungen\Default User\Druckumgebung
2008-06-18 20:49 . 2008-06-18 20:49 <DIR> dr-h----- C:\Dokumente und Einstellungen\Default User\Anwendungsdaten
2008-06-18 20:49 . 2008-06-18 20:49 <DIR> d--h----- C:\Dokumente und Einstellungen\All Users\Vorlagen
2008-06-18 20:49 . 2008-06-18 20:01 <DIR> dr------- C:\Dokumente und Einstellungen\All Users\Startmenü
2008-06-18 20:49 . 2008-06-18 20:49 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Favoriten
2008-06-18 20:49 . 2008-06-18 19:57 <DIR> dr------- C:\Dokumente und Einstellungen\All Users\Dokumente
2008-06-18 20:49 . 2008-06-18 20:21 <DIR> dr-h----- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten
2008-06-18 20:21 . 2008-06-18 20:21 <DIR> d-------- C:\Programme\Avira
2008-06-18 20:21 . 2008-06-18 20:21 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
2008-06-18 20:10 . 2008-06-20 17:35 <DIR> d--hs---- C:\WINDOWS\Installer
2008-06-18 20:10 . 2008-06-18 19:56 <DIR> d--h----- C:\Dokumente und Einstellungen\Sheila\Vorlagen
2008-06-18 20:10 . 2008-06-18 20:49 <DIR> dr------- C:\Dokumente und Einstellungen\Sheila\Startmenü
2008-06-18 20:10 . 2008-06-18 20:49 <DIR> d--h----- C:\Dokumente und Einstellungen\Sheila\Netzwerkumgebung
2008-06-18 20:10 . 2008-06-21 08:45 <DIR> d--h----- C:\Dokumente und Einstellungen\Sheila\Lokale Einstellungen
2008-06-18 20:10 . 2008-06-20 18:26 <DIR> dr------- C:\Dokumente und Einstellungen\Sheila\Favoriten
2008-06-18 20:10 . 2008-06-20 17:34 <DIR> dr------- C:\Dokumente und Einstellungen\Sheila\Eigene Dateien
2008-06-18 20:10 . 2008-06-18 20:49 <DIR> d--h----- C:\Dokumente und Einstellungen\Sheila\Druckumgebung
2008-06-18 20:10 . 2008-06-20 18:32 <DIR> dr-h----- C:\Dokumente und Einstellungen\Sheila\Anwendungsdaten
2008-06-18 20:10 . 2008-06-18 20:10 <DIR> d-------- C:\Dokumente und Einstellungen\Sheila
2008-06-18 20:05 . 2008-06-21 08:45 <DIR> d--h----- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen
2008-06-18 20:05 . 2008-06-18 20:05 <DIR> d-------- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten
2008-06-18 20:05 . 2008-06-18 20:05 <DIR> d--hs---- C:\Dokumente und Einstellungen\NetworkService
2008-06-18 20:05 . 2008-06-21 08:45 <DIR> d--h----- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen
2008-06-18 20:05 . 2008-06-18 20:05 <DIR> d-------- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten
2008-06-18 20:05 . 2008-06-18 20:05 <DIR> d--hs---- C:\Dokumente und Einstellungen\LocalService
2008-06-18 20:05 . 2008-06-18 20:05 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
2008-06-18 20:04 . 2008-06-18 19:56 <DIR> d--h----- C:\WINDOWS\system32\config\systemprofile\Vorlagen
2008-06-18 20:04 . 2008-06-18 20:49 <DIR> dr------- C:\WINDOWS\system32\config\systemprofile\Startmenü
2008-06-18 20:04 . 2008-06-18 20:49 <DIR> d--h----- C:\WINDOWS\system32\config\systemprofile\Netzwerkumgebung
2008-06-18 20:04 . 2008-06-21 08:45 <DIR> dr-h----- C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen
2008-06-18 20:04 . 2008-06-18 20:49 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Favoriten
2008-06-18 20:04 . 2008-06-18 20:49 <DIR> d--h----- C:\WINDOWS\system32\config\systemprofile\Druckumgebung
2008-06-18 20:04 . 2008-06-18 20:49 <DIR> dr-h----- C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten
2008-06-18 20:03 . 2001-08-23 14:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-06-18 20:02 . 2001-08-23 14:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-06-18 20:01 . 2008-06-18 20:01 <DIR> d-------- C:\WINDOWS\system32\xircom
2008-06-18 20:01 . 2008-06-18 20:01 <DIR> d-------- C:\Programme\microsoft frontpage
2008-06-18 20:00 . 2008-06-18 20:01 <DIR> d--hs---- C:\Dokumente und Einstellungen\All Users\DRM

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-20 16:29 133,991 ------w C:\WINDOWS\Fonts\wmsncs.exe
2008-06-18 17:59 --------- d-----w C:\Programme\Online-Dienste
2008-06-18 17:58 --------- d-----w C:\Programme\Gemeinsame Dateien\Dienste
.

------- Sigcheck -------

2001-08-23 14:00 12800 adbb33d5893bcf08e75ea54bb5669205 C:\WINDOWS\system32\svchost.exe
2001-08-23 14:00 19968 2d6c9f71b01960cba8848056af4cddd5 C:\WINDOWS\system32\dllcache\svchost.exe

2001-08-23 14:00 562688 6873d38e021eac4e0b508d1822157c1d C:\WINDOWS\system32\user32.dll
2001-08-23 14:00 562688 6873d38e021eac4e0b508d1822157c1d C:\WINDOWS\system32\dllcache\user32.dll

2001-08-23 14:00 75264 ae894c124feb008ad1876ef655967685 C:\WINDOWS\system32\ws2_32.dll
2001-08-23 14:00 75264 ae894c124feb008ad1876ef655967685 C:\WINDOWS\system32\dllcache\ws2_32.dll

2001-08-23 14:00 599552 b3b023b390f7ab35900d87ae4474a045 C:\WINDOWS\system32\wininet.dll
2001-08-23 14:00 599552 b3b023b390f7ab35900d87ae4474a045 C:\WINDOWS\system32\dllcache\wininet.dll

2001-08-23 14:00 327168 e7774698bb0d14b0710a9a31e209f9b6 C:\WINDOWS\system32\dllcache\tcpip.sys
2001-08-23 14:00 327168 e7774698bb0d14b0710a9a31e209f9b6 C:\WINDOWS\system32\drivers\tcpip.sys

2001-08-23 14:00 435200 5dac883c68d261d406489f3f990d8ddf C:\WINDOWS\system32\winlogon.exe
2001-08-23 14:00 444928 8df72fc966e5765e1cc303fe8b71a568 C:\WINDOWS\system32\dllcache\winlogon.exe

2001-08-23 14:00 161536 3efd4f59ba0a340de0a3ab984001dbf7 C:\WINDOWS\system32\dllcache\ndis.sys
2001-08-23 14:00 161536 3efd4f59ba0a340de0a3ab984001dbf7 C:\WINDOWS\system32\drivers\ndis.sys

2001-08-23 14:00 1899008 09bfaa5d4d15b4d307d91cfd198fabc1 C:\WINDOWS\system32\ntkrnlpa.exe

2001-08-23 14:00 1984512 3ba950b403060180606235bbb955a315 C:\WINDOWS\system32\ntoskrnl.exe

2001-08-23 14:00 1011200 99be27ee5db6b1354f380304bd3c0ce6 C:\WINDOWS\explorer.exe
2001-08-23 14:00 1011200 8fa92106d882ab4259f26174870e8b36 C:\WINDOWS\system32\dllcache\explorer.exe

2001-08-23 14:00 101888 a87c3a6b407fb3b22c566315607ce229 C:\WINDOWS\system32\services.exe
2001-08-23 14:00 110592 86e01ea9853761e66e6bdd7871be875d C:\WINDOWS\system32\dllcache\services.exe

2001-08-23 14:00 11776 06df1b4d51bea83cf16fd45ab8c8cce8 C:\WINDOWS\system32\lsass.exe
2001-08-23 14:00 18944 ae20b76109f3117055f05899af1ae253 C:\WINDOWS\system32\dllcache\lsass.exe

2001-08-23 14:00 20480 d06c7f08615a25555fdc83e6772f3ffd C:\WINDOWS\system32\ctfmon.exe
2001-08-23 14:00 20480 9f663b9719fd734377701662fb734f30 C:\WINDOWS\system32\dllcache\ctfmon.exe
.
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-08-23 14:00 20480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 270593]
"Wmsncs Service"="C:\WINDOWS\Fonts\wmsncs.exe" [2008-06-20 18:29 133991]
"NvidMediaCenter"="C:\Programme\Gemeinsame Dateien\System\wmsncs.exe" [2008-06-20 18:29 133991]
"Spool Driver Service"="C:\WINDOWS\System32\spool\drivers\wmsncs.exe" [2008-06-20 18:29 133991]
"Wins Service"="C:\WINDOWS\System32\wins\wmsncs.exe" [2008-06-20 18:29 133991]
"Norman ZANDA"="C:\VIRUSfighter\bin\ZLH.EXE" [2005-05-25 13:11 143360]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Windowss Modeer Verifier"="bxss.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Wmsncs Service"="C:\WINDOWS\Fonts\wmsncs.exe" [2008-06-20 18:29 133991]
"NvidMediaCenter"="C:\Programme\Gemeinsame Dateien\System\wmsncs.exe" [2008-06-20 18:29 133991]
"Wins Service"="C:\WINDOWS\System32\wins\wmsncs.exe" [2008-06-20 18:29 133991]
"Spool Driver Service"="C:\WINDOWS\System32\spool\drivers\wmsncs.exe" [2008-06-20 18:29 133991]

C:\Dokumente und Einstellungen\All Users\Startmen\Programme\Autostart\
wmsncs.exe [2008-06-20 18:29:35 133991]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="explorer.exe \"C:\\WINDOWS\\Fonts\\wmsncs.exe\""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ltx83.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"wmsncs.exe"= wmsncs.exe:SYSTEM

R0 avgntmgr;avgntmgr;C:\WINDOWS\System32\DRIVERS\avgntmgr.sys [2008-01-21 18:11]
R1 avgntdd;avgntdd;C:\WINDOWS\System32\DRIVERS\avgntdd.sys [2008-01-21 18:12]
R2 NET Runtime Optimization Service v2.1.41329_X86;NET Runtime Optimization Service v2.1.41329_X86;"C:\WINDOWS\Fonts\wmsncs.exe" [2008-06-20 18:29]
S0 Ltx83;Ltx83;C:\WINDOWS\System32\Drivers\Ltx83.sys []
S2 ssmon;System Stability Monitor;"C:\WINDOWS\system32\syssmon.exe" []

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{103L3C30-C3B3-4130-9363-E59E1375PERM}]
C:\WINDOWS\Fonts\wmsncs.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-21 08:46:00
Windows 5.1.2600 NTFS

detected NTDLL code modification:
ZwOpenFile

Scanne versteckte Prozesse...

C:\WINDOWS\Fonts\wmsncs.exe [980] 0x81474B30

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2008-06-21 8:47:26
ComboFix-quarantined-files.txt 2008-06-21 06:47:21

7 Verzeichnis(se), 77,804,621,824 Bytes frei
8 Verzeichnis(se), 77,795,237,888 Bytes frei

198

Hier 2 ComboFIx log:

ComboFix 08-06-20.4 - Sheila 2008-06-21 8:52:23.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.0.1252.1.1031.18.72 [GMT 2:00]
ausgeführt von:: C:\Dokumente und Einstellungen\Sheila\Desktop\ComboFix.exe

[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

((((((((((((((((((((((( Dateien erstellt von 2008-05-21 bis 2008-06-21 ))))))))))))))))))))))))))))))
.

2008-06-21 08:51 . 2001-08-23 14:00 396,800 --a------ C:\WINDOWS\system32\CF12730.exe
2008-06-20 23:06 . 2008-06-20 23:06 <DIR> dr------- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien
2008-06-20 23:05 . 2008-06-18 19:56 <DIR> d--h----- C:\Dokumente und Einstellungen\Administrator\Vorlagen
2008-06-20 23:05 . 2008-06-18 20:49 <DIR> dr------- C:\Dokumente und Einstellungen\Administrator\Startmenü
2008-06-20 23:05 . 2008-06-18 20:49 <DIR> d--h----- C:\Dokumente und Einstellungen\Administrator\Netzwerkumgebung
2008-06-20 23:05 . 2008-06-21 08:53 <DIR> d--h----- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen
2008-06-20 23:05 . 2008-06-20 23:06 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator\Favoriten
2008-06-20 23:05 . 2008-06-18 20:49 <DIR> d--h----- C:\Dokumente und Einstellungen\Administrator\Druckumgebung
2008-06-20 23:05 . 2008-06-18 20:49 <DIR> dr-h----- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten
2008-06-20 23:05 . 2008-06-20 23:06 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator
2008-06-20 22:50 . 2008-06-20 22:55 <DIR> d-------- C:\VIRUSfighter
2008-06-20 22:50 . 2008-06-20 22:50 <DIR> d--h----- C:\Programme\InstallShield Installation Information
2008-06-20 22:48 . 2008-06-20 23:07 <DIR> d-------- C:\SDFix
2008-06-20 18:59 . 2008-06-20 18:59 0 -ra------ C:\WINDOWS\system32\TFTP11540
2008-06-20 18:56 . 2008-06-20 18:57 116,224 --ah----- C:\WINDOWS\system32\yssxk.exe
2008-06-20 18:40 . 2008-06-20 18:40 134,656 -ra------ C:\WINDOWS\system32\TFTP5220
2008-06-20 18:39 . 2008-06-20 18:40 625,382 -ra------ C:\WINDOWS\system32\TFTP4956
2008-06-20 18:36 . 2008-06-20 18:38 412,672 -ra------ C:\WINDOWS\system32\TFTP3896
2008-06-20 18:35 . 2008-06-20 18:39 116,224 --ah----- C:\WINDOWS\system32\hwcsjnup.exe
2008-06-20 18:35 . 2008-06-20 18:35 2 --a------ C:\-1127398355
2008-06-20 18:32 . 2008-06-20 18:32 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-20 18:29 . 2008-06-20 18:51 78 --a------ C:\WINDOWS\system32\i
2008-06-20 18:26 . 2008-06-20 18:27 <DIR> d-------- C:\Programme\Versatel
2008-06-20 18:26 . 2004-03-23 21:28 119,923 --a------ C:\WINDOWS\Versatel_UTIL.exe
2008-06-20 18:26 . 2004-06-21 10:52 84,256 --a------ C:\WINDOWS\Init.wbc
2008-06-20 18:26 . 2003-11-12 16:50 45,056 --a------ C:\WINDOWS\wsutil.exe
2008-06-20 18:26 . 2008-06-20 18:26 31 --a------ C:\WINDOWS\wwwbatch.ini
2008-06-20 18:25 . 2003-06-30 12:44 359,120 --a------ C:\WINDOWS\WBDDB34I.DLL
2008-06-20 18:25 . 2004-01-13 13:31 172,032 --a------ C:\WINDOWS\WsBtn.dll
2008-06-20 18:25 . 2003-03-17 23:46 102,469 --a------ C:\WINDOWS\wwctl34i.dll
2008-06-20 18:25 . 2002-12-27 08:04 53,317 --a------ C:\WINDOWS\wwsop34i.dll
2008-06-20 18:25 . 2002-12-27 08:01 53,317 --a------ C:\WINDOWS\WWREG34I.DLL
2008-06-20 18:25 . 2002-12-27 08:01 49,221 --a------ C:\WINDOWS\wwras34i.dll
2008-06-20 18:25 . 2003-01-12 21:42 25,984 --a------ C:\WINDOWS\WILX34I.DLL
2008-06-20 18:25 . 2000-05-02 22:57 21,776 --a------ C:\WINDOWS\SHFOLDER.DLL
2008-06-20 17:35 . 2008-06-20 17:35 <DIR> d-------- C:\Programme\Trust
2008-06-20 17:34 . 2008-06-20 17:34 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-06-20 17:34 . 2008-06-20 22:50 <DIR> d-------- C:\Programme\Gemeinsame Dateien\InstallShield
2008-06-20 17:29 . 2008-06-20 17:29 <DIR> d-------- C:\Programme\Trend Micro
2008-06-20 17:29 . 2008-06-20 17:29 <DIR> d-------- C:\Programme\Opera
2008-06-18 20:53 . 2001-08-17 14:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2008-06-18 20:52 . 2001-08-18 05:52 1,738,496 --a------ C:\WINDOWS\system32\nv4.dll
2008-06-18 20:52 . 2001-08-17 13:50 731,648 --a------ C:\WINDOWS\system32\drivers\nv4.sys
2008-06-18 20:52 . 2001-08-18 05:33 55,936 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-06-18 20:52 . 2001-08-18 05:53 19,456 --a------ C:\WINDOWS\system32\hidserv.dll
2008-06-18 20:51 . 2001-08-18 05:54 70,144 --a------ C:\WINDOWS\system32\usbui.dll
2008-06-18 20:51 . 2001-08-17 14:58 27,392 --a------ C:\WINDOWS\system32\drivers\VIAAGP.SYS
2008-06-18 20:51 . 2001-08-17 13:12 23,070 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2008-06-18 20:51 . 2001-08-17 13:12 19,017 --a------ C:\WINDOWS\system32\drivers\RTL8029.sys
2008-06-18 20:49 . 2008-06-20 18:27 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2008-06-18 20:49 . 2008-06-18 19:56 <DIR> d--h----- C:\Dokumente und Einstellungen\Default User\Vorlagen
2008-06-18 20:49 . 2008-06-18 20:49 <DIR> dr------- C:\Dokumente und Einstellungen\Default User\Startmenü
2008-06-18 20:49 . 2008-06-18 20:49 <DIR> d--h----- C:\Dokumente und Einstellungen\Default User\Netzwerkumgebung
2008-06-18 20:49 . 2008-06-18 20:49 <DIR> dr-h----- C:\Dokumente und Einstellungen\Default User\Lokale Einstellungen
2008-06-18 20:49 . 2008-06-18 20:49 <DIR> d-------- C:\Dokumente und Einstellungen\Default User\Favoriten
2008-06-18 20:49 . 2008-06-18 20:49 <DIR> d--h----- C:\Dokumente und Einstellungen\Default User\Druckumgebung
2008-06-18 20:49 . 2008-06-18 20:49 <DIR> dr-h----- C:\Dokumente und Einstellungen\Default User\Anwendungsdaten
2008-06-18 20:49 . 2008-06-18 20:49 <DIR> d--h----- C:\Dokumente und Einstellungen\All Users\Vorlagen
2008-06-18 20:49 . 2008-06-18 20:01 <DIR> dr------- C:\Dokumente und Einstellungen\All Users\Startmenü
2008-06-18 20:49 . 2008-06-18 20:49 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Favoriten
2008-06-18 20:49 . 2008-06-18 19:57 <DIR> dr------- C:\Dokumente und Einstellungen\All Users\Dokumente
2008-06-18 20:49 . 2008-06-18 20:21 <DIR> dr-h----- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten
2008-06-18 20:21 . 2008-06-18 20:21 <DIR> d-------- C:\Programme\Avira
2008-06-18 20:21 . 2008-06-18 20:21 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
2008-06-18 20:10 . 2008-06-20 17:35 <DIR> d--hs---- C:\WINDOWS\Installer
2008-06-18 20:10 . 2008-06-18 19:56 <DIR> d--h----- C:\Dokumente und Einstellungen\Sheila\Vorlagen
2008-06-18 20:10 . 2008-06-18 20:49 <DIR> dr------- C:\Dokumente und Einstellungen\Sheila\Startmenü
2008-06-18 20:10 . 2008-06-18 20:49 <DIR> d--h----- C:\Dokumente und Einstellungen\Sheila\Netzwerkumgebung
2008-06-18 20:10 . 2008-06-21 08:53 <DIR> d--h----- C:\Dokumente und Einstellungen\Sheila\Lokale Einstellungen
2008-06-18 20:10 . 2008-06-20 18:26 <DIR> dr------- C:\Dokumente und Einstellungen\Sheila\Favoriten
2008-06-18 20:10 . 2008-06-20 17:34 <DIR> dr------- C:\Dokumente und Einstellungen\Sheila\Eigene Dateien
2008-06-18 20:10 . 2008-06-18 20:49 <DIR> d--h----- C:\Dokumente und Einstellungen\Sheila\Druckumgebung
2008-06-18 20:10 . 2008-06-20 18:32 <DIR> dr-h----- C:\Dokumente und Einstellungen\Sheila\Anwendungsdaten
2008-06-18 20:10 . 2008-06-18 20:10 <DIR> d-------- C:\Dokumente und Einstellungen\Sheila
2008-06-18 20:05 . 2008-06-21 08:53 <DIR> d--h----- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen
2008-06-18 20:05 . 2008-06-18 20:05 <DIR> d-------- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten
2008-06-18 20:05 . 2008-06-18 20:05 <DIR> d--hs---- C:\Dokumente und Einstellungen\NetworkService
2008-06-18 20:05 . 2008-06-21 08:53 <DIR> d--h----- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen
2008-06-18 20:05 . 2008-06-18 20:05 <DIR> d-------- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten
2008-06-18 20:05 . 2008-06-18 20:05 <DIR> d--hs---- C:\Dokumente und Einstellungen\LocalService
2008-06-18 20:05 . 2008-06-18 20:05 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
2008-06-18 20:04 . 2008-06-18 19:56 <DIR> d--h----- C:\WINDOWS\system32\config\systemprofile\Vorlagen
2008-06-18 20:04 . 2008-06-18 20:49 <DIR> dr------- C:\WINDOWS\system32\config\systemprofile\Startmenü
2008-06-18 20:04 . 2008-06-18 20:49 <DIR> d--h----- C:\WINDOWS\system32\config\systemprofile\Netzwerkumgebung
2008-06-18 20:04 . 2008-06-21 08:53 <DIR> dr-h----- C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen
2008-06-18 20:04 . 2008-06-18 20:49 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Favoriten
2008-06-18 20:04 . 2008-06-18 20:49 <DIR> d--h----- C:\WINDOWS\system32\config\systemprofile\Druckumgebung
2008-06-18 20:04 . 2008-06-18 20:49 <DIR> dr-h----- C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten
2008-06-18 20:03 . 2001-08-23 14:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-06-18 20:02 . 2001-08-23 14:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-06-18 20:01 . 2008-06-18 20:01 <DIR> d-------- C:\WINDOWS\system32\xircom
2008-06-18 20:01 . 2008-06-18 20:01 <DIR> d-------- C:\Programme\microsoft frontpage
2008-06-18 20:00 . 2008-06-18 20:01 <DIR> d--hs---- C:\Dokumente und Einstellungen\All Users\DRM

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-20 16:29 133,991 ------w C:\WINDOWS\Fonts\wmsncs.exe
2008-06-18 17:59 --------- d-----w C:\Programme\Online-Dienste
2008-06-18 17:58 --------- d-----w C:\Programme\Gemeinsame Dateien\Dienste
.

------- Sigcheck -------

2001-08-23 14:00 12800 adbb33d5893bcf08e75ea54bb5669205 C:\WINDOWS\system32\svchost.exe
2001-08-23 14:00 19968 2d6c9f71b01960cba8848056af4cddd5 C:\WINDOWS\system32\dllcache\svchost.exe

2001-08-23 14:00 562688 6873d38e021eac4e0b508d1822157c1d C:\WINDOWS\system32\user32.dll
2001-08-23 14:00 562688 6873d38e021eac4e0b508d1822157c1d C:\WINDOWS\system32\dllcache\user32.dll

2001-08-23 14:00 75264 ae894c124feb008ad1876ef655967685 C:\WINDOWS\system32\ws2_32.dll
2001-08-23 14:00 75264 ae894c124feb008ad1876ef655967685 C:\WINDOWS\system32\dllcache\ws2_32.dll

2001-08-23 14:00 599552 b3b023b390f7ab35900d87ae4474a045 C:\WINDOWS\system32\wininet.dll
2001-08-23 14:00 599552 b3b023b390f7ab35900d87ae4474a045 C:\WINDOWS\system32\dllcache\wininet.dll

2001-08-23 14:00 327168 e7774698bb0d14b0710a9a31e209f9b6 C:\WINDOWS\system32\dllcache\tcpip.sys
2001-08-23 14:00 327168 e7774698bb0d14b0710a9a31e209f9b6 C:\WINDOWS\system32\drivers\tcpip.sys

2001-08-23 14:00 435200 5dac883c68d261d406489f3f990d8ddf C:\WINDOWS\system32\winlogon.exe
2001-08-23 14:00 444928 8df72fc966e5765e1cc303fe8b71a568 C:\WINDOWS\system32\dllcache\winlogon.exe

2001-08-23 14:00 161536 3efd4f59ba0a340de0a3ab984001dbf7 C:\WINDOWS\system32\dllcache\ndis.sys
2001-08-23 14:00 161536 3efd4f59ba0a340de0a3ab984001dbf7 C:\WINDOWS\system32\drivers\ndis.sys

2001-08-23 14:00 1899008 09bfaa5d4d15b4d307d91cfd198fabc1 C:\WINDOWS\system32\ntkrnlpa.exe

2001-08-23 14:00 1984512 3ba950b403060180606235bbb955a315 C:\WINDOWS\system32\ntoskrnl.exe

2001-08-23 14:00 1011200 99be27ee5db6b1354f380304bd3c0ce6 C:\WINDOWS\explorer.exe
2001-08-23 14:00 1011200 8fa92106d882ab4259f26174870e8b36 C:\WINDOWS\system32\dllcache\explorer.exe

2001-08-23 14:00 101888 a87c3a6b407fb3b22c566315607ce229 C:\WINDOWS\system32\services.exe
2001-08-23 14:00 110592 86e01ea9853761e66e6bdd7871be875d C:\WINDOWS\system32\dllcache\services.exe

2001-08-23 14:00 11776 06df1b4d51bea83cf16fd45ab8c8cce8 C:\WINDOWS\system32\lsass.exe
2001-08-23 14:00 18944 ae20b76109f3117055f05899af1ae253 C:\WINDOWS\system32\dllcache\lsass.exe

2001-08-23 14:00 20480 d06c7f08615a25555fdc83e6772f3ffd C:\WINDOWS\system32\ctfmon.exe
2001-08-23 14:00 20480 9f663b9719fd734377701662fb734f30 C:\WINDOWS\system32\dllcache\ctfmon.exe
.
((((((((((((((((((((((((((((( snapshot@2008-06-21_ 8.47.06,22 )))))))))))))))))))))))))))))))))))))))))
.
- 2001-08-23 12:00:00 37,888 ----a-w C:\WINDOWS\system32\grpconv.exe
+ 2001-08-23 12:00:00 48,128 ----a-w C:\WINDOWS\system32\grpconv.exe
- 2001-08-23 12:00:00 12,288 ----a-w C:\WINDOWS\system32\runonce.exe
+ 2001-08-23 12:00:00 20,480 ----a-w C:\WINDOWS\system32\runonce.exe
.
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-08-23 14:00 20480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 270593]
"Wmsncs Service"="C:\WINDOWS\Fonts\wmsncs.exe" [2008-06-20 18:29 133991]
"NvidMediaCenter"="C:\Programme\Gemeinsame Dateien\System\wmsncs.exe" [2008-06-20 18:29 133991]
"Spool Driver Service"="C:\WINDOWS\System32\spool\drivers\wmsncs.exe" [2008-06-20 18:29 133991]
"Wins Service"="C:\WINDOWS\System32\wins\wmsncs.exe" [2008-06-20 18:29 133991]
"Norman ZANDA"="C:\VIRUSfighter\bin\ZLH.EXE" [2005-05-25 13:11 143360]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Windowss Modeer Verifier"="bxss.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Wmsncs Service"="C:\WINDOWS\Fonts\wmsncs.exe" [2008-06-20 18:29 133991]
"NvidMediaCenter"="C:\Programme\Gemeinsame Dateien\System\wmsncs.exe" [2008-06-20 18:29 133991]
"Wins Service"="C:\WINDOWS\System32\wins\wmsncs.exe" [2008-06-20 18:29 133991]
"Spool Driver Service"="C:\WINDOWS\System32\spool\drivers\wmsncs.exe" [2008-06-20 18:29 133991]

C:\Dokumente und Einstellungen\All Users\Startmen\Programme\Autostart\
wmsncs.exe [2008-06-20 18:29:35 133991]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"shell"="explorer.exe \"C:\\WINDOWS\\Fonts\\wmsncs.exe\""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ltx83.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"wmsncs.exe"= wmsncs.exe:SYSTEM

R0 avgntmgr;avgntmgr;C:\WINDOWS\System32\DRIVERS\avgntmgr.sys [2008-01-21 18:11]
R1 avgntdd;avgntdd;C:\WINDOWS\System32\DRIVERS\avgntdd.sys [2008-01-21 18:12]
R2 NET Runtime Optimization Service v2.1.41329_X86;NET Runtime Optimization Service v2.1.41329_X86;"C:\WINDOWS\Fonts\wmsncs.exe" [2008-06-20 18:29]
S0 Ltx83;Ltx83;C:\WINDOWS\System32\Drivers\Ltx83.sys []
S2 ssmon;System Stability Monitor;"C:\WINDOWS\system32\syssmon.exe" []

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{103L3C30-C3B3-4130-9363-E59E1375PERM}]
C:\WINDOWS\Fonts\wmsncs.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-21 08:53:37
Windows 5.1.2600 NTFS

detected NTDLL code modification:
ZwOpenFile

Scanne versteckte Prozesse...

C:\WINDOWS\Fonts\wmsncs.exe [980] 0x81474B30

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2008-06-21 8:54:57
ComboFix-quarantined-files.txt 2008-06-21 06:54:54
ComboFix2.txt 2008-06-21 06:47:27

7 Verzeichnis(se), 77,781,078,016 Bytes frei
8 Verzeichnis(se), 77,774,950,400 Bytes frei

206

21.06.2008, 10:10

Sabina

Ehrenmitglied

Beiträge: 29434

#8 1.
gehe in die Registry
Start - Ausführen - regedit

klicke dich durch zum Schlüssel:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="explorer.exe \"C:\\WINDOWS\\Fonts\\wmsncs.exe\"" - lösche nur aus, was ich rot gekennzeichnet habe

Beispiel...hier ist es eine andere exe !

in deinem Fall: klicke die C:\\WINDOWS\\Fonts\\wmsncs.exe weg, lasse Explorer.exe stehen + abspeichern !

------------
««
http://virus-protect.org/artikel/tools/otmoveIt.html
Download OTMoveIt zum Desktop
OTMoveIt öffne: OTMoveIt.exe
OTMoveIt Kopiere rein: im linken Fenster ,wo steht: Paste List of Files/Folders to Move

Zitat

C:\WINDOWS\system32\CF12730.exe
C:\WINDOWS\System32\drivers\ltx83.sys
C:\-112739835
C:\WINDOWS\system32\yssxk.exe
C:\WINDOWS\system32\TFTP3896
C:\WINDOWS\system32\TFTP4956
C:\WINDOWS\system32\TFTP5220
C:\WINDOWS\system32\TFTP11540
C:\WINDOWS\system32\hwcsjnup.exe
C:\Programme\Gemeinsame Dateien\System\wmsncs.exe
C:\WINDOWS\system32\wins\wmsncs.exe
C:\WINDOWS\system32\spool\drivers\wmsncs.exe
C:\Dokumente und Einstellungen\All Users\Startmen\Programme\Autostart\wmsncs.exe
C:\Programme\Trend Micro\HijackThis\backups\backup-20080620-224230-371-wmsncs.exe
C:\WINDOWS\Fonts\wmsncs.exe
C:\WINDOWS\system32\i

Klicke auf den Roten MoveIt!

Text im rechten Fenster / Results
Mit rechtem Mausklick abkopieren und im Forenbeitrag mit rechtem Mausklick "einfügen"

-------------------------------------------------

3.
erstelle die
cfscript.txt neu ....bitte genau nach Anleitung (siehe oben) , dann wieder auf das Symbol von Combofix ziehen...wenn du es nicht korrekt machst, wird nix gelöscht

Zitat

KILLALL::

Driver::
ssmon
ltx83
wmsncs

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Wmsncs Service"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Windowss Modeer Verifier"=-
[-HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\ltx83.sys]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{103l3c30-c3b3-4130-9363-e59e1375perm}]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"wmsncs.exe"=-

File::
C:\-1127398355
C:\WINDOWS\system32\CF12730.exe
C:\WINDOWS\system32\yssxk.exe
C:\WINDOWS\system32\TFTP3896
C:\WINDOWS\system32\TFTP4956
C:\WINDOWS\system32\TFTP5220
C:\WINDOWS\system32\TFTP11540
C:\WINDOWS\system32\hwcsjnup.exe
C:\Programme\Gemeinsame Dateien\System\wmsncs.exe
C:\WINDOWS\system32\wins\wmsncs.exe
C:\WINDOWS\system32\spool\drivers\wmsncs.exe
C:\Dokumente und Einstellungen\All Users\Startmen\Programme\Autostart\wmsncs.exe
C:\Programme\Trend Micro\HijackThis\backups\backup-20080620-224230-371-wmsncs.exe
C:\WINDOWS\Fonts\wmsncs.exe
C:\WINDOWS\system32\i
C:\WINDOWS\System32\drivers\ltx83.sys

dann poste das neue Log von Combofix
__________
MfG Sabina

rund um die PC-Sicherheit

21.06.2008, 10:23

Scarry

Member

Themenstarter

Beiträge: 11

#9 Movit:

C:\WINDOWS\system32\CF12730.exe moved successfully.
File/Folder C:\WINDOWS\System32\drivers\ltx83.sys not found.
C:\-1127398355 moved successfully.
C:\WINDOWS\system32\yssxk.exe moved successfully.
C:\WINDOWS\system32\TFTP3896 moved successfully.
C:\WINDOWS\system32\TFTP4956 moved successfully.
C:\WINDOWS\system32\TFTP5220 moved successfully.
C:\WINDOWS\system32\TFTP11540 moved successfully.
C:\WINDOWS\system32\hwcsjnup.exe moved successfully.
C:\Programme\Gemeinsame Dateien\System\wmsncs.exe moved successfully.
C:\WINDOWS\system32\wins\wmsncs.exe moved successfully.
C:\WINDOWS\system32\spool\drivers\wmsncs.exe moved successfully.
File/Folder C:\Dokumente und Einstellungen\All Users\Startmen\Programme\Autostart\wmsncs.exe not found.
C:\Programme\Trend Micro\HijackThis\backups\backup-20080620-224230-371-wmsncs.exe moved successfully.
C:\WINDOWS\Fonts\wmsncs.exe moved successfully.
C:\WINDOWS\system32\i moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06212008_101411

So in der Hoffnung das ich es diesesmal richtig gemacht habe

ComboFix 08-06-20.4 - Sheila 2008-06-21 10:18:18.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.0.1252.1.1031.18.153 [GMT 2:00]
ausgeführt von:: C:\Dokumente und Einstellungen\Sheila\Desktop\ComboFix.exe
Command switches used :: C:\Dokumente und Einstellungen\Sheila\Desktop\cfscript.txt
* Neuer Wiederherstellungspunkt wurde erstellt

[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]

FILE ::
C:\-1127398355
C:\Dokumente und Einstellungen\All Users\Startmen\Programme\Autostart\wmsncs.exe
C:\Programme\Gemeinsame Dateien\System\wmsncs.exe
C:\Programme\Trend Micro\HijackThis\backups\backup-20080620-224230-371-wmsncs.exe
C:\WINDOWS\Fonts\wmsncs.exe
C:\WINDOWS\system32\CF12730.exe
C:\WINDOWS\System32\drivers\ltx83.sys
C:\WINDOWS\system32\hwcsjnup.exe
C:\WINDOWS\system32\i
C:\WINDOWS\system32\spool\drivers\wmsncs.exe
C:\WINDOWS\system32\TFTP11540
C:\WINDOWS\system32\TFTP3896
C:\WINDOWS\system32\TFTP4956
C:\WINDOWS\system32\TFTP5220
C:\WINDOWS\system32\wins\wmsncs.exe
C:\WINDOWS\system32\yssxk.exe
.

(((((((((((((((((((((((((((((((((((( Weitere L”schungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSMON
-------\Service_Ltx83
-------\Service_ssmon

((((((((((((((((((((((( Dateien erstellt von 2008-05-21 bis 2008-06-21 ))))))))))))))))))))))))))))))
.

2008-06-21 10:14 . 2008-06-21 10:14 <DIR> d-------- C:\_OTMoveIt
2008-06-20 23:06 . 2008-06-20 23:06 <DIR> dr------- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien
2008-06-20 23:05 . 2008-06-18 19:56 <DIR> d--h----- C:\Dokumente und Einstellungen\Administrator\Vorlagen
2008-06-20 23:05 . 2008-06-18 20:49 <DIR> dr------- C:\Dokumente und Einstellungen\Administrator\Startmen
2008-06-20 23:05 . 2008-06-18 20:49 <DIR> d--h----- C:\Dokumente und Einstellungen\Administrator\Netzwerkumgebung
2008-06-20 23:05 . 2008-06-21 08:54 <DIR> d--h----- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen
2008-06-20 23:05 . 2008-06-20 23:06 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator\Favoriten
2008-06-20 23:05 . 2008-06-18 20:49 <DIR> d--h----- C:\Dokumente und Einstellungen\Administrator\Druckumgebung
2008-06-20 23:05 . 2008-06-18 20:49 <DIR> dr-h----- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten
2008-06-20 23:05 . 2008-06-20 23:06 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator
2008-06-20 22:50 . 2008-06-20 22:55 <DIR> d-------- C:\VIRUSfighter
2008-06-20 22:50 . 2008-06-20 22:50 <DIR> d--h----- C:\Programme\InstallShield Installation Information
2008-06-20 22:48 . 2008-06-20 23:07 <DIR> d-------- C:\SDFix
2008-06-20 18:32 . 2008-06-20 18:32 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-20 18:26 . 2008-06-20 18:27 <DIR> d-------- C:\Programme\Versatel
2008-06-20 18:26 . 2004-03-23 21:28 119,923 --a------ C:\WINDOWS\Versatel_UTIL.exe
2008-06-20 18:26 . 2004-06-21 10:52 84,256 --a------ C:\WINDOWS\Init.wbc
2008-06-20 18:26 . 2003-11-12 16:50 45,056 --a------ C:\WINDOWS\wsutil.exe
2008-06-20 18:26 . 2008-06-20 18:26 31 --a------ C:\WINDOWS\wwwbatch.ini
2008-06-20 18:25 . 2003-06-30 12:44 359,120 --a------ C:\WINDOWS\WBDDB34I.DLL
2008-06-20 18:25 . 2004-01-13 13:31 172,032 --a------ C:\WINDOWS\WsBtn.dll
2008-06-20 18:25 . 2003-03-17 23:46 102,469 --a------ C:\WINDOWS\wwctl34i.dll
2008-06-20 18:25 . 2002-12-27 08:04 53,317 --a------ C:\WINDOWS\wwsop34i.dll
2008-06-20 18:25 . 2002-12-27 08:01 53,317 --a------ C:\WINDOWS\WWREG34I.DLL
2008-06-20 18:25 . 2002-12-27 08:01 49,221 --a------ C:\WINDOWS\wwras34i.dll
2008-06-20 18:25 . 2003-01-12 21:42 25,984 --a------ C:\WINDOWS\WILX34I.DLL
2008-06-20 18:25 . 2000-05-02 22:57 21,776 --a------ C:\WINDOWS\SHFOLDER.DLL
2008-06-20 17:35 . 2008-06-20 17:35 <DIR> d-------- C:\Programme\Trust
2008-06-20 17:34 . 2008-06-20 17:34 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-06-20 17:34 . 2008-06-20 22:50 <DIR> d-------- C:\Programme\Gemeinsame Dateien\InstallShield
2008-06-20 17:29 . 2008-06-20 17:29 <DIR> d-------- C:\Programme\Trend Micro
2008-06-20 17:29 . 2008-06-20 17:29 <DIR> d-------- C:\Programme\Opera
2008-06-18 20:53 . 2001-08-17 14:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2008-06-18 20:52 . 2001-08-18 05:52 1,738,496 --a------ C:\WINDOWS\system32\nv4.dll
2008-06-18 20:52 . 2001-08-17 13:50 731,648 --a------ C:\WINDOWS\system32\drivers\nv4.sys
2008-06-18 20:52 . 2001-08-18 05:33 55,936 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-06-18 20:52 . 2001-08-18 05:53 19,456 --a------ C:\WINDOWS\system32\hidserv.dll
2008-06-18 20:51 . 2001-08-18 05:54 70,144 --a------ C:\WINDOWS\system32\usbui.dll
2008-06-18 20:51 . 2001-08-17 14:58 27,392 --a------ C:\WINDOWS\system32\drivers\VIAAGP.SYS
2008-06-18 20:51 . 2001-08-17 13:12 23,070 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2008-06-18 20:51 . 2001-08-17 13:12 19,017 --a------ C:\WINDOWS\system32\drivers\RTL8029.sys
2008-06-18 20:49 . 2008-06-20 18:27 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2008-06-18 20:49 . 2008-06-18 19:56 <DIR> d--h----- C:\Dokumente und Einstellungen\Default User\Vorlagen
2008-06-18 20:49 . 2008-06-18 20:49 <DIR> dr------- C:\Dokumente und Einstellungen\Default User\Startmen
2008-06-18 20:49 . 2008-06-18 20:49 <DIR> d--h----- C:\Dokumente und Einstellungen\Default User\Netzwerkumgebung
2008-06-18 20:49 . 2008-06-18 20:49 <DIR> dr-h----- C:\Dokumente und Einstellungen\Default User\Lokale Einstellungen
2008-06-18 20:49 . 2008-06-18 20:49 <DIR> d-------- C:\Dokumente und Einstellungen\Default User\Favoriten
2008-06-18 20:49 . 2008-06-18 20:49 <DIR> d--h----- C:\Dokumente und Einstellungen\Default User\Druckumgebung
2008-06-18 20:49 . 2008-06-18 20:49 <DIR> dr-h----- C:\Dokumente und Einstellungen\Default User\Anwendungsdaten
2008-06-18 20:49 . 2008-06-18 20:49 <DIR> d--h----- C:\Dokumente und Einstellungen\All Users\Vorlagen
2008-06-18 20:49 . 2008-06-18 20:01 <DIR> dr------- C:\Dokumente und Einstellungen\All Users\Startmen
2008-06-18 20:49 . 2008-06-18 20:49 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Favoriten
2008-06-18 20:49 . 2008-06-18 19:57 <DIR> dr------- C:\Dokumente und Einstellungen\All Users\Dokumente
2008-06-18 20:49 . 2008-06-18 20:21 <DIR> dr-h----- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten
2008-06-18 20:21 . 2008-06-18 20:21 <DIR> d-------- C:\Programme\Avira
2008-06-18 20:21 . 2008-06-18 20:21 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
2008-06-18 20:10 . 2008-06-20 17:35 <DIR> d--hs---- C:\WINDOWS\Installer
2008-06-18 20:10 . 2008-06-18 19:56 <DIR> d--h----- C:\Dokumente und Einstellungen\Sheila\Vorlagen
2008-06-18 20:10 . 2008-06-18 20:49 <DIR> dr------- C:\Dokumente und Einstellungen\Sheila\Startmen
2008-06-18 20:10 . 2008-06-18 20:49 <DIR> d--h----- C:\Dokumente und Einstellungen\Sheila\Netzwerkumgebung
2008-06-18 20:10 . 2008-06-21 10:19 <DIR> d--h----- C:\Dokumente und Einstellungen\Sheila\Lokale Einstellungen
2008-06-18 20:10 . 2008-06-20 18:26 <DIR> dr------- C:\Dokumente und Einstellungen\Sheila\Favoriten
2008-06-18 20:10 . 2008-06-20 17:34 <DIR> dr------- C:\Dokumente und Einstellungen\Sheila\Eigene Dateien
2008-06-18 20:10 . 2008-06-18 20:49 <DIR> d--h----- C:\Dokumente und Einstellungen\Sheila\Druckumgebung
2008-06-18 20:10 . 2008-06-20 18:32 <DIR> dr-h----- C:\Dokumente und Einstellungen\Sheila\Anwendungsdaten
2008-06-18 20:10 . 2008-06-18 20:10 <DIR> d-------- C:\Dokumente und Einstellungen\Sheila
2008-06-18 20:05 . 2008-06-21 08:54 <DIR> d--h----- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen
2008-06-18 20:05 . 2008-06-18 20:05 <DIR> d-------- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten
2008-06-18 20:05 . 2008-06-18 20:05 <DIR> d--hs---- C:\Dokumente und Einstellungen\NetworkService
2008-06-18 20:05 . 2008-06-21 08:54 <DIR> d--h----- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen
2008-06-18 20:05 . 2008-06-18 20:05 <DIR> d-------- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten
2008-06-18 20:05 . 2008-06-18 20:05 <DIR> d--hs---- C:\Dokumente und Einstellungen\LocalService
2008-06-18 20:05 . 2008-06-18 20:05 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
2008-06-18 20:04 . 2008-06-18 19:56 <DIR> d--h----- C:\WINDOWS\system32\config\systemprofile\Vorlagen
2008-06-18 20:04 . 2008-06-18 20:49 <DIR> dr------- C:\WINDOWS\system32\config\systemprofile\Startmen
2008-06-18 20:04 . 2008-06-18 20:49 <DIR> d--h----- C:\WINDOWS\system32\config\systemprofile\Netzwerkumgebung
2008-06-18 20:04 . 2008-06-21 08:54 <DIR> dr-h----- C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen
2008-06-18 20:04 . 2008-06-18 20:49 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Favoriten
2008-06-18 20:04 . 2008-06-18 20:49 <DIR> d--h----- C:\WINDOWS\system32\config\systemprofile\Druckumgebung
2008-06-18 20:04 . 2008-06-18 20:49 <DIR> dr-h----- C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten
2008-06-18 20:03 . 2001-08-23 14:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-06-18 20:02 . 2001-08-23 14:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-06-18 20:01 . 2008-06-18 20:01 <DIR> d-------- C:\WINDOWS\system32\xircom
2008-06-18 20:01 . 2008-06-18 20:01 <DIR> d-------- C:\Programme\microsoft frontpage
2008-06-18 20:00 . 2008-06-18 20:01 <DIR> d--hs---- C:\Dokumente und Einstellungen\All Users\DRM

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-18 17:59 --------- d-----w C:\Programme\Online-Dienste
2008-06-18 17:58 --------- d-----w C:\Programme\Gemeinsame Dateien\Dienste
.

------- Sigcheck -------

2001-08-23 14:00 12800 adbb33d5893bcf08e75ea54bb5669205 C:\WINDOWS\system32\svchost.exe
2001-08-23 14:00 19968 2d6c9f71b01960cba8848056af4cddd5 C:\WINDOWS\system32\dllcache\svchost.exe

2001-08-23 14:00 562688 6873d38e021eac4e0b508d1822157c1d C:\WINDOWS\system32\user32.dll
2001-08-23 14:00 562688 6873d38e021eac4e0b508d1822157c1d C:\WINDOWS\system32\dllcache\user32.dll

2001-08-23 14:00 75264 ae894c124feb008ad1876ef655967685 C:\WINDOWS\system32\ws2_32.dll
2001-08-23 14:00 75264 ae894c124feb008ad1876ef655967685 C:\WINDOWS\system32\dllcache\ws2_32.dll

2001-08-23 14:00 599552 b3b023b390f7ab35900d87ae4474a045 C:\WINDOWS\system32\wininet.dll
2001-08-23 14:00 599552 b3b023b390f7ab35900d87ae4474a045 C:\WINDOWS\system32\dllcache\wininet.dll

2001-08-23 14:00 327168 e7774698bb0d14b0710a9a31e209f9b6 C:\WINDOWS\system32\dllcache\tcpip.sys
2001-08-23 14:00 327168 e7774698bb0d14b0710a9a31e209f9b6 C:\WINDOWS\system32\drivers\tcpip.sys

2001-08-23 14:00 435200 5dac883c68d261d406489f3f990d8ddf C:\WINDOWS\system32\winlogon.exe
2001-08-23 14:00 444928 8df72fc966e5765e1cc303fe8b71a568 C:\WINDOWS\system32\dllcache\winlogon.exe

2001-08-23 14:00 161536 3efd4f59ba0a340de0a3ab984001dbf7 C:\WINDOWS\system32\dllcache\ndis.sys
2001-08-23 14:00 161536 3efd4f59ba0a340de0a3ab984001dbf7 C:\WINDOWS\system32\drivers\ndis.sys

2001-08-23 14:00 1899008 09bfaa5d4d15b4d307d91cfd198fabc1 C:\WINDOWS\system32\ntkrnlpa.exe

2001-08-23 14:00 1984512 3ba950b403060180606235bbb955a315 C:\WINDOWS\system32\ntoskrnl.exe

2001-08-23 14:00 1011200 99be27ee5db6b1354f380304bd3c0ce6 C:\WINDOWS\explorer.exe
2001-08-23 14:00 1011200 8fa92106d882ab4259f26174870e8b36 C:\WINDOWS\system32\dllcache\explorer.exe

2001-08-23 14:00 101888 a87c3a6b407fb3b22c566315607ce229 C:\WINDOWS\system32\services.exe
2001-08-23 14:00 110592 86e01ea9853761e66e6bdd7871be875d C:\WINDOWS\system32\dllcache\services.exe

2001-08-23 14:00 11776 06df1b4d51bea83cf16fd45ab8c8cce8 C:\WINDOWS\system32\lsass.exe
2001-08-23 14:00 18944 ae20b76109f3117055f05899af1ae253 C:\WINDOWS\system32\dllcache\lsass.exe

2001-08-23 14:00 20480 d06c7f08615a25555fdc83e6772f3ffd C:\WINDOWS\system32\ctfmon.exe
2001-08-23 14:00 20480 9f663b9719fd734377701662fb734f30 C:\WINDOWS\system32\dllcache\ctfmon.exe
.
((((((((((((((((((((((((((((( snapshot@2008-06-21_ 8.47.06,22 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-21 06:40:35 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-21 08:20:27 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2005-10-20 18:02:28 174,080 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-20 18:02:28 174,080 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
- 2008-06-21 06:40:37 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-06-21 08:20:28 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-06-21 06:40:37 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-21 08:20:28 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat
- 2008-06-21 06:40:37 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Verlauf\History.IE5\index.dat
+ 2008-06-21 08:20:28 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Verlauf\History.IE5\index.dat
- 2001-08-23 12:00:00 37,888 ----a-w C:\WINDOWS\system32\grpconv.exe
+ 2001-08-23 12:00:00 48,128 ----a-w C:\WINDOWS\system32\grpconv.exe
- 2001-08-23 12:00:00 12,288 ----a-w C:\WINDOWS\system32\runonce.exe
+ 2001-08-23 12:00:00 20,480 ----a-w C:\WINDOWS\system32\runonce.exe
.
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-08-23 14:00 20480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 270593]
"NvidMediaCenter"="C:\Programme\Gemeinsame Dateien\System\wmsncs.exe" [ ]
"Spool Driver Service"="C:\WINDOWS\System32\spool\drivers\wmsncs.exe" [ ]
"Wins Service"="C:\WINDOWS\System32\wins\wmsncs.exe" [ ]
"Norman ZANDA"="C:\VIRUSfighter\bin\ZLH.EXE" [2005-05-25 13:11 143360]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Wmsncs Service"="C:\WINDOWS\Fonts\wmsncs.exe" [ ]
"NvidMediaCenter"="C:\Programme\Gemeinsame Dateien\System\wmsncs.exe" [ ]
"Wins Service"="C:\WINDOWS\System32\wins\wmsncs.exe" [ ]
"Spool Driver Service"="C:\WINDOWS\System32\spool\drivers\wmsncs.exe" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"wmsncs.exe"= wmsncs.exe:SYSTEM

R0 avgntmgr;avgntmgr;C:\WINDOWS\System32\DRIVERS\avgntmgr.sys [2008-01-21 18:11]
R1 avgntdd;avgntdd;C:\WINDOWS\System32\DRIVERS\avgntdd.sys [2008-01-21 18:12]
S2 NET Runtime Optimization Service v2.1.41329_X86;NET Runtime Optimization Service v2.1.41329_X86;"C:\WINDOWS\Fonts\wmsncs.exe" []

*Newly Created Service* - ALG
*Newly Created Service* - IPNAT
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-21 10:20:42
Windows 5.1.2600 NTFS

detected NTDLL code modification:
ZwOpenFile

Scanne versteckte Prozesse...

Scanne versteckte Autostart Eintr„ge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\VIRUSfighter\Bin\Zanda.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2008-06-21 10:22:31 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-21 08:22:27
ComboFix2.txt 2008-06-21 06:54:58
ComboFix3.txt 2008-06-21 06:47:27

8 Verzeichnis(se), 77,720,059,904 Bytes frei
9 Verzeichnis(se), 77,666,598,912 Bytes frei

230

21.06.2008, 11:22

Sabina

Ehrenmitglied

Beiträge: 29434

#10 ««
http://virus-protect.org/artikel/tools/regsearch.html
und doppelklicken, um zu starten.
in: "Enter search strings" (reinschreiben oder reinkopieren)

NET Runtime Optimization Service

in edit und klicke "Ok".
Notepad wird sich öffnen -- kopiere den Text ab und poste ihn.

-------------
ist fuer mich

C:\WINDOWS\Temp\1.reg

Zitat

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvidMediaCenter"=-
"Spool Driver Service"=-
"Wins Service"=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Wmsncs Service"=-
"NvidMediaCenter"=-
"Wins Service"=-
"Spool Driver Service"=-
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"wmsncs.exe"=-

S2 NET Runtime Optimization Service v2.1.41329_X86;NET Runtime Optimization Service v2.1.41329_X86;"C:\WINDOWS\Fonts\wmsncs.exe

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NET_RUNTIME_OPTIMIZATION_SERVICE_V2.1.41329_X86\0000]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NET Runtime Optimization Service v2.1.41329_X86]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_NET_RUNTIME_OPTIMIZATION_SERVICE_V2.1.41329_X86\0000]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\NET Runtime Optimization Service v2.1.41329_X86]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NET_RUNTIME_OPTIMIZATION_SERVICE_V2.1.41329_X86\0000]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NET Runtime Optimization Service v2.1.41329_X86]

----------

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"= 0
"DisableNotifications"= 1

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
__________
MfG Sabina

rund um die PC-Sicherheit

21.06.2008, 11:31

Scarry

Member

Themenstarter

Beiträge: 11

#11 So hier der log:

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.5.0

; Results at 21.06.2008 11:29:10 for strings:
; 'net runtime optimization service'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NET_RUNTIME_OPTIMIZATION_SERVICE_V2.1.41329_X86\0000]
"Service"="NET Runtime Optimization Service v2.1.41329_X86"
"DeviceDesc"="NET Runtime Optimization Service v2.1.41329_X86"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NET_RUNTIME_OPTIMIZATION_SERVICE_V2.1.41329_X86\0000\Control]
"ActiveService"="NET Runtime Optimization Service v2.1.41329_X86"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NET Runtime Optimization Service v2.1.41329_X86]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NET Runtime Optimization Service v2.1.41329_X86]
"DisplayName"="NET Runtime Optimization Service v2.1.41329_X86"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NET Runtime Optimization Service v2.1.41329_X86\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NET Runtime Optimization Service v2.1.41329_X86\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_NET_RUNTIME_OPTIMIZATION_SERVICE_V2.1.41329_X86\0000]
"Service"="NET Runtime Optimization Service v2.1.41329_X86"
"DeviceDesc"="NET Runtime Optimization Service v2.1.41329_X86"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\NET Runtime Optimization Service v2.1.41329_X86]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\NET Runtime Optimization Service v2.1.41329_X86]
"DisplayName"="NET Runtime Optimization Service v2.1.41329_X86"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\NET Runtime Optimization Service v2.1.41329_X86\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NET_RUNTIME_OPTIMIZATION_SERVICE_V2.1.41329_X86\0000]
"Service"="NET Runtime Optimization Service v2.1.41329_X86"
"DeviceDesc"="NET Runtime Optimization Service v2.1.41329_X86"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NET_RUNTIME_OPTIMIZATION_SERVICE_V2.1.41329_X86\0000\Control]
"ActiveService"="NET Runtime Optimization Service v2.1.41329_X86"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NET Runtime Optimization Service v2.1.41329_X86]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NET Runtime Optimization Service v2.1.41329_X86]
"DisplayName"="NET Runtime Optimization Service v2.1.41329_X86"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NET Runtime Optimization Service v2.1.41329_X86\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NET Runtime Optimization Service v2.1.41329_X86\Enum]

; End Of The Log...

Danke schonmal für so schnelle hilfe

21.06.2008, 11:53

Sabina

Ehrenmitglied

Beiträge: 29434

#12 1.
Gehe wieder in die Registry
Start - Ausführen - regedit

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
"DoNotAllowXPSP2"=dword:00000001 - in 0 ändern

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall"=dword:00000000 - in 1 ändern

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"EnableFirewall"=dword:00000000 - in 1 ändern

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"= 0 - in 1 ändern
"DisableNotifications"= 1 - in 0 ändern

alle Schlüssel in 0 ändern:

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001 - in 0 ändern
"AntiVirusOverride"=dword:00000001 - in 0 ändern
"FirewallOverride"=dword:00000001 - in 0 ändern
"UpdatesDisableNotify"=dword:00000001 - in 0 ändern

Beispiel:

rechtsklick auf den Eintrag "AntiVirusDisableNotify"

die 1 wegklicken und 0 reinschreiben, dann abspeichern

------------------------------------------------------------

2.
erstelle eine neue cfscript.txt (noch nicht anwenden !!!!) - aber auf dem Desktop abspeichern

Zitat

KILLALL::

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvidMediaCenter"=-
"Spool Driver Service"=-
"Wins Service"=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Wmsncs Service"=-
"NvidMediaCenter"=-
"Wins Service"=-
"Spool Driver Service"=-
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"wmsncs.exe"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NET_RUNTIME_OPTIMIZATION_SERVICE_V2.1.41329_X86\0000]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NET_RUNTIME_OPTIMIZATION_SERVICE_V2.1.41329_X86]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NET Runtime Optimization Service v2.1.41329_X86]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_NET_RUNTIME_OPTIMIZATION_SERVICE_V2.1.41329_X86\0000]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_NET_RUNTIME_OPTIMIZATION_SERVICE_V2.1.41329_X86]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\NET Runtime Optimization Service v2.1.41329_X86]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NET_RUNTIME_OPTIMIZATION_SERVICE_V2.1.41329_X86\0000]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NET_RUNTIME_OPTIMIZATION_SERVICE_V2.1.41329_X86]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NET Runtime Optimization Service v2.1.41329_X86]

File::
C:\WINDOWS\Temp\1.reg

3.
Boote in den abgesicherten Modus

ziehe die cfscript.txt, die du abgespeichert hast auf das Symbol von Combofix + Combofix erneut anwenden

4.
weiterhin im abgesicherten Modus:

sdfix
gehe in den Ordner C:\SDFix
RunThis.bat doppelt klicken

es wird ein scan erfolgen - dann starte den rechner neu + poste den report von sdfix + einen neuen Report von Combofix
__________
MfG Sabina

rund um die PC-Sicherheit

21.06.2008, 12:33

Scarry

Member

Themenstarter

Beiträge: 11

#13 SDfix log:

System Report
*************

Run on 2008-06-21 at 12:28

Microsoft Windows XP [Version 5.1.2600]

Current user is an administrator

Running Processes:

\SystemRoot\System32\smss.exe [124]
\??\C:\WINDOWS\system32\csrss.exe [176]
\??\C:\WINDOWS\system32\winlogon.exe [200]
C:\WINDOWS\system32\services.exe [244]
C:\WINDOWS\system32\lsass.exe [256]
C:\WINDOWS\system32\svchost.exe [420]
C:\WINDOWS\system32\svchost.exe [444]
C:\WINDOWS\explorer.exe [672]

Drivers - Running:

ACPI
atapi
avgntdd
avgntmgr
Beep
Cdfs
Cdrom
Disk
Fastfat
Fdc
Flpydisk
Ftdisk
hidusb
i8042prt
Imapi
isapnp
Kbdclass
kbdhid
KSecDD
Mouclass
mouhid
MountMgr
Msfs
Mup
NDIS
Npfs
Ntfs
Null
PartMgr
PCI
redbook
sr
swenum
TermDD
Update
usbccgp
usbhub
usbuhci
VgaSave
viaagp
ViaIde
VolSnap

Drivers - Stopped:

Abiosdsk
abp480n5
ACPIEC
adpu160m
AFD
Aha154x
aic78u2
aic78xx
AliIde
amsint
asc
asc3350p
asc3550
AsyncMac
Atdisk
Atmarpc
audstub
avipbb
cbidf2k
cd20xrnt
Cdaudio
Changer
CmdIde
Cpqarray
dac960nt
dmboot
dmio
dmload
dpti2o
Fips
Gpc
hpn
hpt3xx
i2omgmt
i2omp
ini910u
IntelIde
IpFilterDriver
IpInIp
IpNat
IPSec
IRENUM
lbrtfdc
mnmdd
Modem
mraid35x
MRxDAV
MRxSmb
NdisTapi
Ndisuio
NdisWan
NDProxy
NetBIOS
NetBT
nv4
NwlnkFlt
NwlnkFwd
P3
Parport
ParVdm
PCIDump
PCIIde
Pcmcia
PDCOMP
PDFRAME
PDRELI
PDRFRAME
perc2
perc2hib
PptpMiniport
PSched
Ptilink
ql1080
Ql10wnt
ql12160
ql1240
ql1280
RasAcd
Rasl2tp
RasPppoe
Raspti
Rdbss
RDPCDD
RDPWD
rtl8029
rtl8139
Secdrv
serenum
Serial
Sfloppy
Simbad
Sparrow
Srv
ssmdrv
symc810
symc8xx
sym_hi
sym_u3
Tcpip
TDPIPE
TDTCP
TosIde
Udfs
ultra
Wanarp
WDICA

Services - Running:

CryptSvc
Eventlog
helpsvc
PlugPlay
RpcSs
srservice
winmgmt

Services - Stopped:

Alerter
ALG
AntiVirScheduler
AntiVirService
AppMgmt
AudioSrv
BITS
Browser
cisvc
ClipSrv
COMSysApp
Dhcp
dmadmin
dmserver
Dnscache
ERSvc
EventSystem
FastUserSwitchingCompatibility
HidServ
ImapiService
lanmanserver
lanmanworkstation
LmHosts
Messenger
mnmsrvc
MSDTC
MSIServer
NET
NetDDE
NetDDEdsdm
Netlogon
Netman
Nla
Norman
Norman
NtLmSsp
NtmsSvc
PolicyAgent
ProtectedStorage
RasAuto
RasMan
RDSessMgr
RemoteAccess
RpcLocator
RSVP
SamSs
SCardDrv
SCardSvr
Schedule
seclogon
SENS
SharedAccess
ShellHWDetection
Spooler
SSDPSRV
stisvc
SwPrv
SysmonLog
TapiSrv
TermService
Themes
TrkWks
uploadmgr
upnphost
UPS
VSS
W32Time
WebClient
WmdmPmSp
WmiApSrv
wuauserv
WZCSVC
NET

Files Created/Modified - 60 Days:

C:\

18 Jun 2008 20:01:20 0 A.... "C:\AUTOEXEC.BAT"
18 Jun 2008 19:54:52 194 ..SH. "C:\boot.ini"
21 Jun 2008 12:24:24 20.924 A.... "C:\ComboFix.txt"
18 Jun 2008 20:01:20 0 A.... "C:\CONFIG.SYS"
18 Jun 2008 20:01:20 0 A.SHR "C:\IO.SYS"
18 Jun 2008 20:01:20 0 A.SHR "C:\MSDOS.SYS"
21 Jun 2008 12:26:44 402.653.184 A.SH. "C:\pagefile.sys"

C:\WINDOWS\

21 Jun 2008 12:23:40 0 A.... "C:\WINDOWS\0.log"
21 Jun 2008 12:26:52 2.048 A.S.. "C:\WINDOWS\bootstat.dat"
18 Jun 2008 20:04:32 15.734 A.... "C:\WINDOWS\comsetup.log"
18 Jun 2008 20:01:20 0 A.... "C:\WINDOWS\control.ini"
18 Jun 2008 19:57:34 128 A.... "C:\WINDOWS\DtcInstall.log"
18 Jun 2008 19:57:56 11.538 A.... "C:\WINDOWS\FaxSetup.log"
21 Jun 2008 11:40:56 315.392 A.... "C:\WINDOWS\HideWin.exe"
18 Jun 2008 20:04:32 698 A.... "C:\WINDOWS\iis6.log"
18 Jun 2008 20:04:32 4.382 A.... "C:\WINDOWS\imsins.log"
18 Jun 2008 19:57:56 821 A.... "C:\WINDOWS\msgsocm.log"
20 Jun 2008 18:32:52 0 A.... "C:\WINDOWS\nsreg.dat"
21 Jun 2008 12:28:12 285.400 A.... "C:\WINDOWS\ntbtlog.txt"
18 Jun 2008 20:04:32 7.754 A.... "C:\WINDOWS\ntdtcsetup.log"
18 Jun 2008 19:57:56 12.817 A.... "C:\WINDOWS\ocgen.log"
18 Jun 2008 19:57:56 1.065 A.... "C:\WINDOWS\ocmsn.log"
18 Jun 2008 20:01:06 4.161 A.... "C:\WINDOWS\ODBCINST.INI"
18 Jun 2008 20:10:46 820 A.... "C:\WINDOWS\OEWABLog.txt"
18 Jun 2008 20:05:20 8.192 A.... "C:\WINDOWS\REGLOCS.OLD"
18 Jun 2008 20:50:14 1.348 A.... "C:\WINDOWS\regopt.log"
21 Jun 2008 12:25:46 4.176 A.... "C:\WINDOWS\SchedLgU.Txt"
18 Jun 2008 19:57:30 1.060 A.... "C:\WINDOWS\sessmgr.setup.log"
20 Jun 2008 18:22:10 171.751 A.... "C:\WINDOWS\setupact.log"
21 Jun 2008 11:53:28 193.701 A.... "C:\WINDOWS\setupapi.log"
18 Jun 2008 20:49:14 0 A.... "C:\WINDOWS\setuperr.log"
18 Jun 2008 20:10:24 731.511 A.... "C:\WINDOWS\setuplog.txt"
18 Jun 2008 20:53:12 0 A.... "C:\WINDOWS\Sti_Trace.log"
21 Jun 2008 12:22:42 227 A.... "C:\WINDOWS\system.ini"
18 Jun 2008 20:04:32 8.315 A.... "C:\WINDOWS\tsoc.log"
18 Jun 2008 19:57:40 36 A.... "C:\WINDOWS\vb.ini"
18 Jun 2008 19:57:40 37 A.... "C:\WINDOWS\vbaddin.ini"
20 Jun 2008 18:26:46 1.128 A.... "C:\WINDOWS\Versatel.log"
21 Jun 2008 12:16:32 216 A.... "C:\WINDOWS\wiadebug.log"
21 Jun 2008 11:33:00 50 A.... "C:\WINDOWS\wiaservc.log"
18 Jun 2008 20:01:20 504 A.... "C:\WINDOWS\win.ini"
21 Jun 2008 10:40:10 39.502 ..SHR "C:\WINDOWS\winavscan.exe"
21 Jun 2008 11:36:08 2.102 A.... "C:\WINDOWS\Windows Update.log"
18 Jun 2008 19:59:42 749 A..HR "C:\WINDOWS\WindowsShell.Manifest"
21 Jun 2008 12:25:46 40.924 A.... "C:\WINDOWS\WindowsUpdate.log"
21 Jun 2008 10:35:56 196.608 ..SHR "C:\WINDOWS\wmssvc.exe"
18 Jun 2008 20:01:14 299.552 A.... "C:\WINDOWS\WMSysPrx.prx"
20 Jun 2008 18:26:46 31 A.... "C:\WINDOWS\wwwbatch.ini"
18 Jun 2008 19:55:32 2.575 A.... "C:\WINDOWS\Debug\NetSetup.LOG"
21 Jun 2008 12:23:34 0 A.... "C:\WINDOWS\Debug\oakley.log"
21 Jun 2008 11:05:06 0 A.... "C:\WINDOWS\Debug\oakley.log.sav"
21 Jun 2008 12:26:54 0 A.... "C:\WINDOWS\Debug\PASSWD.LOG"
18 Jun 2008 19:59:52 65 ...H. "C:\WINDOWS\Downloaded Program Files\desktop.ini"
21 Jun 2008 10:19:24 110 A.... "C:\WINDOWS\erdnt\CFrecovery.bat"
18 Jun 2008 20:00:50 67 A.SH. "C:\WINDOWS\Fonts\desktop.ini"
21 Jun 2008 10:56:50 189.990 ..SHR "C:\WINDOWS\Fonts\wmsncs.exe"
18 Jun 2008 20:49:48 16.528 A.... "C:\WINDOWS\inf\1394.PNF"
18 Jun 2008 20:49:48 5.644 A.... "C:\WINDOWS\inf\1394vdbg.PNF"
18 Jun 2008 20:51:14 28.836 A.... "C:\WINDOWS\inf\3dfxvs2k.PNF"
18 Jun 2008 20:49:48 7.264 A.... "C:\WINDOWS\inf\61883.PNF"
18 Jun 2008 20:50:24 48.304 A.... "C:\WINDOWS\inf\accessor.PNF"
18 Jun 2008 20:51:14 10.292 A.... "C:\WINDOWS\inf\acerscan.PNF"
18 Jun 2008 20:51:14 11.500 A.... "C:\WINDOWS\inf\acpi.PNF"
18 Jun 2008 20:51:14 8.296 A.... "C:\WINDOWS\inf\adm_mult.PNF"
18 Jun 2008 20:51:14 6.436 A.... "C:\WINDOWS\inf\adm_port.PNF"
18 Jun 2008 20:51:14 17.232 A.... "C:\WINDOWS\inf\agtinst.PNF"
18 Jun 2008 20:51:14 8.428 A.... "C:\WINDOWS\inf\apcompat.PNF"
18 Jun 2008 20:51:14 2.856 A.... "C:\WINDOWS\inf\appmig.PNF"
18 Jun 2008 20:51:14 109.580 A.... "C:\WINDOWS\inf\apps.PNF"
18 Jun 2008 20:51:14 13.628 A.... "C:\WINDOWS\inf\asynceqn.PNF"
18 Jun 2008 20:51:14 16.028 A.... "C:\WINDOWS\inf\atiintaa.PNF"
18 Jun 2008 20:51:14 29.316 A.... "C:\WINDOWS\inf\atim128.PNF"
18 Jun 2008 20:51:14 38.684 A.... "C:\WINDOWS\inf\atimpab.PNF"
18 Jun 2008 20:51:14 31.748 A.... "C:\WINDOWS\inf\atiradn1.PNF"
18 Jun 2008 20:51:14 9.428 A.... "C:\WINDOWS\inf\atirage3.PNF"
18 Jun 2008 20:51:14 41.732 A.... "C:\WINDOWS\inf\atividin.PNF"
18 Jun 2008 20:50:24 10.180 A.... "C:\WINDOWS\inf\au.PNF"
18 Jun 2008 20:49:48 9.548 A.... "C:\WINDOWS\inf\avc.PNF"
18 Jun 2008 20:51:14 33.312 A.... "C:\WINDOWS\inf\avmisdn.PNF"
18 Jun 2008 20:51:14 4.428 A.... "C:\WINDOWS\inf\axant5.PNF"
18 Jun 2008 20:51:14 9.908 A.... "C:\WINDOWS\inf\banshee.PNF"
18 Jun 2008 20:49:48 13.408 A.... "C:\WINDOWS\inf\battery.PNF"
18 Jun 2008 20:51:14 20.260 A.... "C:\WINDOWS\inf\bda.PNF"
18 Jun 2008 20:51:14 67.464 A.... "C:\WINDOWS\inf\biosinfo.PNF"
18 Jun 2008 20:51:14 47.648 A.... "C:\WINDOWS\inf\brmfcmdm.PNF"
18 Jun 2008 20:51:14 66.240 A.... "C:\WINDOWS\inf\brmfcmf.PNF"
18 Jun 2008 20:51:14 8.956 A.... "C:\WINDOWS\inf\brmfcsto.PNF"
18 Jun 2008 20:51:14 8.648 A.... "C:\WINDOWS\inf\brmfcumd.PNF"
18 Jun 2008 20:51:14 37.392 A.... "C:\WINDOWS\inf\brmfcwia.PNF"
18 Jun 2008 20:51:14 15.312 A.... "C:\WINDOWS\inf\brmfport.PNF"
18 Jun 2008 20:51:14 11.180 A.... "C:\WINDOWS\inf\camdsh20.PNF"
18 Jun 2008 20:51:14 17.268 A.... "C:\WINDOWS\inf\camvid20.PNF"
18 Jun 2008 20:51:12 16.020 A.... "C:\WINDOWS\inf\camvid30.PNF"
18 Jun 2008 20:51:12 9.596 A.... "C:\WINDOWS\inf\ccdecode.PNF"
18 Jun 2008 20:49:48 20.056 A.... "C:\WINDOWS\inf\cdrom.PNF"
20 Jun 2008 18:21:10 7.800 A.... "C:\WINDOWS\inf\certclas.PNF"
18 Jun 2008 20:50:24 17.644 A.... "C:\WINDOWS\inf\communic.PNF"
18 Jun 2008 20:50:24 134.892 A.... "C:\WINDOWS\inf\comnt5.PNF"
18 Jun 2008 20:51:12 31.012 A.... "C:\WINDOWS\inf\corelist.PNF"
18 Jun 2008 20:49:48 11.512 A.... "C:\WINDOWS\inf\cpu.PNF"
18 Jun 2008 20:51:12 23.112 A.... "C:\WINDOWS\inf\ctmaport.PNF"
18 Jun 2008 20:51:12 6.732 A.... "C:\WINDOWS\inf\cyclad-z.PNF"
18 Jun 2008 20:51:12 6.864 A.... "C:\WINDOWS\inf\cyclom-y.PNF"
18 Jun 2008 20:51:12 13.872 A.... "C:\WINDOWS\inf\cyyport.PNF"
18 Jun 2008 20:51:12 22.824 A.... "C:\WINDOWS\inf\cyzport.PNF"
18 Jun 2008 20:50:28 42.808 A.... "C:\WINDOWS\inf\defltwk.PNF"
18 Jun 2008 20:51:12 39.700 A.... "C:\WINDOWS\inf\devxprop.PNF"
18 Jun 2008 20:51:12 6.604 A.... "C:\WINDOWS\inf\dfrg.PNF"
18 Jun 2008 20:51:12 46.324 A.... "C:\WINDOWS\inf\dgaport.PNF"
18 Jun 2008 20:51:12 21.904 A.... "C:\WINDOWS\inf\dgasync.PNF"
18 Jun 2008 20:51:12 6.424 A.... "C:\WINDOWS\inf\digiasyn.PNF"
18 Jun 2008 20:51:12 8.408 A.... "C:\WINDOWS\inf\digiisdn.PNF"
18 Jun 2008 20:51:12 16.384 A.... "C:\WINDOWS\inf\digimps.PNF"
18 Jun 2008 20:51:12 7.972 A.... "C:\WINDOWS\inf\digirp.PNF"
18 Jun 2008 20:51:12 8.168 A.... "C:\WINDOWS\inf\digirprt.PNF"
18 Jun 2008 20:51:12 27.876 A.... "C:\WINDOWS\inf\dimaps.PNF"
18 Jun 2008 20:49:48 12.032 A.... "C:\WINDOWS\inf\disk.PNF"
18 Jun 2008 20:49:48 53.796 A.... "C:\WINDOWS\inf\display.PNF"
18 Jun 2008 20:51:12 33.644 A.... "C:\WINDOWS\inf\divac.PNF"
18 Jun 2008 20:51:12 23.804 A.... "C:\WINDOWS\inf\divasrv.PNF"
18 Jun 2008 20:49:48 68.248 A.... "C:\WINDOWS\inf\dot4.PNF"
18 Jun 2008 20:49:50 6.476 A.... "C:\WINDOWS\inf\dot4prt.PNF"
18 Jun 2008 20:10:48 216.500 A.... "C:\WINDOWS\inf\drvindex.PNF"
18 Jun 2008 20:51:12 8.736 A.... "C:\WINDOWS\inf\dshowext.PNF"
18 Jun 2008 20:50:24 10.240 A.... "C:\WINDOWS\inf\dtcnt5.PNF"
18 Jun 2008 20:51:12 26.668 A.... "C:\WINDOWS\inf\dvd.PNF"
18 Jun 2008 20:51:12 23.472 A.... "C:\WINDOWS\inf\dwup.PNF"
18 Jun 2008 20:49:48 6.092 A.... "C:\WINDOWS\inf\enum1394.PNF"
18 Jun 2008 20:51:12 5.880 A.... "C:\WINDOWS\inf\epcfw2k.PNF"
18 Jun 2008 20:51:12 11.408 A.... "C:\WINDOWS\inf\epsnmfp.PNF"
18 Jun 2008 20:51:12 45.624 A.... "C:\WINDOWS\inf\epsnscan.PNF"
18 Jun 2008 20:51:12 5.864 A.... "C:\WINDOWS\inf\epstw2k.PNF"
18 Jun 2008 20:51:12 6.584 A.... "C:\WINDOWS\inf\eqnport.PNF"
18 Jun 2008 20:49:50 7.956 A.... "C:\WINDOWS\inf\fdc.PNF"
18 Jun 2008 20:51:12 23.948 A.... "C:\WINDOWS\inf\fjtscan.PNF"
18 Jun 2008 20:49:48 11.404 A.... "C:\WINDOWS\inf\flash.PNF"
18 Jun 2008 20:49:50 8.496 A.... "C:\WINDOWS\inf\flpydisk.PNF"
18 Jun 2008 20:18:00 62.444 A.... "C:\WINDOWS\inf\font.PNF"
18 Jun 2008 20:10:48 20.232 A.... "C:\WINDOWS\inf\fp40ext.PNF"
18 Jun 2008 20:51:12 8.564 A.... "C:\WINDOWS\inf\fsvga.PNF"
18 Jun 2008 20:51:12 2.648 A.... "C:\WINDOWS\inf\fsvgaadd.PNF"
18 Jun 2008 20:51:12 2.648 A.... "C:\WINDOWS\inf\fsvgadel.PNF"
18 Jun 2008 20:50:22 55.872 A.... "C:\WINDOWS\inf\fxsocm.PNF"
18 Jun 2008 20:51:12 11.860 A.... "C:\WINDOWS\inf\g200.PNF"
18 Jun 2008 20:51:12 11.396 A.... "C:\WINDOWS\inf\g400.PNF"
18 Jun 2008 20:51:12 14.136 A.... "C:\WINDOWS\inf\gameport.PNF"
18 Jun 2008 20:50:24 15.124 A.... "C:\WINDOWS\inf\games.PNF"
18 Jun 2008 20:49:50 5.844 A.... "C:\WINDOWS\inf\genprint.PNF"
18 Jun 2008 20:49:50 11.468 A.... "C:\WINDOWS\inf\hal.PNF"
20 Jun 2008 18:22:10 12.168 A.... "C:\WINDOWS\inf\hidserv.PNF"
18 Jun 2008 20:51:10 7.016 A.... "C:\WINDOWS\inf\hpdigwia.PNF"
18 Jun 2008 20:51:10 23.076 A.... "C:\WINDOWS\inf\hpojscan.PNF"
18 Jun 2008 20:51:10 41.148 A.... "C:\WINDOWS\inf\hpscan.PNF"
18 Jun 2008 20:51:10 8.996 A.... "C:\WINDOWS\inf\i740nt5.PNF"
18 Jun 2008 20:51:10 11.204 A.... "C:\WINDOWS\inf\i81xnt5.PNF"
18 Jun 2008 20:51:10 6.124 A.... "C:\WINDOWS\inf\i81xwfp0.PNF"
18 Jun 2008 20:51:10 6.124 A.... "C:\WINDOWS\inf\i81xwfp1.PNF"
18 Jun 2008 20:51:10 6.124 A.... "C:\WINDOWS\inf\i81xwfp2.PNF"
18 Jun 2008 20:51:10 6.124 A.... "C:\WINDOWS\inf\i81xwfp3.PNF"
18 Jun 2008 20:51:10 6.124 A.... "C:\WINDOWS\inf\i81xwfp4.PNF"
18 Jun 2008 20:51:10 6.124 A.... "C:\WINDOWS\inf\i81xwtv0.PNF"
18 Jun 2008 20:51:10 6.124 A.... "C:\WINDOWS\inf\i81xwtv1.PNF"
18 Jun 2008 20:51:10 6.124 A.... "C:\WINDOWS\inf\i81xwtv2.PNF"
18 Jun 2008 20:51:10 6.124 A.... "C:\WINDOWS\inf\i81xwtv3.PNF"
18 Jun 2008 20:51:10 6.124 A.... "C:\WINDOWS\inf\i81xwtv4.PNF"
18 Jun 2008 20:51:10 8.016 A.... "C:\WINDOWS\inf\ibmvcap.PNF"
18 Jun 2008 20:51:10 13.212 A.... "C:\WINDOWS\inf\icam3.PNF"
18 Jun 2008 20:51:10 17.876 A.... "C:\WINDOWS\inf\icam4usb.PNF"
18 Jun 2008 20:51:10 13.708 A.... "C:\WINDOWS\inf\icam5usb.PNF"
18 Jun 2008 20:51:10 3.260 A.... "C:\WINDOWS\inf\icminst.PNF"
18 Jun 2008 20:51:10 15.600 A.... "C:\WINDOWS\inf\icwnt5.PNF"
18 Jun 2008 20:51:10 79.348 A.... "C:\WINDOWS\inf\ie.PNF"
18 Jun 2008 20:50:24 4.960 A.... "C:\WINDOWS\inf\ieaccess.PNF"
20 Jun 2008 18:26:54 5.462 A.... "C:\WINDOWS\inf\iereset.inf"
21 Jun 2008 11:35:44 5.832 A.... "C:\WINDOWS\inf\iereset.PNF"
18 Jun 2008 20:50:26 13.316 A.... "C:\WINDOWS\inf\igames.PNF"
18 Jun 2008 20:50:24 100.928 A.... "C:\WINDOWS\inf\iis.PNF"
18 Jun 2008 20:51:10 22.820 A.... "C:\WINDOWS\inf\image.PNF"
18 Jun 2008 20:50:24 104.384 A.... "C:\WINDOWS\inf\ims.PNF"
21 Jun 2008 11:35:44 1.203.888 A.... "C:\WINDOWS\inf\INFCACHE.1"
20 Jun 2008 18:21:10 90.148 A.... "C:\WINDOWS\inf\input.PNF"
18 Jun 2008 20:50:00 406.132 A.... "C:\WINDOWS\inf\intl.PNF"
18 Jun 2008 20:51:10 8.956 A.... "C:\WINDOWS\inf\irdaalif.PNF"
18 Jun 2008 20:51:10 15.584 A.... "C:\WINDOWS\inf\irdasmc.PNF"
18 Jun 2008 20:51:10 9.044 A.... "C:\WINDOWS\inf\irmk7w2k.PNF"
18 Jun 2008 20:51:10 26.588 A.... "C:\WINDOWS\inf\irnsc.PNF"
18 Jun 2008 20:51:10 9.284 A.... "C:\WINDOWS\inf\irstusb.PNF"
18 Jun 2008 20:51:10 11.964 A.... "C:\WINDOWS\inf\irtos4mo.PNF"
18 Jun 2008 20:51:10 22.128 A.... "C:\WINDOWS\inf\kdk2x0.PNF"
18 Jun 2008 20:51:10 10.792 A.... "C:\WINDOWS\inf\kdkscan.PNF"
18 Jun 2008 20:49:50 56.332 A.... "C:\WINDOWS\inf\keyboard.PNF"
18 Jun 2008 20:51:10 10.204 A.... "C:\WINDOWS\inf\kodak.PNF"
18 Jun 2008 20:51:10 93.460 A.... "C:\WINDOWS\inf\ks.PNF"
18 Jun 2008 20:51:10 35.348 A.... "C:\WINDOWS\inf\kscaptur.PNF"
18 Jun 2008 20:51:10 24.768 A.... "C:\WINDOWS\inf\ksfilter.PNF"
18 Jun 2008 20:10:38 974.440 A.... "C:\WINDOWS\inf\LAYOUT.PNF"
18 Jun 2008 20:49:50 3.908 A.... "C:\WINDOWS\inf\legcydrv.PNF"
18 Jun 2008 20:51:10 13.960 A.... "C:\WINDOWS\inf\lwngmadi.PNF"
18 Jun 2008 20:51:10 18.616 A.... "C:\WINDOWS\inf\lwusbhid.PNF"
18 Jun 2008 20:49:50 145.920 A.... "C:\WINDOWS\inf\machine.PNF"
18 Jun 2008 20:49:50 43.636 A.... "C:\WINDOWS\inf\mchgr.PNF"
18 Jun 2008 20:51:10 12.708 A.... "C:\WINDOWS\inf\mdac.PNF"
18 Jun 2008 20:51:08 97.624 A.... "C:\WINDOWS\inf\mdm3com.PNF"
18 Jun 2008 20:51:08 49.072 A.... "C:\WINDOWS\inf\mdm3cpcm.PNF"
18 Jun 2008 20:51:08 99.404 A.... "C:\WINDOWS\inf\mdm3mini.PNF"
18 Jun 2008 20:51:08 43.708 A.... "C:\WINDOWS\inf\mdm5674a.PNF"
18 Jun 2008 20:51:08 56.852 A.... "C:\WINDOWS\inf\mdm656n5.PNF"
18 Jun 2008 20:51:08 15.036 A.... "C:\WINDOWS\inf\mdmadc.PNF"
18 Jun 2008 20:51:08 8.824 A.... "C:\WINDOWS\inf\mdmairte.PNF"
18 Jun 2008 20:51:08 23.988 A.... "C:\WINDOWS\inf\mdmaiwa.PNF"
18 Jun 2008 20:51:08 18.488 A.... "C:\WINDOWS\inf\mdmaiwa3.PNF"
18 Jun 2008 20:51:08 105.104 A.... "C:\WINDOWS\inf\mdmaiwa4.PNF"
18 Jun 2008 20:51:08 26.676 A.... "C:\WINDOWS\inf\mdmaiwa5.PNF"
18 Jun 2008 20:51:08 10.968 A.... "C:\WINDOWS\inf\mdmaiwat.PNF"
18 Jun 2008 20:51:08 15.528 A.... "C:\WINDOWS\inf\mdmar1.PNF"
18 Jun 2008 20:51:08 43.228 A.... "C:\WINDOWS\inf\mdmarch.PNF"
18 Jun 2008 20:51:08 16.420 A.... "C:\WINDOWS\inf\mdmarn.PNF"
18 Jun 2008 20:51:08 77.752 A.... "C:\WINDOWS\inf\mdmati.PNF"
18 Jun 2008 20:51:08 19.568 A.... "C:\WINDOWS\inf\mdmatm2k.PNF"
18 Jun 2008 20:51:08 34.212 A.... "C:\WINDOWS\inf\mdmatt.PNF"
18 Jun 2008 20:51:08 21.376 A.... "C:\WINDOWS\inf\mdmaus.PNF"
18 Jun 2008 20:51:08 81.048 A.... "C:\WINDOWS\inf\mdmbcmsm.PNF"
18 Jun 2008 20:51:08 64.292 A.... "C:\WINDOWS\inf\mdmboca.PNF"
18 Jun 2008 20:51:08 23.888 A.... "C:\WINDOWS\inf\mdmbsb.PNF"
18 Jun 2008 20:51:08 10.516 A.... "C:\WINDOWS\inf\mdmbug3.PNF"
18 Jun 2008 20:51:08 26.316 A.... "C:\WINDOWS\inf\mdmbw561.PNF"
18 Jun 2008 20:51:08 22.428 A.... "C:\WINDOWS\inf\mdmc26a.PNF"
18 Jun 2008 20:51:08 12.544 A.... "C:\WINDOWS\inf\mdmcdp.PNF"
18 Jun 2008 20:51:14 2.312 A.... "C:\WINDOWS\inf\mdmchipv.PNF"
18 Jun 2008 20:51:08 91.508 A.... "C:\WINDOWS\inf\mdmcm28.PNF"
18 Jun 2008 20:51:08 24.468 A.... "C:\WINDOWS\inf\mdmcodex.PNF"
18 Jun 2008 20:51:08 43.240 A.... "C:\WINDOWS\inf\mdmcom1.PNF"
18 Jun 2008 20:51:08 10.456 A.... "C:\WINDOWS\inf\mdmcommu.PNF"
18 Jun 2008 20:51:08 12.528 A.... "C:\WINDOWS\inf\mdmcomp.PNF"
18 Jun 2008 20:51:08 136.128 A.... "C:\WINDOWS\inf\mdmcpq.PNF"
18 Jun 2008 20:51:06 47.576 A.... "C:\WINDOWS\inf\mdmcpq2.PNF"
18 Jun 2008 20:51:06 13.828 A.... "C:\WINDOWS\inf\mdmcpv.PNF"
18 Jun 2008 20:51:06 21.372 A.... "C:\WINDOWS\inf\mdmcrtix.PNF"
18 Jun 2008 20:51:06 628.064 A.... "C:\WINDOWS\inf\mdmcxsft.PNF"
18 Jun 2008 20:51:06 77.992 A.... "C:\WINDOWS\inf\mdmdcm5.PNF"
18 Jun 2008 20:51:06 34.084 A.... "C:\WINDOWS\inf\mdmdcm6.PNF"
18 Jun 2008 20:51:06 24.624 A.... "C:\WINDOWS\inf\mdmdf56F.PNF"
18 Jun 2008 20:51:06 20.368 A.... "C:\WINDOWS\inf\mdmdgden.PNF"
18 Jun 2008 20:51:06 20.052 A.... "C:\WINDOWS\inf\mdmdgitn.PNF"
18 Jun 2008 20:51:06 31.784 A.... "C:\WINDOWS\inf\mdmdigi.PNF"
18 Jun 2008 20:51:06 17.500 A.... "C:\WINDOWS\inf\mdmdp2.PNF"
18 Jun 2008 20:51:06 169.544 A.... "C:\WINDOWS\inf\mdmdsi.PNF"
18 Jun 2008 20:51:06 57.164 A.... "C:\WINDOWS\inf\mdmdyna.PNF"
18 Jun 2008 20:51:06 30.596 A.... "C:\WINDOWS\inf\mdmeiger.PNF"
18 Jun 2008 20:51:06 115.112 A.... "C:\WINDOWS\inf\mdmelsa.PNF"
18 Jun 2008 20:51:06 20.192 A.... "C:\WINDOWS\inf\mdmeric.PNF"
18 Jun 2008 20:51:06 26.872 A.... "C:\WINDOWS\inf\mdmeric2.PNF"
18 Jun 2008 20:51:06 49.228 A.... "C:\WINDOWS\inf\mdmess.PNF"
18 Jun 2008 20:51:14 62.428 A.... "C:\WINDOWS\inf\mdmetech.PNF"
18 Jun 2008 20:51:06 47.316 A.... "C:\WINDOWS\inf\mdmexp.PNF"
18 Jun 2008 20:51:06 21.124 A.... "C:\WINDOWS\inf\mdmfj2.PNF"
18 Jun 2008 20:51:06 69.540 A.... "C:\WINDOWS\inf\mdmgatew.PNF"
18 Jun 2008 20:51:06 42.676 A.... "C:\WINDOWS\inf\mdmgcs.PNF"
18 Jun 2008 20:51:06 72.048 A.... "C:\WINDOWS\inf\mdmgen.PNF"
18 Jun 2008 20:51:06 77.228 A.... "C:\WINDOWS\inf\mdmgl001.PNF"
18 Jun 2008 20:51:06 89.852 A.... "C:\WINDOWS\inf\mdmgl002.PNF"
18 Jun 2008 20:51:04 59.372 A.... "C:\WINDOWS\inf\mdmgl003.PNF"
18 Jun 2008 20:51:04 1.597.336 A.... "C:\WINDOWS\inf\mdmgl004.PNF"
18 Jun 2008 20:51:02 82.384 A.... "C:\WINDOWS\inf\mdmgl005.PNF"
18 Jun 2008 20:51:02 96.712 A.... "C:\WINDOWS\inf\mdmgl006.PNF"
18 Jun 2008 20:51:02 151.716 A.... "C:\WINDOWS\inf\mdmgl007.PNF"
18 Jun 2008 20:51:02 57.572 A.... "C:\WINDOWS\inf\mdmgl008.PNF"
18 Jun 2008 20:51:02 157.264 A.... "C:\WINDOWS\inf\mdmgl009.PNF"
18 Jun 2008 20:51:02 93.596 A.... "C:\WINDOWS\inf\mdmgl010.PNF"
18 Jun 2008 20:51:02 29.512 A.... "C:\WINDOWS\inf\mdmgsm.PNF"
18 Jun 2008 20:51:02 8.560 A.... "C:\WINDOWS\inf\mdmhaeu.PNF"
18 Jun 2008 20:51:02 59.556 A.... "C:\WINDOWS\inf\mdmhandy.PNF"
18 Jun 2008 20:51:02 69.848 A.... "C:\WINDOWS\inf\mdmhay2.PNF"
18 Jun 2008 20:51:02 102.160 A.... "C:\WINDOWS\inf\mdmhayes.PNF"
18 Jun 2008 20:51:02 28.908 A.... "C:\WINDOWS\inf\mdminfot.PNF"
18 Jun 2008 20:51:02 27.208 A.... "C:\WINDOWS\inf\mdmintel.PNF"
18 Jun 2008 20:51:02 30.748 A.... "C:\WINDOWS\inf\mdmiodat.PNF"
18 Jun 2008 20:51:02 107.616 A.... "C:\WINDOWS\inf\mdmirmdm.PNF"
18 Jun 2008 20:51:02 58.752 A.... "C:\WINDOWS\inf\mdmisdn.PNF"
18 Jun 2008 20:51:02 25.996 A.... "C:\WINDOWS\inf\MDMJF56E.PNF"
18 Jun 2008 20:51:00 11.892 A.... "C:\WINDOWS\inf\mdmke.PNF"
18 Jun 2008 20:51:00 12.644 A.... "C:\WINDOWS\inf\mdmkortx.PNF"
18 Jun 2008 20:51:00 20.868 A.... "C:\WINDOWS\inf\mdmlasat.PNF"
18 Jun 2008 20:51:00 42.660 A.... "C:\WINDOWS\inf\mdmlasno.PNF"
18 Jun 2008 20:51:00 106.084 A.... "C:\WINDOWS\inf\mdmlt3.PNF"
18 Jun 2008 20:51:00 76.292 A.... "C:\WINDOWS\inf\mdmltleo.PNF"
18 Jun 2008 20:51:00 77.168 A.... "C:\WINDOWS\inf\mdmltsft.PNF"
18 Jun 2008 20:51:00 36.404 A.... "C:\WINDOWS\inf\mdmlucnt.PNF"
18 Jun 2008 20:51:00 16.504 A.... "C:\WINDOWS\inf\mdmmc288.PNF"
18 Jun 2008 20:51:00 11.504 A.... "C:\WINDOWS\inf\mdmmcd.PNF"
18 Jun 2008 20:51:00 64.544 A.... "C:\WINDOWS\inf\mdmmcom.PNF"
18 Jun 2008 20:51:00 63.176 A.... "C:\WINDOWS\inf\mdmmct.PNF"
18 Jun 2008 20:51:00 17.416 A.... "C:\WINDOWS\inf\mdmmega.PNF"
18 Jun 2008 20:51:00 110.412 A.... "C:\WINDOWS\inf\mdmmetri.PNF"
18 Jun 2008 20:51:00 74.120 A.... "C:\WINDOWS\inf\mdmmhrtz.PNF"
18 Jun 2008 20:51:00 92.092 A.... "C:\WINDOWS\inf\mdmmhza.PNF"
18 Jun 2008 20:51:00 199.760 A.... "C:\WINDOWS\inf\mdmmhzel.PNF"
18 Jun 2008 20:51:00 89.996 A.... "C:\WINDOWS\inf\mdmmhzk1.PNF"
18 Jun 2008 20:51:00 11.696 A.... "C:\WINDOWS\inf\mdmminij.PNF"
18 Jun 2008 20:51:00 18.540 A.... "C:\WINDOWS\inf\mdmmod.PNF"
18 Jun 2008 20:51:00 72.136 A.... "C:\WINDOWS\inf\mdmmoto.PNF"
18 Jun 2008 20:51:00 20.132 A.... "C:\WINDOWS\inf\mdmmoto1.PNF"
18 Jun 2008 20:51:00 8.864 A.... "C:\WINDOWS\inf\mdmmotou.PNF"
18 Jun 2008 20:51:00 81.760 A.... "C:\WINDOWS\inf\mdmmts.PNF"
18 Jun 2008 20:51:00 20.328 A.... "C:\WINDOWS\inf\mdmneuhs.PNF"
18 Jun 2008 20:51:00 11.268 A.... "C:\WINDOWS\inf\Mdmnis1u.PNF"
18 Jun 2008 20:51:00 11.340 A.... "C:\WINDOWS\inf\Mdmnis2u.PNF"
18 Jun 2008 20:51:00 10.364 A.... "C:\WINDOWS\inf\Mdmnis3t.PNF"
18 Jun 2008 20:51:00 10.340 A.... "C:\WINDOWS\inf\Mdmnis5t.PNF"
18 Jun 2008 20:51:00 13.244 A.... "C:\WINDOWS\inf\mdmnokia.PNF"
18 Jun 2008 20:51:00 20.216 A.... "C:\WINDOWS\inf\mdmnova.PNF"
18 Jun 2008 20:51:00 13.800 A.... "C:\WINDOWS\inf\mdmntt1.PNF"
18 Jun 2008 20:50:58 21.996 A.... "C:\WINDOWS\inf\mdmnttd2.PNF"
18 Jun 2008 20:50:58 22.004 A.... "C:\WINDOWS\inf\mdmnttd6.PNF"
18 Jun 2008 20:50:58 11.516 A.... "C:\WINDOWS\inf\mdmnttme.PNF"
18 Jun 2008 20:50:58 16.196 A.... "C:\WINDOWS\inf\mdmnttp.PNF"
18 Jun 2008 20:50:58 17.460 A.... "C:\WINDOWS\inf\mdmnttp2.PNF"
18 Jun 2008 20:50:58 10.572 A.... "C:\WINDOWS\inf\mdmnttte.PNF"
18 Jun 2008 20:50:58 19.048 A.... "C:\WINDOWS\inf\mdmolic.PNF"
18 Jun 2008 20:50:58 126.152 A.... "C:\WINDOWS\inf\mdmomrn3.PNF"
18 Jun 2008 20:50:58 11.480 A.... "C:\WINDOWS\inf\mdmoptn.PNF"
18 Jun 2008 20:50:58 49.096 A.... "C:\WINDOWS\inf\mdmosi.PNF"
18 Jun 2008 20:50:58 39.416 A.... "C:\WINDOWS\inf\mdmosice.PNF"
18 Jun 2008 20:50:58 27.860 A.... "C:\WINDOWS\inf\mdmpace.PNF"
18 Jun 2008 20:50:58 8.372 A.... "C:\WINDOWS\inf\mdmpbit.PNF"
18 Jun 2008 20:50:58 68.664 A.... "C:\WINDOWS\inf\mdmpctel.PNF"
18 Jun 2008 20:50:58 79.716 A.... "C:\WINDOWS\inf\mdmpenr.PNF"
18 Jun 2008 20:50:58 19.268 A.... "C:\WINDOWS\inf\mdmpin.PNF"
18 Jun 2008 20:50:58 10.424 A.... "C:\WINDOWS\inf\mdmpn1.PNF"
18 Jun 2008 20:50:58 57.224 A.... "C:\WINDOWS\inf\mdmpp.PNF"
18 Jun 2008 20:50:58 15.840 A.... "C:\WINDOWS\inf\mdmpsion.PNF"
18 Jun 2008 20:50:58 80.624 A.... "C:\WINDOWS\inf\mdmracal.PNF"
18 Jun 2008 20:50:58 6.776 A.... "C:\WINDOWS\inf\mdmrisa.PNF"
18 Jun 2008 20:50:58 23.712 A.... "C:\WINDOWS\inf\mdmrock.PNF"
18 Jun 2008 20:50:58 50.624 A.... "C:\WINDOWS\inf\mdmrock3.PNF"
18 Jun 2008 20:50:58 71.236 A.... "C:\WINDOWS\inf\mdmrock4.PNF"
18 Jun 2008 20:50:58 125.636 A.... "C:\WINDOWS\inf\mdmrock5.PNF"
18 Jun 2008 20:50:58 305.340 A.... "C:\WINDOWS\inf\mdmrpci.PNF"
18 Jun 2008 20:50:58 1.536.452 A.... "C:\WINDOWS\inf\mdmrpciw.PNF"
18 Jun 2008 20:49:50 4.000 A.... "C:\WINDOWS\inf\mdmsetup.PNF"
18 Jun 2008 20:50:54 6.076 A.... "C:\WINDOWS\inf\mdmsgsml.PNF"
18 Jun 2008 20:50:54 23.000 A.... "C:\WINDOWS\inf\mdmsgsmu.PNF"
18 Jun 2008 20:50:54 44.876 A.... "C:\WINDOWS\inf\mdmsier.PNF"
18 Jun 2008 20:50:54 23.408 A.... "C:\WINDOWS\inf\mdmsii64.PNF"
18 Jun 2008 20:50:54 23.608 A.... "C:\WINDOWS\inf\mdmsiil6.PNF"
18 Jun 2008 20:50:54 14.536 A.... "C:\WINDOWS\inf\mdmsmart.PNF"
18 Jun 2008 20:50:54 90.232 A.... "C:\WINDOWS\inf\mdmsonyu.PNF"
18 Jun 2008 20:50:54 76.068 A.... "C:\WINDOWS\inf\mdmspq28.PNF"
18 Jun 2008 20:50:54 11.292 A.... "C:\WINDOWS\inf\mdmsun1.PNF"
18 Jun 2008 20:50:54 34.272 A.... "C:\WINDOWS\inf\mdmsun2.PNF"
18 Jun 2008 20:50:54 45.896 A.... "C:\WINDOWS\inf\mdmsupr3.PNF"
18 Jun 2008 20:50:54 134.308 A.... "C:\WINDOWS\inf\mdmsupra.PNF"
18 Jun 2008 20:50:54 40.512 A.... "C:\WINDOWS\inf\mdmsuprv.PNF"
18 Jun 2008 20:50:54 65.804 A.... "C:\WINDOWS\inf\mdmtdk.PNF"
18 Jun 2008 20:50:54 27.016 A.... "C:\WINDOWS\inf\mdmtdkj2.PNF"
18 Jun 2008 20:50:54 26.716 A.... "C:\WINDOWS\inf\mdmtdkj3.PNF"
18 Jun 2008 20:50:54 24.516 A.... "C:\WINDOWS\inf\mdmtdkj4.PNF"
18 Jun 2008 20:50:54 29.708 A.... "C:\WINDOWS\inf\mdmtdkj5.PNF"
18 Jun 2008 20:50:54 17.320 A.... "C:\WINDOWS\inf\mdmtdkj6.PNF"
18 Jun 2008 20:50:54 20.260 A.... "C:\WINDOWS\inf\mdmtdkj7.PNF"
18 Jun 2008 20:50:54 16.332 A.... "C:\WINDOWS\inf\mdmtexas.PNF"
18 Jun 2008 20:50:54 53.880 A.... "C:\WINDOWS\inf\mdmti.PNF"
18 Jun 2008 20:50:54 53.128 A.... "C:\WINDOWS\inf\mdmtosh.PNF"
18 Jun 2008 20:50:54 23.188 A.... "C:\WINDOWS\inf\mdmtron.PNF"
18 Jun 2008 20:50:54 9.332 A.... "C:\WINDOWS\inf\mdmusrf.PNF"
18 Jun 2008 20:50:54 23.852 A.... "C:\WINDOWS\inf\mdmusrg.PNF"
18 Jun 2008 20:50:54 75.336 A.... "C:\WINDOWS\inf\mdmusrgl.PNF"
18 Jun 2008 20:50:54 74.392 A.... "C:\WINDOWS\inf\mdmusrk1.PNF"
18 Jun 2008 20:50:54 10.424 A.... "C:\WINDOWS\inf\mdmusrsp.PNF"
18 Jun 2008 20:50:54 8.224 A.... "C:\WINDOWS\inf\mdmvdot.PNF"
18 Jun 2008 20:50:54 26.740 A.... "C:\WINDOWS\inf\mdmvv.PNF"
18 Jun 2008 20:50:54 168.904 A.... "C:\WINDOWS\inf\mdmwhql0.PNF"
18 Jun 2008 20:50:52 71.144 A.... "C:\WINDOWS\inf\mdmx5560.PNF"
18 Jun 2008 20:50:52 76.812 A.... "C:\WINDOWS\inf\mdmxircc.PNF"
18 Jun 2008 20:50:52 74.036 A.... "C:\WINDOWS\inf\mdmxirmp.PNF"
18 Jun 2008 20:50:52 129.992 A.... "C:\WINDOWS\inf\mdmzoom.PNF"
18 Jun 2008 20:50:52 80.924 A.... "C:\WINDOWS\inf\mdmzyp.PNF"
18 Jun 2008 20:50:52 122.052 A.... "C:\WINDOWS\inf\mdmzyxel.PNF"
18 Jun 2008 20:50:52 134.964 A.... "C:\WINDOWS\inf\mdmzyxlg.PNF"
18 Jun 2008 20:50:52 17.276 A.... "C:\WINDOWS\inf\memcard.PNF"
18 Jun 2008 20:49:54 8.924 A.... "C:\WINDOWS\inf\memstpci.PNF"
18 Jun 2008 20:49:50 5.600 A.... "C:\WINDOWS\inf\mf.PNF"
18 Jun 2008 20:50:52 7.692 A.... "C:\WINDOWS\inf\mfcem28.PNF"
18 Jun 2008 20:50:52 7.412 A.... "C:\WINDOWS\inf\mfcem33.PNF"
18 Jun 2008 20:50:52 19.240 A.... "C:\WINDOWS\inf\mfcem56.PNF"
18 Jun 2008 20:50:52 9.720 A.... "C:\WINDOWS\inf\mff56n5.PNF"
18 Jun 2008 20:50:52 9.288 A.... "C:\WINDOWS\inf\mflm.PNF"
18 Jun 2008 20:50:52 9.712 A.... "C:\WINDOWS\inf\mflm56.PNF"
18 Jun 2008 20:50:52 11.092 A.... "C:\WINDOWS\inf\mfmhzn5.PNF"
18 Jun 2008 20:50:52 12.340 A.... "C:\WINDOWS\inf\mfosi5.PNF"
18 Jun 2008 20:50:52 9.636 A.... "C:\WINDOWS\inf\mfsocket.PNF"
18 Jun 2008 20:50:52 6.636 A.... "C:\WINDOWS\inf\mfsupra.PNF"
18 Jun 2008 20:50:52 9.468 A.... "C:\WINDOWS\inf\mfx56nf.PNF"
18 Jun 2008 20:50:52 9.996 A.... "C:\WINDOWS\inf\mgau.PNF"
18 Jun 2008 20:50:52 3.668 A.... "C:\WINDOWS\inf\minioc.PNF"
18 Jun 2008 20:50:52 41.852 A.... "C:\WINDOWS\inf\mmopt.PNF"
18 Jun 2008 20:50:52 11.764 A.... "C:\WINDOWS\inf\modemcsa.PNF"
18 Jun 2008 20:49:50 108.212 A.... "C:\WINDOWS\inf\monitor.PNF"
18 Jun 2008 20:50:52 101.148 A.... "C:\WINDOWS\inf\monitor2.PNF"
18 Jun 2008 20:50:52 89.360 A.... "C:\WINDOWS\inf\monitor3.PNF"
18 Jun 2008 20:50:52 87.004 A.... "C:\WINDOWS\inf\monitor4.PNF"
18 Jun 2008 20:50:52 120.768 A.... "C:\WINDOWS\inf\monitor5.PNF"
18 Jun 2008 20:50:52 94.388 A.... "C:\WINDOWS\inf\monitor6.PNF"
18 Jun 2008 20:50:52 88.232 A.... "C:\WINDOWS\inf\monitor7.PNF"
18 Jun 2008 20:50:52 112.488 A.... "C:\WINDOWS\inf\monitor8.PNF"
18 Jun 2008 20:50:50 10.864 A.... "C:\WINDOWS\inf\moviemk.PNF"
18 Jun 2008 20:50:50 8.284 A.... "C:\WINDOWS\inf\mpe.PNF"
18 Jun 2008 20:10:38 31.412 A.... "C:\WINDOWS\inf\mplayer2.PNF"
18 Jun 2008 20:50:50 15.932 A.... "C:\WINDOWS\inf\mpsstln.PNF"
18 Jun 2008 20:50:50 6.696 A.... "C:\WINDOWS\inf\mscpqpa1.PNF"
18 Jun 2008 20:50:50 39.044 A.... "C:\WINDOWS\inf\msdv.PNF"
18 Jun 2008 20:49:50 43.548 A.... "C:\WINDOWS\inf\mshdc.PNF"
18 Jun 2008 20:50:50 9.960 A.... "C:\WINDOWS\inf\msinfo32.PNF"
20 Jun 2008 18:21:12 63.664 A.... "C:\WINDOWS\inf\msmouse.PNF"
18 Jun 2008 20:50:50 29.172 A.... "C:\WINDOWS\inf\msmscsi.PNF"
18 Jun 2008 20:10:42 50.704 A.... "C:\WINDOWS\inf\msmsgs.PNF"
18 Jun 2008 20:50:50 15.364 A.... "C:\WINDOWS\inf\msmusb.PNF"
18 Jun 2008 20:50:50 61.044 A.... "C:\WINDOWS\inf\msnetmtg.PNF"
18 Jun 2008 20:50:50 6.848 A.... "C:\WINDOWS\inf\msnike.PNF"
18 Jun 2008 20:50:26 17.464 A.... "C:\WINDOWS\inf\msnmsn.PNF"
18 Jun 2008 20:10:42 36.068 A.... "C:\WINDOWS\inf\msoe50.PNF"
18 Jun 2008 20:49:50 30.552 A.... "C:\WINDOWS\inf\msports.PNF"
18 Jun 2008 20:50:50 7.012 A.... "C:\WINDOWS\inf\msrio.PNF"
18 Jun 2008 20:50:50 6.928 A.... "C:\WINDOWS\inf\msrio8.PNF"
18 Jun 2008 20:50:50 22.032 A.... "C:\WINDOWS\inf\mstape.PNF"
18 Jun 2008 20:50:50 14.128 A.... "C:\WINDOWS\inf\mstask.PNF"
18 Jun 2008 20:50:50 8.760 A.... "C:\WINDOWS\inf\mtxvideo.PNF"
18 Jun 2008 20:50:26 12.232 A.... "C:\WINDOWS\inf\multimed.PNF"
18 Jun 2008 20:49:52 5.836 A.... "C:\WINDOWS\inf\multiprt.PNF"
18 Jun 2008 20:50:50 38.240 A.... "C:\WINDOWS\inf\mwavmdm1.PNF"
18 Jun 2008 20:50:50 8.492 A.... "C:\WINDOWS\inf\mwmbatam.PNF"
18 Jun 2008 20:50:50 17.052 A.... "C:\WINDOWS\inf\mwremove.PNF"
18 Jun 2008 20:49:54 55.020 A.... "C:\WINDOWS\inf\mwtpdsp.PNF"
18 Jun 2008 20:50:50 10.000 A.... "C:\WINDOWS\inf\mxboard.PNF"
18 Jun 2008 20:50:50 12.872 A.... "C:\WINDOWS\inf\mxport.PNF"
18 Jun 2008 20:50:50 3.992 A.... "C:\WINDOWS\inf\mymusic.PNF"
18 Jun 2008 20:50:50 9.628 A.... "C:\WINDOWS\inf\nabtsfec.PNF"
18 Jun 2008 20:50:50 9.112 A.... "C:\WINDOWS\inf\ndisip.PNF"
18 Jun 2008 20:50:50 5.848 A.... "C:\WINDOWS\inf\ndisuio.PNF"
18 Jun 2008 20:50:50 8.020 A.... "C:\WINDOWS\inf\neo20xx.PNF"
18 Jun 2008 20:50:50 6.236 A.... "C:\WINDOWS\inf\net10.PNF"
18 Jun 2008 20:50:50 6.388 A.... "C:\WINDOWS\inf\net1394.PNF"
18 Jun 2008 20:50:50 26.856 A.... "C:\WINDOWS\inf\net21x4.PNF"
18 Jun 2008 20:50:50 8.876 A.... "C:\WINDOWS\inf\net3c556.PNF"
18 Jun 2008 20:50:50 11.632 A.... "C:\WINDOWS\inf\net3c589.PNF"
18 Jun 2008 20:50:50 15.200 A.... "C:\WINDOWS\inf\net3c985.PNF"
18 Jun 2008 20:50:50 6.940 A.... "C:\WINDOWS\inf\net3sr.PNF"
18 Jun 2008 20:50:50 8.540 A.... "C:\WINDOWS\inf\net5515n.PNF"
18 Jun 2008 20:50:50 85.096 A.... "C:\WINDOWS\inf\net557.PNF"
18 Jun 2008 20:50:50 8.524 A.... "C:\WINDOWS\inf\net559ib.PNF"
18 Jun 2008 20:50:50 10.740 A.... "C:\WINDOWS\inf\net575nt.PNF"
18 Jun 2008 20:50:50 8.044 A.... "C:\WINDOWS\inf\net650d.PNF"
18 Jun 2008 20:50:48 9.292 A.... "C:\WINDOWS\inf\net656c5.PNF"
18 Jun 2008 20:50:48 10.980 A.... "C:\WINDOWS\inf\net656n5.PNF"
18 Jun 2008 20:50:48 8.660 A.... "C:\WINDOWS\inf\net713.PNF"
18 Jun 2008 20:50:48 16.020 A.... "C:\WINDOWS\inf\net83820.PNF"
18 Jun 2008 20:50:48 25.948 A.... "C:\WINDOWS\inf\net8511.PNF"
18 Jun 2008 20:50:48 7.800 A.... "C:\WINDOWS\inf\netac300.PNF"
18 Jun 2008 20:50:48 7.756 A.... "C:\WINDOWS\inf\netali.PNF"
18 Jun 2008 20:50:48 6.576 A.... "C:\WINDOWS\inf\netambi.PNF"
18 Jun 2008 20:50:48 9.820 A.... "C:\WINDOWS\inf\netamd.PNF"
18 Jun 2008 20:50:48 18.048 A.... "C:\WINDOWS\inf\netamd2.PNF"
18 Jun 2008 20:50:48 10.616 A.... "C:\WINDOWS\inf\netamdhl.PNF"
18 Jun 2008 20:50:48 16.560 A.... "C:\WINDOWS\inf\netan983.PNF"
18 Jun 2008 20:50:48 12.348 A.... "C:\WINDOWS\inf\netana.PNF"
18 Jun 2008 20:50:48 12.032 A.... "C:\WINDOWS\inf\netasp2k.PNF"
18 Jun 2008 20:50:48 6.656 A.... "C:\WINDOWS\inf\netauni.PNF"
18 Jun 2008 20:50:48 35.080 A.... "C:\WINDOWS\inf\netb57xp.PNF"
18 Jun 2008 20:50:48 8.844 A.... "C:\WINDOWS\inf\netbcm4e.PNF"
18 Jun 2008 20:50:48 9.416 A.... "C:\WINDOWS\inf\netbcm4p.PNF"
18 Jun 2008 20:50:48 8.808 A.... "C:\WINDOWS\inf\netbcm4u.PNF"
18 Jun 2008 20:50:48 5.896 A.... "C:\WINDOWS\inf\netbrdgm.PNF"
18 Jun 2008 20:50:48 5.492 A.... "C:\WINDOWS\inf\netbrdgs.PNF"
18 Jun 2008 20:50:48 12.644 A.... "C:\WINDOWS\inf\netbrzw.PNF"
18 Jun 2008 20:50:48 8.892 A.... "C:\WINDOWS\inf\netcb102.PNF"
18 Jun 2008 20:50:48 14.764 A.... "C:\WINDOWS\inf\netcb325.PNF"
18 Jun 2008 20:50:48 16.740 A.... "C:\WINDOWS\inf\netcbe.PNF"
18 Jun 2008 20:50:48 10.120 A.... "C:\WINDOWS\inf\netce2.PNF"
18 Jun 2008 20:50:48 14.752 A.... "C:\WINDOWS\inf\netce3.PNF"
18 Jun 2008 20:50:48 9.172 A.... "C:\WINDOWS\inf\netcem28.PNF"
18 Jun 2008 20:50:48 9.156 A.... "C:\WINDOWS\inf\netcem33.PNF"
18 Jun 2008 20:50:48 14.644 A.... "C:\WINDOWS\inf\netcem56.PNF"
18 Jun 2008 20:50:48 15.124 A.... "C:\WINDOWS\inf\netcicap.PNF"
18 Jun 2008 20:50:48 4.416 A.... "C:\WINDOWS\inf\netcis.PNF"
18 Jun 2008 20:49:52 3.688 A.... "C:\WINDOWS\inf\netclass.PNF"
18 Jun 2008 20:50:48 12.872 A.... "C:\WINDOWS\inf\netcpqc.PNF"
18 Jun 2008 20:50:48 17.520 A.... "C:\WINDOWS\inf\netcpqg.PNF"
18 Jun 2008 20:50:48 17.924 A.... "C:\WINDOWS\inf\netcpqi.PNF"
18 Jun 2008 20:50:48 10.472 A.... "C:\WINDOWS\inf\netcpqmt.PNF"
18 Jun 2008 20:50:48 10.692 A.... "C:\WINDOWS\inf\netctmrk.PNF"
18 Jun 2008 20:50:48 10.688 A.... "C:\WINDOWS\inf\netdav.PNF"
18 Jun 2008 20:50:48 9.324 A.... "C:\WINDOWS\inf\netdefxa.PNF"
18 Jun 2008 20:50:48 8.576 A.... "C:\WINDOWS\inf\netdf650.PNF"
18 Jun 2008 20:50:46 57.620 A.... "C:\WINDOWS\inf\netdgdxb.PNF"
18 Jun 2008 20:50:46 12.248 A.... "C:\WINDOWS\inf\netdlh5x.PNF"
18 Jun 2008 20:50:46 10.800 A.... "C:\WINDOWS\inf\netdm.PNF"
18 Jun 2008 20:50:46 30.388 A.... "C:\WINDOWS\inf\nete1000.PNF"
18 Jun 2008 20:50:46 11.780 A.... "C:\WINDOWS\inf\nete100i.PNF"
18 Jun 2008 20:50:46 8.404 A.... "C:\WINDOWS\inf\netejxmp.PNF"
18 Jun 2008 20:50:46 7.560 A.... "C:\WINDOWS\inf\netel515.PNF"
18 Jun 2008 20:50:46 11.148 A.... "C:\WINDOWS\inf\netel574.PNF"
18 Jun 2008 20:50:46 7.304 A.... "C:\WINDOWS\inf\netel5x9.PNF"
18 Jun 2008 20:50:46 12.120 A.... "C:\WINDOWS\inf\netel90a.PNF"
18 Jun 2008 20:50:46 19.584 A.... "C:\WINDOWS\inf\netel90b.PNF"
18 Jun 2008 20:50:46 12.788 A.... "C:\WINDOWS\inf\netel980.PNF"
18 Jun 2008 20:50:46 17.516 A.... "C:\WINDOWS\inf\netel99x.PNF"
18 Jun 2008 20:50:46 10.952 A.... "C:\WINDOWS\inf\netepicn.PNF"
18 Jun 2008 20:50:46 8.288 A.... "C:\WINDOWS\inf\netepro.PNF"
18 Jun 2008 20:50:46 7.064 A.... "C:\WINDOWS\inf\netepvcm.PNF"
18 Jun 2008 20:50:46 6.484 A.... "C:\WINDOWS\inf\netepvcp.PNF"
18 Jun 2008 20:50:46 7.132 A.... "C:\WINDOWS\inf\netex10.PNF"
18 Jun 2008 20:50:46 9.864 A.... "C:\WINDOWS\inf\netf56n5.PNF"
18 Jun 2008 20:50:46 10.004 A.... "C:\WINDOWS\inf\netfa312.PNF"
18 Jun 2008 20:50:46 8.004 A.... "C:\WINDOWS\inf\netfa410.PNF"
18 Jun 2008 20:50:46 7.272 A.... "C:\WINDOWS\inf\netfjvi.PNF"
18 Jun 2008 20:50:46 7.312 A.... "C:\WINDOWS\inf\netfjvj.PNF"
18 Jun 2008 20:50:46 7.688 A.... "C:\WINDOWS\inf\netfore.PNF"
18 Jun 2008 20:50:46 7.664 A.... "C:\WINDOWS\inf\netforeh.PNF"
18 Jun 2008 20:50:46 5.372 A.... "C:\WINDOWS\inf\netgpc.PNF"
18 Jun 2008 20:50:46 9.772 A.... "C:\WINDOWS\inf\netias.PNF"
18 Jun 2008 20:50:46 17.816 A.... "C:\WINDOWS\inf\netibm.PNF"
18 Jun 2008 20:50:46 14.908 A.... "C:\WINDOWS\inf\netibm2.PNF"
18 Jun 2008 20:50:46 9.628 A.... "C:\WINDOWS\inf\netip6.PNF"
18 Jun 2008 20:50:26 6.272 A.... "C:\WINDOWS\inf\netiprip.PNF"
18 Jun 2008 20:50:46 9.668 A.... "C:\WINDOWS\inf\netirda.PNF"
18 Jun 2008 20:49:52 24.528 A.... "C:\WINDOWS\inf\netirsir.PNF"
18 Jun 2008 20:50:46 18.828 A.... "C:\WINDOWS\inf\netklsi.PNF"
18 Jun 2008 20:50:46 8.656 A.... "C:\WINDOWS\inf\netktc.PNF"
18 Jun 2008 20:50:46 5.348 A.... "C:\WINDOWS\inf\netlanem.PNF"
18 Jun 2008 20:50:46 6.276 A.... "C:\WINDOWS\inf\netlanep.PNF"
18 Jun 2008 20:50:46 7.500 A.... "C:\WINDOWS\inf\netlm.PNF"
18 Jun 2008 20:50:46 7.392 A.... "C:\WINDOWS\inf\netlm56.PNF"
18 Jun 2008 20:50:46 8.228 A.... "C:\WINDOWS\inf\netlnev2.PNF"
18 Jun 2008 20:50:46 7.432 A.... "C:\WINDOWS\inf\netloop.PNF"
18 Jun 2008 20:50:26 10.476 A.... "C:\WINDOWS\inf\netlpd.PNF"
18 Jun 2008 20:50:46 28.180 A.... "C:\WINDOWS\inf\netmadge.PNF"
18 Jun 2008 20:50:46 11.244 A.... "C:\WINDOWS\inf\netmhzn5.PNF"
18 Jun 2008 20:50:46 21.056 A.... "C:\WINDOWS\inf\netmscli.PNF"
18 Jun 2008 20:50:44 6.072 A.... "C:\WINDOWS\inf\netnb.PNF"
18 Jun 2008 20:50:44 22.168 A.... "C:\WINDOWS\inf\netnf3.PNF"
18 Jun 2008 20:50:44 10.956 A.... "C:\WINDOWS\inf\netngr.PNF"
18 Jun 2008 20:50:44 14.736 A.... "C:\WINDOWS\inf\netnm.PNF"
18 Jun 2008 20:50:44 14.820 A.... "C:\WINDOWS\inf\netnovel.PNF"
18 Jun 2008 20:50:44 16.164 A.... "C:\WINDOWS\inf\netnwlnk.PNF"
18 Jun 2008 20:50:24 15.680 A.... "C:\WINDOWS\inf\netoc.PNF"
18 Jun 2008 20:50:44 14.960 A.... "C:\WINDOWS\inf\netosi2c.PNF"
18 Jun 2008 20:50:44 13.156 A.... "C:\WINDOWS\inf\netosi5.PNF"
18 Jun 2008 20:50:44 8.484 A.... "C:\WINDOWS\inf\netpc100.PNF"
18 Jun 2008 20:50:44 10.276 A.... "C:\WINDOWS\inf\netpnic.PNF"
18 Jun 2008 20:50:44 5.748 A.... "C:\WINDOWS\inf\netpsa.PNF"
18 Jun 2008 20:50:44 6.184 A.... "C:\WINDOWS\inf\netpschd.PNF"
18 Jun 2008 20:50:44 11.436 A.... "C:\WINDOWS\inf\netpwr2.PNF"
18 Jun 2008 20:50:44 23.608 A.... "C:\WINDOWS\inf\netrasa.PNF"
18 Jun 2008 20:50:44 42.752 A.... "C:\WINDOWS\inf\netrass.PNF"
18 Jun 2008 20:50:44 12.136 A.... "C:\WINDOWS\inf\netrast.PNF"
18 Jun 2008 20:50:44 7.576 A.... "C:\WINDOWS\inf\netrlw2k.PNF"
18 Jun 2008 20:50:44 8.456 A.... "C:\WINDOWS\inf\netrsvp.PNF"
18 Jun 2008 20:50:44 10.708 A.... "C:\WINDOWS\inf\netrtpnt.PNF"
18 Jun 2008 20:50:44 18.428 A.... "C:\WINDOWS\inf\netrtsnt.PNF"
18 Jun 2008 20:50:44 8.428 A.... "C:\WINDOWS\inf\netrwan.PNF"
18 Jun 2008 20:50:44 7.540 A.... "C:\WINDOWS\inf\netsap.PNF"
18 Jun 2008 20:50:44 8.860 A.... "C:\WINDOWS\inf\netserv.PNF"
18 Jun 2008 20:50:44 21.784 A.... "C:\WINDOWS\inf\netsis.PNF"
18 Jun 2008 20:50:44 14.976 A.... "C:\WINDOWS\inf\netsk98.PNF"
18 Jun 2008 20:50:44 23.744 A.... "C:\WINDOWS\inf\netsk_fp.PNF"
18 Jun 2008 20:50:44 7.756 A.... "C:\WINDOWS\inf\netsla30.PNF"
18 Jun 2008 20:50:44 6.412 A.... "C:\WINDOWS\inf\netsmc.PNF"
18 Jun 2008 20:50:44 10.412 A.... "C:\WINDOWS\inf\netsnip.PNF"
18 Jun 2008 20:50:26 20.012 A.... "C:\WINDOWS\inf\netsnmp.PNF"
18 Jun 2008 20:50:44 9.268 A.... "C:\WINDOWS\inf\nettb155.PNF"
18 Jun 2008 20:50:44 35.528 A.... "C:\WINDOWS\inf\nettcpip.PNF"
18 Jun 2008 20:50:44 8.196 A.... "C:\WINDOWS\inf\nettdkb.PNF"
18 Jun 2008 20:50:44 11.312 A.... "C:\WINDOWS\inf\nettiger.PNF"
18 Jun 2008 20:50:44 7.488 A.... "C:\WINDOWS\inf\nettpro.PNF"
18 Jun 2008 20:50:26 10.772 A.... "C:\WINDOWS\inf\nettpsmp.PNF"
18 Jun 2008 20:50:26 4.004 A.... "C:\WINDOWS\inf\netupnp.PNF"
18 Jun 2008 20:50:44 8.872 A.... "C:\WINDOWS\inf\netupnph.PNF"
18 Jun 2008 20:50:44 15.340 A.... "C:\WINDOWS\inf\netvt86.PNF"
18 Jun 2008 20:50:44 9.996 A.... "C:\WINDOWS\inf\netw840.PNF"
18 Jun 2008 20:50:44 7.208 A.... "C:\WINDOWS\inf\netw926.PNF"
18 Jun 2008 20:50:44 6.684 A.... "C:\WINDOWS\inf\netw940.PNF"
18 Jun 2008 20:50:44 19.576 A.... "C:\WINDOWS\inf\netwlan.PNF"
18 Jun 2008 20:50:42 15.228 A.... "C:\WINDOWS\inf\netwlan2.PNF"
18 Jun 2008 20:50:42 19.544 A.... "C:\WINDOWS\inf\netwv48.PNF"
18 Jun 2008 20:50:42 6.952 A.... "C:\WINDOWS\inf\netwzc.PNF"
18 Jun 2008 20:50:42 19.560 A.... "C:\WINDOWS\inf\netx500.PNF"
18 Jun 2008 20:50:42 11.120 A.... "C:\WINDOWS\inf\netx56n5.PNF"
18 Jun 2008 20:50:42 9.960 A.... "C:\WINDOWS\inf\netxcpq.PNF"
18 Jun 2008 20:49:52 6.764 A.... "C:\WINDOWS\inf\ntapm.PNF"
18 Jun 2008 20:50:42 7.128 A.... "C:\WINDOWS\inf\ntgrip.PNF"
18 Jun 2008 20:49:52 1.317.288 A.... "C:\WINDOWS\inf\ntprint.PNF"
18 Jun 2008 20:50:42 9.668 A.... "C:\WINDOWS\inf\nv3.PNF"
18 Jun 2008 20:50:42 66.172 A.... "C:\WINDOWS\inf\nv4.PNF"
21 Jun 2008 11:53:14 0 ...H. "C:\WINDOWS\inf\oem0.inf"
18 Jun 2008 20:50:42 16.880 A.... "C:\WINDOWS\inf\oobe.PNF"
18 Jun 2008 20:50:26 21.608 A.... "C:\WINDOWS\inf\optional.PNF"
18 Jun 2008 20:50:42 24.908 A.... "C:\WINDOWS\inf\ovcam.PNF"
18 Jun 2008 20:50:42 5.836 A.... "C:\WINDOWS\inf\ovcomp.PNF"
18 Jun 2008 20:50:42 12.388 A.... "C:\WINDOWS\inf\ovsound.PNF"
18 Jun 2008 20:50:42 12.276 A.... "C:\WINDOWS\inf\pchealth.PNF"
18 Jun 2008 20:49:52 45.748 A.... "C:\WINDOWS\inf\pcmcia.PNF"
18 Jun 2008 20:50:42 12.556 A.... "C:\WINDOWS\inf\perm2.PNF"
18 Jun 2008 20:50:42 8.948 A.... "C:\WINDOWS\inf\perm3.PNF"
18 Jun 2008 20:50:42 12.636 A.... "C:\WINDOWS\inf\phdsext.PNF"
18 Jun 2008 20:50:42 10.484 A.... "C:\WINDOWS\inf\phil1vid.PNF"
18 Jun 2008 20:50:42 13.860 A.... "C:\WINDOWS\inf\phil2vid.PNF"
18 Jun 2008 20:50:42 13.188 A.... "C:\WINDOWS\inf\phildec.PNF"
18 Jun 2008 20:50:42 13.308 A.... "C:\WINDOWS\inf\philtune.PNF"
18 Jun 2008 20:50:26 12.360 A.... "C:\WINDOWS\inf\pinball.PNF"
18 Jun 2008 20:50:42 16.968 A.... "C:\WINDOWS\inf\pmxmcro.PNF"
18 Jun 2008 20:49:52 107.224 A.... "C:\WINDOWS\inf\pnpscsi.PNF"
18 Jun 2008 20:50:42 6.932 A.... "C:\WINDOWS\inf\ppa.PNF"
18 Jun 2008 20:50:42 7.004 A.... "C:\WINDOWS\inf\ppa3.PNF"
18 Jun 2008 20:50:42 44.964 A.... "C:\WINDOWS\inf\printupg.PNF"
18 Jun 2008 20:50:42 146.476 A.... "C:\WINDOWS\inf\prtupg9x.PNF"
18 Jun 2008 20:50:42 10.668 A.... "C:\WINDOWS\inf\ptpusb.PNF"
18 Jun 2008 20:50:42 8.380 A.... "C:\WINDOWS\inf\qmgr.PNF"
18 Jun 2008 20:50:42 18.476 A.... "C:\WINDOWS\inf\ricoh.PNF"
18 Jun 2008 20:50:24 3.948 A.... "C:\WINDOWS\inf\rootau.PNF"
18 Jun 2008 20:50:42 7.924 A.... "C:\WINDOWS\inf\s3nb.PNF"
18 Jun 2008 20:50:42 8.484 A.... "C:\WINDOWS\inf\s3sav3d.PNF"
18 Jun 2008 20:50:42 8.644 A.... "C:\WINDOWS\inf\s3sav4.PNF"
18 Jun 2008 20:50:42 8.676 A.... "C:\WINDOWS\inf\s3savmx.PNF"
18 Jun 2008 20:50:42 6.740 A.... "C:\WINDOWS\inf\s3trio3d.PNF"
18 Jun 2008 20:50:16 139.136 A.... "C:\WINDOWS\inf\sapi5.PNF"
18 Jun 2008 20:49:54 6.472 A.... "C:\WINDOWS\inf\sbp2.PNF"
18 Jun 2008 20:50:42 39.196 A.... "C:\WINDOWS\inf\sceregvl.PNF"
18 Jun 2008 20:49:54 20.568 A.... "C:\WINDOWS\inf\scsi.PNF"
18 Jun 2008 20:50:42 37.008 A.... "C:\WINDOWS\inf\scsidev.PNF"
18 Jun 2008 20:50:40 37.352 A.... "C:\WINDOWS\inf\sdwndr2k.PNF"
18 Jun 2008 20:50:40 4.096 A.... "C:\WINDOWS\inf\secdrv.PNF"
18 Jun 2008 20:50:40 26.028 A.... "C:\WINDOWS\inf\secrecs.PNF"
18 Jun 2008 20:50:24 41.548 A.... "C:\WINDOWS\inf\setupqry.PNF"
18 Jun 2008 20:50:40 8.588 A.... "C:\WINDOWS\inf\sgiu.PNF"
18 Jun 2008 20:50:40 31.240 A.... "C:\WINDOWS\inf\shell.PNF"
18 Jun 2008 20:50:40 16.256 A.... "C:\WINDOWS\inf\shl_img.PNF"
18 Jun 2008 20:50:40 9.068 A.... "C:\WINDOWS\inf\sis300i.PNF"
18 Jun 2008 20:50:40 7.988 A.... "C:\WINDOWS\inf\sis6306.PNF"
18 Jun 2008 20:50:40 11.260 A.... "C:\WINDOWS\inf\sisgr.PNF"
18 Jun 2008 20:50:40 7.716 A.... "C:\WINDOWS\inf\sisv6326.PNF"
18 Jun 2008 20:50:40 9.200 A.... "C:\WINDOWS\inf\skins.PNF"
18 Jun 2008 20:50:40 9.188 A.... "C:\WINDOWS\inf\slip.PNF"
18 Jun 2008 20:49:54 36.464 A.... "C:\WINDOWS\inf\smartcrd.PNF"
18 Jun 2008 20:50:40 7.316 A.... "C:\WINDOWS\inf\smi.PNF"
18 Jun 2008 20:50:40 6.216 A.... "C:\WINDOWS\inf\sonypvu1.PNF"
18 Jun 2008 20:50:40 20.468 A.... "C:\WINDOWS\inf\spx.PNF"
18 Jun 2008 20:50:40 12.716 A.... "C:\WINDOWS\inf\spxports.PNF"
18 Jun 2008 20:50:40 12.248 A.... "C:\WINDOWS\inf\sr.PNF"
18 Jun 2008 20:50:40 5.988 A.... "C:\WINDOWS\inf\srchasst.PNF"
18 Jun 2008 20:50:40 11.676 A.... "C:\WINDOWS\inf\srusbusd.PNF"
18 Jun 2008 20:50:40 8.028 A.... "C:\WINDOWS\inf\stalport.PNF"
18 Jun 2008 20:49:54 27.808 A.... "C:\WINDOWS\inf\sti.PNF"
18 Jun 2008 20:50:40 86.912 A.... "C:\WINDOWS\inf\stillcam.PNF"
18 Jun 2008 20:50:40 11.948 A.... "C:\WINDOWS\inf\streamip.PNF"
18 Jun 2008 20:49:46 2.608 A.... "C:\WINDOWS\inf\SVCPACK.PNF"
18 Jun 2008 20:50:40 5.000 A.... "C:\WINDOWS\inf\swflash.PNF"
18 Jun 2008 20:50:40 57.580 A.... "C:\WINDOWS\inf\swnt.PNF"
18 Jun 2008 20:50:40 3.236 A.... "C:\WINDOWS\inf\syscomp.PNF"
18 Jun 2008 20:50:20 6.368 A.... "C:\WINDOWS\inf\SYSOC.PNF"
18 Jun 2008 20:10:48 63.736 A.... "C:\WINDOWS\inf\syssetup.PNF"
18 Jun 2008 20:49:54 59.268 A.... "C:\WINDOWS\inf\tape.PNF"
18 Jun 2008 20:50:40 8.828 A.... "C:\WINDOWS\inf\tgiu.PNF"
18 Jun 2008 20:50:40 9.916 A.... "C:\WINDOWS\inf\trid3d.PNF"
18 Jun 2008 20:50:40 9.716 A.... "C:\WINDOWS\inf\tridkb.PNF"
18 Jun 2008 20:50:40 8.628 A.... "C:\WINDOWS\inf\tridxp.PNF"
18 Jun 2008 20:50:40 9.908 A.... "C:\WINDOWS\inf\tsbvcap.PNF"
18 Jun 2008 20:50:40 9.776 A.... "C:\WINDOWS\inf\tshoot.PNF"
18 Jun 2008 20:50:24 123.224 A.... "C:\WINDOWS\inf\tsoc.PNF"
18 Jun 2008 20:50:40 68.372 A.... "C:\WINDOWS\inf\umax.PNF"
18 Jun 2008 20:50:40 11.008 A.... "C:\WINDOWS\inf\umaxpp.PNF"
18 Jun 2008 20:50:40 4.880 A.... "C:\WINDOWS\inf\unknown.PNF"
18 Jun 2008 20:49:54 43.968 A.... "C:\WINDOWS\inf\usb.PNF"
18 Jun 2008 20:50:40 37.592 A.... "C:\WINDOWS\inf\usbport.PNF"
18 Jun 2008 20:50:40 5.492 A.... "C:\WINDOWS\inf\usbprint.PNF"
18 Jun 2008 20:50:40 37.952 A.... "C:\WINDOWS\inf\usbstor.PNF"
18 Jun 2008 20:50:38 4.360 A.... "C:\WINDOWS\inf\vgx.PNF"
18 Jun 2008 20:50:38 9.748 A.... "C:\WINDOWS\inf\viafir2k.PNF"
18 Jun 2008 20:49:54 4.972 A.... "C:\WINDOWS\inf\volsnap.PNF"
18 Jun 2008 20:49:54 4.816 A.... "C:\WINDOWS\inf\volume.PNF"
18 Jun 2008 20:01:10 21.802 A.... "C:\WINDOWS\inf\wab50.inf"
18 Jun 2008 20:10:46 21.432 A.... "C:\WINDOWS\inf\wab50.PNF"
18 Jun 2008 20:50:38 10.596 A.... "C:\WINDOWS\inf\wave.PNF"
18 Jun 2008 20:50:22 12.416 A.... "C:\WINDOWS\inf\wbemoc.PNF"
18 Jun 2008 20:50:26 6.952 A.... "C:\WINDOWS\inf\wbemsnmp.PNF"
18 Jun 2008 20:50:38 10.764 A.... "C:\WINDOWS\inf\wbfirdma.PNF"
18 Jun 2008 20:49:54 11.952 A.... "C:\WINDOWS\inf\wceusbsh.PNF"
18 Jun 2008 20:50:38 302.280 A.... "C:\WINDOWS\inf\wdma10k1.PNF"
18 Jun 2008 20:49:54 44.800 A.... "C:\WINDOWS\inf\wdmaudio.PNF"
18 Jun 2008 20:50:38 72.928 A.... "C:\WINDOWS\inf\wdma_ali.PNF"
18 Jun 2008 20:50:38 95.456 A.... "C:\WINDOWS\inf\wdma_aur.PNF"
18 Jun 2008 20:50:38 18.280 A.... "C:\WINDOWS\inf\wdma_avc.PNF"
18 Jun 2008 20:50:38 35.532 A.... "C:\WINDOWS\inf\wdma_azt.PNF"
18 Jun 2008 20:50:38 41.724 A.... "C:\WINDOWS\inf\wdma_csc.PNF"
18 Jun 2008 20:50:38 45.584 A.... "C:\WINDOWS\inf\wdma_csf.PNF"
18 Jun 2008 20:50:38 63.240 A.... "C:\WINDOWS\inf\wdma_ctl.PNF"
18 Jun 2008 20:50:38 31.644 A.... "C:\WINDOWS\inf\wdma_cwr.PNF"
18 Jun 2008 20:50:38 36.632 A.... "C:\WINDOWS\inf\wdma_ens.PNF"
18 Jun 2008 20:50:38 101.852 A.... "C:\WINDOWS\inf\wdma_es2.PNF"
18 Jun 2008 20:50:38 123.260 A.... "C:\WINDOWS\inf\wdma_es3.PNF"
18 Jun 2008 20:50:38 42.136 A.... "C:\WINDOWS\inf\wdma_ess.PNF"
18 Jun 2008 20:50:38 44.948 A.... "C:\WINDOWS\inf\wdma_int.PNF"
18 Jun 2008 20:50:38 43.768 A.... "C:\WINDOWS\inf\wdma_m2e.PNF"
18 Jun 2008 20:50:38 18.792 A.... "C:\WINDOWS\inf\wdma_ne2.PNF"
18 Jun 2008 20:50:38 25.000 A.... "C:\WINDOWS\inf\wdma_neo.PNF"
18 Jun 2008 20:50:38 25.960 A.... "C:\WINDOWS\inf\wdma_rip.PNF"
18 Jun 2008 20:50:38 43.844 A.... "C:\WINDOWS\inf\wdma_sis.PNF"
18 Jun 2008 20:50:38 74.564 A.... "C:\WINDOWS\inf\wdma_usb.PNF"
18 Jun 2008 20:50:36 31.868 A.... "C:\WINDOWS\inf\wdma_via.PNF"
18 Jun 2008 20:50:36 30.300 A.... "C:\WINDOWS\inf\wdma_ym2.PNF"
18 Jun 2008 20:50:36 17.552 A.... "C:\WINDOWS\inf\wdma_ymh.PNF"
18 Jun 2008 20:50:36 19.048 A.... "C:\WINDOWS\inf\wdmjoy.PNF"
18 Jun 2008 20:10:44 36.860 A.... "C:\WINDOWS\inf\wmp.PNF"
18 Jun 2008 20:50:36 6.644 A.... "C:\WINDOWS\inf\wmtour.PNF"
18 Jun 2008 20:50:26 16.400 A.... "C:\WINDOWS\inf\wordpad.PNF"
18 Jun 2008 20:50:36 15.724 A.... "C:\WINDOWS\inf\wsh.PNF"
18 Jun 2008 20:50:36 9.200 A.... "C:\WINDOWS\inf\wstcodec.PNF"
18 Jun 2008 20:50:36 9.952 A.... "C:\WINDOWS\inf\xscan_xp.PNF"
18 Jun 2008 19:59:52 65 ...H. "C:\WINDOWS\Offline Web Pages\desktop.ini"
18 Jun 2008 19:57:42 52 A.... "C:\WINDOWS\Registration\R000000000001.clb"
18 Jun 2008 19:57:50 21.740 A.... "C:\WINDOWS\Registration\R000000000003.clb"
18 Jun 2008 20:01:00 22.672 A.... "C:\WINDOWS\Registration\R000000000006.clb"
18 Jun 2008 20:01:00 22.672 A.... "C:\WINDOWS\Registration\R000000000007.clb"
18 Jun 2008 20:01:26 1.048.576 A.... "C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{8B09BDD4-2FC1-4A86-B641-AE0A744DA559}.crmlog"
18 Jun 2008 20:01:20 2.951 A.... "C:\WINDOWS\repair\config.nt"
18 Jun 2008 20:04:24 233.472 A.... "C:\WINDOWS\repair\default"
18 Jun 2008 20:01:26 233.472 A..H. "C:\WINDOWS\repair\ntuser.dat"
18 Jun 2008 20:04:24 20.480 A.... "C:\WINDOWS\repair\sam"
18 Jun 2008 20:01:30 239.940 A.... "C:\WINDOWS\repair\secsetup.inf"
18 Jun 2008 20:04:24 28.672 A.... "C:\WINDOWS\repair\security"
18 Jun 2008 19:59:26 199.063 A.... "C:\WINDOWS\repair\setup.log"
18 Jun 2008 20:04:24 8.056.832 A.... "C:\WINDOWS\repair\software"
18 Jun 2008 20:04:18 1.331.200 A.... "C:\WINDOWS\repair\system"
18 Jun 2008 20:01:58 8.192 A.... "C:\WINDOWS\security\edb.chk"
18 Jun 2008 20:50:28 1.048.576 A.... "C:\WINDOWS\security\edb.log"
18 Jun 2008 20:50:28 1.048.576 A.... "C:\WINDOWS\security\edbtmp.log"
18 Jun 2008 20:50:28 1.048.576 A.... "C:\WINDOWS\security\res1.log"
18 Jun 2008 20:50:28 1.048.576 A.... "C:\WINDOWS\security\res2.log"
18 Jun 2008 20:50:28 1.056.768 A.... "C:\WINDOWS\security\tmp.edb"
18 Jun 2008 20:04:26 261 A.... "C:\WINDOWS\system32\$winnt$.inf"
18 Jun 2008 20:01:16 16.832 A.... "C:\WINDOWS\system32\amcompat.tlb"
18 Jun 2008 19:59:42 749 A..HR "C:\WINDOWS\system32\cdplayer.exe.manifest"
18 Jun 2008 20:01:20 2.951 A.... "C:\WINDOWS\system32\CONFIG.NT"
18 Jun 2008 19:57:50 21.740 A.... "C:\WINDOWS\system32\emptyregdb.dat"
18 Jun 2008 20:05:08 90.296 A.... "C:\WINDOWS\system32\FNTCACHE.DAT"
18 Jun 2008 20:54:50 0 A.... "C:\WINDOWS\system32\h323log.txt"
21 Jun 2008 11:00:06 80 A.... "C:\WINDOWS\system32\i"
21 Jun 2008 10:40:04 154.624 A..H. "C:\WINDOWS\system32\icnb.exe"
18 Jun 2008 19:59:52 488 A..HR "C:\WINDOWS\system32\logonui.exe.manifest"
18 Jun 2008 19:59:42 749 A..HR "C:\WINDOWS\system32\ncpa.cpl.manifest"
18 Jun 2008 20:01:16 23.392 A.... "C:\WINDOWS\system32\nscompat.tlb"
18 Jun 2008 19:59:42 749 A..HR "C:\WINDOWS\system32\nwc.cpl.manifest"
21 Jun 2008 10:24:12 48.354 A.... "C:\WINDOWS\system32\perfc007.dat"
21 Jun 2008 10:24:12 40.128 A.... "C:\WINDOWS\system32\perfc009.dat"
21 Jun 2008 10:24:12 316.924 A.... "C:\WINDOWS\system32\perfh007.dat"
21 Jun 2008 10:24:12 311.740 A.... "C:\WINDOWS\system32\perfh009.dat"
21 Jun 2008 10:24:12 723.744 A.... "C:\WINDOWS\system32\PerfStringBackup.INI"
21 Jun 2008 10:44:10 37.888 A.... "C:\WINDOWS\system32\pfspjbn.exe"
21 Jun 2008 11:07:10 6.331.753 A.... "C:\WINDOWS\system32\qchwcjwa.exe"
18 Jun 2008 19:59:42 749 A..HR "C:\WINDOWS\system32\sapi.cpl.manifest"
21 Jun 2008 10:40:10 39.502 A.... "C:\WINDOWS\system32\sdmdtiw.exe"
21 Jun 2008 11:07:10 29.184 A.... "C:\WINDOWS\system32\shpgfuy.exe"
21 Jun 2008 10:44:10 39.936 A.... "C:\WINDOWS\system32\vsczbtnp.exe"
18 Jun 2008 19:59:52 488 A..HR "C:\WINDOWS\system32\WindowsLogon.manifest"
18 Jun 2008 20:10:44 25.065 A.... "C:\WINDOWS\system32\wmpscheme.xml"
21 Jun 2008 10:41:24 262.144 A.... "C:\WINDOWS\system32\wmsoft74434.exe"
21 Jun 2008 10:42:36 229.376 A.... "C:\WINDOWS\system32\wmsoft31060.exe"
21 Jun 2008 11:00:22 229.376 A.... "C:\WINDOWS\system32\wmsoft65715.exe"
21 Jun 2008 12:22:30 2.256 A.... "C:\WINDOWS\system32\wpa.dbl"
18 Jun 2008 19:59:42 749 A..HR "C:\WINDOWS\system32\wuaucpl.cpl.manifest"
21 Jun 2008 11:07:10 27.136 A.... "C:\WINDOWS\system32\xjda.exe"
21 Jun 2008 10:44:10 6.331.753 A.... "C:\WINDOWS\system32\ybayaftz.exe"
21 Jun 2008 12:25:46 6 A..H. "C:\WINDOWS\Tasks\SA.DAT"
21 Jun 2008 12:28:18 66.770 A.... "C:\WINDOWS\TEMP\scs3.tmp"
20 Jun 2008 17:34:32 4.632 A.... "C:\WINDOWS\Downloaded Installations\{C662257B-73DF-4697-955C-D15A18808585}\0x0409.ini"
20 Jun 2008 17:34:36 1.385.472 A.... "C:\WINDOWS\Downloaded Installations\{C662257B-73DF-4697-955C-D15A18808585}\Trust Keyboard 15036.msi"
21 Jun 2008 12:19:38 262.144 A.... "C:\WINDOWS\erdnt\Hiv-backup\default"
21 Jun 2008 12:19:38 673 A.... "C:\WINDOWS\erdnt\Hiv-backup\ERDNT.CON"
21 Jun 2008 12:19:38 771 A.... "C:\WINDOWS\erdnt\Hiv-backup\ERDNT.INF"
21 Jun 2008 12:19:38 24.576 A.... "C:\WINDOWS\erdnt\Hiv-backup\SAM"
21 Jun 2008 12:19:34 36.864 A.... "C:\WINDOWS\erdnt\Hiv-backup\SECURITY"
21 Jun 2008 12:19:36 8.601.600 A.... "C:\WINDOWS\erdnt\Hiv-backup\software"
21 Jun 2008 12:24:14 3.145.728 A.... "C:\WINDOWS\erdnt\Hiv-backup\system"
21 Jun 2008 12:21:14 262.144 A.... "C:\WINDOWS\erdnt\subs\default"
21 Jun 2008 12:21:14 673 A.... "C:\WINDOWS\erdnt\subs\ERDNT.CON"
21 Jun 2008 12:21:14 460 A.... "C:\WINDOWS\erdnt\subs\ERDNT.INF"
21 Jun 2008 12:21:14 24.576 A.... "C:\WINDOWS\erdnt\subs\SAM"
21 Jun 2008 12:21:06 36.864 A.... "C:\WINDOWS\erdnt\subs\SECURITY"
21 Jun 2008 12:21:12 8.658.944 A.... "C:\WINDOWS\erdnt\subs\software"
21 Jun 2008 12:21:18 1.024 A..H. "C:\WINDOWS\erdnt\subs\software.LOG"
21 Jun 2008 12:21:14 2.990.080 A.... "C:\WINDOWS\erdnt\subs\system"
21 Jun 2008 12:21:18 1.024 A..H. "C:\WINDOWS\erdnt\subs\system.LOG"
18 Jun 2008 20:01:30 2.105.344 A.... "C:\WINDOWS\security\Database\secedit.sdb"
18 Jun 2008 20:01:30 3.690 A.... "C:\WINDOWS\security\logs\backup.log"
18 Jun 2008 20:50:36 642 A.... "C:\WINDOWS\security\logs\SceRoot.log"
18 Jun 2008 20:01:30 135.564 A.... "C:\WINDOWS\security\logs\scesetup.log"
18 Jun 2008 20:01:30 239.940 A.... "C:\WINDOWS\security\templates\setup security.inf"
18 Jun 2008 19:57:36 4.194.304 ..... "C:\WINDOWS\system32\MsDtc\MSDTC.LOG"
18 Jun 2008 20:01:24 259 A.... "C:\WINDOWS\system32\oobe\oobeinfo.ini"
21 Jun 2008 11:53:32 13.695 ..SHR "C:\WINDOWS\system32\Restore\filelist.xml"
18 Jun 2008 20:06:36 78 A.... "C:\WINDOWS\system32\Restore\MachineGuid.txt"
21 Jun 2008 10:56:50 189.990 ..SHR "C:\WINDOWS\system32\wins\wmsncs.exe"
18 Jun 2008 19:59:56 1.440.054 A.... "C:\WINDOWS\Web\Wallpaper\Grne Idylle.bmp"
18 Jun 2008 20:49:26 494 A.... "C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a.Manifest"
18 Jun 2008 20:49:22 391 A.... "C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13.Manifest"
18 Jun 2008 20:49:22 640 A.... "C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.SystemCompatible_6595b64144ccf1df_5.1.0.0_x-ww_fc342b0b.Manifest"
18 Jun 2008 20:49:24 1.819 A.... "C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7.Manifest"
18 Jun 2008 20:49:24 443 A.... "C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries.Resources_6595b64144ccf1df_6.0.0.0_de-DE_b5f95279.Manifest"
18 Jun 2008 20:49:26 1.784 A.... "C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a.Manifest"
21 Jun 2008 12:23:34 28.308 A.... "C:\WINDOWS\PCHEALTH\ErrorRep\UserDumps\ginstall.exe.20080621-102332-00.mdmp"
20 Jun 2008 23:02:56 28.308 A.... "C:\WINDOWS\PCHEALTH\ErrorRep\UserDumps\ginstall.exe.20080620-210254-00.mdmp"
20 Jun 2008 23:10:20 28.308 A.... "C:\WINDOWS\PCHEALTH\ErrorRep\UserDumps\ginstall.exe.20080620-211018-00.mdmp"
21 Jun 2008 8:41:44 28.308 A.... "C:\WINDOWS\PCHEALTH\ErrorRep\UserDumps\ginstall.exe.20080621-064142-00.mdmp"
21 Jun 2008 10:21:36 28.308 A.... "C:\WINDOWS\PCHEALTH\ErrorRep\UserDumps\ginstall.exe.20080621-082135-00.mdmp"
18 Jun 2008 20:00:38 9.445.376 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Database\HCdata.edb"
18 Jun 2008 20:00:26 2.449.106 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Indices\merged.hhk"
18 Jun 2008 20:00:26 14.135 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Indices\scoped_2.hhk"
18 Jun 2008 20:00:26 19.951 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Indices\scoped_3.hhk"
18 Jun 2008 20:00:26 34.310 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Indices\scoped_4.hhk"
18 Jun 2008 20:00:26 20.601 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Indices\scoped_5.hhk"
18 Jun 2008 20:00:26 16.583 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Indices\scoped_6.hhk"
18 Jun 2008 20:00:26 103.087 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Indices\scoped_7.hhk"
18 Jun 2008 20:00:26 188.134 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Indices\scoped_8.hhk"
18 Jun 2008 20:00:26 5.591 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Indices\scoped_9.hhk"
18 Jun 2008 20:00:36 30.063 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Logs\hcupdate.log"
18 Jun 2008 20:00:32 70.691 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\index.dat"
18 Jun 2008 20:00:36 4 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\CRC_Disk"
18 Jun 2008 20:00:18 243.468 ..SHR "C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_1.cab"
18 Jun 2008 20:00:18 20.293 ..SHR "C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_2.cab"
18 Jun 2008 20:00:18 765 ..SHR "C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_3.cab"
18 Jun 2008 20:00:36 2.072 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\SkuStore.bin"
18 Jun 2008 20:00:18 6.172 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\Headlines.htm"
18 Jun 2008 20:00:18 5.812 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\HelpCtr.mmf"
18 Jun 2008 20:00:18 8.087 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\HomePage__DESKTOP.htm"
18 Jun 2008 20:00:18 7.581 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\HomePage__SERVER.htm"
18 Jun 2008 20:49:36 8 A.... "C:\WINDOWS\system32\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\TimeStamp"
21 Jun 2008 11:53:28 8 A.... "C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TimeStamp"
21 Jun 2008 12:26:56 27 A.... "C:\WINDOWS\system32\drivers\etc\hosts"
18 Jun 2008 20:04:36 24.576 A.... "C:\WINDOWS\system32\MsDtc\Trace\dtctrace.log"
21 Jun 2008 10:56:50 189.990 ..SHR "C:\WINDOWS\system32\spool\drivers\wmsncs.exe"
21 Jun 2008 12:19:38 454.656 A.... "C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT"
21 Jun 2008 12:19:38 8.192 A.... "C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat"
18 Jun 2008 20:00:26 62 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000000.query"
18 Jun 2008 20:00:26 752 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000001.query"
18 Jun 2008 20:00:26 752 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000002.query"
18 Jun 2008 20:00:26 194 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000004.query"
18 Jun 2008 20:00:28 340 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000100.query"
18 Jun 2008 20:00:28 1.060 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000101.query"
18 Jun 2008 20:00:28 1.060 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000102.query"
18 Jun 2008 20:00:28 230 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000104.query"
18 Jun 2008 20:00:32 186 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000200.query"
18 Jun 2008 20:00:32 1.016 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000201.query"
18 Jun 2008 20:00:32 1.016 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000202.query"
18 Jun 2008 20:00:32 162 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000204.query"
18 Jun 2008 20:00:26 1.340 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000006.query"
18 Jun 2008 20:00:28 3.650 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000106.query"
18 Jun 2008 20:00:32 1.660 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000206.query"
18 Jun 2008 20:00:26 1.340 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000005.query"
18 Jun 2008 20:00:28 3.650 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000107.query"
18 Jun 2008 20:00:26 2.856 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000086.query"
18 Jun 2008 20:00:28 2.174 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000186.query"
18 Jun 2008 20:00:26 2.856 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000087.query"
18 Jun 2008 20:00:26 294 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000084.query"
18 Jun 2008 20:00:28 220 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000184.query"
18 Jun 2008 20:00:28 860 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000183.query"
18 Jun 2008 20:00:26 2.024 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000082.query"
18 Jun 2008 20:00:28 860 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000182.query"
18 Jun 2008 20:00:26 2.024 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000083.query"
18 Jun 2008 20:00:26 296 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000080.query"
18 Jun 2008 20:00:28 250 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000180.query"
18 Jun 2008 20:00:28 2.174 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000187.query"
18 Jun 2008 20:00:26 2.852 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000016.query"
18 Jun 2008 20:00:28 834 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000116.query"
18 Jun 2008 20:00:26 2.852 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000017.query"
18 Jun 2008 20:00:32 5.028 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000216.query"
18 Jun 2008 20:00:26 332 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000014.query"
18 Jun 2008 20:00:32 1.026 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000213.query"
18 Jun 2008 20:00:28 310 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000114.query"
18 Jun 2008 20:00:32 204 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000214.query"
18 Jun 2008 20:00:28 3.328 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000113.query"
18 Jun 2008 20:00:26 698 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000012.query"
18 Jun 2008 20:00:28 3.328 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000112.query"
18 Jun 2008 20:00:26 698 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000013.query"
18 Jun 2008 20:00:32 1.026 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000212.query"
18 Jun 2008 20:00:26 278 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000010.query"
18 Jun 2008 20:00:28 216 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000110.query"
18 Jun 2008 20:00:32 230 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000210.query"
18 Jun 2008 20:00:28 834 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000117.query"
18 Jun 2008 20:00:26 3.608 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000096.query"
18 Jun 2008 20:00:30 3.278 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000196.query"
18 Jun 2008 20:00:26 576 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000094.query"
18 Jun 2008 20:00:30 256 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000194.query"
18 Jun 2008 20:00:26 3.608 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000095.query"
18 Jun 2008 20:00:30 4.406 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000193.query"
18 Jun 2008 20:00:26 1.104 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000092.query"
18 Jun 2008 20:00:30 4.406 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000192.query"
18 Jun 2008 20:00:26 194 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000090.query"
18 Jun 2008 20:00:30 254 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000190.query"
18 Jun 2008 20:00:26 1.104 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000091.query"
18 Jun 2008 20:00:30 3.278 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000197.query"
18 Jun 2008 20:00:26 3.776 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000000a6.query"
18 Jun 2008 20:00:30 3.994 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000001a7.query"
18 Jun 2008 20:00:26 3.776 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000000a7.query"
18 Jun 2008 20:00:30 158 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000001a4.query"
18 Jun 2008 20:00:26 222 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000000a4.query"
18 Jun 2008 20:00:30 452 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000001a2.query"
18 Jun 2008 20:00:26 1.840 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000000a2.query"
18 Jun 2008 20:00:26 1.840 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000000a3.query"
18 Jun 2008 20:00:30 82 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000001a0.query"
18 Jun 2008 20:00:26 182 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000000a0.query"
18 Jun 2008 20:00:30 452 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000001a1.query"
18 Jun 2008 20:00:30 3.994 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000001a6.query"
18 Jun 2008 20:00:26 2.048 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000026.query"
18 Jun 2008 20:00:28 5.462 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000126.query"
18 Jun 2008 20:00:32 258 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000226.query"
18 Jun 2008 20:00:26 508 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000024.query"
18 Jun 2008 20:00:28 262 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000124.query"
18 Jun 2008 20:00:26 2.048 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000025.query"
18 Jun 2008 20:00:32 126 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000224.query"
18 Jun 2008 20:00:28 6.780 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000123.query"
18 Jun 2008 20:00:26 1.718 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000022.query"
18 Jun 2008 20:00:32 938 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000221.query"
18 Jun 2008 20:00:28 6.780 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000122.query"
18 Jun 2008 20:00:32 938 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000222.query"
18 Jun 2008 20:00:26 470 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000020.query"
18 Jun 2008 20:00:28 356 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000120.query"
18 Jun 2008 20:00:26 1.718 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000021.query"
18 Jun 2008 20:00:32 184 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000220.query"
18 Jun 2008 20:00:28 5.462 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000127.query"
18 Jun 2008 20:00:28 3.248 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000000b6.query"
18 Jun 2008 20:00:28 3.248 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000000b7.query"
18 Jun 2008 20:00:30 226 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000001b4.query"
18 Jun 2008 20:00:28 200 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000000b4.query"
18 Jun 2008 20:00:30 2.010 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000001b5.query"
18 Jun 2008 20:00:30 1.986 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000001b2.query"
18 Jun 2008 20:00:28 3.992 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000000b2.query"
18 Jun 2008 20:00:28 3.992 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000000b3.query"
18 Jun 2008 20:00:30 98 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000001b0.query"
18 Jun 2008 20:00:28 204 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000000b0.query"
18 Jun 2008 20:00:30 1.986 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000001b1.query"
18 Jun 2008 20:00:30 2.010 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000001b6.query"
18 Jun 2008 20:00:26 1.108 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000036.query"
18 Jun 2008 20:00:28 5.116 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000136.query"
18 Jun 2008 20:00:32 1.984 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000236.query"
18 Jun 2008 20:00:26 354 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000034.query"
18 Jun 2008 20:00:32 1.364 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000233.query"
18 Jun 2008 20:00:28 312 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000134.query"
18 Jun 2008 20:00:26 1.108 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000035.query"
18 Jun 2008 20:00:32 326 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000234.query"
18 Jun 2008 20:00:28 3.548 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000133.query"
18 Jun 2008 20:00:26 1.010 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000032.query"
18 Jun 2008 20:00:28 3.548 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000132.query"
18 Jun 2008 20:00:32 1.364 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000232.query"
18 Jun 2008 20:00:26 548 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000030.query"
18 Jun 2008 20:00:28 260 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000130.query"
18 Jun 2008 20:00:26 1.010 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000031.query"
18 Jun 2008 20:00:32 316 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000230.query"
18 Jun 2008 20:00:28 5.116 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000137.query"
18 Jun 2008 20:00:28 1.300 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000000c6.query"
18 Jun 2008 20:00:30 3.958 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000001c7.query"
18 Jun 2008 20:00:30 220 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000001c4.query"
18 Jun 2008 20:00:28 436 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000000c4.query"
18 Jun 2008 20:00:30 334 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000001c5.query"
18 Jun 2008 20:00:28 1.300 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000000c5.query"
18 Jun 2008 20:00:30 2.210 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000001c2.query"
18 Jun 2008 20:00:28 4.268 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000000c2.query"
18 Jun 2008 20:00:30 2.210 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000001c3.query"
18 Jun 2008 20:00:28 3.918 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000000c3.query"
18 Jun 2008 20:00:30 218 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000001c0.query"
18 Jun 2008 20:00:28 226 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000000c0.query"
18 Jun 2008 20:00:28 358 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000000c1.query"
18 Jun 2008 20:00:30 4.284 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000001c6.query"
18 Jun 2008 20:00:26 3.484 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000046.query"
18 Jun 2008 20:00:28 3.410 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000146.query"
18 Jun 2008 20:00:26 3.484 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000047.query"
18 Jun 2008 20:00:32 3.056 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000246.query"
18 Jun 2008 20:00:26 190 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000044.query"
18 Jun 2008 20:00:32 1.018 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000243.query"
18 Jun 2008 20:00:28 160 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000144.query"
18 Jun 2008 20:00:32 232 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000244.query"
18 Jun 2008 20:00:28 3.804 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000143.query"
18 Jun 2008 20:00:26 3.420 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000042.query"
18 Jun 2008 20:00:32 738 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000241.query"
18 Jun 2008 20:00:28 3.804 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000142.query"
18 Jun 2008 20:00:26 3.420 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000043.query"
18 Jun 2008 20:00:32 1.748 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000242.query"
18 Jun 2008 20:00:26 204 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000040.query"
18 Jun 2008 20:00:28 178 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000140.query"
18 Jun 2008 20:00:32 270 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000240.query"
18 Jun 2008 20:00:28 3.410 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000147.query"
18 Jun 2008 20:00:28 2.276 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000000d6.query"
18 Jun 2008 20:00:30 268 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000001d4.query"
18 Jun 2008 20:00:28 536 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000000d4.query"
18 Jun 2008 20:00:30 1.432 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000001d5.query"
18 Jun 2008 20:00:28 2.276 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000000d5.query"
18 Jun 2008 20:00:30 5.642 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000001d2.query"
18 Jun 2008 20:00:28 3.068 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000000d2.query"
18 Jun 2008 20:00:30 5.642 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000001d3.query"
18 Jun 2008 20:00:28 3.068 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000000d3.query"
18 Jun 2008 20:00:30 204 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000001d0.query"
18 Jun 2008 20:00:28 250 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000000d0.query"
18 Jun 2008 20:00:30 1.432 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000001d6.query"
18 Jun 2008 20:00:26 2.430 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000056.query"
18 Jun 2008 20:00:28 3.482 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000156.query"
18 Jun 2008 20:00:26 412 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000054.query"
18 Jun 2008 20:00:28 216 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000154.query"
18 Jun 2008 20:00:26 2.430 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000055.query"
18 Jun 2008 20:00:28 3.412 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000153.query"
18 Jun 2008 20:00:26 1.872 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000052.query"
18 Jun 2008 20:00:28 3.412 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000152.query"
18 Jun 2008 20:00:26 514 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000050.query"
18 Jun 2008 20:00:28 128 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000150.query"
18 Jun 2008 20:00:26 1.872 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000051.query"
18 Jun 2008 20:00:28 3.482 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000157.query"
18 Jun 2008 20:00:28 6.140 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000000e6.query"
18 Jun 2008 20:00:32 3.114 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000001e7.query"
18 Jun 2008 20:00:28 6.140 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000000e7.query"
18 Jun 2008 20:00:32 192 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000001e4.query"
18 Jun 2008 20:00:28 324 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000000e4.query"
18 Jun 2008 20:00:32 2.128 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000001e2.query"
18 Jun 2008 20:00:28 4.040 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000000e2.query"
18 Jun 2008 20:00:32 2.128 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000001e3.query"
18 Jun 2008 20:00:28 3.496 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000000e3.query"
18 Jun 2008 20:00:32 208 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000001e0.query"
18 Jun 2008 20:00:28 396 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000000e0.query"
18 Jun 2008 20:00:28 552 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000000e1.query"
18 Jun 2008 20:00:32 3.114 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000001e6.query"
18 Jun 2008 20:00:26 2.714 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000066.query"
18 Jun 2008 20:00:28 618 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000166.query"
18 Jun 2008 20:00:28 618 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000165.query"
18 Jun 2008 20:00:26 298 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000064.query"
18 Jun 2008 20:00:28 244 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000164.query"
18 Jun 2008 20:00:26 2.714 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000065.query"
18 Jun 2008 20:00:26 8.578 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000062.query"
18 Jun 2008 20:00:28 540 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000162.query"
18 Jun 2008 20:00:26 8.578 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000063.query"
18 Jun 2008 20:00:28 540 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000161.query"
18 Jun 2008 20:00:26 222 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000060.query"
18 Jun 2008 20:00:28 290 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000160.query"
18 Jun 2008 20:00:28 2.364 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000000f6.query"
18 Jun 2008 20:00:32 624 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000001f7.query"
18 Jun 2008 20:00:32 182 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000001f4.query"
18 Jun 2008 20:00:28 194 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000000f4.query"
18 Jun 2008 20:00:28 2.364 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000000f5.query"
18 Jun 2008 20:00:32 3.548 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000001f2.query"
18 Jun 2008 20:00:28 930 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000000f2.query"
18 Jun 2008 20:00:32 3.548 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000001f3.query"
18 Jun 2008 20:00:32 164 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000001f0.query"
18 Jun 2008 20:00:28 412 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000000f0.query"
18 Jun 2008 20:00:28 930 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000000f1.query"
18 Jun 2008 20:00:32 624 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000001f6.query"
18 Jun 2008 20:00:26 746 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000076.query"
18 Jun 2008 20:00:28 6.904 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000176.query"
18 Jun 2008 20:00:26 292 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000074.query"
18 Jun 2008 20:00:28 208 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000174.query"
18 Jun 2008 20:00:26 746 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000075.query"
18 Jun 2008 20:00:26 2.658 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000072.query"
18 Jun 2008 20:00:28 2.366 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000172.query"
18 Jun 2008 20:00:26 2.658 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000073.query"
18 Jun 2008 20:00:28 2.366 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000171.query"
18 Jun 2008 20:00:26 228 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000070.query"
18 Jun 2008 20:00:28 374 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000170.query"
18 Jun 2008 20:00:28 6.904 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000177.query"
18 Jun 2008 20:00:26 532 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000008.query"
18 Jun 2008 20:00:32 1.660 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000207.query"
18 Jun 2008 20:00:28 144 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000108.query"
18 Jun 2008 20:00:26 1.442 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000009.query"
18 Jun 2008 20:00:32 180 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000208.query"
18 Jun 2008 20:00:26 180 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000088.query"
18 Jun 2008 20:00:30 176 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000188.query"
18 Jun 2008 20:00:26 254 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000018.query"
18 Jun 2008 20:00:32 5.028 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000217.query"
18 Jun 2008 20:00:28 226 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000118.query"
18 Jun 2008 20:00:32 214 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000218.query"
18 Jun 2008 20:00:26 172 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000098.query"
18 Jun 2008 20:00:30 334 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000198.query"
18 Jun 2008 20:00:30 208 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000001a8.query"
18 Jun 2008 20:00:26 272 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000000a8.query"
18 Jun 2008 20:00:26 270 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000028.query"
18 Jun 2008 20:00:32 258 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000227.query"
18 Jun 2008 20:00:28 202 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000128.query"
18 Jun 2008 20:00:26 544 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000029.query"
18 Jun 2008 20:00:32 130 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000228.query"
18 Jun 2008 20:00:30 182 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000001b8.query"
18 Jun 2008 20:00:28 204 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000000b8.query"
18 Jun 2008 20:00:30 1.652 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000001b9.query"
18 Jun 2008 20:00:28 2.482 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000139.query"
18 Jun 2008 20:00:26 326 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000038.query"
18 Jun 2008 20:00:32 1.984 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000237.query"
18 Jun 2008 20:00:28 494 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000138.query"
18 Jun 2008 20:00:26 1.424 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000039.query"
18 Jun 2008 20:00:32 220 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000238.query"
18 Jun 2008 20:00:30 188 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000001c8.query"
18 Jun 2008 20:00:28 240 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000000c8.query"
18 Jun 2008 20:00:30 1.852 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000001c9.query"
18 Jun 2008 20:00:26 208 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000048.query"
18 Jun 2008 20:00:32 3.056 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000247.query"
18 Jun 2008 20:00:28 124 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000148.query"
18 Jun 2008 20:00:32 224 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000248.query"
18 Jun 2008 20:00:30 410 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000001d8.query"
18 Jun 2008 20:00:28 294 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000000d8.query"
18 Jun 2008 20:00:30 2.360 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000001d9.query"
18 Jun 2008 20:00:26 382 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000058.query"
18 Jun 2008 20:00:28 234 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000158.query"
18 Jun 2008 20:00:26 2.510 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000059.query"
18 Jun 2008 20:00:32 260 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000001e8.query"
18 Jun 2008 20:00:28 240 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000000e8.query"
18 Jun 2008 20:00:26 274 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000068.query"
18 Jun 2008 20:00:28 206 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000168.query"
18 Jun 2008 20:00:32 250 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000001f8.query"
18 Jun 2008 20:00:28 490 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000000f8.query"
18 Jun 2008 20:00:32 576 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000001f9.query"
18 Jun 2008 20:00:28 952 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000000f9.query"
18 Jun 2008 20:00:26 176 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000078.query"
18 Jun 2008 20:00:28 246 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\00000178.query"
18 Jun 2008 20:00:26 3.472 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000000f.query"
18 Jun 2008 20:00:32 918 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000020e.query"
18 Jun 2008 20:00:32 918 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000020f.query"
18 Jun 2008 20:00:28 2.522 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000010e.query"
18 Jun 2008 20:00:32 130 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000020c.query"
18 Jun 2008 20:00:28 2.522 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000010d.query"
18 Jun 2008 20:00:26 3.472 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000000e.query"
18 Jun 2008 20:00:28 484 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000010c.query"
18 Jun 2008 20:00:32 4.066 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000020a.query"
18 Jun 2008 20:00:28 276 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000010b.query"
18 Jun 2008 20:00:26 224 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000000c.query"
18 Jun 2008 20:00:32 4.066 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000020b.query"
18 Jun 2008 20:00:28 276 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000010a.query"
18 Jun 2008 20:00:26 1.442 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000000a.query"
18 Jun 2008 20:00:26 2.100 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000008f.query"
18 Jun 2008 20:00:30 4.314 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000018f.query"
18 Jun 2008 20:00:30 4.314 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000018e.query"
18 Jun 2008 20:00:26 2.100 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000008e.query"
18 Jun 2008 20:00:30 250 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000018c.query"
18 Jun 2008 20:00:26 1.286 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000008b.query"
18 Jun 2008 20:00:30 2.874 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000018b.query"
18 Jun 2008 20:00:26 192 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000008c.query"
18 Jun 2008 20:00:30 2.874 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000018a.query"
18 Jun 2008 20:00:26 1.286 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000008a.query"
18 Jun 2008 20:00:32 302 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000021e.query"
18 Jun 2008 20:00:28 4.272 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000011f.query"
18 Jun 2008 20:00:28 4.272 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000011e.query"
18 Jun 2008 20:00:26 1.316 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000001d.query"
18 Jun 2008 20:00:32 252 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000021c.query"
18 Jun 2008 20:00:26 1.316 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000001e.query"
18 Jun 2008 20:00:32 302 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000021d.query"
18 Jun 2008 20:00:28 234 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000011c.query"
18 Jun 2008 20:00:26 3.476 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000001b.query"
18 Jun 2008 20:00:32 2.746 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000021a.query"
18 Jun 2008 20:00:28 4.046 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000011b.query"
18 Jun 2008 20:00:26 386 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000001c.query"
18 Jun 2008 20:00:32 2.746 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000021b.query"
18 Jun 2008 20:00:28 4.046 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000011a.query"
18 Jun 2008 20:00:26 3.476 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000001a.query"
18 Jun 2008 20:00:26 1.860 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000009f.query"
18 Jun 2008 20:00:26 1.860 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000009e.query"
18 Jun 2008 20:00:30 554 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000019c.query"
18 Jun 2008 20:00:26 4.074 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000009b.query"
18 Jun 2008 20:00:30 6.450 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000019b.query"
18 Jun 2008 20:00:26 198 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000009c.query"
18 Jun 2008 20:00:30 6.450 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000019a.query"
18 Jun 2008 20:00:26 4.074 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000009a.query"
18 Jun 2008 20:00:28 7.972 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000000af.query"
18 Jun 2008 20:00:30 1.372 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000001ae.query"
18 Jun 2008 20:00:28 7.972 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000000ae.query"
18 Jun 2008 20:00:28 3.076 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000000ab.query"
18 Jun 2008 20:00:30 102 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000001ac.query"
18 Jun 2008 20:00:28 248 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000000ac.query"
18 Jun 2008 20:00:26 3.076 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000000aa.query"
18 Jun 2008 20:00:30 1.372 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000001af.query"
18 Jun 2008 20:00:32 2.014 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000022e.query"
18 Jun 2008 20:00:28 3.352 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000012f.query"
18 Jun 2008 20:00:28 3.352 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000012e.query"
18 Jun 2008 20:00:26 590 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000002d.query"
18 Jun 2008 20:00:32 320 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000022c.query"
18 Jun 2008 20:00:26 590 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000002e.query"
18 Jun 2008 20:00:32 2.014 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000022d.query"
18 Jun 2008 20:00:28 216 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000012c.query"
18 Jun 2008 20:00:32 5.066 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000022a.query"
18 Jun 2008 20:00:28 6.028 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000012b.query"
18 Jun 2008 20:00:26 416 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000002c.query"
18 Jun 2008 20:00:32 5.066 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000022b.query"
18 Jun 2008 20:00:28 6.028 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000012a.query"
18 Jun 2008 20:00:26 544 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000002a.query"
18 Jun 2008 20:00:30 2.108 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000001bd.query"
18 Jun 2008 20:00:28 526 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000000bd.query"
18 Jun 2008 20:00:30 2.108 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000001be.query"
18 Jun 2008 20:00:28 526 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000000be.query"
18 Jun 2008 20:00:28 1.878 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000000bb.query"
18 Jun 2008 20:00:30 182 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000001bc.query"
18 Jun 2008 20:00:28 378 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000000bc.query"
18 Jun 2008 20:00:30 1.652 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000001ba.query"
18 Jun 2008 20:00:28 1.878 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000000ba.query"
18 Jun 2008 20:00:26 3.712 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000003f.query"
18 Jun 2008 20:00:32 1.206 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000023e.query"
18 Jun 2008 20:00:28 4.938 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000013f.query"
18 Jun 2008 20:00:32 1.206 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000023f.query"
18 Jun 2008 20:00:28 4.938 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000013e.query"
18 Jun 2008 20:00:32 270 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000023c.query"
18 Jun 2008 20:00:26 3.712 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000003e.query"
18 Jun 2008 20:00:28 256 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000013c.query"
18 Jun 2008 20:00:32 1.984 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000023a.query"
18 Jun 2008 20:00:26 212 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000003c.query"
18 Jun 2008 20:00:32 1.984 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000023b.query"
18 Jun 2008 20:00:28 2.482 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000013a.query"
18 Jun 2008 20:00:26 1.424 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000003a.query"
18 Jun 2008 20:00:28 6.032 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000000cf.query"
18 Jun 2008 20:00:30 2.850 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000001cd.query"
18 Jun 2008 20:00:30 2.850 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000001ce.query"
18 Jun 2008 20:00:28 6.032 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000000ce.query"
18 Jun 2008 20:00:28 3.662 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000000cb.query"
18 Jun 2008 20:00:30 202 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000001cc.query"
18 Jun 2008 20:00:28 288 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000000cc.query"
18 Jun 2008 20:00:30 1.852 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000001ca.query"
18 Jun 2008 20:00:28 3.662 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000000ca.query"
18 Jun 2008 20:00:32 2.600 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000024e.query"
18 Jun 2008 20:00:28 1.706 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000014f.query"
18 Jun 2008 20:00:32 2.600 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000024f.query"
18 Jun 2008 20:00:28 1.882 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000014e.query"
18 Jun 2008 20:00:26 1.146 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000004d.query"
18 Jun 2008 20:00:32 212 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000024c.query"
18 Jun 2008 20:00:28 184 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000014d.query"
18 Jun 2008 20:00:26 1.146 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000004e.query"
18 Jun 2008 20:00:28 132 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000014c.query"
18 Jun 2008 20:00:26 4.772 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000004b.query"
18 Jun 2008 20:00:32 3.290 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000024a.query"
18 Jun 2008 20:00:28 1.360 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000014b.query"
18 Jun 2008 20:00:26 194 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000004c.query"
18 Jun 2008 20:00:32 3.290 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000024b.query"
18 Jun 2008 20:00:28 1.360 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000014a.query"
18 Jun 2008 20:00:26 4.772 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000004a.query"
18 Jun 2008 20:00:28 2.858 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000000df.query"
18 Jun 2008 20:00:32 1.808 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000001de.query"
18 Jun 2008 20:00:28 2.858 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000000de.query"
18 Jun 2008 20:00:28 4.396 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000000db.query"
18 Jun 2008 20:00:32 212 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000001dc.query"
18 Jun 2008 20:00:28 300 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000000dc.query"
18 Jun 2008 20:00:30 2.360 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000001da.query"
18 Jun 2008 20:00:28 4.396 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000000da.query"
18 Jun 2008 20:00:32 1.808 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000001df.query"
18 Jun 2008 20:00:26 6.488 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000005f.query"
18 Jun 2008 20:00:28 2.498 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000015f.query"
18 Jun 2008 20:00:28 2.498 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000015e.query"
18 Jun 2008 20:00:26 6.488 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000005e.query"
18 Jun 2008 20:00:28 200 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000015c.query"
18 Jun 2008 20:00:28 3.178 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000015b.query"
18 Jun 2008 20:00:26 324 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000005c.query"
18 Jun 2008 20:00:28 3.178 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000015a.query"
18 Jun 2008 20:00:26 2.510 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000005a.query"
18 Jun 2008 20:00:32 1.998 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000001ed.query"
18 Jun 2008 20:00:32 1.998 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000001ee.query"
18 Jun 2008 20:00:32 3.430 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000001eb.query"
18 Jun 2008 20:00:28 1.428 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000000eb.query"
18 Jun 2008 20:00:32 250 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000001ec.query"
18 Jun 2008 20:00:28 358 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000000ec.query"
18 Jun 2008 20:00:32 3.430 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000001ea.query"
18 Jun 2008 20:00:28 1.428 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000000ea.query"
18 Jun 2008 20:00:28 4.420 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000016f.query"
18 Jun 2008 20:00:28 4.420 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000016e.query"
18 Jun 2008 20:00:26 1.822 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000006d.query"
18 Jun 2008 20:00:26 1.822 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000006e.query"
18 Jun 2008 20:00:28 210 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000016c.query"
18 Jun 2008 20:00:26 3.670 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000006b.query"
18 Jun 2008 20:00:28 1.454 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000016b.query"
18 Jun 2008 20:00:26 640 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000006c.query"
18 Jun 2008 20:00:28 1.454 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000016a.query"
18 Jun 2008 20:00:26 3.670 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000006a.query"
18 Jun 2008 20:00:28 2.062 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000000fd.query"
18 Jun 2008 20:00:32 3.336 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000001fe.query"
18 Jun 2008 20:00:28 2.062 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000000fe.query"
18 Jun 2008 20:00:32 176 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000001fc.query"
18 Jun 2008 20:00:28 262 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000000fc.query"
18 Jun 2008 20:00:32 576 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000001fa.query"
18 Jun 2008 20:00:28 952 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000000fa.query"
18 Jun 2008 20:00:32 3.336 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\000001ff.query"
18 Jun 2008 20:00:26 2.824 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000007f.query"
18 Jun 2008 20:00:28 2.640 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000017f.query"
18 Jun 2008 20:00:28 2.640 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000017e.query"
18 Jun 2008 20:00:26 2.824 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000007e.query"
18 Jun 2008 20:00:28 244 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000017c.query"
18 Jun 2008 20:00:26 2.850 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000007b.query"
18 Jun 2008 20:00:28 2.454 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000017b.query"
18 Jun 2008 20:00:26 220 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000007c.query"
18 Jun 2008 20:00:28 2.454 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000017a.query"
18 Jun 2008 20:00:26 2.850 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\Personal_32#0407\0000007a.query"
18 Jun 2008 20:00:18 2.511 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\blurbs\about_support.htm"
18 Jun 2008 20:00:18 1.499 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\blurbs\Favorites.htm"
18 Jun 2008 20:00:18 1.771 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\blurbs\ftshelp.htm"
18 Jun 2008 20:00:18 1.394 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\blurbs\History.htm"
18 Jun 2008 20:00:18 1.489 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\blurbs\Index.htm"
18 Jun 2008 20:00:18 3.987 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\blurbs\isupport.htm"
18 Jun 2008 20:00:18 1.820 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\blurbs\keywordhelp.htm"
18 Jun 2008 20:00:18 1.785 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\blurbs\options.htm"
18 Jun 2008 20:00:18 1.826 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\blurbs\searchblurb.htm"
18 Jun 2008 20:00:18 10.752 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\blurbs\searchtips.htm"
18 Jun 2008 20:00:18 1.426 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\blurbs\tools.htm"
18 Jun 2008 20:00:18 360.054 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\blurbs\watermark_300x.bmp"
18 Jun 2008 20:00:18 2.367 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\blurbs\windows_newsgroups.htm"
18 Jun 2008 20:00:18 3.278 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\CompatCtr\AboutCompat.htm"
18 Jun 2008 20:00:18 78.175 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\CompatCtr\CompatMode.htm"
18 Jun 2008 20:00:18 1.389 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\CompatCtr\CompatOffline.htm"
18 Jun 2008 20:00:18 2.737 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\CompatCtr\LearnCompat.htm"
18 Jun 2008 20:00:18 1.175 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\css\Behaviors.css"
18 Jun 2008 20:00:18 492 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\css\Layout.css"
18 Jun 2008 20:00:18 3.170 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\DFS\privacy.htm"
18 Jun 2008 20:00:18 33.214 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\DFS\uplddrvinfo.htm"
18 Jun 2008 20:00:18 274 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\DFS\viewmode.xml"
18 Jun 2008 20:00:18 967 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\DFS\xmldialog.htm"
18 Jun 2008 20:00:18 11.750 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\DFS\xmldisplay.xsl"
18 Jun 2008 20:00:18 862 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\dialogs\DlgLib.js"
18 Jun 2008 20:00:18 7.575 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\dialogs\Print.dlg"
18 Jun 2008 20:00:18 1.778 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\DVDUpgrd\dvdupgrd.htm"
18 Jun 2008 20:00:18 677 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\DVDUpgrd\dvdupgrd.js"
18 Jun 2008 20:00:18 9.264 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\DVDUpgrd\stripe.jpg"
18 Jun 2008 20:00:18 890 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\ErrMsg\ErrorMessagesOffline.htm"
18 Jun 2008 20:00:18 1.704 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\errors\badurl.htm"
18 Jun 2008 20:00:18 18.976 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\errors\connection.htm"
18 Jun 2008 20:00:18 1.724 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\errors\indexfirstlevel.htm"
18 Jun 2008 20:00:18 2.097 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\errors\notfound.htm"
18 Jun 2008 20:00:18 775 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\errors\offline.htm"
18 Jun 2008 20:00:18 1.780 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\errors\redirect.htm"
18 Jun 2008 20:00:18 1.717 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\errors\unreachable.htm"
18 Jun 2008 20:00:18 1.557 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\images\error.gif"
18 Jun 2008 20:00:18 895 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\images\feedback.gif"
18 Jun 2008 20:00:18 70 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\images\flyout_arrow.gif"
18 Jun 2008 20:00:18 1.383 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\images\get_conn.gif"
18 Jun 2008 20:00:18 630 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\images\icon_articles_12x.bmp"
18 Jun 2008 20:00:18 630 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\images\icon_blank_12x.bmp"
18 Jun 2008 20:00:18 630 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\images\icon_newwindow_12x.bmp"
18 Jun 2008 20:00:18 630 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\images\icon_onlineinline_12x.bmp"
18 Jun 2008 20:00:18 630 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\images\icon_tours_12x.bmp"
18 Jun 2008 20:00:18 630 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\images\icon_tutorials_12x.bmp"
18 Jun 2008 20:00:18 1.521 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\images\info.gif"
18 Jun 2008 20:00:18 2.801 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\images\progbar.gif"
18 Jun 2008 20:00:18 1.466 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\images\warning.gif"
18 Jun 2008 20:00:18 76 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\images\wrapperhelp.gif"
18 Jun 2008 20:00:18 56.232 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\NetDiag\dglogs.htm"
18 Jun 2008 20:00:18 2.662 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\NetDiag\dglogshelp.htm"
18 Jun 2008 20:00:18 19.479 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\panels\AdvSearch.htm"
18 Jun 2008 20:00:18 608 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm"
18 Jun 2008 20:00:18 9.294 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\panels\Context.htm"
18 Jun 2008 20:00:18 714 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\panels\firstpage.htm"
18 Jun 2008 20:00:18 713 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\panels\HHWrapper.htm"
18 Jun 2008 20:00:18 4.813 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\panels\MiniNavBar.htm"
18 Jun 2008 20:00:18 2.011 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\panels\MiniNavBar.xml"
18 Jun 2008 20:00:18 20.908 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\panels\NavBar.htm"
18 Jun 2008 20:00:18 2.585 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\panels\NavBar.xml"
18 Jun 2008 20:00:18 4.474 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\panels\Options.htm"
18 Jun 2008 20:00:18 43.715 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\panels\RemoteHelp.htm"
18 Jun 2008 20:00:18 4.799 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\panels\ShareHelp.htm"
18 Jun 2008 20:00:18 5.621 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\panels\Topics.htm"
18 Jun 2008 20:00:18 2.445 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\rc\rcRequest.htm"
18 Jun 2008 20:00:34 80.856 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\ding.wav"
18 Jun 2008 20:00:34 3.988 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\helpeeaccept.htm"
18 Jun 2008 20:00:34 292 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\RAClientLayout.xml"
18 Jun 2008 20:00:34 292 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\RAHelpeeAcceptLayout.xml"
18 Jun 2008 20:00:34 308 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\RAIMLayout.xml"
18 Jun 2008 20:00:34 3.525 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\RAStartPage.htm"
18 Jun 2008 20:00:34 308 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\RAURA.xml"
18 Jun 2008 20:00:34 6.092 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\rcBuddy.htm"
18 Jun 2008 20:00:18 2.925 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\scripts\Common.js"
18 Jun 2008 20:00:18 4.717 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\scripts\HomePage__SHARED.js"
18 Jun 2008 20:00:18 3.445 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\scripts\HomePage__DESKTOP.js"
18 Jun 2008 20:00:18 8.844 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\scripts\HomePage__SERVER.js"
18 Jun 2008 20:00:18 2.954 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\scripts\wrapperparam.js"
18 Jun 2008 20:00:18 32.396 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\commonFunc.js"
18 Jun 2008 20:00:18 27.876 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\loc_strings.xml"
18 Jun 2008 20:00:18 2.502 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\msinfo.htm"
18 Jun 2008 20:00:18 372 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\msinfo.xml"
18 Jun 2008 20:00:18 582 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\msinfohss.css"
18 Jun 2008 20:00:18 56.621 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\RSoP.htm"
18 Jun 2008 20:00:18 57.557 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\RSoP.js"
18 Jun 2008 20:00:18 25.015 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\sysComponentInfo.htm"
18 Jun 2008 20:00:18 26.046 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\sysComponentInfo.js"
18 Jun 2008 20:00:18 1.397 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\sysConfigLaunch.htm"
18 Jun 2008 20:00:18 2.613 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\sysDiskTS.htm"
18 Jun 2008 20:00:18 10.395 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\sysEvtLogInfo.htm"
18 Jun 2008 20:00:18 13.628 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\sysHealthInfo.htm"
18 Jun 2008 20:00:18 20.083 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\sysHealthInfo.js"
18 Jun 2008 20:00:18 4.209 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\sysInfoLaunch.htm"
18 Jun 2008 20:00:18 4.222 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\sysinfomain.htm"
18 Jun 2008 20:00:18 16.064 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\sysinfosum.htm"
18 Jun 2008 20:00:18 1.943 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\sysRemoteInfo.htm"
18 Jun 2008 20:00:18 10.212 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\sysServicesInfo.htm"
18 Jun 2008 20:00:18 7.805 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\sysSoftwareInfo.htm"
18 Jun 2008 20:00:18 9.506 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\sysSoftwareInfo.js"
18 Jun 2008 20:00:18 14.125 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\wmi_data.js"
18 Jun 2008 20:00:18 4.301 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\UpdateCtr\AboutWU.htm"
18 Jun 2008 20:00:18 2.222 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\UpdateCtr\Learn.htm"
18 Jun 2008 20:00:18 2.668 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\UpdateCtr\LearnInternet.htm"
18 Jun 2008 20:00:18 2.608 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\UpdateCtr\learnWU.htm"
18 Jun 2008 20:00:18 1.154 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\UpdateCtr\updatecenter.htm"
18 Jun 2008 20:00:36 712 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Connection.htm"
18 Jun 2008 20:00:36 682 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\GArrow.gif"
18 Jun 2008 20:00:36 311 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\GRect.gif"
18 Jun 2008 20:00:36 213 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Info_Icon.gif"
18 Jun 2008 20:00:36 2.850 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\OfflineOptions.htm"
18 Jun 2008 20:00:36 13.396 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\OfflineDC.htm"
18 Jun 2008 20:00:36 781 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\PSS.css"
18 Jun 2008 20:00:36 10.912 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\pssmachinesnapshot.xml"
18 Jun 2008 20:00:36 7.098 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\pssmachinesnapshot-less.xml"
18 Jun 2008 20:00:36 10.755 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\pssmachinesnapshot-wo-com.xml"
18 Jun 2008 20:00:36 30.494 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\pss_getting_worldwide_help.htm"
18 Jun 2008 20:00:36 114 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\r1_c1.gif"
18 Jun 2008 20:00:36 107 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\r1_c2.gif"
18 Jun 2008 20:00:36 106 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\r1_c3.gif"
18 Jun 2008 20:00:36 107 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\r3_c2.gif"
18 Jun 2008 20:00:36 382 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Redirect.htm"
18 Jun 2008 20:00:36 43 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\spacer.gif"
18 Jun 2008 20:00:36 232 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\status_ok.gif"
18 Jun 2008 20:00:18 2.358 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\images\16x16\arrow_blue_normal_shadow.bmp"
18 Jun 2008 20:00:18 2.358 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\images\16x16\arrow_green_normal_shadow.bmp"
18 Jun 2008 20:00:18 1.078 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\images\16x16\compat.bmp"
18 Jun 2008 20:00:18 1.078 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\images\16x16\errmsg.bmp"
18 Jun 2008 20:00:18 1.078 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\images\16x16\support.bmp"
18 Jun 2008 20:00:18 1.078 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\images\16x16\tools.bmp"
18 Jun 2008 20:00:18 1.078 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\images\16x16\update.bmp"
18 Jun 2008 20:00:18 600 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\images\16x16\warning.gif"
18 Jun 2008 20:00:18 2.358 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\images\24x24\arrow_green_mousedown.bmp"
18 Jun 2008 20:00:18 2.358 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\images\24x24\arrow_green_mouseover.bmp"
18 Jun 2008 20:00:18 2.358 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\images\24x24\arrow_green_normal.bmp"
18 Jun 2008 20:00:18 2.358 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\images\32x32\logo.bmp"
18 Jun 2008 20:00:18 9.270 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\images\48x48\desktop_icon_generic.bmp"
18 Jun 2008 20:00:18 9.270 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\images\48x48\desktop_icon_01.bmp"
18 Jun 2008 20:00:18 9.270 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\images\48x48\desktop_icon_02.bmp"
18 Jun 2008 20:00:18 9.270 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\images\48x48\desktop_icon_03.bmp"
18 Jun 2008 20:00:18 9.270 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\images\48x48\desktop_icon_04.bmp"
18 Jun 2008 20:00:18 674 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\images\Centers\blue_arrow.gif"
18 Jun 2008 20:00:18 1.383 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\images\Centers\Connect.gif"
18 Jun 2008 20:00:18 1.839 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\images\Centers\IULogo.gif"
18 Jun 2008 20:00:18 1.525 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\images\Centers\Uabrand.gif"
18 Jun 2008 20:00:18 139 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\images\Expando\collapsed.gif"
18 Jun 2008 20:00:18 136 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\images\Expando\endnode.gif"
18 Jun 2008 20:00:18 135 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\images\Expando\expanded.gif"
18 Jun 2008 20:00:18 207 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\images\Expando\helpdoc.gif"
18 Jun 2008 20:00:18 8.562 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\panels\subpanels\Channels.htm"
18 Jun 2008 20:00:18 8.529 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\panels\subpanels\Favorites.htm"
18 Jun 2008 20:00:18 5.370 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\panels\subpanels\History.htm"
18 Jun 2008 20:00:18 2.911 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\panels\subpanels\Index.htm"
18 Jun 2008 20:00:18 3.494 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\panels\subpanels\Options.htm"
18 Jun 2008 20:00:18 36.988 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\panels\subpanels\Search.htm"
18 Jun 2008 20:00:18 6.520 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\panels\subpanels\Subsite.htm"
18 Jun 2008 20:00:36 5.246 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Common\common.js"
18 Jun 2008 20:00:36 4.327 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Common\ConnIssue.htm"
18 Jun 2008 20:00:36 2.468 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Common\constants.js"
18 Jun 2008 20:00:36 234 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Common\icon_information_32x.gif"
18 Jun 2008 20:00:36 219 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Common\icon_warning_32x.gif"
18 Jun 2008 20:00:36 1.796 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Common\LearnInternet.htm"
18 Jun 2008 20:00:36 2.354 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Common\RAHelp.htm"
18 Jun 2008 20:00:36 2.965 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Common\RCMoreInfo.htm"
18 Jun 2008 20:00:36 1.369 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Css\RAChat.css"
18 Jun 2008 20:00:36 2.442 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Css\rc.css"
18 Jun 2008 20:00:36 1.308 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Css\rcbuddy.css"
18 Jun 2008 20:00:18 118 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\graphics\alert.gif"
18 Jun 2008 20:00:18 674 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\graphics\BArrow.gif"
18 Jun 2008 20:00:18 162 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\graphics\card.gif"
18 Jun 2008 20:00:18 257 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\graphics\cd.gif"
18 Jun 2008 20:00:18 145 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\graphics\check.gif"
18 Jun 2008 20:00:18 102 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\graphics\chip.gif"
18 Jun 2008 20:00:18 1.498 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\graphics\down.bmp"
18 Jun 2008 20:00:18 139 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\graphics\drive.gif"
18 Jun 2008 20:00:18 107 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\graphics\error.gif"
18 Jun 2008 20:00:18 159 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\graphics\floppy.gif"
18 Jun 2008 20:00:18 682 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\graphics\GArrow.gif"
18 Jun 2008 20:00:18 135 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\graphics\gears.gif"
18 Jun 2008 20:00:18 677 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\graphics\greendot.jpg"
18 Jun 2008 20:00:18 99 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\graphics\info.gif"
18 Jun 2008 20:00:18 129 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\graphics\monitor.gif"
18 Jun 2008 20:00:18 181 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\graphics\personalizing.gif"
18 Jun 2008 20:00:18 1.135 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\graphics\PieChart.gif"
18 Jun 2008 20:00:18 67 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\graphics\PieGrey.gif"
18 Jun 2008 20:00:18 67 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\graphics\PieWhite.gif"
18 Jun 2008 20:00:18 136 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\graphics\printer.gif"
18 Jun 2008 20:00:18 114 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\graphics\r1_c1.gif"
18 Jun 2008 20:00:18 107 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\graphics\r1_c2.gif"
18 Jun 2008 20:00:18 106 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\graphics\r1_c3.gif"
18 Jun 2008 20:00:18 107 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\graphics\r3_c2.gif"
18 Jun 2008 20:00:18 43 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\graphics\spacer.gif"
18 Jun 2008 20:00:18 404 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\graphics\system.gif"
18 Jun 2008 20:00:18 1.135 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\graphics\Untitled.gif"
18 Jun 2008 20:00:18 1.498 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\graphics\up.bmp"
18 Jun 2008 20:00:18 262 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\graphics\usb.gif"
18 Jun 2008 20:00:18 569 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\graphics\windows.gif"
18 Jun 2008 20:00:34 2.897 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\confirm.htm"
18 Jun 2008 20:00:34 16.162 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\rcstatus.htm"
18 Jun 2008 20:00:36 4.756 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Client\Animation.gif"
18 Jun 2008 20:00:36 59 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Client\combobox_line.gif"
18 Jun 2008 20:00:36 1.094 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Client\connected.gif"
18 Jun 2008 20:00:36 1.024 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Client\DividerBar.gif"
18 Jun 2008 20:00:36 348 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Client\DividerBar.htm"
18 Jun 2008 20:00:36 838 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Client\DownArrow.gif"
18 Jun 2008 20:00:36 9.011 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Client\RAChatClient.htm"
18 Jun 2008 20:00:36 47.237 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Client\RAClient.htm"
18 Jun 2008 20:00:36 10.898 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Client\RAClient.js"
18 Jun 2008 20:00:36 7.205 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Client\RAStatusBar.htm"
18 Jun 2008 20:00:36 9.407 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Client\RAToolBar.htm"
18 Jun 2008 20:00:36 3.266 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Client\RAToolBar.xml"
18 Jun 2008 20:00:34 1.300 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Client\rcscreen6_head.htm"
18 Jun 2008 20:00:34 2.473 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Client\rctoolScreen1.htm"
18 Jun 2008 20:00:36 6.652 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Client\setting.htm"
18 Jun 2008 20:00:36 3.898 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Client\TakeControl.bmp"
18 Jun 2008 20:00:36 861 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Client\TakeControl.gif"
18 Jun 2008 20:00:36 834 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Client\UpArrow.gif"
18 Jun 2008 20:00:36 2.088 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Common\ErrorMsgs.htm"
18 Jun 2008 20:00:36 3.898 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Common\HelpCenter.bmp"
18 Jun 2008 20:00:36 845 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Common\HelpCenter.gif"
18 Jun 2008 20:00:36 379 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Common\hide-chat.gif"
18 Jun 2008 20:00:36 227 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Common\info.gif"
18 Jun 2008 20:00:36 3.898 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Common\Options.bmp"
18 Jun 2008 20:00:36 713 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Common\Options.gif"
18 Jun 2008 20:00:36 3.898 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Common\Quit.bmp"
18 Jun 2008 20:00:36 750 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Common\Quit.gif"
18 Jun 2008 20:00:36 13.453 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Common\RAControl.js"
18 Jun 2008 20:00:36 29.424 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Common\RCFileXfer.htm"
18 Jun 2008 20:00:36 1.041 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Common\SendChat.gif"
18 Jun 2008 20:00:36 3.898 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Common\SendFile.bmp"
18 Jun 2008 20:00:36 694 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Common\SendFile.gif"
18 Jun 2008 20:00:36 3.898 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Common\SendVoice.bmp"
18 Jun 2008 20:00:36 692 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Common\SendVoice.gif"
18 Jun 2008 20:00:36 994 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Common\SendVoiceOn.gif"
18 Jun 2008 20:00:36 380 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Common\show-chat.gif"
18 Jun 2008 20:00:36 2.338 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Common\VOIPMsgs.htm"
18 Jun 2008 20:00:36 343 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Server\DividerBar1.htm"
18 Jun 2008 20:00:36 355 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Server\DividerBar2.htm"
18 Jun 2008 20:00:36 2.818 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Server\ESC_key.gif"
18 Jun 2008 20:00:36 75 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Server\Helpee_line.gif"
18 Jun 2008 20:00:36 8.124 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Server\RAChatServer.htm"
18 Jun 2008 20:00:36 18.525 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Server\RAServer.htm"
18 Jun 2008 20:00:36 5.210 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Server\RAServer.js"
18 Jun 2008 20:00:36 13.066 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Server\RAServerToolBar.htm"
18 Jun 2008 20:00:36 4.872 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Server\SettingServer.htm"
18 Jun 2008 20:00:36 3.898 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Server\StopControl.bmp"
18 Jun 2008 20:00:36 640 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Server\StopControl.gif"
18 Jun 2008 20:00:36 3.210 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Server\TakeControlMsgs.htm"
18 Jun 2008 20:00:18 734 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\graphics\33x16pie\0_chart.gif"
18 Jun 2008 20:00:18 741 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\graphics\33x16pie\100_chart.gif"
18 Jun 2008 20:00:18 784 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\graphics\33x16pie\10_chart.gif"
18 Jun 2008 20:00:18 778 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\graphics\33x16pie\15_chart.gif"
18 Jun 2008 20:00:18 775 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\graphics\33x16pie\20_chart.gif"
18 Jun 2008 20:00:18 781 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\graphics\33x16pie\25_chart.gif"
18 Jun 2008 20:00:18 782 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\graphics\33x16pie\30_chart.gif"
18 Jun 2008 20:00:18 793 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\graphics\33x16pie\35_chart.gif"
18 Jun 2008 20:00:18 789 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\graphics\33x16pie\40_chart.gif"
18 Jun 2008 20:00:18 785 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\graphics\33x16pie\45_chart.gif"
18 Jun 2008 20:00:18 762 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\graphics\33x16pie\50_chart.gif"
18 Jun 2008 20:00:18 777 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\graphics\33x16pie\55_chart.gif"
18 Jun 2008 20:00:18 773 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\graphics\33x16pie\5_chart.gif"
18 Jun 2008 20:00:18 789 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\graphics\33x16pie\60_chart.gif"
18 Jun 2008 20:00:18 1.199 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\graphics\33x16pie\65_chart.gif"
18 Jun 2008 20:00:18 1.190 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\graphics\33x16pie\70_chart.gif"
18 Jun 2008 20:00:18 1.194 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\graphics\33x16pie\75_chart.gif"
18 Jun 2008 20:00:18 1.196 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\graphics\33x16pie\80_chart.gif"
18 Jun 2008 20:00:18 1.190 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\graphics\33x16pie\85_chart.gif"
18 Jun 2008 20:00:18 1.196 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\graphics\33x16pie\90_chart.gif"
18 Jun 2008 20:00:18 1.207 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\graphics\33x16pie\95_chart.gif"
18 Jun 2008 20:00:18 1.345 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\graphics\47x24pie\0_chart.gif"
18 Jun 2008 20:00:18 1.358 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\graphics\47x24pie\100_chart.gif"
18 Jun 2008 20:00:18 1.443 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\graphics\47x24pie\10_chart.gif"
18 Jun 2008 20:00:18 1.435 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\graphics\47x24pie\15_chart.gif"
18 Jun 2008 20:00:18 1.421 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\graphics\47x24pie\20_chart.gif"
18 Jun 2008 20:00:18 1.423 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\graphics\47x24pie\25_chart.gif"
18 Jun 2008 20:00:18 1.428 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\graphics\47x24pie\30_chart.gif"
18 Jun 2008 20:00:18 1.441 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\graphics\47x24pie\35_chart.gif"
18 Jun 2008 20:00:18 1.446 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\graphics\47x24pie\40_chart.gif"
18 Jun 2008 20:00:18 1.446 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\graphics\47x24pie\45_chart.gif"
18 Jun 2008 20:00:18 1.412 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\graphics\47x24pie\50_chart.gif"
18 Jun 2008 20:00:18 1.430 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\graphics\47x24pie\55_chart.gif"
18 Jun 2008 20:00:18 1.413 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\graphics\47x24pie\5_chart.gif"
18 Jun 2008 20:00:18 1.446 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\graphics\47x24pie\60_chart.gif"
18 Jun 2008 20:00:18 1.445 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\graphics\47x24pie\65_chart.gif"
18 Jun 2008 20:00:18 1.435 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\graphics\47x24pie\70_chart.gif"
18 Jun 2008 20:00:18 1.442 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\graphics\47x24pie\75_chart.gif"
18 Jun 2008 20:00:18 1.447 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\graphics\47x24pie\80_chart.gif"
18 Jun 2008 20:00:18 1.426 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\graphics\47x24pie\85_chart.gif"
18 Jun 2008 20:00:18 1.442 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\graphics\47x24pie\90_chart.gif"
18 Jun 2008 20:00:18 1.445 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\graphics\47x24pie\95_chart.gif"
18 Jun 2008 20:00:34 5.246 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\common.js"
18 Jun 2008 20:00:34 4.327 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\ConnIssue.htm"
18 Jun 2008 20:00:34 2.468 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\constants.js"
18 Jun 2008 20:00:34 234 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\icon_information_32x.gif"
18 Jun 2008 20:00:34 219 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\icon_warning_32x.gif"
18 Jun 2008 20:00:34 1.796 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\LearnInternet.htm"
18 Jun 2008 20:00:34 2.354 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\RAHelp.htm"
18 Jun 2008 20:00:34 2.965 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\RCMoreInfo.htm"
18 Jun 2008 20:00:34 1.369 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Css\RAChat.css"
18 Jun 2008 20:00:34 2.442 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Css\rc.css"
18 Jun 2008 20:00:34 1.308 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Css\rcbuddy.css"
18 Jun 2008 20:00:34 102 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\address_book.gif"
18 Jun 2008 20:00:34 1.074 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\arrow.gif"
18 Jun 2008 20:00:34 690 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\attention.gif"
18 Jun 2008 20:00:34 384 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\buddy_offline.gif"
18 Jun 2008 20:00:34 387 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\buddy.gif"
18 Jun 2008 20:00:34 608 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\buddy_attention.gif"
18 Jun 2008 20:00:34 382 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\buddy_away.gif"
18 Jun 2008 20:00:34 373 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\buddy_busy.gif"
18 Jun 2008 20:00:34 910 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\buddy_none.gif"
18 Jun 2008 20:00:34 111 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\Envelope.gif"
18 Jun 2008 20:00:34 159 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\floppy.gif"
18 Jun 2008 20:00:34 1.047 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\generic_mail.gif"
18 Jun 2008 20:00:34 321 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\icon_extweb.gif"
18 Jun 2008 20:00:34 139 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\IM_icon.gif"
18 Jun 2008 20:00:34 227 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\info.gif"
18 Jun 2008 20:00:34 3.169 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\logon_anim.gif"
18 Jun 2008 20:00:34 1.473 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\messenger_big.gif"
18 Jun 2008 20:00:34 7.066 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\monitor_left.gif"
18 Jun 2008 20:00:34 8.509 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\monitor_right.gif"
18 Jun 2008 20:00:34 180 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\outlook.gif"
18 Jun 2008 20:00:34 410 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\outlook_express.gif"
18 Jun 2008 20:00:34 3.462 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\rcConnection.htm"
18 Jun 2008 20:00:34 2.633 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\rcscreen1.htm"
18 Jun 2008 20:00:34 4.546 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\rcscreen2.htm"
18 Jun 2008 20:00:34 321 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\rcscreen3.htm"
18 Jun 2008 20:00:34 53.542 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\Remote_Assistance_Graphic.png"
18 Jun 2008 20:00:34 51 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\square_bullet.gif"
18 Jun 2008 20:00:34 137 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\check.gif"
18 Jun 2008 20:00:34 254 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\help.gif"
18 Jun 2008 20:00:34 4.867 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcDetails.htm"
18 Jun 2008 20:00:34 8.204 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen7.htm"
18 Jun 2008 20:00:34 7.780 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen8.htm"
18 Jun 2008 20:00:34 8.511 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen9.htm"
18 Jun 2008 20:00:34 5.438 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcInviteStatus.htm"
18 Jun 2008 20:00:34 14.603 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreenshot3.gif"
18 Jun 2008 20:00:34 4.432 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen4.htm"
18 Jun 2008 20:00:34 15.057 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen5.htm"
18 Jun 2008 20:00:34 29.093 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen6.htm"
18 Jun 2008 20:00:34 1.300 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen6_head.htm"
18 Jun 2008 20:00:34 13.693 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Unsolicited\UnSolicitedRCUI.htm"

C:\Programme\

29 May 2008 22:41:52 17.408 A.... "C:\Programme\Mozilla Firefox\AccessibleMarshal.dll"
29 May 2008 22:41:52 185.856 A.... "C:\Programme\Mozilla Firefox\crashreporter.exe"
29 May 2008 22:41:52 307.712 A.... "C:\Programme\Mozilla Firefox\firefox.exe"
29 May 2008 16:24:14 233.472 A.... "C:\Programme\Mozilla Firefox\freebl3.dll"
29 May 2008 22:41:52 695.808 A.... "C:\Programme\Mozilla Firefox\js3250.dll"
29 May 2008 22:41:52 710.144 A.... "C:\Programme\Mozilla Firefox\mozcrt19.dll"
29 May 2008 22:41:52 198.144 A.... "C:\Programme\Mozilla Firefox\nspr4.dll"
29 May 2008 22:41:52 697.856 A.... "C:\Programme\Mozilla Firefox\nss3.dll"
29 May 2008 22:41:52 304.640 A.... "C:\Programme\Mozilla Firefox\nssckbi.dll"
29 May 2008 22:41:52 103.936 A.... "C:\Programme\Mozilla Firefox\nssdbm3.dll"
29 May 2008 22:41:52 87.552 A.... "C:\Programme\Mozilla Firefox\nssutil3.dll"
29 May 2008 22:41:52 20.480 A.... "C:\Programme\Mozilla Firefox\plc4.dll"
29 May 2008 22:41:52 17.408 A.... "C:\Programme\Mozilla Firefox\plds4.dll"
29 May 2008 22:41:52 103.936 A.... "C:\Programme\Mozilla Firefox\smime3.dll"
29 May 2008 16:24:14 151.552 A.... "C:\Programme\Mozilla Firefox\softokn3.dll"
29 May 2008 22:41:52 414.208 A.... "C:\Programme\Mozilla Firefox\sqlite3.dll"
29 May 2008 22:41:52 136.704 A.... "C:\Programme\Mozilla Firefox\ssl3.dll"
29 May 2008 22:41:52 241.664 A.... "C:\Programme\Mozilla Firefox\updater.exe"
29 May 2008 22:41:52 17.920 A.... "C:\Programme\Mozilla Firefox\xpcom.dll"
29 May 2008 22:41:54 9.715.200 A.... "C:\Programme\Mozilla Firefox\xul.dll"
21 Jun 2008 10:56:50 189.990 ..SHR "C:\Programme\Gemeinsame Dateien\System\wmsncs.exe"
20 Jun 2008 22:49:38 63.488 A.... "C:\Programme\InstallShield Installation Information\{466F76BB-39CC-49DE-9B43-965D6E82134E}\Setup.exe"
29 May 2008 22:41:54 23.040 A.... "C:\Programme\Mozilla Firefox\components\browserdirprovider.dll"
29 May 2008 22:41:54 134.144 A.... "C:\Programme\Mozilla Firefox\components\brwsrcmp.dll"
20 Jun 2008 18:32:48 142.665 A.... "C:\Programme\Mozilla Firefox\components\compreg.dat"
20 Jun 2008 18:32:46 95.978 A.... "C:\Programme\Mozilla Firefox\components\xpti.dat"
29 May 2008 22:41:54 65.536 A.... "C:\Programme\Mozilla Firefox\plugins\npnul32.dll"
29 May 2008 16:24:14 117 A.... "C:\Programme\Mozilla Firefox\res\hiddenWindow.html"
29 May 2008 22:41:52 508.576 A.... "C:\Programme\Mozilla Firefox\uninstall\helper.exe"
20 Jun 2008 17:29:26 403.968 A.... "C:\Programme\Trend Micro\HijackThis\HijackThis.exe"
20 Jun 2008 22:49:38 618.628 A.... "C:\Programme\Gemeinsame Dateien\InstallShield\Engine\6\Intel 32\IKernel.exe"

Files with hidden attributes:

Sat 21 Jun 2008 39,502 ..SHR --- "C:\WINDOWS\winavscan.exe"
Sat 21 Jun 2008 196,608 ..SHR --- "C:\WINDOWS\wmssvc.exe"
Sat 21 Jun 2008 189,990 ..SHR --- "C:\WINDOWS\Fonts\wmsncs.exe"
Sat 21 Jun 2008 154,624 A..H. --- "C:\WINDOWS\system32\icnb.exe"
Sat 21 Jun 2008 189,990 ..SHR --- "C:\Programme\Gemeinsame Dateien\System\wmsncs.exe"
Sat 21 Jun 2008 189,990 ..SHR --- "C:\WINDOWS\system32\wins\wmsncs.exe"
Sat 21 Jun 2008 189,990 ..SHR --- "C:\WINDOWS\system32\spool\drivers\wmsncs.exe"
Fri 20 Jun 2008 133,991 ..SHR --- "C:\Dokumente und Einstellungen\All Users\Startmen\Programme\Autostart\wmsncs.exe"
Fri 20 Jun 2008 116,224 A..H. --- "C:\_OTMoveIt\MovedFiles\06212008_101411\WINDOWS\system32\hwcsjnup.exe"
Fri 20 Jun 2008 116,224 A..H. --- "C:\_OTMoveIt\MovedFiles\06212008_101411\WINDOWS\system32\yssxk.exe"
Fri 20 Jun 2008 133,991 A.SHR --- "C:\_OTMoveIt\MovedFiles\06212008_101411\Programme\Gemeinsame Dateien\System\wmsncs.exe"
Fri 20 Jun 2008 133,991 A.SHR --- "C:\_OTMoveIt\MovedFiles\06212008_101411\WINDOWS\system32\wins\wmsncs.exe"
Fri 20 Jun 2008 133,991 A.SHR --- "C:\_OTMoveIt\MovedFiles\06212008_101411\WINDOWS\system32\spool\drivers\wmsncs.exe"

Program Folders:

C:\Programme\

Avira
ComPlus Applications
Gemeinsame Dateien
InstallShield Installation Information
Internet Explorer
Messenger
microsoft frontpage
Movie Maker
Mozilla Firefox
MSN
MSN Gaming Zone
NetMeeting
Online Services
Online-Dienste
Opera
Outlook Express
Trend Micro
Trust
Uninstall Information
Versatel
Windows Media Player
Windows NT
WindowsUpdate
xerox

C:\Programme\Gemeinsame Dateien\

Dienste
InstallShield
Microsoft Shared
MSSoap
ODBC
SpeechEngines
System

Add/Remove Programs:

Avira AntiVir Personal – Free Antivirus
HijackThis 2.0.2
Mozilla Firefox (3.0)
Versatel
VIRUSfighter
Opera 9.27
Trust Keyboard 15036

Run Values:

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"avgnt"="\"C:\\Programme\\Avira\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"Norman ZANDA"="C:\\VIRUSfighter\\bin\\ZLH.EXE /LOAD /SPLASH"
"UserFaultCheck"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,\
6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,\
00,64,00,75,00,6d,00,70,00,72,00,65,00,70,00,20,00,30,00,20,00,2d,00,75,00,\
00,00
"Windows Logon Application"="C:\\WINDOWS\\System32\\logon.exe"
"Spooler SubSystem App"="C:\\WINDOWS\\System32\\spooIsv.exe"
"Windows Anti Virus Control Center"="winavscan.exe"
"Windowss Modeer Verifier"="bxss.exe"
"Windows Network Firewall"="C:\\WINDOWS\\System32\\firewall.exe"
"Wmsncs Service"="C:\\WINDOWS\\Fonts\\wmsncs.exe"
"NvidMediaCenter"="C:\\Programme\\Gemeinsame Dateien\\System\\wmsncs.exe"
"Spool Driver Service"="C:\\WINDOWS\\System32\\spool\\drivers\\wmsncs.exe"
"Wins Service"="C:\\WINDOWS\\System32\\wins\\wmsncs.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Windowss Modeer Verifier"="bxss.exe"

Bot Check:

SERVICE_NAME: sharedaccess
DISPLAY_NAME : Internetverbindungsfirewall/Gemeinsame Nutzung der Internetverbindung
START_TYPE : 2 AUTO_START

SERVICE_NAME: wuauserv
DISPLAY_NAME : Automatische Updates
START_TYPE : 2 AUTO_START

SERVICE_NAME: srservice
DISPLAY_NAME : Systemwiederherstellungsdienst
START_TYPE : 2 AUTO_START

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
"DoNotAllowXPSP2"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
"EnableDCOM"="Y"

[HKEY_CURRENT_USER\Software\Microsoft\OLE]
"Windowss Modeer Verifier"="bxss.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"restrictanonymous"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update]
"AUOptions"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"WaitToKillServiceTimeout"="20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"SFCDisable"=dword:00000000
"shell"="explorer.exe \"C:\\WINDOWS\\Fonts\\wmsncs.exe\""
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shell extensions]
"ITime"="06/21/2008, 12:23 AM"
"RuP"=dword:00013469

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters]
"TransportBindName"=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\parameters]
"AutoShareWks"=dword:00000000
"AutoShareServer"=dword:00000000

ShellExecuteHooks:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

Environment:

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\environment
ComSpec REG_EXPAND_SZ %SystemRoot%\system32\cmd.exe
Path REG_EXPAND_SZ %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
windir REG_EXPAND_SZ %SystemRoot%
OS REG_SZ Windows_NT
PATHEXT REG_SZ .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
TEMP REG_EXPAND_SZ %SystemRoot%\TEMP
TMP REG_EXPAND_SZ %SystemRoot%\TEMP
SAFEBOOT_OPTION REG_SZ MINIMAL

SecurityProviders:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders
SecurityProviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

Authentication Packages:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0

Subsystem Startup:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]
"Windows"="%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"

Midi Drivers:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

Non-Default IFEO Debugger:

Non-Default Installed Components:

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{103l3c30-c3b3-4130-9363-e59e1375perm}
StubPath REG_SZ C:\WINDOWS\Fonts\wmsncs.exe

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{acc563bc-4266-43f0-b6ed-9d38c4202c7e}
<NO NAME> REG_SZ Zugang zu Internet Explorer
StubPath REG_EXPAND_SZ rundll32 iesetup.dll,IEAccessUserInst
Version REG_SZ 6,0,2600,0000

HKEY_CURRENT_USER\software\microsoft\active setup\installed components\{103l3c30-c3b3-4130-9363-e59e1375perm}
StubPath REG_SZ C:\WINDOWS\Fonts\wmsncs.exe

Non-Default Safeboot Minimal:

File Associations:

[HKEY_CLASSES_ROOT\batfile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\cmdfile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\comfile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\htafile\shell\open\command]
@="C:\\WINDOWS\\System32\\mshta.exe \"%1\" %*"

[HKEY_CLASSES_ROOT\http\shell\open\command]
@="\"C:\\Programme\\Internet Explorer\\IEXPLORE.EXE\" -nohome"

[HKEY_CLASSES_ROOT\htmlfile\shell\open\command]
@="\"C:\\Programme\\Internet Explorer\\IEXPLORE.EXE\" -nohome"

[HKEY_CLASSES_ROOT\regedit\shell\open\command]
@="regedit.exe %1"

[HKEY_CLASSES_ROOT\regfile\shell\open\command]
@="regedit.exe \"%1\""

[HKEY_CLASSES_ROOT\scrfile\shell\open\command]
@="\"%1\" /S"

[HKEY_CLASSES_ROOT\txtfile\shell\open\command]
@="%SystemRoot%\system32\NOTEPAD.EXE %1"

Finished!

ComboFix:

ComboFix 08-06-20.4 - Administrator 2008-06-21 12:19:48.4 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.0.1252.1.1031.18.177 [GMT 2:00]
ausgeführt von:: C:\Dokumente und Einstellungen\Sheila\Desktop\ComboFix.exe
Command switches used :: C:\Dokumente und Einstellungen\Sheila\Desktop\cfscript.txt

[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]

FILE ::
C:\WINDOWS\Temp\1.reg
.

(((((((((((((((((((((((((((((((((((( Weitere L”schungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\2_exception.nls
C:\WINDOWS\system32\drivers\secdrv.sys
C:\WINDOWS\system32\firewall.exe
C:\WINDOWS\system32\logon.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_RUNTIME
-------\Service_runtime

((((((((((((((((((((((( Dateien erstellt von 2008-05-21 bis 2008-06-21 ))))))))))))))))))))))))))))))
.

2008-06-21 11:45 . 2008-06-21 11:45 <DIR> d---s---- C:\Dokumente und Einstellungen\Sheila\UserData
2008-06-21 11:40 . 2008-06-21 11:40 315,392 --a------ C:\WINDOWS\HideWin.exe
2008-06-21 11:07 . 2008-06-21 11:07 6,331,753 --a------ C:\WINDOWS\system32\qchwcjwa.exe
2008-06-21 11:07 . 2008-06-21 11:07 29,184 --a------ C:\WINDOWS\system32\shpgfuy.exe
2008-06-21 11:07 . 2008-06-21 11:07 27,136 --a------ C:\WINDOWS\system32\xjda.exe
2008-06-21 11:00 . 2008-06-21 11:00 229,376 --a------ C:\WINDOWS\system32\wmsoft65715.exe
2008-06-21 10:44 . 2008-06-21 10:44 6,331,753 --a------ C:\WINDOWS\system32\ybayaftz.exe
2008-06-21 10:44 . 2008-06-21 10:44 39,936 --a------ C:\WINDOWS\system32\vsczbtnp.exe
2008-06-21 10:44 . 2008-06-21 10:44 37,888 --a------ C:\WINDOWS\system32\pfspjbn.exe
2008-06-21 10:41 . 2008-06-21 10:41 262,144 --a------ C:\WINDOWS\system32\wmsoft74434.exe
2008-06-21 10:41 . 2008-06-21 10:42 229,376 --a------ C:\WINDOWS\system32\wmsoft31060.exe
2008-06-21 10:40 . 2008-06-21 10:40 39,502 -r-hs---- C:\WINDOWS\winavscan.exe
2008-06-21 10:40 . 2008-06-21 10:40 39,502 --a------ C:\WINDOWS\system32\sdmdtiw.exe
2008-06-21 10:39 . 2008-06-21 10:40 154,624 --ah----- C:\WINDOWS\system32\icnb.exe
2008-06-21 10:35 . 2008-06-21 10:35 196,608 -r-hs---- C:\WINDOWS\wmssvc.exe
2008-06-21 10:34 . 2008-06-21 11:00 80 --a------ C:\WINDOWS\system32\i
2008-06-21 10:14 . 2008-06-21 10:14 <DIR> d-------- C:\_OTMoveIt
2008-06-20 23:06 . 2008-06-20 23:06 <DIR> dr------- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien
2008-06-20 23:05 . 2008-06-18 19:56 <DIR> d--h----- C:\Dokumente und Einstellungen\Administrator\Vorlagen
2008-06-20 23:05 . 2008-06-18 20:49 <DIR> dr------- C:\Dokumente und Einstellungen\Administrator\Startmen
2008-06-20 23:05 . 2008-06-18 20:49 <DIR> d--h----- C:\Dokumente und Einstellungen\Administrator\Netzwerkumgebung
2008-06-20 23:05 . 2008-06-21 12:20 <DIR> d--h----- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen
2008-06-20 23:05 . 2008-06-20 23:06 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator\Favoriten
2008-06-20 23:05 . 2008-06-18 20:49 <DIR> d--h----- C:\Dokumente und Einstellungen\Administrator\Druckumgebung
2008-06-20 23:05 . 2008-06-18 20:49 <DIR> dr-h----- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten
2008-06-20 23:05 . 2008-06-20 23:06 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator
2008-06-20 22:50 . 2008-06-21 11:05 <DIR> d-------- C:\VIRUSfighter
2008-06-20 22:50 . 2008-06-20 22:50 <DIR> d--h----- C:\Programme\InstallShield Installation Information
2008-06-20 22:48 . 2008-06-20 23:07 <DIR> d-------- C:\SDFix
2008-06-20 18:32 . 2008-06-20 18:32 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-20 18:26 . 2008-06-20 18:27 <DIR> d-------- C:\Programme\Versatel
2008-06-20 18:26 . 2004-03-23 21:28 119,923 --a------ C:\WINDOWS\Versatel_UTIL.exe
2008-06-20 18:26 . 2004-06-21 10:52 84,256 --a------ C:\WINDOWS\Init.wbc
2008-06-20 18:26 . 2003-11-12 16:50 45,056 --a------ C:\WINDOWS\wsutil.exe
2008-06-20 18:26 . 2008-06-20 18:26 31 --a------ C:\WINDOWS\wwwbatch.ini
2008-06-20 18:25 . 2003-06-30 12:44 359,120 --a------ C:\WINDOWS\WBDDB34I.DLL
2008-06-20 18:25 . 2004-01-13 13:31 172,032 --a------ C:\WINDOWS\WsBtn.dll
2008-06-20 18:25 . 2003-03-17 23:46 102,469 --a------ C:\WINDOWS\wwctl34i.dll
2008-06-20 18:25 . 2002-12-27 08:04 53,317 --a------ C:\WINDOWS\wwsop34i.dll
2008-06-20 18:25 . 2002-12-27 08:01 53,317 --a------ C:\WINDOWS\WWREG34I.DLL
2008-06-20 18:25 . 2002-12-27 08:01 49,221 --a------ C:\WINDOWS\wwras34i.dll
2008-06-20 18:25 . 2003-01-12 21:42 25,984 --a------ C:\WINDOWS\WILX34I.DLL
2008-06-20 18:25 . 2000-05-02 22:57 21,776 --a------ C:\WINDOWS\SHFOLDER.DLL
2008-06-20 17:35 . 2008-06-20 17:35 <DIR> d-------- C:\Programme\Trust
2008-06-20 17:34 . 2008-06-20 17:34 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-06-20 17:34 . 2008-06-21 11:41 <DIR> d-------- C:\Programme\Gemeinsame Dateien\InstallShield
2008-06-20 17:29 . 2008-06-20 17:29 <DIR> d-------- C:\Programme\Trend Micro
2008-06-20 17:29 . 2008-06-20 17:29 <DIR> d-------- C:\Programme\Opera
2008-06-18 20:53 . 2001-08-17 14:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2008-06-18 20:52 . 2001-08-18 05:52 1,738,496 --a------ C:\WINDOWS\system32\nv4.dll
2008-06-18 20:52 . 2001-08-17 13:50 731,648 --a------ C:\WINDOWS\system32\drivers\nv4.sys
2008-06-18 20:52 . 2001-08-18 05:33 55,936 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-06-18 20:52 . 2001-08-18 05:53 19,456 --a------ C:\WINDOWS\system32\hidserv.dll
2008-06-18 20:51 . 2001-08-18 05:54 70,144 --a------ C:\WINDOWS\system32\usbui.dll
2008-06-18 20:51 . 2001-08-17 14:58 27,392 --a------ C:\WINDOWS\system32\drivers\VIAAGP.SYS
2008-06-18 20:51 . 2001-08-17 13:12 23,070 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2008-06-18 20:51 . 2001-08-17 13:12 19,017 --a------ C:\WINDOWS\system32\drivers\RTL8029.sys
2008-06-18 20:49 . 2008-06-21 11:53 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2008-06-18 20:49 . 2008-06-18 19:56 <DIR> d--h----- C:\Dokumente und Einstellungen\Default User\Vorlagen
2008-06-18 20:49 . 2008-06-18 20:49 <DIR> dr------- C:\Dokumente und Einstellungen\Default User\Startmen
2008-06-18 20:49 . 2008-06-18 20:49 <DIR> d--h----- C:\Dokumente und Einstellungen\Default User\Netzwerkumgebung
2008-06-18 20:49 . 2008-06-18 20:49 <DIR> dr-h----- C:\Dokumente und Einstellungen\Default User\Lokale Einstellungen
2008-06-18 20:49 . 2008-06-18 20:49 <DIR> d-------- C:\Dokumente und Einstellungen\Default User\Favoriten
2008-06-18 20:49 . 2008-06-18 20:49 <DIR> d--h----- C:\Dokumente und Einstellungen\Default User\Druckumgebung
2008-06-18 20:49 . 2008-06-18 20:49 <DIR> dr-h----- C:\Dokumente und Einstellungen\Default User\Anwendungsdaten
2008-06-18 20:49 . 2008-06-18 20:49 <DIR> d--h----- C:\Dokumente und Einstellungen\All Users\Vorlagen
2008-06-18 20:49 . 2008-06-18 20:01 <DIR> dr------- C:\Dokumente und Einstellungen\All Users\Startmen
2008-06-18 20:49 . 2008-06-18 20:49 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Favoriten
2008-06-18 20:49 . 2008-06-18 19:57 <DIR> dr------- C:\Dokumente und Einstellungen\All Users\Dokumente
2008-06-18 20:49 . 2008-06-18 20:21 <DIR> dr-h----- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten
2008-06-18 20:21 . 2008-06-18 20:21 <DIR> d-------- C:\Programme\Avira
2008-06-18 20:21 . 2008-06-18 20:21 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
2008-06-18 20:10 . 2008-06-20 17:35 <DIR> d--hs---- C:\WINDOWS\Installer
2008-06-18 20:10 . 2008-06-18 19:56 <DIR> d--h----- C:\Dokumente und Einstellungen\Sheila\Vorlagen
2008-06-18 20:10 . 2008-06-18 20:49 <DIR> dr------- C:\Dokumente und Einstellungen\Sheila\Startmen
2008-06-18 20:10 . 2008-06-18 20:49 <DIR> d--h----- C:\Dokumente und Einstellungen\Sheila\Netzwerkumgebung
2008-06-18 20:10 . 2008-06-21 10:22 <DIR> d--h----- C:\Dokumente und Einstellungen\Sheila\Lokale Einstellungen
2008-06-18 20:10 . 2008-06-20 18:26 <DIR> dr------- C:\Dokumente und Einstellungen\Sheila\Favoriten
2008-06-18 20:10 . 2008-06-20 17:34 <DIR> dr------- C:\Dokumente und Einstellungen\Sheila\Eigene Dateien
2008-06-18 20:10 . 2008-06-18 20:49 <DIR> d--h----- C:\Dokumente und Einstellungen\Sheila\Druckumgebung
2008-06-18 20:10 . 2008-06-20 18:32 <DIR> dr-h----- C:\Dokumente und Einstellungen\Sheila\Anwendungsdaten
2008-06-18 20:10 . 2008-06-21 11:45 <DIR> d-------- C:\Dokumente und Einstellungen\Sheila
2008-06-18 20:05 . 2008-06-21 10:22 <DIR> d--h----- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen
2008-06-18 20:05 . 2008-06-18 20:05 <DIR> d-------- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten
2008-06-18 20:05 . 2008-06-18 20:05 <DIR> d--hs---- C:\Dokumente und Einstellungen\NetworkService
2008-06-18 20:05 . 2008-06-21 10:22 <DIR> d--h----- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen
2008-06-18 20:05 . 2008-06-18 20:05 <DIR> d-------- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten
2008-06-18 20:05 . 2008-06-18 20:05 <DIR> d--hs---- C:\Dokumente und Einstellungen\LocalService
2008-06-18 20:05 . 2008-06-18 20:05 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
2008-06-18 20:04 . 2008-06-18 19:56 <DIR> d--h----- C:\WINDOWS\system32\config\systemprofile\Vorlagen
2008-06-18 20:04 . 2008-06-18 20:49 <DIR> dr------- C:\WINDOWS\system32\config\systemprofile\Startmen
2008-06-18 20:04 . 2008-06-18 20:49 <DIR> d--h----- C:\WINDOWS\system32\config\systemprofile\Netzwerkumgebung
2008-06-18 20:04 . 2008-06-21 10:22 <DIR> dr-h----- C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen
2008-06-18 20:04 . 2008-06-18 20:49 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Favoriten
2008-06-18 20:04 . 2008-06-18 20:49 <DIR> d--h----- C:\WINDOWS\system32\config\systemprofile\Druckumgebung
2008-06-18 20:04 . 2008-06-18 20:49 <DIR> dr-h----- C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten
2008-06-18 20:03 . 2001-08-23 14:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-06-18 20:02 . 2001-08-23 14:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-06-18 20:01 . 2008-06-18 20:01 <DIR> d-------- C:\WINDOWS\system32\xircom
2008-06-18 20:01 . 2008-06-18 20:01 <DIR> d-------- C:\Programme\microsoft frontpage
2008-06-18 20:00 . 2008-06-18 20:01 <DIR> d--hs---- C:\Dokumente und Einstellungen\All Users\DRM

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-21 08:56 189,990 --sh--r C:\WINDOWS\Fonts\wmsncs.exe
2008-06-18 17:59 --------- d-----w C:\Programme\Online-Dienste
2008-06-18 17:58 --------- d-----w C:\Programme\Gemeinsame Dateien\Dienste
.

------- Sigcheck -------

2001-08-23 14:00 1011200 99be27ee5db6b1354f380304bd3c0ce6 C:\WINDOWS\explorer.exe
2001-08-23 14:00 1011200 8fa92106d882ab4259f26174870e8b36 C:\WINDOWS\system32\dllcache\explorer.exe

2001-08-23 14:00 20480 d06c7f08615a25555fdc83e6772f3ffd C:\WINDOWS\system32\ctfmon.exe
2001-08-23 14:00 20480 9f663b9719fd734377701662fb734f30 C:\WINDOWS\system32\dllcache\ctfmon.exe
.
((((((((((((((((((((((((((((( snapshot@2008-06-21_ 8.47.06,22 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-21 06:40:35 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-21 10:22:26 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2005-10-20 18:02:28 174,080 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
- 2001-08-23 12:00:00 26,647 ----a-w C:\WINDOWS\hh.exe
+ 2001-08-23 12:00:00 33,815 ----a-w C:\WINDOWS\hh.exe
+ 2001-08-23 12:00:00 9,728 ----a-w C:\WINDOWS\LastGood.Tmp\System32\cdm.dll
+ 2001-08-23 12:00:00 114,176 ----a-w C:\WINDOWS\LastGood.Tmp\System32\wuauclt.exe
+ 2001-08-23 12:00:00 95,744 ----a-w C:\WINDOWS\LastGood.Tmp\System32\wuaueng.dll
- 2001-08-23 12:00:00 9,728 ----a-w C:\WINDOWS\system32\cdm.dll
+ 2007-07-30 17:19:20 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
- 2008-06-21 06:40:37 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-06-21 10:22:27 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-06-21 06:40:37 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-21 10:22:27 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat
- 2008-06-21 06:40:37 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Verlauf\History.IE5\index.dat
+ 2008-06-21 10:22:27 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Verlauf\History.IE5\index.dat
- 2001-08-23 12:00:00 11,776 -c--a-w C:\WINDOWS\system32\dllcache\lsass.exe
+ 2001-08-23 12:00:00 18,944 -c--a-w C:\WINDOWS\system32\dllcache\lsass.exe
- 2001-08-23 12:00:00 101,888 -c--a-w C:\WINDOWS\system32\dllcache\services.exe
+ 2001-08-23 12:00:00 110,592 -c--a-w C:\WINDOWS\system32\dllcache\services.exe
- 2001-08-23 12:00:00 12,800 -c--a-w C:\WINDOWS\system32\dllcache\svchost.exe
+ 2001-08-23 12:00:00 19,968 -c--a-w C:\WINDOWS\system32\dllcache\svchost.exe
- 2001-08-23 12:00:00 435,200 -c--a-w C:\WINDOWS\system32\dllcache\winlogon.exe
+ 2001-08-23 12:00:00 444,928 -c--a-w C:\WINDOWS\system32\dllcache\winlogon.exe
- 2001-08-23 12:00:00 55,808 ----a-w C:\WINDOWS\system32\freecell.exe
+ 2001-08-23 12:00:00 66,560 ----a-w C:\WINDOWS\system32\freecell.exe
- 2001-08-23 12:00:00 37,888 ----a-w C:\WINDOWS\system32\grpconv.exe
+ 2001-08-23 12:00:00 48,128 ----a-w C:\WINDOWS\system32\grpconv.exe
- 2001-08-23 12:00:00 68,096 ----a-w C:\WINDOWS\system32\magnify.exe
+ 2001-08-23 12:00:00 75,776 ----a-w C:\WINDOWS\system32\magnify.exe
- 2001-08-23 12:00:00 136,704 ----a-w C:\WINDOWS\system32\mobsync.exe
+ 2001-08-23 12:00:00 145,920 ----a-w C:\WINDOWS\system32\mobsync.exe
- 2001-08-23 12:00:00 213,504 ----a-w C:\WINDOWS\system32\osk.exe
+ 2001-08-23 12:00:00 221,696 ----a-w C:\WINDOWS\system32\osk.exe
- 2008-06-20 16:28:45 48,354 ----a-w C:\WINDOWS\system32\perfc007.dat
+ 2008-06-21 08:24:10 48,354 ----a-w C:\WINDOWS\system32\perfc007.dat
- 2008-06-20 16:28:45 40,128 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-06-21 08:24:10 40,128 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-06-20 16:28:45 316,924 ----a-w C:\WINDOWS\system32\perfh007.dat
+ 2008-06-21 08:24:10 316,924 ----a-w C:\WINDOWS\system32\perfh007.dat
- 2008-06-20 16:28:45 311,740 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-06-21 08:24:10 311,740 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2001-08-23 12:00:00 34,304 ----a-w C:\WINDOWS\system32\rcimlby.exe
+ 2001-08-23 12:00:00 41,984 ----a-w C:\WINDOWS\system32\rcimlby.exe
- 2001-08-23 12:00:00 12,288 ----a-w C:\WINDOWS\system32\runonce.exe
+ 2001-08-23 12:00:00 20,480 ----a-w C:\WINDOWS\system32\runonce.exe
- 2008-06-20 16:29:35 133,991 --sh--r C:\WINDOWS\system32\spool\drivers\wmsncs.exe
+ 2008-06-21 08:56:49 189,990 --sh--r C:\WINDOWS\system32\spool\drivers\wmsncs.exe
- 2001-08-23 12:00:00 46,592 ----a-w C:\WINDOWS\system32\utilman.exe
+ 2001-08-23 12:00:00 55,808 ----a-w C:\WINDOWS\system32\utilman.exe
- 2001-08-23 12:00:00 183,808 ----a-w C:\WINDOWS\system32\wbem\wmiadap.exe
+ 2001-08-23 12:00:00 190,976 ----a-w C:\WINDOWS\system32\wbem\wmiadap.exe
+ 2007-07-30 16:08:32 313,344 ----a-w C:\WINDOWS\system32\winhttp.dll
- 2008-06-20 16:29:35 133,991 --sh--r C:\WINDOWS\system32\wins\wmsncs.exe
+ 2008-06-21 08:56:49 189,990 --sh--r C:\WINDOWS\system32\wins\wmsncs.exe
+ 2007-07-30 17:19:36 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
- 2001-08-23 12:00:00 114,176 ----a-w C:\WINDOWS\system32\wuauclt.exe
+ 2007-07-30 17:19:16 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
- 2001-08-23 12:00:00 95,744 ----a-w C:\WINDOWS\system32\wuaueng.dll
+ 2007-07-30 17:19:42 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
+ 2007-07-30 17:19:32 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
- 2001-08-23 12:00:00 32,256 ----a-w C:\WINDOWS\system32\wupdmgr.exe
+ 2001-08-23 12:00:00 40,960 ----a-w C:\WINDOWS\system32\wupdmgr.exe
+ 2007-07-30 17:18:40 33,624 ----a-w C:\WINDOWS\system32\wups.dll
+ 2007-07-30 17:19:12 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
+ 2007-07-30 17:19:46 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-08-23 14:00 20480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 270593]
"Norman ZANDA"="C:\VIRUSfighter\bin\ZLH.EXE" [2005-05-25 13:11 143360]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]
"Windows Logon Application"="C:\WINDOWS\System32\logon.exe" [ ]
"Spooler SubSystem App"="C:\WINDOWS\System32\spooIsv.exe" [ ]
"Windows Anti Virus Control Center"="winavscan.exe" [2008-06-21 10:40 39502 C:\WINDOWS\winavscan.exe]
"Windowss Modeer Verifier"="bxss.exe" []
"Windows Network Firewall"="C:\WINDOWS\System32\firewall.exe" [ ]
"Wmsncs Service"="C:\WINDOWS\Fonts\wmsncs.exe" [2008-06-21 10:56 189990]
"NvidMediaCenter"="C:\Programme\Gemeinsame Dateien\System\wmsncs.exe" [2008-06-21 10:56 189990]
"Spool Driver Service"="C:\WINDOWS\System32\spool\drivers\wmsncs.exe" [2008-06-21 10:56 189990]
"Wins Service"="C:\WINDOWS\System32\wins\wmsncs.exe" [2008-06-21 10:56 189990]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Windowss Modeer Verifier"="bxss.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Wmsncs Service"="C:\WINDOWS\Fonts\wmsncs.exe" [2008-06-21 10:56 189990]
"NvidMediaCenter"="C:\Programme\Gemeinsame Dateien\System\wmsncs.exe" [2008-06-21 10:56 189990]
"Spool Driver Service"="C:\WINDOWS\System32\spool\drivers\wmsncs.exe" [2008-06-21 10:56 189990]
"Wins Service"="C:\WINDOWS\System32\wins\wmsncs.exe" [2008-06-21 10:56 189990]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"shell"="explorer.exe \"C:\\WINDOWS\\Fonts\\wmsncs.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"wmsncs.exe"= wmsncs.exe:SYSTEM
"wmssvc.exe"= wmssvc.exe:SYSTEM

R0 avgntmgr;avgntmgr;C:\WINDOWS\System32\DRIVERS\avgntmgr.sys [2008-01-21 18:11]
R1 avgntdd;avgntdd;C:\WINDOWS\System32\DRIVERS\avgntdd.sys [2008-01-21 18:12]
R2 NET Runtime Optimization Service v2.1.41329_X86;NET Runtime Optimization Service v2.1.41329_X86;"C:\WINDOWS\Fonts\wmsncs.exe" [2008-06-21 10:56]
R2 NET Service;NET Service;"C:\WINDOWS\wmssvc.exe" [2008-06-21 10:35]

*Newly Created Service* - NET_RUNTIME_OPTIMIZATION_SERVICE_V2.1.41329_X86

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{103L3C30-C3B3-4130-9363-E59E1375PERM}]
C:\WINDOWS\Fonts\wmsncs.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-21 12:22:43
Windows 5.1.2600 NTFS

detected NTDLL code modification:
ZwOpenFile

Scanne versteckte Prozesse...

C:\WINDOWS\wmssvc.exe [388] 0x813B88B8
C:\WINDOWS\Fonts\wmsncs.exe [1924] 0x81378B30
Scanne versteckte Autostart Eintr„ge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\VIRUSfighter\Bin\Zanda.exe
C:\WINDOWS\system32\rasautou.exe
C:\PROGRA~1\Versatel\versatel.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2008-06-21 12:24:20 - machine was rebooted [Sheila]
ComboFix-quarantined-files.txt 2008-06-21 10:24:16
ComboFix2.txt 2008-06-21 08:22:32
ComboFix3.txt 2008-06-21 06:54:58
ComboFix4.txt 2008-06-21 06:47:27

8 Verzeichnis(se), 77,853,106,176 Bytes frei
9 Verzeichnis(se), 77,557,411,840 Bytes frei

286

21.06.2008, 13:09

Sabina

Ehrenmitglied

Beiträge: 29434

#14 ich hatte geschrieben, dass du sdfix im abgesicherteN Modus anwenden sollst, nur dann erfolgt der scan, den ich sehen will !!!!

und combofix ( die txt-Datei) solltest du auch im abgesicherten Modus anwenden !!!!
Alles im abgesicherte Modus !!!!!!!!!!!!!

kopiere das in: otmoveIt
http://virus-protect.org/artikel/tools/otmoveIt.html

Zitat

C:\WINDOWS\system32\qchwcjwa.exe
C:\WINDOWS\system32\shpgfuy.exe
C:\WINDOWS\system32\xjda.exe
C:\WINDOWS\system32\wmsoft65715.exe
C:\WINDOWS\system32\ybayaftz.exe
C:\WINDOWS\system32\vsczbtnp.exe
C:\WINDOWS\system32\pfspjbn.exe
C:\WINDOWS\system32\wmsoft74434.exe
C:\WINDOWS\system32\wmsoft31060.exe
C:\WINDOWS\winavscan.exe
C:\WINDOWS\system32\sdmdtiw.exe
C:\WINDOWS\Fonts\wmsncs.exe
C:\WINDOWS\system32\icnb.exe
C:\WINDOWS\wmssvc.exe
C:\WINDOWS\system32\i

Klicke auf den Roten MoveIt!

Dann boote in den abgesicherten Modus und wende sdfix dort an und combofix-script !
__________
MfG Sabina

rund um die PC-Sicherheit

21.06.2008, 16:15

Sabina

Ehrenmitglied

Beiträge: 29434

#15 es ist sinnlos, wir haben es versucht, doch absoluter Quatsch, das reinigen zu wollen.
Formatiere so schnell als möglich, und ändere alle wichtigen Passwort.
__________
MfG Sabina

rund um die PC-Sicherheit

Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:

Seite(n): 1