[Løst]trojaner og annet skitt

ungkar1 · 6. desember 2008

Som jeg nevnte så ligger det nok lang flere slike .tmp-filer som ikke var synlig i den forrige combofix-loggen. Du ser i den nye at det fortsatt ligger slike .tmp-filer igjen. Kan du slette ALLE du finner via utforskeren?

Når du har gjort dette, poster du en ny combofix-logg.

sorry med litt seint svar(sova)

men har er loggen du ba om:

ComboFix 08-12-06.03 - Hildur Sagen 2008-12-06 20:47:23.7 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.459 [GMT 1:00]

Kjører fra: c:\documents and settings\Hildur Sagen\Desktop\ComboFix.exe

* Opprettet nytt gjenopprettingspunkt

* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

((((((((((((((((((((((((((((((((((((((( Drivere/Tjenester )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_PACKET

((((((((((((((((((((((((((( Filer Opprettet Fra 2008-11-06 til 2008-12-06 )))))))))))))))))))))))))))))))))

.

2008-12-06 14:15 . 2008-12-06 14:14 410,984 --a------ c:\windows\system32\deploytk.dll

2008-12-06 14:15 . 2008-12-06 14:14 73,728 --a------ c:\windows\system32\javacpl.cpl

2008-12-06 14:10 . 2008-12-06 14:10 <DIR> d-------- c:\program files\Trend Micro

2008-12-06 13:55 . 2008-12-06 13:55 <DIR> d--hs---- c:\windows\system32\GroupPolicyManifest

2008-12-06 12:50 . 2008-12-06 12:50 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2008-12-06 12:50 . 2008-12-06 12:50 <DIR> d-------- c:\documents and settings\Hildur Sagen\Application Data\Malwarebytes

2008-12-06 12:50 . 2008-12-06 12:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2008-12-06 12:50 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2008-12-06 12:50 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2008-12-06 12:33 . 2008-12-06 12:38 <DIR> d-------- c:\program files\Auslogics

2008-12-06 12:33 . 2008-12-06 12:33 <DIR> d-------- c:\documents and settings\Hildur Sagen\Application Data\Auslogics

2008-12-06 12:23 . 2008-12-06 12:23 <DIR> d-------- c:\program files\CCleaner

2008-11-18 17:08 . 2008-11-18 17:09 318,464 --ahs---- c:\windows\system32\1F1.tmp

2008-11-17 12:38 . 2008-11-17 12:38 318,464 --ahs---- c:\windows\system32\1BC.tmp

2008-11-17 11:13 . 2008-11-17 11:17 318,464 --ahs---- c:\windows\system32\1BA.tmp

2008-11-16 18:45 . 2008-11-16 18:46 318,464 --ahs---- c:\windows\system32\1AE.tmp

2008-11-16 17:32 . 2008-11-16 17:32 318,464 --ahs---- c:\windows\system32\1AC.tmp

2008-11-16 14:06 . 2008-11-16 14:06 318,464 --ahs---- c:\windows\system32\179.tmp

2008-11-16 13:06 . 2008-11-16 13:06 318,464 --ahs---- c:\windows\system32\177.tmp

2008-11-12 12:10 . 2008-11-12 12:10 0 --a------ c:\windows\system32\CE.tmp

2008-11-12 12:09 . 2008-11-12 12:09 0 --a------ c:\windows\system32\BD.tmp

2008-11-12 11:59 . 2008-11-12 11:59 318,464 --ahs---- c:\windows\system32\D9.tmp

2008-11-11 18:16 . 2008-11-11 18:16 0 --a------ c:\windows\system32\BE.tmp

2008-11-08 13:21 . 2008-11-08 13:21 0 --a------ c:\windows\system32\AA.tmp

2008-11-06 17:57 . 2008-11-06 17:57 318,464 --ahs---- c:\windows\system32\AC.tmp

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-06 13:17 --------- d-----w c:\program files\Java

2008-11-18 16:59 --------- d-----w c:\documents and settings\All Users\Application Data\CanonIJPLM

2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys

2008-10-24 11:10 453,632 ------w c:\windows\system32\dllcache\mrxsmb.sys

2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll

2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll

2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll

2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll

2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll

2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll

2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll

2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll

2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll

2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe

2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe

2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll

2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll

2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll

2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll

2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll

2008-10-15 16:57 332,800 ----a-w c:\windows\system32\dllcache\netapi32.dll

2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll

2008-09-24 08:39 2,672 --sha-w c:\windows\system32\KGyGaAvL.sys

2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys

2008-09-15 11:57 1,846,016 ------w c:\windows\system32\dllcache\win32k.sys

.

((((((((((((((((((((((((((((( snapshot@2008-12-06_13.56.54.67 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-12-06 12:20:23 1,764 --sha-w c:\windows\system32\GroupPolicy000.dat

+ 2008-12-06 12:55:54 1,764 --sha-w c:\windows\system32\GroupPolicy000.dat

- 2005-11-10 11:27:06 49,248 ----a-w c:\windows\system32\java.exe

+ 2008-12-06 13:14:52 144,792 ----a-w c:\windows\system32\java.exe

- 2005-11-10 11:27:16 49,250 ----a-w c:\windows\system32\javaw.exe

+ 2008-12-06 13:14:52 144,792 ----a-w c:\windows\system32\javaw.exe

- 2005-11-10 13:03:54 127,078 ----a-w c:\windows\system32\javaws.exe

+ 2008-12-06 13:14:52 148,888 ----a-w c:\windows\system32\javaws.exe

+ 2008-03-20 17:06:36 1,480,232 ------w c:\windows\system32\LegitCheckControl.dll

- 2008-10-28 15:52:51 53,770 ----a-w c:\windows\system32\perfc009.dat

+ 2008-12-06 12:59:25 53,770 ----a-w c:\windows\system32\perfc009.dat

- 2008-10-28 15:52:51 382,026 ----a-w c:\windows\system32\perfh009.dat

+ 2008-12-06 12:59:25 382,026 ----a-w c:\windows\system32\perfh009.dat

+ 2008-12-06 19:50:41 16,384 ----atw c:\windows\temp\Perflib_Perfdata_3d4.dat

.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]

"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]

"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-09-22 761947]

"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-08-23 1032192]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-01 1392640]

"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152]

"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]

"VSOCheckTask"="c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 151552]

"OASClnt"="c:\program files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 53248]

"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-07-01 303104]

"MCUpdateExe"="c:\progra~1\mcafee.com\agent\McUpdate.exe" [2005-07-08 212992]

"MSKDetectorExe"="c:\progra~1\McAfee\SPAMKI~1\MSKDetct.exe" [2005-07-12 1117184]

"MSKAGENTEXE"="c:\progra~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-07-12 110592]

"Corel Photo Downloader"="c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [2006-08-14 462336]

"VirusScan Online"="c:\progra~1\mcafee.com\vso\mcvsshld.exe" [2005-08-10 163840]

"MPFExe"="c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-10-02 999424]

"Telenor Online Start"="c:\program files\Telenor\Online Start\Telenor.exe" [2006-11-30 178312]

"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-06 136600]

"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2005-09-27 169984]

"SigmatelSysTrayApp"="stsystra.exe" [2006-09-22 c:\windows\stsystra.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-10 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-12-22 24576]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

--a------ 2008-09-23 08:33 29744 c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-10-18 10:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

--a------ 2007-07-17 17:08 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;"c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-12-22 29744]

S3 MODRC;Hauppauge Nova-T IR Driver;c:\windows\system32\DRIVERS\hcw95rc.sys [2007-01-22 15104]

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

2008-12-06 c:\windows\Tasks\McAfee.com Scan for virus - Denne computer (D7LNWN2J-Hildur Sagen).job

- c:\program files\mcafee.com\vso\mcmnhdlr.exe [2005-07-08 19:18]

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-06 20:50:28

Windows 5.1.2600 Service Pack 2 NTFS

skanner skjulte prosesser ...

skanner skjulte autostart-oppføringer ...

skanner skjulte filer ...

skanning vellykket

skjulte filer: 0

**************************************************************************

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

- - - - - - - > 'winlogon.exe'(668)

c:\windows\system32\Ati2evxx.dll

c:\windows\System32\BCMLogon.dll

.

------------------------ Andre Kjørende Prosesser ------------------------

.

c:\windows\system32\ati2evxx.exe

c:\windows\system32\WLTRYSVC.EXE

c:\windows\system32\BCMWLTRY.EXE

c:\program files\ATI Technologies\ATI.ACE\CLI.exe

c:\progra~1\McAfee.com\VSO\oasclnt.exe

c:\program files\McAfee.com\Agent\mcagent.exe

c:\program files\McAfee.com\VSO\mcvsshld.exe

c:\progra~1\McAfee.com\VSO\McVSEscn.exe

c:\progra~1\McAfee.com\PERSON~1\MpfAgent.exe

c:\windows\ehome\ehrecvr.exe

c:\windows\ehome\ehSched.exe

c:\program files\Canon\IJPLM\ijplmsvc.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\McAfee.com\Agent\Mcdetect.exe

c:\progra~1\McAfee.com\VSO\McShield.exe

c:\progra~1\McAfee.com\Agent\McTskshd.exe

c:\progra~1\McAfee\SPAMKI~1\MSKSrvr.exe

c:\program files\Dell\QuickSet\NicConfigSvc.exe

c:\windows\ehome\mcrdsvc.exe

c:\progra~1\McAfee.com\PERSON~1\MpfService.exe

c:\windows\system32\dllhost.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\program files\ATI Technologies\ATI.ACE\CLI.exe

c:\windows\ehome\ehmsas.exe

.

**************************************************************************

.

Tidspunkt ferdig: 2008-12-06 20:53:41 - maskinen ble startet på nytt

ComboFix-quarantined-files.txt 2008-12-06 19:53:37

ComboFix2.txt 2008-12-06 16:35:39

ComboFix3.txt 2008-12-06 16:03:52

ComboFix4.txt 2008-12-06 15:31:05

ComboFix5.txt 2008-12-06 19:45:55

Pre-Run: 61 860 376 576 bytes free

Post-Run: 61,858,750,464 byte ledig

203 --- E O F --- 2008-11-13 08:50:57

nå håper jeg at det ikke er noen rester igjen :dribble:

norbat · 6. desember 2008

Heisann, hvis du ser i din siste logg, og jeg vil tro du ser dem i utforsker også, så ligger det fortsatt filer igjen. Loggen din viser disse:

c:\windows\system32\1F1.tmp

c:\windows\system32\1BC.tmp

c:\windows\system32\1BA.tmp

c:\windows\system32\1AE.tmp

c:\windows\system32\1AC.tmp

c:\windows\system32\179.tmp

c:\windows\system32\177.tmp

c:\windows\system32\CE.tmp

c:\windows\system32\BD.tmp

c:\windows\system32\D9.tmp

c:\windows\system32\BE.tmp

c:\windows\system32\AA.tmp

c:\windows\system32\AC.tmp

Det ligger nok flere enn disse. Kan du ikke gjøre ett forsøk til med å fjerne ALLE TILSVARENDE .tmp-filer.

Ny combofix-logg etterpå. Hvis det fortsatt viser seg at det ligger mer, så må vi bruke en annen måte, men det skulle ikke være så vanskelig å se disse tmp-filene i utforsker

Lykke til!

Endret 6. desember 2008 av norbat

ungkar1 · 7. desember 2008

hei.

når har jeg slettet alle .tmp filene untatt disse p.g.a de finner jeg ikke manuelt i mappa og ikke når jeg søker etter dem.

c:\windows\system32\1F1.tmp

c:\windows\system32\1BC.tmp

c:\windows\system32\1BA.tmp

c:\windows\system32\1AE.tmp

c:\windows\system32\1AC.tmp

c:\windows\system32\179.tmp

c:\windows\system32\177.tmp

c:\windows\system32\D9.tmp

ComboFix.txt

Endret 7. desember 2008 av no more Mr. Nice guy

norbat · 7. desember 2008

Vi nærmer oss

Du finner de ikke fordi de er skjulte filer. Vi kan liste de opp ved å gjøre som du har gjort tidligere:

Lag deg en ny finn.bat fil som du kjører. Resultatet poster du

(I steden for å 'lage ny' kan du, om du fortsatt har finn.bat liggende på skrivebordet, høyreklikke på fila, velg rediger. Der limer du inn det som står i fet skrift under)

@echo off

VFIND -rtf -s318464 %systemroot%\system32\*32.tmp >Log.txt

Start Notepad Log.txt

ungkar1 · 7. desember 2008

Vi nærmer oss
Du finner de ikke fordi de er skjulte filer. Vi kan liste de opp ved å gjøre som du har gjort tidligere:

Lag deg en ny finn.bat fil som du kjører. Resultatet poster du

(I steden for å 'lage ny' kan du, om du fortsatt har finn.bat liggende på skrivebordet, høyreklikke på fila, velg rediger. Der limer du inn det som står i fet skrift under)

@echo off

VFIND -rtf -s318464 %systemroot%\system32\*32.tmp >Log.txt

Start Notepad Log.txt

loggen blir tom. er det riktig?

norbat · 7. desember 2008

Beklager, det var en liten feil i forrige skript. Nytt forsøk:

@echo off

VFIND -rtf -s318464 %systemroot%\system32\*.tmp >Log.txt

Start Notepad Log.txt

ungkar1 · 7. desember 2008

Beklager, det var en liten feil i forrige skript. Nytt forsøk:

@echo off

VFIND -rtf -s318464 %systemroot%\system32\*.tmp >Log.txt

Start Notepad Log.txt

her er loggen

C:\WINDOWS\system32\177.tmp

C:\WINDOWS\system32\179.tmp

C:\WINDOWS\system32\1AC.tmp

C:\WINDOWS\system32\1AE.tmp

C:\WINDOWS\system32\1BA.tmp

C:\WINDOWS\system32\1BC.tmp

C:\WINDOWS\system32\1F1.tmp

C:\WINDOWS\system32\AC.tmp

C:\WINDOWS\system32\D9.tmp

norbat · 7. desember 2008

Da fjerner vi disse ved hjelp av vedlagt cfscript.txt (samme prosedyre som tidligere).

Post den ny combofix-loggen

CFScript.txt

Endret 7. desember 2008 av norbat

ungkar1 · 7. desember 2008

ny logg:

ComboFix 08-12-06.03 - Hildur Sagen 2008-12-07 13:30:24.9 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.425 [GMT 1:00]

Kjører fra: c:\documents and settings\Hildur Sagen\Desktop\ComboFix.exe

Command switches brukt :: c:\documents and settings\Hildur Sagen\My Documents\CFScript.txt

* Opprettet nytt gjenopprettingspunkt

FILE ::

c:\windows\system32\177.tmp

c:\windows\system32\179.tmp

c:\windows\system32\1AC.tmp

c:\windows\system32\1AE.tmp

c:\windows\system32\1BA.tmp

c:\windows\system32\1BC.tmp

c:\windows\system32\1F1.tmp

c:\windows\system32\AC.tmp

c:\windows\system32\D9.tmp

.

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\177.tmp

c:\windows\system32\179.tmp

c:\windows\system32\1AC.tmp

c:\windows\system32\1AE.tmp

c:\windows\system32\1BA.tmp

c:\windows\system32\1BC.tmp

c:\windows\system32\1F1.tmp

c:\windows\system32\AC.tmp

c:\windows\system32\D9.tmp

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2008-11-07 til 2008-12-07 )))))))))))))))))))))))))))))))))

.

2008-12-07 12:19 . 2008-12-07 12:33 <DIR> d--h----- C:\$AVG8.VAULT$

2008-12-07 11:22 . 2008-12-07 11:22 <DIR> d-------- c:\program files\Opera

2008-12-06 22:57 . 2008-12-06 22:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\Emotum

2008-12-06 22:35 . 2008-09-08 11:41 333,824 --------- c:\windows\system32\dllcache\srv.sys

2008-12-06 22:35 . 2008-06-13 12:05 272,128 --------- c:\windows\system32\dllcache\bthport.sys

2008-12-06 22:35 . 2008-08-14 11:04 138,496 --------- c:\windows\system32\dllcache\afd.sys

2008-12-06 22:34 . 2008-08-14 11:11 2,189,184 --------- c:\windows\system32\dllcache\ntoskrnl.exe

2008-12-06 22:34 . 2008-08-14 11:09 2,145,280 --------- c:\windows\system32\dllcache\ntkrnlmp.exe

2008-12-06 22:34 . 2008-08-14 10:33 2,066,048 --------- c:\windows\system32\dllcache\ntkrnlpa.exe

2008-12-06 22:34 . 2008-08-14 10:33 2,023,936 --------- c:\windows\system32\dllcache\ntkrpamp.exe

2008-12-06 22:34 . 2008-09-15 13:12 1,846,400 --------- c:\windows\system32\dllcache\win32k.sys

2008-12-06 22:34 . 2008-10-24 12:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys

2008-12-06 22:34 . 2008-05-08 15:02 203,136 --------- c:\windows\system32\dllcache\rmcast.sys

2008-12-06 22:33 . 2008-04-11 20:04 691,712 --------- c:\windows\system32\dllcache\inetcomm.dll

2008-12-06 22:33 . 2008-10-15 17:34 337,408 --a------ c:\windows\system32\SET3C.tmp

2008-12-06 22:33 . 2008-10-15 17:34 337,408 --------- c:\windows\system32\dllcache\netapi32.dll

2008-12-06 22:22 . 2008-12-06 22:22 <DIR> d-------- c:\windows\system32\scripting

2008-12-06 22:22 . 2008-12-06 22:22 <DIR> d-------- c:\windows\system32\en

2008-12-06 22:22 . 2008-12-06 22:22 <DIR> d-------- c:\windows\system32\bits

2008-12-06 22:22 . 2008-12-06 22:22 <DIR> d-------- c:\windows\l2schemas

2008-12-06 22:19 . 2008-12-06 22:19 <DIR> d-------- c:\windows\ServicePackFiles

2008-12-06 21:58 . 2008-10-03 18:41 6,066,176 --------- c:\windows\system32\dllcache\ieframe.dll

2008-12-06 21:58 . 2007-04-17 10:32 2,455,488 --------- c:\windows\system32\dllcache\ieapfltr.dat

2008-12-06 21:58 . 2007-03-08 06:10 991,232 --------- c:\windows\system32\dllcache\ieframe.dll.mui

2008-12-06 21:58 . 2008-08-26 08:24 459,264 --------- c:\windows\system32\dllcache\msfeeds.dll

2008-12-06 21:58 . 2008-08-26 08:24 383,488 --------- c:\windows\system32\dllcache\ieapfltr.dll

2008-12-06 21:58 . 2008-08-26 08:24 267,776 --------- c:\windows\system32\dllcache\iertutil.dll

2008-12-06 21:58 . 2008-08-26 08:24 63,488 --------- c:\windows\system32\dllcache\icardie.dll

2008-12-06 21:58 . 2008-08-26 08:24 52,224 --------- c:\windows\system32\dllcache\msfeedsbs.dll

2008-12-06 21:58 . 2008-08-25 09:38 13,824 --------- c:\windows\system32\dllcache\ieudinit.exe

2008-12-06 21:54 . 2007-08-13 18:54 33,792 --a------ c:\windows\system32\dllcache\custsat.dll

2008-12-06 21:38 . 2008-12-06 21:38 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys

2008-12-06 21:38 . 2008-12-06 21:38 76,040 --a------ c:\windows\system32\drivers\avgtdix.sys

2008-12-06 21:38 . 2008-12-06 21:38 10,520 --a------ c:\windows\system32\avgrsstx.dll

2008-12-06 21:37 . 2008-12-06 21:39 <DIR> d-------- c:\windows\system32\drivers\Avg

2008-12-06 21:37 . 2008-12-06 21:37 <DIR> d-------- c:\program files\AVG

2008-12-06 21:37 . 2008-12-06 21:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8

2008-12-06 21:15 . 2008-12-06 21:15 <DIR> d--h----- c:\windows\system32\GroupPolicy

2008-12-06 21:01 . 2008-12-06 21:01 <DIR> d-------- c:\program files\VS Revo Group