spoolw.exe

Janis · 14.04.2008, 19:42

Sorry, vergessen den Log reinzuposten....

Hier nochmal hijack Log... spoolw und diese igfxxx Datei sind immer noch da

Logfile of HijackThis v1.99.1
Scan saved at 20:39:27, on 14.04.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\Winamp\winampa.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Symphony\maestro.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\igfxsvc.exe
C:\WINDOWS\system32\spoolw.exe
C:\Dokumente und Einstellungen\odkies\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: XMLDP Class - {72A128E0-2240-40c8-9E92-5387D64F839E} - C:\WINDOWS\xml2u32.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Programme\ATI Technologies\HydraVision\HydraDM.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [spoolw] C:\WINDOWS\system32\spoolw.exe
O4 - HKCU\..\Run: [igfxsvc] C:\WINDOWS\system32\igfxsvc.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: T-Sinus 930 Konfiguration.lnk = C:\Programme\Symphony\maestro.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe (file missing)
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

Sabina · 15.04.2008, 00:11

Hallo,

wende bitte Combofix an - klicke die Warnmeldung weg, kopiere dann hier den report
combofix

Gruss
Sabina

Janis · 15.04.2008, 16:13

Hier der Log: Kann ich die Dateien im Registrierungseditor löschen?

ComboFix 08-04-14.2 - odkies 2008-04-15 17:01:51.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1031.18.512 [GMT 2:00]
ausgeführt von:: C:\Dokumente und Einstellungen\odkies\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Dokumente und Einstellungen\odkies\Anwendungsdaten\install.dat
C:\WINDOWS\12951893.exe
C:\WINDOWS\12953506.exe
C:\WINDOWS\12954107.exe
C:\WINDOWS\1497853.exe
C:\WINDOWS\4872736.exe
C:\WINDOWS\4872916.exe
C:\WINDOWS\4872936.exe
C:\WINDOWS\5523111.exe
C:\WINDOWS\8908930.exe
C:\WINDOWS\8909531.exe
C:\WINDOWS\8909931.exe

.
((((((((((((((((((((((( Dateien erstellt von 2008-03-15 bis 2008-04-15 ))))))))))))))))))))))))))))))
.

2008-04-15 16:56 . 2008-04-15 16:56 <DIR> d-------- C:\WINDOWS\LastGood
2008-04-14 22:29 . 2008-04-15 17:06 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-04-14 20:51 . 2008-04-14 20:51 126,976 --a------ C:\WINDOWS\xml2u32.dll
2008-04-14 20:17 . 2008-04-14 20:17 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-14 20:17 . 2008-04-14 20:34 <DIR> d-------- C:\SDFix
2008-04-14 20:04 . 2008-04-14 20:04 <DIR> d-------- C:\_OTMoveIt
2008-04-12 19:04 . 2008-04-12 19:04 <DIR> d-------- C:\Programme\CCleaner
2008-03-21 16:02 . 2008-04-08 13:24 <DIR> d-------- C:\Dokumente und Einstellungen\odkies\Anwendungsdaten\SUPERAntiSpyware.com
2008-03-21 16:02 . 2008-03-21 16:02 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
2008-03-20 21:31 . 2008-03-20 21:31 <DIR> d-------- C:\fsaua.data
2008-03-20 16:30 . 2008-03-20 22:46 <DIR> d-a------ C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-14 18:03 --------- d-----w C:\Programme\Trillian
2008-03-19 12:51 --------- d-----w C:\Programme\Symphony
2007-10-12 13:20 109 --sha-w C:\WINDOWS\system32\609467646.dat
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{72A128E0-2240-40c8-9E92-5387D64F839E}]
2008-04-14 20:51 126976 --a------ C:\WINDOWS\xml2u32.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:57 15360]
"spoolw"="C:\WINDOWS\system32\spoolw.exe" [2004-08-04 00:57 2108]
"igfxsvc"="C:\WINDOWS\system32\igfxsvc.exe" [2004-08-04 00:57 2108]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HydraVisionDesktopManager"="C:\Programme\ATI Technologies\HydraVision\HydraDM.exe" [2002-08-14 10:28 262144]
"ATIPTA"="C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-02-28 21:00 315392]
"WinampAgent"="C:\Programme\Winamp\winampa.exe" [2007-05-15 00:22 35328]
"C-Media Mixer"="Mixer.exe" [2001-11-15 12:08 1216512 C:\WINDOWS\mixer.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:57 15360]

C:\Dokumente und Einstellungen\All Users\Startmen\Programme\Autostart\
Adobe Gamma Loader.lnk - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe [2007-07-10 16:31:12 110592]
T-Sinus 930 Konfiguration.lnk - C:\Programme\Symphony\maestro.exe [2007-07-10 00:11:30 540729]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{1D516154-6AC0-426C-92A1-FDC0073E8A1B}"= C:\DOKUME~1\odkies\LOKALE~1\Temp\ntwzhook.dll [ ]

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Google Updater.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-05-11 03:06 40048 C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxsvc]
--a------ 2004-08-04 00:57 2108 C:\WINDOWS\system32\igfxsvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:55 5674352 C:\Programme\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spoolw]
--a------ 2004-08-04 00:57 2108 C:\WINDOWS\system32\spoolw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 04:00 132496 C:\Programme\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
"Symphony Switcher Service"=2 (0x2)
"gusvc"=2 (0x2)
"BITS"=3 (0x3)
"AudioSrv"=2 (0x2)
"aawservice"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programme\\Trillian\\trillian.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:UDP"= 6112:UDP:Startcraft
"6119:UDP"= 6119:UDP:Starcraft2

R2 sympxchm;sympxchm;C:\WINDOWS\system32\DRIVERS\sympxchm.sys [2001-09-10 17:42]
R3 NtApm;Herkömmlicher NT APM-Schnittstellentreiber;C:\WINDOWS\system32\DRIVERS\NtApm.sys [2001-08-18 05:27]
R3 sympusb;sympusb;C:\WINDOWS\system32\DRIVERS\sympusb.sys [2001-10-22 11:23]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;C:\DOKUME~1\odkies\LOKALE~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys []
S4 Symphony Switcher Service;Symphony Switcher Service;C:\Programme\Symphony\sw_serv.exe [2002-01-23 09:05]

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-15 17:06:51
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
spoolw = C:\WINDOWS\system32\spoolw.exe????????????????????????????????????????????????????????????????????????????????????????????????
igfxsvc = C:\WINDOWS\system32\igfxsvc.exe???????????????????????????????????????????????????????????????????????????????????????????????

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2008-04-15 17:12:05
ComboFix-quarantined-files.txt 2008-04-15 15:11:03

13 Verzeichnis(se), 28,242,759,680 Bytes frei
17 Verzeichnis(se), 28,189,949,952 Bytes frei
.
2008-04-14 20:29:17 --- E O F ---

Sabina · 15.04.2008, 23:20

Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als cfscript.txt mit 'Speichern unter' auf dem Desktop. Gib an "Alle Dateien" - Speichern

Code:

ATTFilter

KILLALL:: 

Registry:: 
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{72A128E0-2240-40c8-9E92-5387D64F839E}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"spoolw"=-
"igfxsvc"=-
"ctfmon.exe"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{1D516154-6AC0-426C-92A1-FDC0073E8A1B}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxsvc]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spoolw]

File:: 
C:\WINDOWS\xml2u32.dll
C:\WINDOWS\system32\609467646.dat
C:\WINDOWS\system32\igfxsvc.exe
C:\WINDOWS\system32\spoolw.exe
C:\Dokumente und Einstellungen\odkies\Lokale Einstellungen\Temp\ntwzhook.dll

Man sollte jetzt auf dem Desktop diese Datei cfscript.txt finden.

cfscript.txt und mit der rechten Maustaste auf das Symbol von Combofix ziehen

danach: Combofix noch einmal anwenden

PC neustarten

---

poste das neue Log von Combofix

Janis · 18.04.2008, 10:32

Ui, diesmal ist er ja noch länger:

ComboFix 08-04-14.2 - odkies 2008-04-16 11:14:17.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1031.18.536 [GMT 2:00]
ausgeführt von:: C:\Dokumente und Einstellungen\odkies\Desktop\Antivir\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\_000007_.tmp.dll
C:\WINDOWS\system32\_000008_.tmp.dll
C:\WINDOWS\system32\_000019_.tmp.dll

.
((((((((((((((((((((((( Dateien erstellt von 2008-03-16 bis 2008-04-16 ))))))))))))))))))))))))))))))
.

2008-04-16 11:04 . 2008-04-16 11:12 <DIR> d-------- C:\WINDOWS\LastGood
2008-04-15 22:12 . 2006-08-21 11:14 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-04-15 22:12 . 2006-08-21 11:14 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-04-15 22:12 . 2006-08-21 14:26 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-04-15 17:21 . 2007-07-09 15:11 584,192 --a------ C:\WINDOWS\system32\SET10B.tmp
2008-04-15 17:21 . 2007-07-09 15:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-04-15 17:13 . 2007-04-18 18:13 2,854,400 --a------ C:\WINDOWS\system32\SET85.tmp
2008-04-15 17:12 . 2005-10-21 00:25 1,094,144 --a------ C:\WINDOWS\system32\SET67.tmp
2008-04-14 22:29 . 2008-04-16 11:17 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-04-14 22:29 . 2008-04-16 11:16 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-04-14 20:17 . 2008-04-14 20:17 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-14 20:17 . 2008-04-14 20:34 <DIR> d-------- C:\SDFix
2008-04-14 20:04 . 2008-04-14 20:04 <DIR> d-------- C:\_OTMoveIt
2008-04-12 19:04 . 2008-04-12 19:04 <DIR> d-------- C:\Programme\CCleaner
2008-03-21 16:02 . 2008-03-21 16:02 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
2008-03-20 21:31 . 2008-03-20 21:31 <DIR> d-------- C:\fsaua.data
2008-03-20 16:30 . 2008-03-20 22:46 <DIR> d-a------ C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-14 18:03 --------- d-----w C:\Programme\Trillian
2008-03-20 08:03 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 12:51 --------- d-----w C:\Programme\Symphony
2008-02-20 06:50 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:33 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 22:29 3,080,704 ----a-w C:\WINDOWS\system32\SET91.tmp
2008-02-16 08:59 665,088 ----a-w C:\WINDOWS\system32\SET89.tmp
2008-02-16 08:59 617,984 ----a-w C:\WINDOWS\system32\SET8A.tmp
2008-02-16 08:59 474,624 ----a-w C:\WINDOWS\system32\SET8B.tmp
2008-02-16 08:59 1,494,528 ----a-w C:\WINDOWS\system32\SET8C.tmp
2008-02-16 08:59 1,023,488 ----a-w C:\WINDOWS\system32\SET99.tmp
2008-02-15 23:03 374,272 ----a-w C:\WINDOWS\system32\SET9B.tmp
2007-10-12 13:20 109 --sha-w C:\WINDOWS\system32\609467646.dat
.

((((((((((((((((((((((((((((( snapshot@2008-04-15_17.10.44,54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-11-17 17:37:46 356,352 ----a-w C:\WINDOWS\$hf_mig$\KB873339\SP2QFE\hypertrm.dll
+ 2004-10-14 08:34:42 8,704 ----a-w C:\WINDOWS\$hf_mig$\KB873339\spmsg.dll
+ 2004-10-14 08:36:18 172,032 ----a-w C:\WINDOWS\$hf_mig$\KB873339\spuninst.exe
+ 2004-10-14 08:36:16 21,504 ----a-w C:\WINDOWS\$hf_mig$\KB873339\update\spcustom.dll
+ 2004-10-14 08:34:42 663,552 ----a-w C:\WINDOWS\$hf_mig$\KB873339\update\update.exe
+ 2004-10-13 16:21:24 1,694,208 ----a-w C:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe
+ 2004-10-14 09:34:42 8,704 ----a-w C:\WINDOWS\$hf_mig$\KB887472\spmsg.dll
+ 2004-10-14 09:36:18 172,032 ----a-w C:\WINDOWS\$hf_mig$\KB887472\spuninst.exe
+ 2004-10-14 09:36:16 21,504 ----a-w C:\WINDOWS\$hf_mig$\KB887472\update\spcustom.dll
+ 2004-10-14 09:34:42 663,552 ----a-w C:\WINDOWS\$hf_mig$\KB887472\update\update.exe
+ 2005-04-22 05:19:51 57,344 ----a-w C:\WINDOWS\$hf_mig$\KB890046\SP2QFE\agentdpv.dll
+ 2005-05-17 00:44:45 20,480 ----a-w C:\WINDOWS\$hf_mig$\KB890046\SP2QFE\spru0407.dll
+ 2005-02-24 18:34:56 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB890046\spmsg.dll
+ 2005-02-24 18:34:56 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB890046\spuninst.exe
+ 2005-02-24 18:34:56 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB890046\update\spcustom.dll
+ 2005-02-24 18:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB890046\update\update.exe
+ 2005-02-24 18:34:58 378,080 ----a-w C:\WINDOWS\$hf_mig$\KB890046\update\updspapi.dll
+ 2004-11-30 12:46:28 8,704 ----a-w C:\WINDOWS\$hf_mig$\KB891781\spmsg.dll
+ 2004-11-30 18:22:38 172,032 ----a-w C:\WINDOWS\$hf_mig$\KB891781\spuninst.exe
+ 2004-11-30 18:22:38 21,504 ----a-w C:\WINDOWS\$hf_mig$\KB891781\update\spcustom.dll
+ 2004-11-30 12:46:30 663,552 ----a-w C:\WINDOWS\$hf_mig$\KB891781\update\update.exe
+ 2005-07-08 16:29:45 249,344 ----a-w C:\WINDOWS\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
+ 2005-02-24 18:34:56 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB893756\spmsg.dll
+ 2005-02-24 18:34:56 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB893756\spuninst.exe
+ 2005-07-07 17:27:08 30,720 ----a-w C:\WINDOWS\$hf_mig$\KB893756\update\arpidfix.exe
+ 2005-02-24 18:34:56 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB893756\update\spcustom.dll
+ 2005-02-24 18:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB893756\update\update.exe
+ 2005-02-24 18:34:58 378,080 ----a-w C:\WINDOWS\$hf_mig$\KB893756\update\updspapi.dll
+ 2005-05-26 23:26:50 10,752 ----a-w C:\WINDOWS\$hf_mig$\KB896358\SP2QFE\hh.exe
+ 2005-05-27 02:10:34 41,472 ----a-w C:\WINDOWS\$hf_mig$\KB896358\SP2QFE\hhsetup.dll
+ 2005-05-27 02:10:34 155,136 ----a-w C:\WINDOWS\$hf_mig$\KB896358\SP2QFE\itircl.dll
+ 2005-05-27 02:10:34 137,216 ----a-w C:\WINDOWS\$hf_mig$\KB896358\SP2QFE\itss.dll
+ 2005-02-24 18:34:56 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB896358\spmsg.dll
+ 2005-02-24 18:34:56 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB896358\spuninst.exe
+ 2005-02-24 18:34:56 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB896358\update\spcustom.dll
+ 2005-02-24 18:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB896358\update\update.exe
+ 2005-02-24 18:34:58 378,080 ----a-w C:\WINDOWS\$hf_mig$\KB896358\update\updspapi.dll
+ 2005-06-11 00:17:13 57,856 ----a-w C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
+ 2005-02-24 18:34:56 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB896423\spmsg.dll
+ 2005-02-24 18:34:56 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB896423\spuninst.exe
+ 2005-06-29 14:54:32 30,720 ----a-w C:\WINDOWS\$hf_mig$\KB896423\update\arpidfix.exe
+ 2005-02-24 18:34:56 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB896423\update\spcustom.dll
+ 2005-02-24 18:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB896423\update\update.exe
+ 2005-02-24 18:34:58 378,080 ----a-w C:\WINDOWS\$hf_mig$\KB896423\update\updspapi.dll
+ 2005-02-24 18:34:56 15,584 ------w C:\WINDOWS\$hf_mig$\KB899591\spmsg.dll
+ 2005-02-24 18:34:56 213,216 ------w C:\WINDOWS\$hf_mig$\KB899591\spuninst.exe
+ 2005-06-29 14:54:32 30,720 ------w C:\WINDOWS\$hf_mig$\KB899591\update\arpidfix.exe
+ 2005-02-24 18:34:56 22,240 ------w C:\WINDOWS\$hf_mig$\KB899591\update\spcustom.dll
+ 2005-02-24 18:34:56 727,776 ------w C:\WINDOWS\$hf_mig$\KB899591\update\update.exe
+ 2005-02-24 18:34:58 378,080 ------w C:\WINDOWS\$hf_mig$\KB899591\update\updspapi.dll
+ 2005-07-26 04:28:59 225,792 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\catsrv.dll
+ 2005-07-26 04:28:59 625,152 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\catsrvut.dll
+ 2005-07-26 04:28:59 110,080 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatex.dll
+ 2005-07-26 04:29:00 498,688 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatq.dll
+ 2005-07-26 04:29:01 60,416 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\colbact.dll
+ 2005-07-26 04:29:01 195,072 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\comadmin.dll
+ 2005-07-26 04:29:02 97,792 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\comrepl.dll
+ 2005-07-26 04:29:04 1,267,200 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\comsvcs.dll
+ 2005-07-26 04:29:04 540,160 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\comuid.dll
+ 2005-07-26 04:29:04 243,200 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\es.dll
+ 2005-07-25 23:42:35 8,704 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\migregdb.exe
+ 2005-07-26 04:29:05 425,472 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\msdtcprx.dll
+ 2005-07-26 04:29:10 945,152 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\msdtctm.dll
+ 2005-07-26 04:29:10 161,280 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\msdtcuiu.dll
+ 2005-07-26 04:29:10 66,560 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\mtxclu.dll
+ 2005-07-26 04:29:11 91,136 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\mtxoci.dll
+ 2005-07-26 04:29:16 1,286,144 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\ole32.dll
+ 2005-07-26 04:29:17 74,752 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\olecli32.dll
+ 2005-07-26 04:29:17 37,376 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\olecnv32.dll
+ 2005-07-26 04:29:19 398,336 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\rpcss.dll
+ 2005-07-26 04:29:19 101,376 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\txflog.dll
+ 2005-07-26 04:29:19 11,776 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\xolehlp.dll
+ 2005-02-24 18:34:56 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB902400\spmsg.dll
+ 2005-02-24 18:34:56 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB902400\spuninst.exe
+ 2005-07-25 17:21:18 30,720 ----a-w C:\WINDOWS\$hf_mig$\KB902400\update\arpidfix.exe
+ 2005-02-24 18:34:56 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB902400\update\spcustom.dll
+ 2005-02-24 18:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB902400\update\update.exe
+ 2005-02-24 18:34:58 378,080 ----a-w C:\WINDOWS\$hf_mig$\KB902400\update\updspapi.dll
+ 2006-06-22 10:36:56 180,736 ----a-w C:\WINDOWS\$hf_mig$\KB911280\SP2QFE\rasmans.dll
+ 2005-10-12 23:11:08 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB911280\spmsg.dll
+ 2005-10-12 23:11:08 217,312 ----a-w C:\WINDOWS\$hf_mig$\KB911280\spuninst.exe
+ 2005-10-12 23:11:04 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB911280\update\spcustom.dll
+ 2005-10-12 23:11:11 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB911280\update\update.exe
+ 2005-10-12 23:11:17 377,568 ----a-w C:\WINDOWS\$hf_mig$\KB911280\update\updspapi.dll
+ 2006-03-23 05:52:23 143,360 ----a-w C:\WINDOWS\$hf_mig$\KB911562\SP2QFE\msadco.dll
+ 2005-10-12 23:11:08 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB911562\spmsg.dll
+ 2005-10-12 23:11:08 217,312 ----a-w C:\WINDOWS\$hf_mig$\KB911562\spuninst.exe
+ 2005-10-12 23:11:04 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB911562\update\spcustom.dll
+ 2005-10-12 23:11:11 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB911562\update\update.exe
+ 2005-10-12 23:11:17 377,568 ----a-w C:\WINDOWS\$hf_mig$\KB911562\update\updspapi.dll
+ 2006-06-01 19:39:47 163,840 ----a-w C:\WINDOWS\$hf_mig$\KB918439\SP2QFE\jgdw400.dll
+ 2006-06-01 19:39:47 27,648 ----a-w C:\WINDOWS\$hf_mig$\KB918439\SP2QFE\jgpl400.dll
+ 2005-10-12 23:11:08 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB918439\spmsg.dll
+ 2005-10-12 23:11:08 217,312 ----a-w C:\WINDOWS\$hf_mig$\KB918439\spuninst.exe
+ 2005-10-12 23:11:04 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB918439\update\spcustom.dll
+ 2005-10-12 23:11:11 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB918439\update\update.exe
+ 2005-10-12 23:11:17 377,568 ----a-w C:\WINDOWS\$hf_mig$\KB918439\update\updspapi.dll
+ 2006-07-21 08:28:16 72,704 ----a-w C:\WINDOWS\$hf_mig$\KB920670\SP2QFE\hlink.dll
+ 2005-10-12 23:15:13 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB920670\spmsg.dll
+ 2005-10-12 23:15:13 217,312 ----a-w C:\WINDOWS\$hf_mig$\KB920670\spuninst.exe
+ 2005-10-12 23:15:13 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB920670\update\spcustom.dll
+ 2005-10-12 23:15:15 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB920670\update\update.exe
+ 2005-10-12 23:15:23 377,568 ----a-w C:\WINDOWS\$hf_mig$\KB920670\update\updspapi.dll
+ 2006-06-22 05:22:09 69,120 ----a-w C:\WINDOWS\$hf_mig$\KB920685\SP2QFE\ciodm.dll
+ 2006-06-22 05:22:10 1,441,792 ----a-w C:\WINDOWS\$hf_mig$\KB920685\SP2QFE\query.dll
+ 2005-10-12 23:11:08 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB920685\spmsg.dll
+ 2005-10-12 23:11:08 217,312 ----a-w C:\WINDOWS\$hf_mig$\KB920685\spuninst.exe
+ 2005-10-12 23:11:04 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB920685\update\spcustom.dll
+ 2005-10-12 23:11:11 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB920685\update\update.exe
+ 2005-10-12 23:11:17 377,568 ----a-w C:\WINDOWS\$hf_mig$\KB920685\update\updspapi.dll
+ 2006-10-13 12:41:39 64,000 ----a-w C:\WINDOWS\$hf_mig$\KB923980\SP2QFE\nwapi32.dll
+ 2006-10-13 12:41:39 146,432 ----a-w C:\WINDOWS\$hf_mig$\KB923980\SP2QFE\nwprovau.dll
+ 2006-10-13 10:39:12 163,456 ----a-w C:\WINDOWS\$hf_mig$\KB923980\SP2QFE\nwrdr.sys
+ 2006-10-13 12:41:39 65,536 ----a-w C:\WINDOWS\$hf_mig$\KB923980\SP2QFE\nwwks.dll
+ 2005-10-12 23:15:13 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB923980\spmsg.dll
+ 2005-10-12 23:15:13 217,312 ----a-w C:\WINDOWS\$hf_mig$\KB923980\spuninst.exe
+ 2005-10-12 23:15:13 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB923980\update\spcustom.dll
+ 2005-10-12 23:15:15 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB923980\update\update.exe
+ 2005-10-12 23:15:23 377,568 ----a-w C:\WINDOWS\$hf_mig$\KB923980\update\updspapi.dll
+ 2006-08-17 12:41:25 734,208 ----a-w C:\WINDOWS\$hf_mig$\KB924270\SP2QFE\lsasrv.dll
+ 2006-08-17 12:41:25 337,408 ----a-w C:\WINDOWS\$hf_mig$\KB924270\SP2QFE\netapi32.dll
+ 2006-08-17 12:41:25 132,096 ----a-w C:\WINDOWS\$hf_mig$\KB924270\SP2QFE\wkssvc.dll
+ 2005-10-12 23:11:08 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB924270\spmsg.dll
+ 2005-10-12 23:11:08 217,312 ----a-w C:\WINDOWS\$hf_mig$\KB924270\spuninst.exe
+ 2005-10-12 23:11:04 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB924270\update\spcustom.dll
+ 2005-10-12 23:11:11 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB924270\update\update.exe
+ 2005-10-12 23:11:17 377,568 ----a-w C:\WINDOWS\$hf_mig$\KB924270\update\updspapi.dll
+ 2006-09-04 06:13:53 1,497,088 ----a-w C:\WINDOWS\$hf_mig$\KB924496\SP2QFE\shdocvw.dll
+ 2005-10-12 23:11:08 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB924496\spmsg.dll
+ 2005-10-12 23:11:08 217,312 ----a-w C:\WINDOWS\$hf_mig$\KB924496\spuninst.exe
+ 2005-10-12 23:11:04 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB924496\update\spcustom.dll
+ 2005-10-12 23:11:11 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB924496\update\update.exe
+ 2005-10-12 23:11:17 377,568 ----a-w C:\WINDOWS\$hf_mig$\KB924496\update\updspapi.dll
+ 2007-03-08 15:48:39 282,112 ----a-w C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\gdi32.dll
+ 2007-03-08 15:48:39 40,960 ----a-w C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\mf3216.dll
+ 2007-03-08 15:48:39 579,584 ----a-w C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
+ 2007-03-08 15:45:09 1,844,096 ----a-w C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\win32k.sys
+ 2006-01-19 19:29:14 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB925902\spmsg.dll
+ 2006-01-19 19:29:14 217,312 ----a-w C:\WINDOWS\$hf_mig$\KB925902\spuninst.exe
+ 2006-01-19 19:29:14 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB925902\update\spcustom.dll
+ 2006-01-19 19:29:14 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB925902\update\update.exe
+ 2006-01-19 19:29:15 377,568 ----a-w C:\WINDOWS\$hf_mig$\KB925902\update\updspapi.dll
+ 2006-10-16 17:16:32 126,976 ----a-w C:\WINDOWS\$hf_mig$\KB926436\SP2QFE\oledlg.dll
+ 2005-10-12 23:15:13 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB926436\spmsg.dll
+ 2005-10-12 23:15:13 217,312 ----a-w C:\WINDOWS\$hf_mig$\KB926436\spuninst.exe
+ 2005-10-12 23:15:13 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB926436\update\spcustom.dll
+ 2005-10-12 23:15:15 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB926436\update\update.exe
+ 2005-10-12 23:15:23 377,568 ----a-w C:\WINDOWS\$hf_mig$\KB926436\update\updspapi.dll
+ 2007-05-16 15:26:27 86,528 ----a-w C:\WINDOWS\$hf_mig$\KB929123\SP2QFE\directdb.dll
+ 2007-05-16 15:26:27 683,520 ----a-w C:\WINDOWS\$hf_mig$\KB929123\SP2QFE\inetcomm.dll
+ 2007-05-16 15:26:31 1,314,816 ----a-w C:\WINDOWS\$hf_mig$\KB929123\SP2QFE\msoe.dll
+ 2007-05-16 15:26:33 510,976 ----a-w C:\WINDOWS\$hf_mig$\KB929123\SP2QFE\wab32.dll
+ 2007-05-16 15:26:33 85,504 ----a-w C:\WINDOWS\$hf_mig$\KB929123\SP2QFE\wabimp.dll
+ 2006-01-19 19:29:14 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB929123\spmsg.dll
+ 2006-01-19 19:29:14 217,312 ----a-w C:\WINDOWS\$hf_mig$\KB929123\spuninst.exe
+ 2006-01-19 19:29:14 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB929123\update\spcustom.dll
+ 2006-01-19 19:29:14 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB929123\update\update.exe
+ 2006-01-19 19:29:15 377,568 ----a-w C:\WINDOWS\$hf_mig$\KB929123\update\updspapi.dll
+ 2007-02-05 20:19:54 185,856 ----a-w C:\WINDOWS\$hf_mig$\KB931261\SP2QFE\upnphost.dll
+ 2006-01-19 19:29:14 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB931261\spmsg.dll
+ 2006-01-19 19:29:14 217,312 ----a-w C:\WINDOWS\$hf_mig$\KB931261\spuninst.exe
+ 2006-01-19 19:29:14 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB931261\update\spcustom.dll
+ 2006-01-19 19:29:14 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB931261\update\update.exe
+ 2006-01-19 19:29:15 377,568 ----a-w C:\WINDOWS\$hf_mig$\KB931261\update\updspapi.dll
+ 2007-06-26 06:06:22 1,104,896 ----a-w C:\WINDOWS\$hf_mig$\KB936021\SP2QFE\msxml3.dll
+ 2005-10-12 23:11:08 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB936021\spmsg.dll
+ 2005-10-12 23:11:08 217,312 ----a-w C:\WINDOWS\$hf_mig$\KB936021\spuninst.exe
+ 2005-10-12 23:11:04 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB936021\update\spcustom.dll
+ 2005-10-12 23:11:11 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB936021\update\update.exe
+ 2005-10-12 23:11:17 377,568 ----a-w C:\WINDOWS\$hf_mig$\KB936021\update\updspapi.dll
+ 2007-06-13 13:10:08 1,036,288 ----a-w C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
+ 2005-10-12 23:11:08 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB938828\spmsg.dll
+ 2005-10-12 23:11:08 217,312 ----a-w C:\WINDOWS\$hf_mig$\KB938828\spuninst.exe
+ 2005-10-12 23:11:04 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB938828\update\spcustom.dll
+ 2005-10-12 23:11:11 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB938828\update\update.exe
+ 2005-10-12 23:11:17 377,568 ----a-w C:\WINDOWS\$hf_mig$\KB938828\update\updspapi.dll
+ 2007-10-30 16:53:32 360,832 ----a-w C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
+ 2007-03-06 01:14:12 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB941644\spmsg.dll
+ 2007-03-06 01:14:17 217,312 ----a-w C:\WINDOWS\$hf_mig$\KB941644\spuninst.exe
+ 2007-03-06 01:14:11 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\spcustom.dll
+ 2007-03-06 01:14:35 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\update.exe
+ 2007-03-06 01:15:25 377,568 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\updspapi.dll
+ 2008-03-20 07:56:37 1,846,016 ----a-w C:\WINDOWS\$hf_mig$\KB941693\SP2QFE\win32k.sys
+ 2007-03-06 01:14:12 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB941693\spmsg.dll
+ 2007-03-06 01:14:17 217,312 ----a-w C:\WINDOWS\$hf_mig$\KB941693\spuninst.exe
+ 2007-03-06 01:14:11 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\spcustom.dll
+ 2007-03-06 01:14:35 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\update.exe
+ 2007-03-06 01:15:25 377,568 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\updspapi.dll
+ 2007-12-18 09:38:59 179,712 ----a-w C:\WINDOWS\$hf_mig$\KB946026\SP2QFE\mrxdav.sys
+ 2007-03-06 01:14:12 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB946026\spmsg.dll
+ 2007-03-06 01:14:17 217,312 ----a-w C:\WINDOWS\$hf_mig$\KB946026\spuninst.exe
+ 2007-03-06 01:14:11 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB946026\update\spcustom.dll
+ 2007-03-06 01:14:35 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB946026\update\update.exe
+ 2007-03-06 01:15:25 377,568 ----a-w C:\WINDOWS\$hf_mig$\KB946026\update\updspapi.dll
+ 2008-02-16 09:30:52 1,024,000 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\browseui.dll
+ 2008-02-16 09:30:52 152,064 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\cdfview.dll
+ 2008-02-16 09:30:53 1,056,256 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\danim.dll
+ 2008-02-16 09:30:53 357,888 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\dxtmsft.dll
+ 2008-02-16 09:30:53 205,312 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\dxtrans.dll
+ 2008-02-16 09:30:53 55,808 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\extmgr.dll
+ 2008-02-15 09:07:53 18,432 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\iedw.exe
+ 2008-02-16 09:30:53 251,904 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\iepeers.dll
+ 2008-02-16 09:30:53 96,768 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\inseng.dll
+ 2008-02-16 09:30:53 16,384 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\jsproxy.dll
+ 2008-02-16 09:30:55 3,087,872 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\mshtml.dll
+ 2008-02-16 09:30:55 449,024 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\mshtmled.dll
+ 2008-02-16 09:30:55 146,432 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\msrating.dll
+ 2008-02-16 09:30:55 532,480 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\mstime.dll
+ 2008-02-16 09:30:55 39,424 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\pngfilt.dll
+ 2008-02-16 09:30:56 1,499,136 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\shdocvw.dll
+ 2008-02-16 09:30:57 474,624 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\shlwapi.dll
+ 2008-02-15 23:03:14 374,272 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\spru0407.dll
+ 2008-02-16 09:30:57 620,544 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\urlmon.dll
+ 2008-02-16 09:30:57 671,744 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\wininet.dll

15.04.2008, 00:11	#2
Sabina	spoolw.exe Hallo, wende bitte Combofix an - klicke die Warnmeldung weg, kopiere dann hier den report combofix Gruss Sabina __________________ __________________

spoolw.exe

Log-Analyse und Auswertung: spoolw.exe

spoolw.exe

spoolw.exe

spoolw.exe

spoolw.exe

spoolw.exe