1. Tämä sivusto käyttää keksejä (cookie). Jatkamalla sivuston käyttämistä hyväksyt keksien käyttämisen. Lue lisää.

Google haun uudelleenohjaussivustot HJT/Combofix logit

Viestiketju Virukset ja haittaohjelmat - HijackThis -logit -osiossa. Ketjun avasi Cavefish 27.12.2008.

  1. Cavefish

    Cavefish Member

    Liittynyt:
    07.09.2008
    Viestejä:
    37
    Kiitokset:
    0
    Pisteet:
    16
    Tälläinen ERITTÄIN rasittava malware/virus/troijalainen vai mikälie on nyt kyseessä.
    Koittanut googlettaa sitä go.google.com virusta. Mulla on sama ongelma kuin muilla joilla tuo virus on esiintynyt, mutta redirectaa eri sivustoihin ja ei toiminut kyseisen viruksen ongelmanratkaisut (Ohjauspaneeli > Järjestelmä > Laitteet > Laitehallinta > Näytä Piilotetut laitteet > Muut kuin Plug and play laitteet, sieltä olisi pitänyt etsiä joku tietty ohjain, muttei löytynyt).
    Tässä hjt log ja combofix log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:23:11, on 27.12.2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    E:\AVG\avgtray.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\ctfmon.exe
    E:\AVG\avgwdsvc.exe
    E:\AVG\avgfws8.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\System32\svchost.exe
    E:\AVG\avgam.exe
    E:\AVG\avgrsx.exe
    E:\AVG\avgnsx.exe
    E:\AVG\avgemc.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\AVG\avgssie.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AVG8_TRAY] E:\AVG\avgtray.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Enable Labtec Wireless Desktop.lnk = C:\Program Files\Labtec Wireless Desktop\MagicKey.exe
    O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
    O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: PICgrabber - {4964E240-D53C-11D5-BDA9-444553540000} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
    O9 - Extra 'Tools' menuitem: PICgrabber - Movie&Image Search/Download Software - {4964E240-D53C-11D5-BDA9-444553540000} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1184709610468
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\AVG\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: wbsys.dll,avgrsstx.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - E:\AVG\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - E:\AVG\avgwdsvc.exe
    O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - E:\AVG\avgfws8.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    O23 - Service: Sygate Personal Firewall (SmcService) - Unknown owner - C:\Program Files\Sygate\SPF\smc.exe (file missing)
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

    --
    End of file - 7321 bytes


    --


    ComboFix 08-12-26.03 - Mikael 2008-12-27 22:11:23.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1035.18.511.116 [GMT 2:00]
    Sijainti: c:\documents and settings\Mikael\Ty”p”yt„\ComboFix.exe
    AV: AVG Internet Security *On-access scanning disabled* (Outdated)
    FW: Kerio WinRoute Firewall *disabled*
    FW: *disabled*
    FW: AVG Firewall *disabled*
    * Uusi palautuspiste luotu

    VAROITUS - PALAUTUSKONSOLIA EI OLE ASENNETTU !!
    .

    (((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\a3kebook.ini
    c:\windows\akebook.ini
    c:\windows\ANS2000.INI
    c:\windows\system32\WgaLogon.dll

    .
    ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-11-27 to 2008-12-27 )))))))))))))))))
    .

    2008-12-27 22:09 . 2008-12-27 22:09 <KANSIO> d-------- C:\32788R22FWJFW
    2008-12-27 21:59 . 2008-12-27 21:59 <KANSIO> d-------- c:\documents and settings\Mikael\DoctorWeb
    2008-12-27 21:36 . 2008-12-27 21:36 <KANSIO> d-------- c:\program files\Malwarebytes' Anti-Malware
    2008-12-27 21:36 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2008-12-27 21:36 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2008-12-14 21:12 . 2008-12-14 21:12 <KANSIO> d-------- c:\documents and settings\Mikael\Application Data\MozillaControl
    2008-12-14 21:12 . 2008-12-14 21:12 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\Graboid Inc
    2008-12-14 21:11 . 2008-12-14 21:11 <KANSIO> d-------- c:\program files\VideoLAN
    2008-12-14 21:11 . 2008-12-14 21:11 <KANSIO> d-------- c:\program files\Mozilla ActiveX Control v1.7.12
    2008-12-06 00:18 . 2008-12-06 00:18 <KANSIO> d--h----- c:\windows\PIF
    2008-12-02 17:42 . 2008-12-02 17:42 <KANSIO> d-------- c:\documents and settings\Mikael\WINDOWS
    2008-12-02 16:57 . 2008-12-02 16:57 <KANSIO> d-------- c:\documents and settings\Mikael\Application Data\DAEMON Tools
    2008-11-29 15:33 . 2008-11-29 15:33 <KANSIO> d-------- c:\program files\7-Zip

    .
    (((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-12-27 17:06 --------- d-----w c:\documents and settings\Mikael\Application Data\uTorrent
    2008-12-15 13:51 --------- d-----w c:\documents and settings\Mikael\Application Data\Skype
    2008-12-15 10:27 --------- d-s---w c:\program files\Xfire
    2008-12-14 20:40 --------- d-----w c:\documents and settings\Mikael\Application Data\Xfire
    2008-12-12 12:25 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
    2008-12-09 12:31 --------- d-----w c:\program files\Nokia
    2008-12-02 15:12 98,440 ----a-w c:\windows\system32\drivers\avgldx86.sys
    2008-12-02 15:12 90,632 ----a-w c:\windows\system32\drivers\avgtdix.sys
    2008-12-02 15:12 50,968 ----a-w c:\windows\system32\avgfwdx.dll
    2008-12-02 15:12 29,208 ----a-w c:\windows\system32\drivers\avgfwdx.sys
    2008-12-02 14:57 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
    2008-11-20 20:44 42,320 ----a-w c:\windows\system32\xfcodec.dll
    2008-11-19 13:04 --------- d-----w c:\documents and settings\Mikael\Application Data\FrostWire
    2008-11-01 10:11 --------- d-----w c:\documents and settings\Mikael\Application Data\skypePM
    2008-10-23 12:38 286,720 ----a-w c:\windows\system32\gdi32.dll
    2008-10-16 12:13 202,776 ----a-w c:\windows\system32\wuweb.dll
    2008-10-16 12:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
    2008-10-16 12:12 561,688 ----a-w c:\windows\system32\wuapi.dll
    2008-10-16 12:12 323,608 ----a-w c:\windows\system32\wucltui.dll
    2008-10-16 12:09 92,696 ----a-w c:\windows\system32\cdm.dll
    2008-10-16 12:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
    2008-10-16 12:09 43,544 ----a-w c:\windows\system32\wups2.dll
    2008-10-16 12:08 34,328 -c--a-w c:\windows\system32\wups.dll
    2008-10-16 12:06 268,648 ----a-w c:\windows\system32\mucltui.dll
    2008-10-16 12:06 208,744 ----a-w c:\windows\system32\muweb.dll
    2008-10-16 01:01 666,112 ----a-w c:\windows\system32\wininet.dll
    2008-10-03 10:03 247,326 ----a-w c:\windows\system32\strmdll.dll
    2008-09-30 14:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
    2007-12-28 18:02 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
    2007-07-17 23:41 771,999 -c--a-w c:\program files\Kopio Ventrilo.rar
    2007-02-09 19:37 75,223 ----a-w c:\program files\Uninstal.exe
    2005-12-23 18:35 28 -c--a-w c:\program files\deviceinfo
    .

    ((((((((((((((((((((((((((((( snapshot@2008-09-08_12.05.14.17 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-05-02 13:44:42 83,968 ----a-w c:\windows\$hf_mig$\KB946648\SP3QFE\msgsc.dll
    + 2007-11-30 12:39:27 17,272 ----a-w c:\windows\$hf_mig$\KB946648\spmsg.dll
    + 2007-11-30 12:39:27 232,824 ----a-w c:\windows\$hf_mig$\KB946648\spuninst.exe
    + 2007-11-30 12:39:27 26,488 ----a-w c:\windows\$hf_mig$\KB946648\update\spcustom.dll
    + 2007-11-30 11:19:03 757,112 ----a-w c:\windows\$hf_mig$\KB946648\update\update.exe
    + 2007-11-30 12:39:28 392,056 ----a-w c:\windows\$hf_mig$\KB946648\update\updspapi.dll
    + 2008-05-07 09:07:23 135,168 ----a-w c:\windows\$hf_mig$\KB951978\SP3QFE\cscript.exe
    + 2008-05-09 10:51:53 512,000 ----a-w c:\windows\$hf_mig$\KB951978\SP3QFE\jscript.dll
    + 2008-05-09 10:51:53 180,224 ----a-w c:\windows\$hf_mig$\KB951978\SP3QFE\scrobj.dll
    + 2008-05-09 10:51:53 172,032 ----a-w c:\windows\$hf_mig$\KB951978\SP3QFE\scrrun.dll
    + 2008-05-09 10:51:53 430,080 ----a-w c:\windows\$hf_mig$\KB951978\SP3QFE\vbscript.dll
    + 2008-05-08 11:24:44 155,648 ----a-w c:\windows\$hf_mig$\KB951978\SP3QFE\wscript.exe
    + 2008-05-09 10:51:53 90,112 ----a-w c:\windows\$hf_mig$\KB951978\SP3QFE\wshext.dll
    + 2007-11-30 12:39:27 17,272 ----a-w c:\windows\$hf_mig$\KB951978\spmsg.dll
    + 2007-11-30 12:39:27 232,824 ----a-w c:\windows\$hf_mig$\KB951978\spuninst.exe
    + 2007-11-30 12:39:27 26,488 ----a-w c:\windows\$hf_mig$\KB951978\update\spcustom.dll
    + 2007-11-30 12:39:25 757,112 ----a-w c:\windows\$hf_mig$\KB951978\update\update.exe
    + 2007-11-30 12:39:25 392,056 ----a-w c:\windows\$hf_mig$\KB951978\update\updspapi.dll
    + 2008-09-15 15:21:09 1,847,168 ----a-w c:\windows\$hf_mig$\KB954211\SP3QFE\win32k.sys
    + 2007-11-30 12:39:27 17,272 ----a-w c:\windows\$hf_mig$\KB954211\spmsg.dll
    + 2007-11-30 12:39:27 232,824 ----a-w c:\windows\$hf_mig$\KB954211\spuninst.exe
    + 2007-11-30 12:39:27 26,488 ----a-w c:\windows\$hf_mig$\KB954211\update\spcustom.dll
    + 2008-07-09 07:39:53 757,112 ----a-w c:\windows\$hf_mig$\KB954211\update\update.exe
    + 2007-11-30 12:39:28 392,056 ----a-w c:\windows\$hf_mig$\KB954211\update\updspapi.dll
    + 2008-09-10 01:12:29 1,379,840 ----a-w c:\windows\$hf_mig$\KB954459\SP3QFE\msxml6.dll
    + 2007-11-30 12:39:27 17,272 ----a-w c:\windows\$hf_mig$\KB954459\spmsg.dll
    + 2007-11-30 12:39:27 232,824 ----a-w c:\windows\$hf_mig$\KB954459\spuninst.exe
    + 2007-11-30 12:39:27 26,488 ----a-w c:\windows\$hf_mig$\KB954459\update\spcustom.dll
    + 2007-11-30 12:39:27 757,112 ----a-w c:\windows\$hf_mig$\KB954459\update\update.exe
    + 2007-11-30 12:39:28 392,056 ----a-w c:\windows\$hf_mig$\KB954459\update\updspapi.dll
    + 2008-09-04 17:13:07 1,106,944 ----a-w c:\windows\$hf_mig$\KB955069\SP3QFE\msxml3.dll
    + 2007-11-30 11:19:02 17,272 ----a-w c:\windows\$hf_mig$\KB955069\spmsg.dll
    + 2007-11-30 11:19:02 232,824 ----a-w c:\windows\$hf_mig$\KB955069\spuninst.exe
    + 2007-11-30 11:19:02 26,488 ----a-w c:\windows\$hf_mig$\KB955069\update\spcustom.dll
    + 2007-11-30 12:39:27 757,112 ----a-w c:\windows\$hf_mig$\KB955069\update\update.exe
    + 2008-07-09 11:10:04 392,056 ----a-w c:\windows\$hf_mig$\KB955069\update\updspapi.dll
    + 2008-10-23 10:17:49 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP3QFE\tzchange.exe
    + 2007-11-30 12:39:27 17,272 ----a-w c:\windows\$hf_mig$\KB955839\spmsg.dll
    + 2007-11-30 12:39:27 232,824 ----a-w c:\windows\$hf_mig$\KB955839\spuninst.exe
    + 2007-11-30 12:39:27 26,488 ----a-w c:\windows\$hf_mig$\KB955839\update\spcustom.dll
    + 2007-11-30 12:39:27 757,112 ----a-w c:\windows\$hf_mig$\KB955839\update\update.exe
    + 2007-11-30 12:39:28 392,056 ----a-w c:\windows\$hf_mig$\KB955839\update\updspapi.dll
    + 2008-08-20 05:07:30 3,088,896 ----a-w c:\windows\$hf_mig$\KB956390\SP3QFE\mshtml.dll
    + 2008-08-20 05:07:25 1,498,624 ----a-w c:\windows\$hf_mig$\KB956390\SP3QFE\shdocvw.dll
    + 2008-08-20 05:07:27 619,520 ----a-w c:\windows\$hf_mig$\KB956390\SP3QFE\urlmon.dll
    + 2008-08-20 05:07:26 666,624 ----a-w c:\windows\$hf_mig$\KB956390\SP3QFE\wininet.dll
    + 2007-11-30 11:19:02 17,272 ----a-w c:\windows\$hf_mig$\KB956390\spmsg.dll
    + 2007-11-30 11:19:02 232,824 ----a-w c:\windows\$hf_mig$\KB956390\spuninst.exe
    + 2007-11-30 11:19:02 26,488 ----a-w c:\windows\$hf_mig$\KB956390\update\spcustom.dll
    + 2007-11-30 12:39:27 757,112 ----a-w c:\windows\$hf_mig$\KB956390\update\update.exe
    + 2007-11-30 12:39:28 392,056 ----a-w c:\windows\$hf_mig$\KB956390\update\updspapi.dll
    + 2007-11-30 12:39:27 17,272 ----a-w c:\windows\$hf_mig$\KB956391\spmsg.dll
    + 2007-11-30 12:39:27 232,824 ----a-w c:\windows\$hf_mig$\KB956391\spuninst.exe
    + 2007-11-30 12:39:27 26,488 ----a-w c:\windows\$hf_mig$\KB956391\update\spcustom.dll
    + 2007-11-30 12:39:27 757,112 ----a-w c:\windows\$hf_mig$\KB956391\update\update.exe
    + 2007-11-30 12:39:28 392,056 ----a-w c:\windows\$hf_mig$\KB956391\update\updspapi.dll
    + 2008-10-23 12:44:16 286,720 ----a-w c:\windows\$hf_mig$\KB956802\SP3QFE\gdi32.dll
    + 2008-07-08 13:03:23 17,272 ----a-w c:\windows\$hf_mig$\KB956802\spmsg.dll
    + 2008-07-08 13:03:24 232,824 ----a-w c:\windows\$hf_mig$\KB956802\spuninst.exe
    + 2008-07-08 13:03:23 26,488 ----a-w c:\windows\$hf_mig$\KB956802\update\spcustom.dll
    + 2008-07-09 07:39:53 757,112 ----a-w c:\windows\$hf_mig$\KB956802\update\update.exe
    + 2008-07-09 07:40:02 392,056 ----a-w c:\windows\$hf_mig$\KB956802\update\updspapi.dll
    + 2008-08-14 10:34:26 138,496 ----a-w c:\windows\$hf_mig$\KB956803\SP3QFE\afd.sys
    + 2007-11-30 11:19:02 17,272 ----a-w c:\windows\$hf_mig$\KB956803\spmsg.dll
    + 2007-11-30 11:19:02 232,824 ----a-w c:\windows\$hf_mig$\KB956803\spuninst.exe
    + 2007-11-30 11:19:02 26,488 ----a-w c:\windows\$hf_mig$\KB956803\update\spcustom.dll
    + 2007-11-30 11:19:03 757,112 ----a-w c:\windows\$hf_mig$\KB956803\update\update.exe
    + 2007-11-30 11:19:03 392,056 ----a-w c:\windows\$hf_mig$\KB956803\update\updspapi.dll
    + 2008-08-14 13:56:32 2,147,840 ----a-w c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlmp.exe
    + 2008-08-14 16:26:36 2,068,352 ----a-w c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
    + 2008-08-14 13:56:31 2,026,496 ----a-w c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrpamp.exe
    + 2008-08-14 16:26:38 2,191,488 ----a-w c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
    + 2007-11-30 11:19:02 17,272 ----a-w c:\windows\$hf_mig$\KB956841\spmsg.dll
    + 2007-11-30 11:19:02 232,824 ----a-w c:\windows\$hf_mig$\KB956841\spuninst.exe
    + 2007-11-30 11:19:02 26,488 ----a-w c:\windows\$hf_mig$\KB956841\update\spcustom.dll
    + 2007-11-30 12:39:27 757,112 ----a-w c:\windows\$hf_mig$\KB956841\update\update.exe
    + 2008-07-09 07:40:02 392,056 ----a-w c:\windows\$hf_mig$\KB956841\update\updspapi.dll
    + 2008-09-08 11:37:19 333,824 ----a-w c:\windows\$hf_mig$\KB957095\SP3QFE\srv.sys
    + 2007-11-30 11:19:02 17,272 ----a-w c:\windows\$hf_mig$\KB957095\spmsg.dll
    + 2007-11-30 11:19:02 232,824 ----a-w c:\windows\$hf_mig$\KB957095\spuninst.exe
    + 2007-11-30 11:19:02 26,488 ----a-w c:\windows\$hf_mig$\KB957095\update\spcustom.dll
    + 2007-11-30 11:19:03 757,112 ----a-w c:\windows\$hf_mig$\KB957095\update\update.exe
    + 2007-11-30 11:19:03 392,056 ----a-w c:\windows\$hf_mig$\KB957095\update\updspapi.dll
    + 2008-10-24 11:41:11 455,936 ----a-w c:\windows\$hf_mig$\KB957097\SP3QFE\mrxsmb.sys
    + 2008-07-08 13:03:23 17,272 ----a-w c:\windows\$hf_mig$\KB957097\spmsg.dll
    + 2008-07-08 13:03:24 232,824 ----a-w c:\windows\$hf_mig$\KB957097\spuninst.exe
    + 2008-07-08 13:03:23 26,488 ----a-w c:\windows\$hf_mig$\KB957097\update\spcustom.dll
    + 2008-07-08 13:03:27 757,112 ----a-w c:\windows\$hf_mig$\KB957097\update\update.exe
    + 2008-07-08 13:03:34 392,056 ----a-w c:\windows\$hf_mig$\KB957097\update\updspapi.dll
    + 2008-10-15 16:31:34 339,456 ----a-w c:\windows\$hf_mig$\KB958644\SP3QFE\netapi32.dll
    + 2007-11-30 11:19:02 17,272 ----a-w c:\windows\$hf_mig$\KB958644\spmsg.dll
    + 2007-11-30 11:19:02 232,824 ----a-w c:\windows\$hf_mig$\KB958644\spuninst.exe
    + 2007-11-30 11:19:02 26,488 ----a-w c:\windows\$hf_mig$\KB958644\update\spcustom.dll
    + 2007-11-30 11:19:03 757,112 ----a-w c:\windows\$hf_mig$\KB958644\update\update.exe
    + 2007-11-30 11:19:03 392,056 ----a-w c:\windows\$hf_mig$\KB958644\update\updspapi.dll
    + 2007-11-30 12:39:27 232,824 -c----w c:\windows\$NtUninstallKB938464$\spuninst\spuninst.exe
    + 2007-11-30 12:39:28 392,056 -c----w c:\windows\$NtUninstallKB938464$\spuninst\updspapi.dll
    + 2008-04-14 06:11:40 82,944 -c----w c:\windows\$NtUninstallKB946648$\msgsc.dll
    + 2007-11-30 12:39:27 232,824 -c----w c:\windows\$NtUninstallKB946648$\spuninst\spuninst.exe
    + 2007-11-30 12:39:28 392,056 -c----w c:\windows\$NtUninstallKB946648$\spuninst\updspapi.dll
    + 2008-04-14 06:12:08 139,264 -c----w c:\windows\$NtUninstallKB951978$\cscript.exe
    + 2008-04-14 06:11:38 512,000 -c----w c:\windows\$NtUninstallKB951978$\jscript.dll
    + 2008-04-14 06:11:46 180,224 -c----w c:\windows\$NtUninstallKB951978$\scrobj.dll
    + 2008-04-14 06:11:46 172,032 -c----w c:\windows\$NtUninstallKB951978$\scrrun.dll
    + 2007-11-30 12:39:27 232,824 -c----w c:\windows\$NtUninstallKB951978$\spuninst\spuninst.exe
    + 2007-11-30 12:39:25 392,056 -c----w c:\windows\$NtUninstallKB951978$\spuninst\updspapi.dll
    + 2008-04-14 06:11:56 434,176 -c----w c:\windows\$NtUninstallKB951978$\vbscript.dll
    + 2008-04-14 06:12:36 155,648 -c----w c:\windows\$NtUninstallKB951978$\wscript.exe
    + 2008-04-14 06:12:00 90,112 -c----w c:\windows\$NtUninstallKB951978$\wshext.dll
    + 2007-11-30 12:39:27 232,824 -c----w c:\windows\$NtUninstallKB954211$\spuninst\spuninst.exe
    + 2007-11-30 12:39:28 392,056 -c----w c:\windows\$NtUninstallKB954211$\spuninst\updspapi.dll
    + 2008-04-14 05:41:30 1,845,888 -c----w c:\windows\$NtUninstallKB954211$\win32k.sys
    + 2008-04-14 06:11:44 1,306,624 -c----w c:\windows\$NtUninstallKB954459$\msxml6.dll
    + 2007-11-30 12:39:27 232,824 -c----w c:\windows\$NtUninstallKB954459$\spuninst\spuninst.exe
    + 2007-11-30 12:39:28 392,056 -c----w c:\windows\$NtUninstallKB954459$\spuninst\updspapi.dll
    + 2008-04-14 06:11:44 1,104,896 -c----w c:\windows\$NtUninstallKB955069$\msxml3.dll
    + 2007-11-30 11:19:02 232,824 -c----w c:\windows\$NtUninstallKB955069$\spuninst\spuninst.exe
    + 2008-07-09 11:10:04 392,056 -c----w c:\windows\$NtUninstallKB955069$\spuninst\updspapi.dll
    + 2008-06-23 15:10:15 3,088,384 -c----w c:\windows\$NtUninstallKB956390$\mshtml.dll
    + 2008-06-26 08:14:07 1,498,624 -c----w c:\windows\$NtUninstallKB956390$\shdocvw.dll
    + 2007-11-30 11:19:02 232,824 -c----w c:\windows\$NtUninstallKB956390$\spuninst\spuninst.exe
    + 2007-11-30 12:39:28 392,056 -c----w c:\windows\$NtUninstallKB956390$\spuninst\updspapi.dll
    + 2008-06-26 08:14:07 619,008 -c----w c:\windows\$NtUninstallKB956390$\urlmon.dll
    + 2008-06-23 15:10:15 666,112 -c----w c:\windows\$NtUninstallKB956390$\wininet.dll
    + 2007-11-30 12:39:27 232,824 -c----w c:\windows\$NtUninstallKB956391$\spuninst\spuninst.exe
    + 2007-11-30 12:39:28 392,056 -c----w c:\windows\$NtUninstallKB956391$\spuninst\updspapi.dll
    + 2008-06-20 11:40:08 138,496 -c----w c:\windows\$NtUninstallKB956803$\afd.sys
    + 2007-11-30 11:19:02 232,824 -c----w c:\windows\$NtUninstallKB956803$\spuninst\spuninst.exe
    + 2007-11-30 11:19:03 392,056 -c----w c:\windows\$NtUninstallKB956803$\spuninst\updspapi.dll
    + 2008-04-14 05:49:32 2,068,224 -c----w c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
    + 2008-04-14 05:49:54 2,191,360 -c----w c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
    + 2007-11-30 11:19:02 232,824 -c----w c:\windows\$NtUninstallKB956841$\spuninst\spuninst.exe
    + 2008-07-09 07:40:02 392,056 -c----w c:\windows\$NtUninstallKB956841$\spuninst\updspapi.dll
    + 2007-11-30 11:19:02 232,824 -c----w c:\windows\$NtUninstallKB957095$\spuninst\spuninst.exe
    + 2007-11-30 11:19:03 392,056 -c----w c:\windows\$NtUninstallKB957095$\spuninst\updspapi.dll
    + 2008-04-13 09:15:12 334,848 -c----w c:\windows\$NtUninstallKB957095$\srv.sys
    + 2008-04-13 09:17:02 456,576 -c----w c:\windows\$NtUninstallKB957097$\mrxsmb.sys
    + 2008-07-08 13:03:24 232,824 -c----w c:\windows\$NtUninstallKB957097$\spuninst\spuninst.exe
    + 2008-07-08 13:03:34 392,056 -c----w c:\windows\$NtUninstallKB957097$\spuninst\updspapi.dll
    + 2008-04-14 06:11:44 337,408 -c----w c:\windows\$NtUninstallKB958644$\netapi32.dll
    + 2007-11-30 11:19:02 232,824 -c----w c:\windows\$NtUninstallKB958644$\spuninst\spuninst.exe
    + 2007-11-30 11:19:03 392,056 -c----w c:\windows\$NtUninstallKB958644$\spuninst\updspapi.dll
    + 2008-09-14 18:27:34 110,592 ----a-w c:\windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll
    + 2008-09-14 18:27:34 4,608 ----a-w c:\windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\extensibility.dll
    + 2008-09-14 18:27:32 1,215,328 ----a-w c:\windows\assembly\GAC\IACore\1.7.6223.0__31bf3856ad364e35\IACore.dll
    + 2008-09-14 18:27:32 82,784 ----a-w c:\windows\assembly\GAC\IALoader\1.7.6223.0__31bf3856ad364e35\IALoader.dll
    + 2008-09-14 18:27:33 8,007,680 ----a-w c:\windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
    + 2008-09-14 18:26:29 80,696 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.Access.Dao\12.0.0.0__71e9bce111e9429c\Microsoft.Office.interop.access.dao.dll
    + 2008-09-14 18:27:02 1,276,720 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll
    + 2008-09-14 18:27:03 150,320 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Graph.dll
    + 2008-09-14 18:27:21 17,208 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.OneNote\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OneNote.dll
    + 2008-09-16 12:57:47 250,928 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
    + 2008-09-14 18:27:04 20,280 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.SmartTag.dll
    + 2008-09-16 12:55:26 783,744 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
    + 2008-09-14 18:27:33 13,312 ----a-w c:\windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll
    + 2008-09-14 18:27:03 371,496 ----a-w c:\windows\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.Forms.dll
    + 2008-09-14 18:27:06 64,288 ----a-w c:\windows\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
    + 2008-09-14 18:27:32 229,376 ----a-w c:\windows\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\MSCOMCTL.DLL
    + 2008-09-14 18:27:34 4,096 ----a-w c:\windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll
    + 2008-09-14 18:27:04 416,544 ----a-w c:\windows\assembly\GAC\office\12.0.0.0__71e9bce111e9429c\OFFICE.DLL
    + 2008-09-14 18:26:31 12,096 ----a-w c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Excel.dll
    + 2008-09-14 18:27:10 12,096 ----a-w c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Graph.dll
    + 2008-09-14 18:27:21 12,112 ----a-w c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.PowerPoint.dll
    + 2008-09-14 18:27:10 12,104 ----a-w c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.SmartTag.dll
    + 2008-09-14 18:27:25 12,096 ----a-w c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Word.dll
    + 2008-09-14 18:27:15 12,080 ----a-w c:\windows\assembly\GAC\Policy.11.0.Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Vbe.Interop.dll
    + 2008-09-14 18:27:12 11,544 ----a-w c:\windows\assembly\GAC\Policy.11.0.office\12.0.0.0__71e9bce111e9429c\Policy.11.0.Office.dll
    + 2008-09-14 18:27:33 16,384 ----a-w c:\windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll
    + 2008-10-24 11:21:09 455,296 ------w c:\windows\Driver Cache\i386\mrxsmb.sys
    + 2008-08-14 13:25:40 2,147,840 ------w c:\windows\Driver Cache\i386\ntkrnlmp.exe
    + 2008-08-14 13:25:43 2,068,352 ------w c:\windows\Driver Cache\i386\ntkrnlpa.exe
    + 2008-08-14 13:24:57 2,026,496 ------w c:\windows\Driver Cache\i386\ntkrpamp.exe
    + 2008-08-14 13:25:41 2,191,488 ------w c:\windows\Driver Cache\i386\ntoskrnl.exe
    - 2005-10-20 17:02:28 163,328 ----a-w c:\windows\erdnt\Hiv-backup\ERDNT.EXE
    + 2005-10-20 18:02:28 163,328 ----a-w c:\windows\erdnt\Hiv-backup\ERDNT.EXE
    + 2006-10-26 15:49:48 1,011,488 ----a-r c:\windows\Installer\$PatchCache$\Managed\000021090100B0400000000000F01FEC\12.0.4518\MSDAIPP.DLL
    + 2006-10-26 15:49:46 970,528 ----a-r c:\windows\Installer\$PatchCache$\Managed\000021090100B0400000000000F01FEC\12.0.4518\MSONSEXT.DLL
    + 2006-10-27 12:00:12 1,751,904 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACECORE.DLL
    + 2006-10-27 12:00:10 576,376 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACEDAO.DLL
    + 2006-10-27 12:00:06 47,976 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACEERR.DLL
    + 2006-10-27 12:00:08 191,360 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACEES.DLL
    + 2006-10-26 17:13:34 338,800 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACEEXCH.DLL
    + 2006-10-26 17:13:44 629,616 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACEEXCL.DLL
    + 2006-10-26 17:13:28 207,736 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACELTS.DLL
    + 2006-10-26 17:13:32 279,352 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACEODBC.DLL
    + 2006-10-26 17:13:08 15,160 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACEODDBS.DLL
    + 2006-10-26 17:13:08 15,160 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACEODEXL.DLL
    + 2006-10-26 17:13:08 15,160 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACEODPDX.DLL
    + 2006-10-26 17:13:12 15,160 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACEODTXT.DLL
    + 2006-10-27 12:00:06 387,960 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACEOLEDB.DLL
    + 2006-10-26 17:13:38 392,048 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACEPDE.DLL
    + 2006-10-26 17:13:30 260,976 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACER2X.DLL
    + 2006-10-26 17:13:32 289,648 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACER3X.DLL
    + 2006-10-26 17:13:20 56,120 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACERCLR.DLL
    + 2006-10-26 17:13:38 551,800 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACEREP.DLL
    + 2006-10-26 17:13:30 224,104 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACETXT.DLL
    + 2006-10-26 17:13:34 371,568 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACEXBE.DLL
    + 2006-10-27 12:41:04 399,640 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\CDLMSO.DLL
    + 2006-10-26 16:59:24 205,616 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\CLVIEW.EXE
    + 2006-10-26 17:12:52 189,760 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\CONTACTPICKER.DLL
    + 2006-10-26 16:48:14 439,568 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\DWDCW20.DLL
    + 2006-10-26 16:48:14 434,528 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\DWTRIG20.EXE
    + 2006-10-27 12:07:36 17,891,112 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\EXCEL.EXE
    + 2006-10-26 11:10:08 1,190,688 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\FM20.DLL
    + 2006-10-26 11:04:58 75,576 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\FORM.DLL
    + 2006-10-26 16:21:24 1,682,232 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\FPSRVUTL.DLL
    + 2006-10-27 12:09:36 983,376 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\FPWEC.DLL
    + 2006-10-26 17:02:12 2,526,520 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\GRAPH.EXE
    + 2006-10-26 17:12:52 173,328 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\IEAWSDC.DLL
    + 2006-10-27 12:10:10 5,281,592 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\IPEDITOR.DLL
    + 2006-10-26 16:55:10 828,704 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MEDCAT.DLL
    + 2006-10-26 10:58:14 117,552 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSCONV97.DLL
    + 2006-10-27 12:26:40 16,870,712 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSO.DLL
    + 2006-10-27 11:59:06 161,080 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSOCF.DLL
    + 2006-10-26 16:48:12 14,664 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSOCFU.DLL
    + 2006-10-26 17:12:58 428,816 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSODCW.DLL
    + 2006-10-26 18:13:36 26,936 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSOEURO.DLL
    + 2006-10-26 17:00:08 6,635,320 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSORES.DLL
    + 2006-10-26 10:56:36 436,520 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSORUN.DLL
    + 2006-10-26 16:50:04 672,024 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSQRY32.EXE
    + 2006-10-26 10:56:40 505,136 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSSOAP30.DLL
    + 2006-10-26 16:55:12 832,800 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSTORDB.EXE
    + 2006-10-26 16:55:06 538,904 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSTORES.DLL
    + 2006-10-26 17:12:30 65,824 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\NAME.DLL
    + 2006-10-27 12:14:34 14,151,456 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\OART.DLL
    + 2006-10-26 17:42:36 8,423,224 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\OARTCONV.DLL
    + 2006-10-26 17:06:54 232,816 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ODEPLOY.EXE
    + 2006-10-26 17:14:06 7,033,152 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\OFFOWC.DLL
    + 2006-10-27 12:18:36 1,658,152 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\OGL.DLL
    + 2006-10-26 17:00:08 274,744 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\OIS.EXE
    + 2006-10-26 17:00:12 998,208 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\OISAPP.DLL
    + 2006-10-26 17:00:10 285,008 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\OISGRAPH.DLL
    + 2006-10-26 17:32:42 604,000 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ONBTTNIE.DLL
    + 2006-10-27 12:39:36 687,432 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ONBTTNOL.DLL
    + 2006-10-27 12:03:04 1,018,664 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ONENOTE.EXE
    + 2006-10-26 17:24:54 98,632 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ONENOTEM.EXE
    + 2006-10-26 17:24:50 72,504 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ONFILTER.DLL
    + 2006-10-26 17:24:58 1,165,112 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ONLIBS.DLL
    + 2006-10-27 12:03:06 6,579,512 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ONMAIN.DLL
    + 2006-10-26 17:23:00 782,720 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ONSYNCPC.DLL
    + 2006-10-26 17:07:04 6,536,992 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\OSETUP.DLL
    + 2006-07-26 15:53:56 459,080 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\OUTLFLTR.DLL
    + 2006-10-26 18:30:44 482,088 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\PORTCONN.DLL
    + 2006-10-27 12:04:06 465,200 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\POWERPNT.EXE
    + 2006-10-27 12:04:06 7,980,848 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\PPCORE.DLL
    + 2008-09-14 18:27:06 248,632 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\PPTPIA.DLL
    + 2006-10-26 16:52:10 2,012,480 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\PPTVIEW.EXE
    + 2006-10-26 11:05:00 77,144 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\PSOM.DLL
    + 2006-10-26 18:13:38 38,168 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\REFEDIT.DLL
    + 2006-10-26 11:04:44 19,784 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\REVERSE.DLL
    + 2006-10-26 17:13:00 503,624 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\SELFCERT.EXE
    + 2006-10-26 17:06:58 439,600 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\SETUP.EXE
    + 2006-10-27 11:57:08 2,330,968 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\STSLIST.DLL
    + 2006-10-26 11:04:48 29,976 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\THOCRAPI.DLL
    + 2006-10-26 11:05:04 126,784 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\TWCUTCHR.DLL
    + 2006-10-26 11:05:02 86,840 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\TWCUTLIN.DLL
    + 2006-10-26 11:04:56 58,168 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\TWLAY32.DLL
    + 2006-10-26 11:04:48 27,456 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\TWORIENT.DLL
    + 2006-10-26 11:04:54 51,008 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\TWRECE.DLL
    + 2006-10-26 11:04:44 19,784 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\TWRECS.DLL
    + 2006-10-26 11:04:58 76,624 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\TWSTRUCT.DLL
    + 2006-09-29 21:42:56 2,583,344 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\VBE6.DLL
    + 2006-10-27 12:23:04 347,432 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\WINWORD.EXE
    + 2008-09-14 18:27:06 781,104 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\WORDPIA.DLL
    + 2006-10-27 12:11:38 4,235,560 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\WRD12CNV.DLL
    + 2006-10-27 12:11:36 21,264 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\WRD12EXE.EXE
    + 2006-10-26 20:00:12 1,841,984 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\VVIEWDWG.DLL
    + 2006-10-26 19:58:38 3,732,792 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\VVIEWER.DLL
    + 2006-10-27 12:23:08 17,483,560 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\WWLIB.DLL
    + 2006-10-26 11:05:08 1,181,520 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\XIMAGE3B.DLL
    + 2006-10-26 18:13:08 14,674,216 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\XL12CNV.EXE
    + 2006-10-26 18:17:08 11,072 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\XLCALL32.DLL
    + 2006-10-26 11:05:08 530,760 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\XPAGE3C.DLL
    + 2007-10-05 17:37:38 17,927,192 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\EXCEL.EXE
    + 2007-09-14 18:45:58 16,901,168 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\MSO.DLL
    + 2007-08-28 21:19:24 1,654,648 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\OGL.DLL
    + 2007-08-28 20:06:16 467,840 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\POWERPNT.EXE
    + 2007-08-28 20:06:44 7,990,144 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\PPCORE.DLL
    + 2008-09-16 12:55:48 251,272 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\PPTPIA.DLL
    + 2007-08-28 20:16:00 350,064 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\WINWORD.EXE
    + 2007-09-06 14:56:32 17,490,800 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\WWLIB.DLL
    + 2007-10-02 17:00:06 14,708,760 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\XL12CNV.EXE
    + 2007-08-24 02:14:14 13,712 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\XLCALL32.DLL
    + 2008-11-13 09:37:10 32,768 ----a-r c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
    + 2008-09-16 12:56:57 217,864 ----a-r c:\windows\Installer\{90120000-006E-040B-0000-0000000FF1CE}\misc.exe
    + 2008-12-12 12:25:17 20,240 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
    + 2008-12-12 12:25:16 184,080 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
    + 2008-12-12 12:25:17 217,864 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
    + 2008-12-12 12:25:17 18,704 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
    + 2008-12-12 12:25:17 35,088 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
    + 2008-12-12 12:25:17 922,384 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
    + 2008-12-12 12:25:17 888,080 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
    + 2008-12-12 12:25:16 1,172,240 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
    + 2008-09-17 18:38:21 729,088 ----a-w c:\windows\iun6002.exe
    - 2000-08-31 05:00:00 28,672 ----a-w c:\windows\Nircmd.exe
    + 2000-08-31 06:00:00 28,672 ----a-w c:\windows\Nircmd.exe
    + 2004-10-04 08:29:00 129,451 ----a-w c:\windows\Resources\Themes\Shell\Compac\shellstyle.dll
    + 2004-10-04 08:29:00 129,451 ----a-w c:\windows\Resources\Themes\Shell\Compac2\shellstyle.dll
    + 2004-10-04 08:29:00 129,451 ----a-w c:\windows\Resources\Themes\Shell\NormalColor\shellstyle.dll
    - 2000-08-31 05:00:00 161,792 ----a-w c:\windows\swreg.exe
    + 2000-08-31 06:00:00 161,792 ----a-w c:\windows\swreg.exe
    + 2008-09-11 16:50:18 10,520 ----a-w c:\windows\system32\avgrsstx.dll
    + 2001-12-13 00:01:00 45,056 ----a-w c:\windows\system32\brss01a.exe
    + 2002-04-12 00:00:00 57,344 ----a-w c:\windows\system32\brsvc01a.exe
    + 2005-03-02 04:14:50 37,888 ----a-w c:\windows\system32\BrUSi05a.dll
    + 2005-03-02 02:35:22 121,856 ----a-w c:\windows\system32\BrWia05a.dll
    + 2001-02-05 02:16:08 258,048 ----a-w c:\windows\system32\bsplmf01.dll
    + 2003-12-24 00:00:00 131,072 ----a-w c:\windows\system32\bsplmf01.exe
    + 2007-01-11 07:19:00 11,008 ----a-r c:\windows\system32\BUFADPT.SYS
    - 2008-04-14 06:12:08 139,264 ----a-w c:\windows\system32\cscript.exe
    + 2008-05-07 09:07:23 135,168 ----a-w c:\windows\system32\cscript.exe
    - 2008-06-20 11:40:08 138,496 -c----w c:\windows\system32\dllcache\afd.sys
    + 2008-08-14 10:04:36 138,496 -c----w c:\windows\system32\dllcache\afd.sys
    - 2007-07-30 16:19:20 92,504 -c--a-w c:\windows\system32\dllcache\cdm.dll
    + 2008-10-16 12:09:44 92,696 -c--a-w c:\windows\system32\dllcache\cdm.dll
    + 2008-05-07 09:07:23 135,168 -c----w c:\windows\system32\dllcache\cscript.exe
    + 2008-10-23 12:38:22 286,720 -c----w c:\windows\system32\dllcache\gdi32.dll
    + 2008-05-09 10:55:19 512,000 -c----w c:\windows\system32\dllcache\jscript.dll
    - 2005-01-28 11:44:28 96,768 -c--a-w c:\windows\system32\dllcache\logagent.exe
    + 2008-06-10 03:52:04 96,768 -c--a-w c:\windows\system32\dllcache\logagent.exe
    + 2008-10-24 11:21:09 455,296 -c----w c:\windows\system32\dllcache\mrxsmb.sys
    - 2008-06-23 15:10:15 3,088,384 -c----w c:\windows\system32\dllcache\mshtml.dll
    + 2008-12-12 17:03:17 3,088,896 -c----w c:\windows\system32\dllcache\mshtml.dll
    + 2008-09-04 17:16:38 1,106,944 -c----w c:\windows\system32\dllcache\msxml3.dll
    - 2008-04-14 06:11:44 1,306,624 -c----w c:\windows\system32\dllcache\msxml6.dll
    + 2008-09-10 01:15:51 1,307,648 -c----w c:\windows\system32\dllcache\msxml6.dll
    + 2008-10-15 16:37:15 337,408 -c----w c:\windows\system32\dllcache\netapi32.dll
    + 2008-08-14 13:25:40 2,147,840 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
    + 2008-08-14 13:25:43 2,068,352 -c----w c:\windows\system32\dllcache\ntkrnlpa.exe
    + 2008-08-14 13:24:57 2,026,496 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
    + 2008-08-14 13:25:41 2,191,488 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
    + 2008-05-09 10:55:19 180,224 -c----w c:\windows\system32\dllcache\scrobj.dll
    + 2008-05-09 10:55:19 172,032 -c----w c:\windows\system32\dllcache\scrrun.dll
    - 2008-06-26 08:14:07 1,498,624 -c----w c:\windows\system32\dllcache\shdocvw.dll
    + 2008-10-16 01:01:57 1,498,624 -c----w c:\windows\system32\dllcache\shdocvw.dll
    + 2008-09-08 10:41:42 333,824 -c----w c:\windows\system32\dllcache\srv.sys
    - 2008-04-14 06:11:56 246,814 -c----w c:\windows\system32\dllcache\strmdll.dll
    + 2008-10-03 10:03:58 247,326 -c----w c:\windows\system32\dllcache\strmdll.dll
    - 2008-06-26 08:14:07 619,008 -c----w c:\windows\system32\dllcache\urlmon.dll
    + 2008-10-16 01:01:57 619,008 -c----w c:\windows\system32\dllcache\urlmon.dll
    + 2008-04-13 08:47:38 25,856 -c--a-w c:\windows\system32\dllcache\usbprint.sys
    + 2008-05-09 10:55:19 430,080 -c----w c:\windows\system32\dllcache\vbscript.dll
    + 2008-09-15 15:27:14 1,846,656 -c----w c:\windows\system32\dllcache\win32k.sys
    - 2008-06-23 15:10:15 666,112 -c----w c:\windows\system32\dllcache\wininet.dll
    + 2008-10-16 01:01:57 666,112 -c----w c:\windows\system32\dllcache\wininet.dll
    - 2005-01-28 11:44:28 1,027,072 -c--a-w c:\windows\system32\dllcache\wmnetmgr.dll
    + 2008-06-10 04:28:36 1,028,096 -c--a-w c:\windows\system32\dllcache\WMNetmgr.dll
    - 2006-12-07 05:29:34 2,374,472 -c--a-w c:\windows\system32\dllcache\wmvcore.dll
    + 2008-06-10 05:07:24 2,376,760 -c--a-w c:\windows\system32\dllcache\WMVCore.dll
    + 2008-05-08 11:24:44 155,648 -c----w c:\windows\system32\dllcache\wscript.exe
    + 2008-05-09 10:55:19 90,112 -c----w c:\windows\system32\dllcache\wshext.dll
    - 2007-07-30 16:19:36 549,720 -c--a-w c:\windows\system32\dllcache\wuapi.dll
    + 2008-10-16 12:12:20 561,688 -c--a-w c:\windows\system32\dllcache\wuapi.dll
    - 2007-07-30 16:19:16 53,080 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
    + 2008-10-16 12:09:44 51,224 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
    - 2007-07-30 16:19:42 1,712,984 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
    + 2008-10-16 12:13:40 1,809,944 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
    - 2007-07-30 16:19:32 325,976 -c--a-w c:\windows\system32\dllcache\wucltui.dll
    + 2008-10-16 12:12:22 323,608 -c--a-w c:\windows\system32\dllcache\wucltui.dll
    - 2007-07-30 16:18:40 33,624 -c--a-w c:\windows\system32\dllcache\wups.dll
    + 2008-10-16 12:08:58 34,328 -c--a-w c:\windows\system32\dllcache\wups.dll
    - 2007-07-30 16:19:28 203,096 -c--a-w c:\windows\system32\dllcache\wuweb.dll
    + 2008-10-16 12:13:40 202,776 -c--a-w c:\windows\system32\dllcache\wuweb.dll
    + 2005-01-19 02:01:00 27,264 ----a-w c:\windows\system32\driver\RNDISMP.sys
    + 2005-01-19 02:01:00 27,264 ----a-w c:\windows\system32\driver\RNDISMPK.sys
    + 2005-01-19 02:01:00 11,136 ----a-w c:\windows\system32\driver\usb8023.sys
    + 2005-01-19 02:01:00 11,136 ----a-w c:\windows\system32\driver\usb8023k.sys
    - 2008-06-20 11:40:08 138,496 ----a-w c:\windows\system32\drivers\afd.sys
    + 2008-08-14 10:04:36 138,496 ----a-w c:\windows\system32\drivers\afd.sys
    + 2007-05-23 02:33:00 442,752 ----a-w c:\windows\system32\drivers\ag300n5.sys
    + 2004-05-28 02:43:00 3,264 ----a-w c:\windows\system32\drivers\AIFILT.SYS
    + 2005-06-09 03:18:00 145,280 ----a-w c:\windows\system32\drivers\ar5523.bin
    + 2005-06-09 03:15:00 288,448 ----a-w c:\windows\system32\drivers\ar5523.sys
    + 2005-06-09 03:18:00 43,392 ----a-w c:\windows\system32\drivers\athfmwdl.sys
    + 2008-09-11 16:50:13 26,824 ----a-w c:\windows\system32\drivers\avgmfx86.sys
    + 2008-09-11 16:50:18 12,936 ----a-w c:\windows\system32\drivers\avgrkx86.sys
    + 2004-07-13 04:49:00 3,264 ----a-w c:\windows\system32\drivers\BFAIFILT.SYS
    + 2004-10-15 03:50:20 15,295 ----a-w c:\windows\system32\drivers\BrScnUsb.sys
    + 2006-07-05 08:48:00 473,696 ----a-w c:\windows\system32\drivers\cbag108.sys
    + 2006-10-12 07:28:56 604,928 ----a-w c:\windows\system32\drivers\cbg300n.SYS
    + 2007-08-08 06:32:04 536,576 ----a-w c:\windows\system32\drivers\cbg300n2.sys
    + 2005-11-01 08:13:00 372,480 ----a-w c:\windows\system32\drivers\CBG54.sys
    + 2004-04-04 04:07:00 83,320 ----a-w c:\windows\system32\drivers\FwRad16.bin
    + 2004-04-04 04:07:00 84,912 ----a-w c:\windows\system32\drivers\FwRad17.bin
    + 2008-09-17 18:33:32 25,280 ----a-w c:\windows\system32\drivers\hamachi.sys
    + 2004-09-08 07:04:00 262,656 ----a-w c:\windows\system32\drivers\I2220NTA.SYS
    + 2004-09-08 07:01:00 159,872 ----a-w c:\windows\system32\drivers\I2220NTX.SYS
    - 2008-04-13 09:17:02 456,576 ----a-w c:\windows\system32\drivers\mrxsmb.sys
    + 2008-10-24 11:21:09 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
    - 2008-04-13 09:15:12 334,848 ----a-w c:\windows\system32\drivers\srv.sys
    + 2008-09-08 10:41:42 333,824 ----a-w c:\windows\system32\drivers\srv.sys
    + 2006-03-06 07:08:00 8,946 ----a-w c:\windows\system32\drivers\tmimo3.bin
    + 2006-03-06 07:07:00 783,872 ----a-w c:\windows\system32\drivers\tmimo31p.SYS
    + 2004-04-18 15:20:00 385,792 ----a-w c:\windows\system32\drivers\TNET1130.SYS
    + 2006-11-19 17:04:00 499,328 ----a-w c:\windows\system32\drivers\U2G300N5.sys
    + 2005-10-17 10:50:00 245,376 ----a-w c:\windows\system32\drivers\U2KG54.SYS
    + 2006-08-24 04:44:00 477,696 ----a-w c:\windows\system32\drivers\U2KG54L.SYS
    + 2006-09-07 03:34:00 347,776 ----a-w c:\windows\system32\drivers\U2SG54HP.SYS
    + 2007-08-08 06:27:20 517,248 ----a-w c:\windows\system32\drivers\ucg300n.sys
    + 2006-02-02 23:59:00 355,616 ----a-w c:\windows\system32\drivers\USB2G542.sys
    + 2008-04-13 08:47:38 25,856 ----a-w c:\windows\system32\drivers\usbprint.sys
    + 2002-04-26 16:00:00 156,160 ----a-w c:\windows\system32\drivers\WLAGS48B.SYS
    + 2004-07-12 01:16:00 185,728 ----a-w c:\windows\system32\drivers\WLICBB11.SYS
    + 2003-03-20 00:24:00 619,648 ----a-w c:\windows\system32\drivers\WLIS11.SYS
    + 2003-08-01 00:56:00 640,128 ----a-w c:\windows\system32\drivers\WLIUKB11.SYS
    + 2002-11-14 11:17:00 179,712 ----a-w c:\windows\system32\drivers\WLMEL51B.SYS
    + 2005-01-26 09:23:00 5,374 ----a-w c:\windows\system32\drivers\WNI6000.BIN
    + 2005-01-26 09:24:00 826,880 ----a-w c:\windows\system32\drivers\WNIHDD51.SYS
    - 1999-10-28 21:49:10 1,129,232 -c--a-w c:\windows\system32\FM20.DLL
    + 2007-08-22 22:03:38 1,195,888 ----a-w c:\windows\system32\FM20.DLL
    - 1999-10-28 21:49:10 26,384 -c--a-w c:\windows\system32\FM20ENU.DLL
    + 2006-10-26 10:10:06 33,088 ----a-w c:\windows\system32\FM20ENU.DLL
    - 2008-09-07 10:48:41 151,584 ----a-w c:\windows\system32\FNTCACHE.DAT
    + 2008-10-17 07:19:11 187,408 ----a-w c:\windows\system32\FNTCACHE.DAT
    + 2006-10-26 10:45:04 207,360 ----a-w c:\windows\system32\INKED.DLL
    - 2008-04-14 06:11:38 512,000 ----a-w c:\windows\system32\jscript.dll
    + 2008-05-09 10:55:19 512,000 ----a-w c:\windows\system32\jscript.dll
    - 2005-01-28 11:44:28 96,768 ----a-w c:\windows\system32\logagent.exe
    + 2008-06-10 03:52:04 96,768 ----a-w c:\windows\system32\logagent.exe
    - 2008-05-29 23:35:11 17,486,968 ----a-w c:\windows\system32\MRT.exe
    + 2008-12-09 23:24:37 17,593,280 ----a-w c:\windows\system32\MRT.exe
    - 2008-06-23 15:10:15 3,088,384 ----a-w c:\windows\system32\mshtml.dll
    + 2008-12-12 17:03:17 3,088,896 ----a-w c:\windows\system32\mshtml.dll
    + 2006-10-26 16:56:10 32,592 ----a-w c:\windows\system32\msonpmon.dll
    - 2008-04-14 06:11:44 1,104,896 ----a-w c:\windows\system32\msxml3.dll
    + 2008-09-04 17:16:38 1,106,944 ----a-w c:\windows\system32\msxml3.dll
    - 2008-04-14 06:11:44 1,306,624 ------w c:\windows\system32\msxml6.dll
    + 2008-09-10 01:15:51 1,307,648 ------w c:\windows\system32\msxml6.dll
    - 2008-04-14 06:11:44 337,408 ----a-w c:\windows\system32\netapi32.dll
    + 2008-10-15 16:37:15 337,408 ----a-w c:\windows\system32\netapi32.dll
    - 2008-04-14 05:49:32 2,068,224 ----a-w c:\windows\system32\ntkrnlpa.exe
    + 2008-08-14 13:25:43 2,068,352 ----a-w c:\windows\system32\ntkrnlpa.exe
    - 2008-04-14 05:49:54 2,191,360 ----a-w c:\windows\system32\ntoskrnl.exe
    + 2008-08-14 13:25:41 2,191,488 ----a-w c:\windows\system32\ntoskrnl.exe
    - 2008-09-07 10:51:04 63,528 ----a-w c:\windows\system32\perfc009.dat
    + 2008-12-27 17:18:41 63,528 ----a-w c:\windows\system32\perfc009.dat
    - 2008-09-07 10:51:04 77,424 ----a-w c:\windows\system32\perfc00B.dat
    + 2008-12-27 17:18:41 77,424 ----a-w c:\windows\system32\perfc00B.dat
    - 2008-09-07 10:51:04 406,328 ----a-w c:\windows\system32\perfh009.dat
    + 2008-12-27 17:18:41 406,328 ----a-w c:\windows\system32\perfh009.dat
    - 2008-09-07 10:51:04 381,250 ----a-w c:\windows\system32\perfh00B.dat
    + 2008-12-27 17:18:41 381,250 ----a-w c:\windows\system32\perfh00B.dat
    - 2008-04-14 06:11:46 180,224 ----a-w c:\windows\system32\scrobj.dll
    + 2008-05-09 10:55:19 180,224 ----a-w c:\windows\system32\scrobj.dll
    - 2008-04-14 06:11:46 172,032 ----a-w c:\windows\system32\scrrun.dll
    + 2008-05-09 10:55:19 172,032 ----a-w c:\windows\system32\scrrun.dll
    - 2008-06-26 08:14:07 1,498,624 ----a-w c:\windows\system32\shdocvw.dll
    + 2008-10-16 01:01:57 1,498,624 ----a-w c:\windows\system32\shdocvw.dll
    + 2008-07-18 19:10:20 36,552 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.784\wups.dll
    + 2008-10-16 12:08:58 34,328 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
    + 2008-07-18 19:10:40 45,768 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.784\wups2.dll
    + 2008-10-16 12:09:44 43,544 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll
    + 2006-12-21 01:57:00 163,789 ----a-w c:\windows\system32\spool\drivers\w32x86\3\acpdf210.dll
    + 2006-12-21 01:58:00 191,608 ----a-w c:\windows\system32\spool\drivers\w32x86\3\acpdfui210.dll
    + 2005-04-28 10:42:00 118,784 ----a-w c:\windows\system32\spool\drivers\w32x86\3\bril05a.dll
    + 2005-04-28 10:40:08 1,705,467 ----a-w c:\windows\system32\spool\drivers\w32x86\3\brio05a.dll
    + 2005-04-28 10:40:08 996,104 ----a-w c:\windows\system32\spool\drivers\w32x86\3\briu05a.dll
    + 2002-06-29 03:01:00 100,864 ----a-w c:\windows\system32\spool\drivers\w32x86\3\brqikmon.exe
    + 2006-12-21 02:00:00 1,081,344 ----a-w c:\windows\system32\spool\drivers\w32x86\3\cdintf210.dll
    + 2006-10-26 16:56:16 864,080 ----a-w c:\windows\system32\spool\drivers\w32x86\3\msonpdrv.dll
    + 2006-10-26 16:56:14 67,408 ----a-w c:\windows\system32\spool\drivers\w32x86\3\msonpui.dll
    + 2006-12-21 01:57:00 163,789 ----a-w c:\windows\system32\spool\drivers\w32x86\amyuni_amyunidocumentconverter210\acpdf210.dll
    + 2006-12-21 01:58:00 191,608 ----a-w c:\windows\system32\spool\drivers\w32x86\amyuni_amyunidocumentconverter210\acpdfui210.dll
    + 2006-12-21 02:00:00 1,081,344 ----a-w c:\windows\system32\spool\drivers\w32x86\amyuni_amyunidocumentconverter210\cdintf210.dll
    + 2005-04-28 10:42:00 118,784 ----a-w c:\windows\system32\spool\drivers\w32x86\brotherdcp_117c5508\bril05a.dll
    + 2005-04-28 10:40:08 1,705,467 ----a-w c:\windows\system32\spool\drivers\w32x86\brotherdcp_117c5508\brio05a.dll
    + 2005-04-28 10:40:08 996,104 ----a-w c:\windows\system32\spool\drivers\w32x86\brotherdcp_117c5508\briu05a.dll
    + 2002-06-29 03:01:00 100,864 ----a-w c:\windows\system32\spool\drivers\w32x86\brotherdcp_117c5508\brqikmon.exe
    + 2004-02-09 00:00:00 26,285 ----a-w c:\windows\system32\spool\prtprocs\w32x86\brmfpp1.dll
    + 2006-10-26 16:56:12 33,104 ----a-w c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
    - 2008-04-14 06:12:32 60,416 ------w c:\windows\system32\tzchange.exe
    + 2008-10-23 10:06:59 62,976 ------w c:\windows\system32\tzchange.exe
    - 2008-06-26 08:14:07 619,008 ----a-w c:\windows\system32\urlmon.dll
    + 2008-10-16 01:01:57 619,008 ----a-w c:\windows\system32\urlmon.dll
    + 2002-04-26 16:03:00 159,744 ----a-w c:\windows\system32\WAAGS48B.DLL
    + 2002-11-14 11:18:00 159,744 ----a-w c:\windows\system32\WAMEL51B.DLL
    - 2008-04-14 06:11:56 434,176 ----a-w c:\windows\system32\vbscript.dll
    + 2008-05-09 10:55:19 430,080 ----a-w c:\windows\system32\vbscript.dll
    + 2002-04-26 16:02:00 69,632 ----a-w c:\windows\system32\WCAGS48B.EXE
    + 2002-11-14 11:18:00 69,632 ----a-w c:\windows\system32\WCMEL51B.EXE
    + 2002-04-26 16:04:00 8,704 ----a-w c:\windows\system32\WDAGS48B.DLL
    + 2008-04-14 06:11:38 14,336 ----a-w c:\windows\system32\wdmaud.sys
    + 2002-11-14 11:19:00 7,680 ----a-w c:\windows\system32\WDMEL51B.DLL
    - 2008-04-14 05:41:30 1,845,888 ----a-w c:\windows\system32\win32k.sys
    + 2008-09-15 15:27:14 1,846,656 ----a-w c:\windows\system32\win32k.sys
    + 2006-10-26 10:45:04 293,376 ----a-w c:\windows\system32\WISPTIS.EXE
    - 2005-01-28 11:44:28 1,027,072 ----a-w c:\windows\system32\wmnetmgr.dll
    + 2008-06-10 04:28:36 1,028,096 ----a-w c:\windows\system32\WMNetmgr.dll
    - 2006-12-07 05:29:34 2,374,472 ----a-w c:\windows\system32\wmvcore.dll
    + 2008-06-10 05:07:24 2,376,760 ----a-w c:\windows\system32\WMVCore.dll
    - 2008-04-14 06:12:36 155,648 ----a-w c:\windows\system32\wscript.exe
    + 2008-05-08 11:24:44 155,648 ----a-w c:\windows\system32\wscript.exe
    - 2008-04-14 06:12:00 90,112 ----a-w c:\windows\system32\wshext.dll
    + 2008-05-09 10:55:19 90,112 ----a-w c:\windows\system32\wshext.dll
    + 2004-10-15 08:35:16 77,824 ----a-w c:\windows\twain_32\BrMfSc07\Common\BrScnDev.dll
    + 2004-08-16 06:49:14 49,152 ----a-w c:\windows\twain_32\BrMfSc07\Common\BrStiIf.dll
    + 2004-10-28 00:35:20 131,072 ----a-w c:\windows\twain_32\BrMfSc07\Common\BrTwds.dll
    + 2004-12-07 09:28:06 180,224 ----a-w c:\windows\twain_32\BrMfSc07\Common\BrTwdScn.dll
    + 2004-10-28 00:35:58 131,072 ----a-w c:\windows\twain_32\BrMfSc07\Common\BrTwdsUi.dll
    + 2004-11-16 01:32:10 73,728 ----a-w c:\windows\twain_32\BrMfSc07\Lang\BrTwdChn.dll
    + 2004-10-06 00:40:24 90,112 ----a-w c:\windows\twain_32\BrMfSc07\Lang\BrTwdDan.dll
    + 2004-10-06 00:40:26 90,112 ----a-w c:\windows\twain_32\BrMfSc07\Lang\BrTwdDut.dll
    + 2004-10-06 00:40:26 90,112 ----a-w c:\windows\twain_32\BrMfSc07\Lang\BrTwdEng.dll
    + 2004-10-06 00:40:28 94,208 ----a-w c:\windows\twain_32\BrMfSc07\Lang\BrTwdFre.dll
    + 2004-10-06 00:40:30 94,208 ----a-w c:\windows\twain_32\BrMfSc07\Lang\BrTwdGer.dll
    + 2004-10-06 00:40:30 94,208 ----a-w c:\windows\twain_32\BrMfSc07\Lang\BrTwdIta.dll
    + 2005-03-03 00:35:36 73,728 ----a-w c:\windows\twain_32\BrMfSc07\Lang\BrTwdJpn.dll
    + 2004-10-06 00:40:30 90,112 ----a-w c:\windows\twain_32\BrMfSc07\Lang\BrTwdNor.dll
    + 2004-10-06 00:40:32 94,208 ----a-w c:\windows\twain_32\BrMfSc07\Lang\BrTwdPor.dll
    + 2004-10-06 01:16:36 94,208 ----a-w c:\windows\twain_32\BrMfSc07\Lang\BrTwdSpa.dll
    + 2004-10-06 00:40:32 90,112 ----a-w c:\windows\twain_32\BrMfSc07\Lang\BrTwdSwe.dll
    + 2004-10-06 00:40:34 90,112 ----a-w c:\windows\twain_32\BrMfSc07\Lang\BrTwdUsa.dll
    + 2007-02-22 11:00:00 204,800 ----a-w c:\windows\UN800114.EXE
    - 2008-04-08 16:38:48 60,862 ----a-w c:\windows\War3Unin.dat
    + 2008-09-17 18:57:20 61,810 ----a-w c:\windows\War3Unin.dat
    + 2008-09-30 14:42:08 1,286,152 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll
    + 2008-09-30 14:45:12 91,656 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
    - 2005-09-22 21:49:12 95,744 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841\ATL80.dll
    + 2006-10-26 10:40:34 95,744 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841\ATL80.dll
    + 2006-12-01 19:56:00 96,256 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
    + 2006-12-01 21:46:44 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
    + 2008-04-15 17:49:33 1,724,416 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\GdiPlus.dll
    .
    -- Snapshot nollattu tähän hetkeen --
    .
    (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-22 339968]
    "Logitech Hardware Abstraction Layer"="c:\program files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2006-07-19 94208]
    "AVG8_TRAY"="e:\avg\avgtray.exe" [2008-12-02 1261336]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-12-23 180269]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-07-19 c:\windows\KHALMNPR.Exe]
    "SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:\windows\soundman.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
    2001-12-20 22:34 24576 c:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=wbsys.dll,avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.XFR1"= xfcodec.dll
    "aux"= wdmaud.sys

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Program Files\\Xfire\\Xfire.exe"=
    "e:\\AVG\\avgemc.exe"=
    "e:\\AVG\\avgupd.exe"=
    "e:\\AVG\\avgnsx.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Curse\\CurseClient.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "25920:TCP"= 25920:TCP:BitComet 25920 TCP
    "25920:UDP"= 25920:UDP:BitComet 25920 UDP

    R0 aliidex;aliidex;c:\windows\system32\drivers\aliidex.sys [2005-12-17 7040]
    R0 aliperf;aliperf;c:\windows\system32\drivers\aliperf.sys [2005-12-17 7168]
    R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\Drivers\avgrkx86.sys [2008-09-11 12936]
    R0 uliagpkx;ULi AGP Bus Filter Driver;c:\windows\system32\DRIVERS\agpkx.sys [2005-12-17 44928]
    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-09-11 98440]
    R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-09-11 90632]
    R1 fsipfilter;Fleasome Ip Filter;c:\windows\system32\drivers\fsipfltr.sys [2006-08-23 84035]
    R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [2005-12-19 11776]
    R1 WRDRV;WRDRV;c:\windows\system32\drivers\wrdrv.sys [2006-12-13 80384]
    R2 avg8emc;AVG8 E-mail Scanner;e:\avg\avgemc.exe [2008-12-02 874776]
    R2 avg8wd;AVG8 WatchDog;e:\avg\avgwdsvc.exe [2008-09-11 231704]
    R2 avgfws8;AVG8 Firewall;e:\avg\avgfws8.exe [2008-12-02 1212184]
    R3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys [2008-09-11 29208]
    R3 ULI5261;ULi Based Ethernet NT Driver;c:\windows\system32\DRIVERS\ULILAN.SYS [2005-12-17 29696]
    S2 WinRoute;Kerio WinRoute Firewall; []
    S3 abugr;abugr;\??\c:\documents and settings\Mikael\Työpöytä\Glider\abugr.sys []
    S3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys [2008-09-11 29208]
    S3 kvpndev;Kerio VPN adapter;c:\windows\system32\DRIVERS\kvpndrv.sys [2006-12-13 59392]
    S3 WLIU2KG125S;BUFFALO WLI-U2-KG125S Wireless LAN Adapter Driver;c:\windows\system32\DRIVERS\usb8023.sys [2001-10-09 12800]

    *Newly Created Service* - SYSMONLOG
    .
    'Ajoitetut tehtävät'-kansion sisältö

    2008-11-19 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe []
    .
    - - - - POISTETUT JÄMÄRIVIT - - - -

    HKCU-Run-DAEMON Tools - c:\program files\DAEMON Tools\daemon.exe
    HKCU-Run-PcSync - c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe
    HKLM-Run-SmcService - c:\progra~1\Sygate\SPF\smc.exe
    HKLM-Run-DAEMON Tools - c:\program files\DAEMON Tools\daemon.exe


    .
    ------- Täydentävä tarkistus -------
    .
    uStart Page = hxxp://www.google.fi/
    IE: V&ie Microsoft Exceliin - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

    O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
    c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

    O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
    FF - ProfilePath - c:\documents and settings\Mikael\Application Data\Mozilla\Firefox\Profiles\j88mpqeu.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
    FF - component: e:\avg\Firefox\components\avgssff.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npigl.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-12-27 22:13:54
    Windows 5.1.2600 Service Pack 3 NTFS

    tarkistaa piilotettuja prosesseja ...

    tarkistaa piilotettuja käynnistysarvoja ...

    tarkistaa piilotettuja tiedostoja ...

    tarkistus on valmis
    piilotetut tiedostot: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
    "ImagePath"=""
    .
    --------------------- Prosesseihin ladatut DLLt ---------------------

    - - - - - - - > 'winlogon.exe'(1336)
    c:\windows\system32\avgrsstx.dll
    c:\windows\system32\Ati2evxx.dll
    c:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll

    - - - - - - - > 'lsass.exe'(1472)
    c:\windows\system32\avgrsstx.dll
    .
    Valmistumisajankohta: 2008-12-27 22:15:26
    ComboFix-quarantined-files.txt 2008-12-27 20:15:04

    Ennen ajoa: 12ÿ978ÿ974ÿ720 tavua vapaana
    Ajon jõlkeen: 13,028,265,984 tavua vapaana

    708 --- E O F --- 2008-12-19 11:46:00


    Apua mahd. pian kiitos..
     
  2.  
  3. Cavefish

    Cavefish Member

    Liittynyt:
    07.09.2008
    Viestejä:
    37
    Kiitokset:
    0
    Pisteet:
    16
    Niin, piti vielä mainita, että hakutuloksissa näkyy esim jos haen Afterdawnia, niin tuloksen URLina on tyyliin
    afterdawn-best-deals.com
     

Jaa tämä sivu