Google haun uudelleenohjaussivustot HJT/Combofix logit

Yksityisviestit

Luo uusi yksityisviesti

Kaikki uudet viestit

Ilman vastauksia olevat viestiketjut

Hae viestejä

sunnuntai 16.11.2025 / 18:10

Hae keskustelualueilta:

afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > google haun uudelleenohjaussivustot hjt/combofix logit

Aiheet

Keskustelualueet

Vastaa

Aloita uusi viestiketju

Google haun uudelleenohjaussivustot HJT/Combofix logit

Siirry:

Kirjoittaja

Viesti

Cavefish

Junior Member

27. joulukuuta 2008 @ 22:29

Linkki tähän viestiin

Tälläinen ERITTÄIN rasittava malware/virus/troijalainen vai mikälie on nyt kyseessä.
Koittanut googlettaa sitä go.google.com virusta. Mulla on sama ongelma kuin muilla joilla tuo virus on esiintynyt, mutta redirectaa eri sivustoihin ja ei toiminut kyseisen viruksen ongelmanratkaisut (Ohjauspaneeli > Järjestelmä > Laitteet > Laitehallinta > Näytä Piilotetut laitteet > Muut kuin Plug and play laitteet, sieltä olisi pitänyt etsiä joku tietty ohjain, muttei löytynyt).
Tässä hjt log ja combofix log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:23:11, on 27.12.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
E:\AVG\avgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
E:\AVG\avgwdsvc.exe
E:\AVG\avgfws8.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
E:\AVG\avgam.exe
E:\AVG\avgrsx.exe
E:\AVG\avgnsx.exe
E:\AVG\avgemc.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\AVG\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] E:\AVG\avgtray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Enable Labtec Wireless Desktop.lnk = C:\Program Files\Labtec Wireless Desktop\MagicKey.exe
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: PICgrabber - {4964E240-D53C-11D5-BDA9-444553540000} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O9 - Extra 'Tools' menuitem: PICgrabber - Movie&Image Search/Download Software - {4964E240-D53C-11D5-BDA9-444553540000} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsu...b?1184709610468
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\AVG\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: wbsys.dll,avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - E:\AVG\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - E:\AVG\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - E:\AVG\avgfws8.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Unknown owner - C:\Program Files\Sygate\SPF\smc.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

--
End of file - 7321 bytes

--

ComboFix 08-12-26.03 - Mikael 2008-12-27 22:11:23.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1035.18.511.116 [GMT 2:00]
Sijainti: c:\documents and settings\Mikael\Ty?p?yt?\ComboFix.exe
AV: AVG Internet Security *On-access scanning disabled* (Outdated)
FW: Kerio WinRoute Firewall *disabled*
FW: *disabled*
FW: AVG Firewall *disabled*
* Uusi palautuspiste luotu

VAROITUS - PALAUTUSKONSOLIA EI OLE ASENNETTU !!
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\system32\WgaLogon.dll

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-11-27 to 2008-12-27 )))))))))))))))))
.

2008-12-27 22:09 . 2008-12-27 22:09 <KANSIO> d-------- C:\32788R22FWJFW
2008-12-27 21:59 . 2008-12-27 21:59 <KANSIO> d-------- c:\documents and settings\Mikael\DoctorWeb
2008-12-27 21:36 . 2008-12-27 21:36 <KANSIO> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-27 21:36 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-27 21:36 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-14 21:12 . 2008-12-14 21:12 <KANSIO> d-------- c:\documents and settings\Mikael\Application Data\MozillaControl
2008-12-14 21:12 . 2008-12-14 21:12 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\Graboid Inc
2008-12-14 21:11 . 2008-12-14 21:11 <KANSIO> d-------- c:\program files\VideoLAN
2008-12-14 21:11 . 2008-12-14 21:11 <KANSIO> d-------- c:\program files\Mozilla ActiveX Control v1.7.12
2008-12-06 00:18 . 2008-12-06 00:18 <KANSIO> d--h----- c:\windows\PIF
2008-12-02 17:42 . 2008-12-02 17:42 <KANSIO> d-------- c:\documents and settings\Mikael\WINDOWS
2008-12-02 16:57 . 2008-12-02 16:57 <KANSIO> d-------- c:\documents and settings\Mikael\Application Data\DAEMON Tools
2008-11-29 15:33 . 2008-11-29 15:33 <KANSIO> d-------- c:\program files\7-Zip

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-27 17:06 --------- d-----w c:\documents and settings\Mikael\Application Data\uTorrent
2008-12-15 13:51 --------- d-----w c:\documents and settings\Mikael\Application Data\Skype
2008-12-15 10:27 --------- d-s---w c:\program files\Xfire
2008-12-14 20:40 --------- d-----w c:\documents and settings\Mikael\Application Data\Xfire
2008-12-12 12:25 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-09 12:31 --------- d-----w c:\program files\Nokia
2008-12-02 15:12 98,440 ----a-w c:\windows\system32\drivers\avgldx86.sys
2008-12-02 15:12 90,632 ----a-w c:\windows\system32\drivers\avgtdix.sys
2008-12-02 15:12 50,968 ----a-w c:\windows\system32\avgfwdx.dll
2008-12-02 15:12 29,208 ----a-w c:\windows\system32\drivers\avgfwdx.sys
2008-12-02 14:57 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2008-11-20 20:44 42,320 ----a-w c:\windows\system32\xfcodec.dll
2008-11-19 13:04 --------- d-----w c:\documents and settings\Mikael\Application Data\FrostWire
2008-11-01 10:11 --------- d-----w c:\documents and settings\Mikael\Application Data\skypePM
2008-10-23 12:38 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 12:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 12:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 12:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 12:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 12:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 12:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 12:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 12:08 34,328 -c--a-w c:\windows\system32\wups.dll
2008-10-16 12:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 12:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-16 01:01 666,112 ----a-w c:\windows\system32\wininet.dll
2008-10-03 10:03 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-09-30 14:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2007-12-28 18:02 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2007-07-17 23:41 771,999 -c--a-w c:\program files\Kopio Ventrilo.rar
2007-02-09 19:37 75,223 ----a-w c:\program files\Uninstal.exe
2005-12-23 18:35 28 -c--a-w c:\program files\deviceinfo
.

((((((((((((((((((((((((((((( snapshot@2008-09-08_12.05.14.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-05-02 13:44:42 83,968 ----a-w c:\windows\$hf_mig$\KB946648\SP3QFE\msgsc.dll
+ 2007-11-30 12:39:27 17,272 ----a-w c:\windows\$hf_mig$\KB946648\spmsg.dll
+ 2007-11-30 12:39:27 232,824 ----a-w c:\windows\$hf_mig$\KB946648\spuninst.exe
+ 2007-11-30 12:39:27 26,488 ----a-w c:\windows\$hf_mig$\KB946648\update\spcustom.dll
+ 2007-11-30 11:19:03 757,112 ----a-w c:\windows\$hf_mig$\KB946648\update\update.exe
+ 2007-11-30 12:39:28 392,056 ----a-w c:\windows\$hf_mig$\KB946648\update\updspapi.dll
+ 2008-05-07 09:07:23 135,168 ----a-w c:\windows\$hf_mig$\KB951978\SP3QFE\cscript.exe
+ 2008-05-09 10:51:53 512,000 ----a-w c:\windows\$hf_mig$\KB951978\SP3QFE\jscript.dll
+ 2008-05-09 10:51:53 180,224 ----a-w c:\windows\$hf_mig$\KB951978\SP3QFE\scrobj.dll
+ 2008-05-09 10:51:53 172,032 ----a-w c:\windows\$hf_mig$\KB951978\SP3QFE\scrrun.dll
+ 2008-05-09 10:51:53 430,080 ----a-w c:\windows\$hf_mig$\KB951978\SP3QFE\vbscript.dll
+ 2008-05-08 11:24:44 155,648 ----a-w c:\windows\$hf_mig$\KB951978\SP3QFE\wscript.exe
+ 2008-05-09 10:51:53 90,112 ----a-w c:\windows\$hf_mig$\KB951978\SP3QFE\wshext.dll
+ 2007-11-30 12:39:27 17,272 ----a-w c:\windows\$hf_mig$\KB951978\spmsg.dll
+ 2007-11-30 12:39:27 232,824 ----a-w c:\windows\$hf_mig$\KB951978\spuninst.exe
+ 2007-11-30 12:39:27 26,488 ----a-w c:\windows\$hf_mig$\KB951978\update\spcustom.dll
+ 2007-11-30 12:39:25 757,112 ----a-w c:\windows\$hf_mig$\KB951978\update\update.exe
+ 2007-11-30 12:39:25 392,056 ----a-w c:\windows\$hf_mig$\KB951978\update\updspapi.dll
+ 2008-09-15 15:21:09 1,847,168 ----a-w c:\windows\$hf_mig$\KB954211\SP3QFE\win32k.sys
+ 2007-11-30 12:39:27 17,272 ----a-w c:\windows\$hf_mig$\KB954211\spmsg.dll
+ 2007-11-30 12:39:27 232,824 ----a-w c:\windows\$hf_mig$\KB954211\spuninst.exe
+ 2007-11-30 12:39:27 26,488 ----a-w c:\windows\$hf_mig$\KB954211\update\spcustom.dll
+ 2008-07-09 07:39:53 757,112 ----a-w c:\windows\$hf_mig$\KB954211\update\update.exe
+ 2007-11-30 12:39:28 392,056 ----a-w c:\windows\$hf_mig$\KB954211\update\updspapi.dll
+ 2008-09-10 01:12:29 1,379,840 ----a-w c:\windows\$hf_mig$\KB954459\SP3QFE\msxml6.dll
+ 2007-11-30 12:39:27 17,272 ----a-w c:\windows\$hf_mig$\KB954459\spmsg.dll
+ 2007-11-30 12:39:27 232,824 ----a-w c:\windows\$hf_mig$\KB954459\spuninst.exe
+ 2007-11-30 12:39:27 26,488 ----a-w c:\windows\$hf_mig$\KB954459\update\spcustom.dll
+ 2007-11-30 12:39:27 757,112 ----a-w c:\windows\$hf_mig$\KB954459\update\update.exe
+ 2007-11-30 12:39:28 392,056 ----a-w c:\windows\$hf_mig$\KB954459\update\updspapi.dll
+ 2008-09-04 17:13:07 1,106,944 ----a-w c:\windows\$hf_mig$\KB955069\SP3QFE\msxml3.dll
+ 2007-11-30 11:19:02 17,272 ----a-w c:\windows\$hf_mig$\KB955069\spmsg.dll
+ 2007-11-30 11:19:02 232,824 ----a-w c:\windows\$hf_mig$\KB955069\spuninst.exe
+ 2007-11-30 11:19:02 26,488 ----a-w c:\windows\$hf_mig$\KB955069\update\spcustom.dll
+ 2007-11-30 12:39:27 757,112 ----a-w c:\windows\$hf_mig$\KB955069\update\update.exe
+ 2008-07-09 11:10:04 392,056 ----a-w c:\windows\$hf_mig$\KB955069\update\updspapi.dll
+ 2008-10-23 10:17:49 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP3QFE\tzchange.exe
+ 2007-11-30 12:39:27 17,272 ----a-w c:\windows\$hf_mig$\KB955839\spmsg.dll
+ 2007-11-30 12:39:27 232,824 ----a-w c:\windows\$hf_mig$\KB955839\spuninst.exe
+ 2007-11-30 12:39:27 26,488 ----a-w c:\windows\$hf_mig$\KB955839\update\spcustom.dll
+ 2007-11-30 12:39:27 757,112 ----a-w c:\windows\$hf_mig$\KB955839\update\update.exe
+ 2007-11-30 12:39:28 392,056 ----a-w c:\windows\$hf_mig$\KB955839\update\updspapi.dll
+ 2008-08-20 05:07:30 3,088,896 ----a-w c:\windows\$hf_mig$\KB956390\SP3QFE\mshtml.dll
+ 2008-08-20 05:07:25 1,498,624 ----a-w c:\windows\$hf_mig$\KB956390\SP3QFE\shdocvw.dll
+ 2008-08-20 05:07:27 619,520 ----a-w c:\windows\$hf_mig$\KB956390\SP3QFE\urlmon.dll
+ 2008-08-20 05:07:26 666,624 ----a-w c:\windows\$hf_mig$\KB956390\SP3QFE\wininet.dll
+ 2007-11-30 11:19:02 17,272 ----a-w c:\windows\$hf_mig$\KB956390\spmsg.dll
+ 2007-11-30 11:19:02 232,824 ----a-w c:\windows\$hf_mig$\KB956390\spuninst.exe
+ 2007-11-30 11:19:02 26,488 ----a-w c:\windows\$hf_mig$\KB956390\update\spcustom.dll
+ 2007-11-30 12:39:27 757,112 ----a-w c:\windows\$hf_mig$\KB956390\update\update.exe
+ 2007-11-30 12:39:28 392,056 ----a-w c:\windows\$hf_mig$\KB956390\update\updspapi.dll
+ 2007-11-30 12:39:27 17,272 ----a-w c:\windows\$hf_mig$\KB956391\spmsg.dll
+ 2007-11-30 12:39:27 232,824 ----a-w c:\windows\$hf_mig$\KB956391\spuninst.exe
+ 2007-11-30 12:39:27 26,488 ----a-w c:\windows\$hf_mig$\KB956391\update\spcustom.dll
+ 2007-11-30 12:39:27 757,112 ----a-w c:\windows\$hf_mig$\KB956391\update\update.exe
+ 2007-11-30 12:39:28 392,056 ----a-w c:\windows\$hf_mig$\KB956391\update\updspapi.dll
+ 2008-10-23 12:44:16 286,720 ----a-w c:\windows\$hf_mig$\KB956802\SP3QFE\gdi32.dll
+ 2008-07-08 13:03:23 17,272 ----a-w c:\windows\$hf_mig$\KB956802\spmsg.dll
+ 2008-07-08 13:03:24 232,824 ----a-w c:\windows\$hf_mig$\KB956802\spuninst.exe
+ 2008-07-08 13:03:23 26,488 ----a-w c:\windows\$hf_mig$\KB956802\update\spcustom.dll
+ 2008-07-09 07:39:53 757,112 ----a-w c:\windows\$hf_mig$\KB956802\update\update.exe
+ 2008-07-09 07:40:02 392,056 ----a-w c:\windows\$hf_mig$\KB956802\update\updspapi.dll
+ 2008-08-14 10:34:26 138,496 ----a-w c:\windows\$hf_mig$\KB956803\SP3QFE\afd.sys
+ 2007-11-30 11:19:02 17,272 ----a-w c:\windows\$hf_mig$\KB956803\spmsg.dll
+ 2007-11-30 11:19:02 232,824 ----a-w c:\windows\$hf_mig$\KB956803\spuninst.exe
+ 2007-11-30 11:19:02 26,488 ----a-w c:\windows\$hf_mig$\KB956803\update\spcustom.dll
+ 2007-11-30 11:19:03 757,112 ----a-w c:\windows\$hf_mig$\KB956803\update\update.exe
+ 2007-11-30 11:19:03 392,056 ----a-w c:\windows\$hf_mig$\KB956803\update\updspapi.dll
+ 2008-08-14 13:56:32 2,147,840 ----a-w c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlmp.exe
+ 2008-08-14 16:26:36 2,068,352 ----a-w c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
+ 2008-08-14 13:56:31 2,026,496 ----a-w c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrpamp.exe
+ 2008-08-14 16:26:38 2,191,488 ----a-w c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
+ 2007-11-30 11:19:02 17,272 ----a-w c:\windows\$hf_mig$\KB956841\spmsg.dll
+ 2007-11-30 11:19:02 232,824 ----a-w c:\windows\$hf_mig$\KB956841\spuninst.exe
+ 2007-11-30 11:19:02 26,488 ----a-w c:\windows\$hf_mig$\KB956841\update\spcustom.dll
+ 2007-11-30 12:39:27 757,112 ----a-w c:\windows\$hf_mig$\KB956841\update\update.exe
+ 2008-07-09 07:40:02 392,056 ----a-w c:\windows\$hf_mig$\KB956841\update\updspapi.dll
+ 2008-09-08 11:37:19 333,824 ----a-w c:\windows\$hf_mig$\KB957095\SP3QFE\srv.sys
+ 2007-11-30 11:19:02 17,272 ----a-w c:\windows\$hf_mig$\KB957095\spmsg.dll
+ 2007-11-30 11:19:02 232,824 ----a-w c:\windows\$hf_mig$\KB957095\spuninst.exe
+ 2007-11-30 11:19:02 26,488 ----a-w c:\windows\$hf_mig$\KB957095\update\spcustom.dll
+ 2007-11-30 11:19:03 757,112 ----a-w c:\windows\$hf_mig$\KB957095\update\update.exe
+ 2007-11-30 11:19:03 392,056 ----a-w c:\windows\$hf_mig$\KB957095\update\updspapi.dll
+ 2008-10-24 11:41:11 455,936 ----a-w c:\windows\$hf_mig$\KB957097\SP3QFE\mrxsmb.sys
+ 2008-07-08 13:03:23 17,272 ----a-w c:\windows\$hf_mig$\KB957097\spmsg.dll
+ 2008-07-08 13:03:24 232,824 ----a-w c:\windows\$hf_mig$\KB957097\spuninst.exe
+ 2008-07-08 13:03:23 26,488 ----a-w c:\windows\$hf_mig$\KB957097\update\spcustom.dll
+ 2008-07-08 13:03:27 757,112 ----a-w c:\windows\$hf_mig$\KB957097\update\update.exe
+ 2008-07-08 13:03:34 392,056 ----a-w c:\windows\$hf_mig$\KB957097\update\updspapi.dll
+ 2008-10-15 16:31:34 339,456 ----a-w c:\windows\$hf_mig$\KB958644\SP3QFE\netapi32.dll
+ 2007-11-30 11:19:02 17,272 ----a-w c:\windows\$hf_mig$\KB958644\spmsg.dll
+ 2007-11-30 11:19:02 232,824 ----a-w c:\windows\$hf_mig$\KB958644\spuninst.exe
+ 2007-11-30 11:19:02 26,488 ----a-w c:\windows\$hf_mig$\KB958644\update\spcustom.dll
+ 2007-11-30 11:19:03 757,112 ----a-w c:\windows\$hf_mig$\KB958644\update\update.exe
+ 2007-11-30 11:19:03 392,056 ----a-w c:\windows\$hf_mig$\KB958644\update\updspapi.dll
+ 2007-11-30 12:39:27 232,824 -c----w c:\windows\$NtUninstallKB938464$\spuninst\spuninst.exe
+ 2007-11-30 12:39:28 392,056 -c----w c:\windows\$NtUninstallKB938464$\spuninst\updspapi.dll
+ 2008-04-14 06:11:40 82,944 -c----w c:\windows\$NtUninstallKB946648$\msgsc.dll
+ 2007-11-30 12:39:27 232,824 -c----w c:\windows\$NtUninstallKB946648$\spuninst\spuninst.exe
+ 2007-11-30 12:39:28 392,056 -c----w c:\windows\$NtUninstallKB946648$\spuninst\updspapi.dll
+ 2008-04-14 06:12:08 139,264 -c----w c:\windows\$NtUninstallKB951978$\cscript.exe
+ 2008-04-14 06:11:38 512,000 -c----w c:\windows\$NtUninstallKB951978$\jscript.dll
+ 2008-04-14 06:11:46 180,224 -c----w c:\windows\$NtUninstallKB951978$\scrobj.dll
+ 2008-04-14 06:11:46 172,032 -c----w c:\windows\$NtUninstallKB951978$\scrrun.dll
+ 2007-11-30 12:39:27 232,824 -c----w c:\windows\$NtUninstallKB951978$\spuninst\spuninst.exe
+ 2007-11-30 12:39:25 392,056 -c----w c:\windows\$NtUninstallKB951978$\spuninst\updspapi.dll
+ 2008-04-14 06:11:56 434,176 -c----w c:\windows\$NtUninstallKB951978$\vbscript.dll
+ 2008-04-14 06:12:36 155,648 -c----w c:\windows\$NtUninstallKB951978$\wscript.exe
+ 2008-04-14 06:12:00 90,112 -c----w c:\windows\$NtUninstallKB951978$\wshext.dll
+ 2007-11-30 12:39:27 232,824 -c----w c:\windows\$NtUninstallKB954211$\spuninst\spuninst.exe
+ 2007-11-30 12:39:28 392,056 -c----w c:\windows\$NtUninstallKB954211$\spuninst\updspapi.dll
+ 2008-04-14 05:41:30 1,845,888 -c----w c:\windows\$NtUninstallKB954211$\win32k.sys
+ 2008-04-14 06:11:44 1,306,624 -c----w c:\windows\$NtUninstallKB954459$\msxml6.dll
+ 2007-11-30 12:39:27 232,824 -c----w c:\windows\$NtUninstallKB954459$\spuninst\spuninst.exe
+ 2007-11-30 12:39:28 392,056 -c----w c:\windows\$NtUninstallKB954459$\spuninst\updspapi.dll
+ 2008-04-14 06:11:44 1,104,896 -c----w c:\windows\$NtUninstallKB955069$\msxml3.dll
+ 2007-11-30 11:19:02 232,824 -c----w c:\windows\$NtUninstallKB955069$\spuninst\spuninst.exe
+ 2008-07-09 11:10:04 392,056 -c----w c:\windows\$NtUninstallKB955069$\spuninst\updspapi.dll
+ 2008-06-23 15:10:15 3,088,384 -c----w c:\windows\$NtUninstallKB956390$\mshtml.dll
+ 2008-06-26 08:14:07 1,498,624 -c----w c:\windows\$NtUninstallKB956390$\shdocvw.dll
+ 2007-11-30 11:19:02 232,824 -c----w c:\windows\$NtUninstallKB956390$\spuninst\spuninst.exe
+ 2007-11-30 12:39:28 392,056 -c----w c:\windows\$NtUninstallKB956390$\spuninst\updspapi.dll
+ 2008-06-26 08:14:07 619,008 -c----w c:\windows\$NtUninstallKB956390$\urlmon.dll
+ 2008-06-23 15:10:15 666,112 -c----w c:\windows\$NtUninstallKB956390$\wininet.dll
+ 2007-11-30 12:39:27 232,824 -c----w c:\windows\$NtUninstallKB956391$\spuninst\spuninst.exe
+ 2007-11-30 12:39:28 392,056 -c----w c:\windows\$NtUninstallKB956391$\spuninst\updspapi.dll
+ 2008-06-20 11:40:08 138,496 -c----w c:\windows\$NtUninstallKB956803$\afd.sys
+ 2007-11-30 11:19:02 232,824 -c----w c:\windows\$NtUninstallKB956803$\spuninst\spuninst.exe
+ 2007-11-30 11:19:03 392,056 -c----w c:\windows\$NtUninstallKB956803$\spuninst\updspapi.dll
+ 2008-04-14 05:49:32 2,068,224 -c----w c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
+ 2008-04-14 05:49:54 2,191,360 -c----w c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
+ 2007-11-30 11:19:02 232,824 -c----w c:\windows\$NtUninstallKB956841$\spuninst\spuninst.exe
+ 2008-07-09 07:40:02 392,056 -c----w c:\windows\$NtUninstallKB956841$\spuninst\updspapi.dll
+ 2007-11-30 11:19:02 232,824 -c----w c:\windows\$NtUninstallKB957095$\spuninst\spuninst.exe
+ 2007-11-30 11:19:03 392,056 -c----w c:\windows\$NtUninstallKB957095$\spuninst\updspapi.dll
+ 2008-04-13 09:15:12 334,848 -c----w c:\windows\$NtUninstallKB957095$\srv.sys
+ 2008-04-13 09:17:02 456,576 -c----w c:\windows\$NtUninstallKB957097$\mrxsmb.sys
+ 2008-07-08 13:03:24 232,824 -c----w c:\windows\$NtUninstallKB957097$\spuninst\spuninst.exe
+ 2008-07-08 13:03:34 392,056 -c----w c:\windows\$NtUninstallKB957097$\spuninst\updspapi.dll
+ 2008-04-14 06:11:44 337,408 -c----w c:\windows\$NtUninstallKB958644$\netapi32.dll
+ 2007-11-30 11:19:02 232,824 -c----w c:\windows\$NtUninstallKB958644$\spuninst\spuninst.exe
+ 2007-11-30 11:19:03 392,056 -c----w c:\windows\$NtUninstallKB958644$\spuninst\updspapi.dll
+ 2008-09-14 18:27:34 110,592 ----a-w c:\windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll
+ 2008-09-14 18:27:34 4,608 ----a-w c:\windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\extensibility.dll
+ 2008-09-14 18:27:32 1,215,328 ----a-w c:\windows\assembly\GAC\IACore\1.7.6223.0__31bf3856ad364e35\IACore.dll
+ 2008-09-14 18:27:32 82,784 ----a-w c:\windows\assembly\GAC\IALoader\1.7.6223.0__31bf3856ad364e35\IALoader.dll
+ 2008-09-14 18:27:33 8,007,680 ----a-w c:\windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
+ 2008-09-14 18:26:29 80,696 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.Access.Dao\12.0.0.0__71e9bce111e9429c\Microsoft.Office.interop.access.dao.dll
+ 2008-09-14 18:27:02 1,276,720 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll
+ 2008-09-14 18:27:03 150,320 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Graph.dll
+ 2008-09-14 18:27:21 17,208 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.OneNote\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OneNote.dll
+ 2008-09-16 12:57:47 250,928 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
+ 2008-09-14 18:27:04 20,280 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.SmartTag.dll
+ 2008-09-16 12:55:26 783,744 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
+ 2008-09-14 18:27:33 13,312 ----a-w c:\windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll
+ 2008-09-14 18:27:03 371,496 ----a-w c:\windows\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.Forms.dll
+ 2008-09-14 18:27:06 64,288 ----a-w c:\windows\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
+ 2008-09-14 18:27:32 229,376 ----a-w c:\windows\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\MSCOMCTL.DLL
+ 2008-09-14 18:27:34 4,096 ----a-w c:\windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll
+ 2008-09-14 18:27:04 416,544 ----a-w c:\windows\assembly\GAC\office\12.0.0.0__71e9bce111e9429c\OFFICE.DLL
+ 2008-09-14 18:26:31 12,096 ----a-w c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Excel.dll
+ 2008-09-14 18:27:10 12,096 ----a-w c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Graph.dll
+ 2008-09-14 18:27:21 12,112 ----a-w c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.PowerPoint.dll
+ 2008-09-14 18:27:10 12,104 ----a-w c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.SmartTag.dll
+ 2008-09-14 18:27:25 12,096 ----a-w c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Word.dll
+ 2008-09-14 18:27:15 12,080 ----a-w c:\windows\assembly\GAC\Policy.11.0.Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Vbe.Interop.dll
+ 2008-09-14 18:27:12 11,544 ----a-w c:\windows\assembly\GAC\Policy.11.0.office\12.0.0.0__71e9bce111e9429c\Policy.11.0.Office.dll
+ 2008-09-14 18:27:33 16,384 ----a-w c:\windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll
+ 2008-10-24 11:21:09 455,296 ------w c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-08-14 13:25:40 2,147,840 ------w c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2008-08-14 13:25:43 2,068,352 ------w c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-08-14 13:24:57 2,026,496 ------w c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-08-14 13:25:41 2,191,488 ------w c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2005-10-20 17:02:28 163,328 ----a-w c:\windows\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-20 18:02:28 163,328 ----a-w c:\windows\erdnt\Hiv-backup\ERDNT.EXE
+ 2006-10-26 15:49:48 1,011,488 ----a-r c:\windows\Installer\$PatchCache$\Managed\000021090100B0400000000000F01FEC\12.0.4518\MSDAIPP.DLL
+ 2006-10-26 15:49:46 970,528 ----a-r c:\windows\Installer\$PatchCache$\Managed\000021090100B0400000000000F01FEC\12.0.4518\MSONSEXT.DLL
+ 2006-10-27 12:00:12 1,751,904 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACECORE.DLL
+ 2006-10-27 12:00:10 576,376 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACEDAO.DLL
+ 2006-10-27 12:00:06 47,976 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACEERR.DLL
+ 2006-10-27 12:00:08 191,360 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACEES.DLL
+ 2006-10-26 17:13:34 338,800 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACEEXCH.DLL
+ 2006-10-26 17:13:44 629,616 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACEEXCL.DLL
+ 2006-10-26 17:13:28 207,736 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACELTS.DLL
+ 2006-10-26 17:13:32 279,352 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACEODBC.DLL
+ 2006-10-26 17:13:08 15,160 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACEODDBS.DLL
+ 2006-10-26 17:13:08 15,160 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACEODEXL.DLL
+ 2006-10-26 17:13:08 15,160 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACEODPDX.DLL
+ 2006-10-26 17:13:12 15,160 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACEODTXT.DLL
+ 2006-10-27 12:00:06 387,960 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACEOLEDB.DLL
+ 2006-10-26 17:13:38 392,048 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACEPDE.DLL
+ 2006-10-26 17:13:30 260,976 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACER2X.DLL
+ 2006-10-26 17:13:32 289,648 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACER3X.DLL
+ 2006-10-26 17:13:20 56,120 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACERCLR.DLL
+ 2006-10-26 17:13:38 551,800 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACEREP.DLL
+ 2006-10-26 17:13:30 224,104 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACETXT.DLL
+ 2006-10-26 17:13:34 371,568 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACEXBE.DLL
+ 2006-10-27 12:41:04 399,640 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\CDLMSO.DLL
+ 2006-10-26 16:59:24 205,616 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\CLVIEW.EXE
+ 2006-10-26 17:12:52 189,760 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\CONTACTPICKER.DLL
+ 2006-10-26 16:48:14 439,568 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\DWDCW20.DLL
+ 2006-10-26 16:48:14 434,528 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\DWTRIG20.EXE
+ 2006-10-27 12:07:36 17,891,112 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\EXCEL.EXE
+ 2006-10-26 11:10:08 1,190,688 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\FM20.DLL
+ 2006-10-26 11:04:58 75,576 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\FORM.DLL
+ 2006-10-26 16:21:24 1,682,232 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\FPSRVUTL.DLL
+ 2006-10-27 12:09:36 983,376 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\FPWEC.DLL
+ 2006-10-26 17:02:12 2,526,520 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\GRAPH.EXE
+ 2006-10-26 17:12:52 173,328 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\IEAWSDC.DLL
+ 2006-10-27 12:10:10 5,281,592 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\IPEDITOR.DLL
+ 2006-10-26 16:55:10 828,704 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MEDCAT.DLL
+ 2006-10-26 10:58:14 117,552 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSCONV97.DLL
+ 2006-10-27 12:26:40 16,870,712 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSO.DLL
+ 2006-10-27 11:59:06 161,080 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSOCF.DLL
+ 2006-10-26 16:48:12 14,664 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSOCFU.DLL
+ 2006-10-26 17:12:58 428,816 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSODCW.DLL
+ 2006-10-26 18:13:36 26,936 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSOEURO.DLL
+ 2006-10-26 17:00:08 6,635,320 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSORES.DLL
+ 2006-10-26 10:56:36 436,520 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSORUN.DLL
+ 2006-10-26 16:50:04 672,024 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSQRY32.EXE
+ 2006-10-26 10:56:40 505,136 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSSOAP30.DLL
+ 2006-10-26 16:55:12 832,800 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSTORDB.EXE
+ 2006-10-26 16:55:06 538,904 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSTORES.DLL
+ 2006-10-26 17:12:30 65,824 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\NAME.DLL
+ 2006-10-27 12:14:34 14,151,456 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\OART.DLL
+ 2006-10-26 17:42:36 8,423,224 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\OARTCONV.DLL
+ 2006-10-26 17:06:54 232,816 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ODEPLOY.EXE
+ 2006-10-26 17:14:06 7,033,152 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\OFFOWC.DLL
+ 2006-10-27 12:18:36 1,658,152 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\OGL.DLL
+ 2006-10-26 17:00:08 274,744 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\OIS.EXE
+ 2006-10-26 17:00:12 998,208 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\OISAPP.DLL
+ 2006-10-26 17:00:10 285,008 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\OISGRAPH.DLL
+ 2006-10-26 17:32:42 604,000 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ONBTTNIE.DLL
+ 2006-10-27 12:39:36 687,432 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ONBTTNOL.DLL
+ 2006-10-27 12:03:04 1,018,664 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ONENOTE.EXE
+ 2006-10-26 17:24:54 98,632 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ONENOTEM.EXE
+ 2006-10-26 17:24:50 72,504 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ONFILTER.DLL
+ 2006-10-26 17:24:58 1,165,112 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ONLIBS.DLL
+ 2006-10-27 12:03:06 6,579,512 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ONMAIN.DLL
+ 2006-10-26 17:23:00 782,720 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ONSYNCPC.DLL
+ 2006-10-26 17:07:04 6,536,992 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\OSETUP.DLL
+ 2006-07-26 15:53:56 459,080 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\OUTLFLTR.DLL
+ 2006-10-26 18:30:44 482,088 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\PORTCONN.DLL
+ 2006-10-27 12:04:06 465,200 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\POWERPNT.EXE
+ 2006-10-27 12:04:06 7,980,848 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\PPCORE.DLL
+ 2008-09-14 18:27:06 248,632 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\PPTPIA.DLL
+ 2006-10-26 16:52:10 2,012,480 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\PPTVIEW.EXE
+ 2006-10-26 11:05:00 77,144 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\PSOM.DLL
+ 2006-10-26 18:13:38 38,168 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\REFEDIT.DLL
+ 2006-10-26 11:04:44 19,784 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\REVERSE.DLL
+ 2006-10-26 17:13:00 503,624 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\SELFCERT.EXE
+ 2006-10-26 17:06:58 439,600 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\SETUP.EXE
+ 2006-10-27 11:57:08 2,330,968 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\STSLIST.DLL
+ 2006-10-26 11:04:48 29,976 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\THOCRAPI.DLL
+ 2006-10-26 11:05:04 126,784 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\TWCUTCHR.DLL
+ 2006-10-26 11:05:02 86,840 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\TWCUTLIN.DLL
+ 2006-10-26 11:04:56 58,168 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\TWLAY32.DLL
+ 2006-10-26 11:04:48 27,456 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\TWORIENT.DLL
+ 2006-10-26 11:04:54 51,008 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\TWRECE.DLL
+ 2006-10-26 11:04:44 19,784 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\TWRECS.DLL
+ 2006-10-26 11:04:58 76,624 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\TWSTRUCT.DLL
+ 2006-09-29 21:42:56 2,583,344 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\VBE6.DLL
+ 2006-10-27 12:23:04 347,432 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\WINWORD.EXE
+ 2008-09-14 18:27:06 781,104 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\WORDPIA.DLL
+ 2006-10-27 12:11:38 4,235,560 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\WRD12CNV.DLL
+ 2006-10-27 12:11:36 21,264 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\WRD12EXE.EXE
+ 2006-10-26 20:00:12 1,841,984 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\VVIEWDWG.DLL
+ 2006-10-26 19:58:38 3,732,792 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\VVIEWER.DLL
+ 2006-10-27 12:23:08 17,483,560 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\WWLIB.DLL
+ 2006-10-26 11:05:08 1,181,520 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\XIMAGE3B.DLL
+ 2006-10-26 18:13:08 14,674,216 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\XL12CNV.EXE
+ 2006-10-26 18:17:08 11,072 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\XLCALL32.DLL
+ 2006-10-26 11:05:08 530,760 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\XPAGE3C.DLL
+ 2007-10-05 17:37:38 17,927,192 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\EXCEL.EXE
+ 2007-09-14 18:45:58 16,901,168 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\MSO.DLL
+ 2007-08-28 21:19:24 1,654,648 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\OGL.DLL
+ 2007-08-28 20:06:16 467,840 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\POWERPNT.EXE
+ 2007-08-28 20:06:44 7,990,144 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\PPCORE.DLL
+ 2008-09-16 12:55:48 251,272 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\PPTPIA.DLL
+ 2007-08-28 20:16:00 350,064 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\WINWORD.EXE
+ 2007-09-06 14:56:32 17,490,800 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\WWLIB.DLL
+ 2007-10-02 17:00:06 14,708,760 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\XL12CNV.EXE
+ 2007-08-24 02:14:14 13,712 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\XLCALL32.DLL
+ 2008-11-13 09:37:10 32,768 ----a-r c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
+ 2008-09-16 12:56:57 217,864 ----a-r c:\windows\Installer\{90120000-006E-040B-0000-0000000FF1CE}\misc.exe
+ 2008-12-12 12:25:17 20,240 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-12-12 12:25:16 184,080 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-12-12 12:25:17 217,864 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
+ 2008-12-12 12:25:17 18,704 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-12-12 12:25:17 35,088 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-12-12 12:25:17 922,384 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-12-12 12:25:17 888,080 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-12-12 12:25:16 1,172,240 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-09-17 18:38:21 729,088 ----a-w c:\windows\iun6002.exe
- 2000-08-31 05:00:00 28,672 ----a-w c:\windows\Nircmd.exe
+ 2000-08-31 06:00:00 28,672 ----a-w c:\windows\Nircmd.exe
+ 2004-10-04 08:29:00 129,451 ----a-w c:\windows\Resources\Themes\Shell\Compac\shellstyle.dll
+ 2004-10-04 08:29:00 129,451 ----a-w c:\windows\Resources\Themes\Shell\Compac2\shellstyle.dll
+ 2004-10-04 08:29:00 129,451 ----a-w c:\windows\Resources\Themes\Shell\NormalColor\shellstyle.dll
- 2000-08-31 05:00:00 161,792 ----a-w c:\windows\swreg.exe
+ 2000-08-31 06:00:00 161,792 ----a-w c:\windows\swreg.exe
+ 2008-09-11 16:50:18 10,520 ----a-w c:\windows\system32\avgrsstx.dll
+ 2001-12-13 00:01:00 45,056 ----a-w c:\windows\system32\brss01a.exe
+ 2002-04-12 00:00:00 57,344 ----a-w c:\windows\system32\brsvc01a.exe
+ 2005-03-02 04:14:50 37,888 ----a-w c:\windows\system32\BrUSi05a.dll
+ 2005-03-02 02:35:22 121,856 ----a-w c:\windows\system32\BrWia05a.dll
+ 2001-02-05 02:16:08 258,048 ----a-w c:\windows\system32\bsplmf01.dll
+ 2003-12-24 00:00:00 131,072 ----a-w c:\windows\system32\bsplmf01.exe
+ 2007-01-11 07:19:00 11,008 ----a-r c:\windows\system32\BUFADPT.SYS
- 2008-04-14 06:12:08 139,264 ----a-w c:\windows\system32\cscript.exe
+ 2008-05-07 09:07:23 135,168 ----a-w c:\windows\system32\cscript.exe
- 2008-06-20 11:40:08 138,496 -c----w c:\windows\system32\dllcache\afd.sys
+ 2008-08-14 10:04:36 138,496 -c----w c:\windows\system32\dllcache\afd.sys
- 2007-07-30 16:19:20 92,504 -c--a-w c:\windows\system32\dllcache\cdm.dll
+ 2008-10-16 12:09:44 92,696 -c--a-w c:\windows\system32\dllcache\cdm.dll
+ 2008-05-07 09:07:23 135,168 -c----w c:\windows\system32\dllcache\cscript.exe
+ 2008-10-23 12:38:22 286,720 -c----w c:\windows\system32\dllcache\gdi32.dll
+ 2008-05-09 10:55:19 512,000 -c----w c:\windows\system32\dllcache\jscript.dll
- 2005-01-28 11:44:28 96,768 -c--a-w c:\windows\system32\dllcache\logagent.exe
+ 2008-06-10 03:52:04 96,768 -c--a-w c:\windows\system32\dllcache\logagent.exe
+ 2008-10-24 11:21:09 455,296 -c----w c:\windows\system32\dllcache\mrxsmb.sys
- 2008-06-23 15:10:15 3,088,384 -c----w c:\windows\system32\dllcache\mshtml.dll
+ 2008-12-12 17:03:17 3,088,896 -c----w c:\windows\system32\dllcache\mshtml.dll
+ 2008-09-04 17:16:38 1,106,944 -c----w c:\windows\system32\dllcache\msxml3.dll
- 2008-04-14 06:11:44 1,306,624 -c----w c:\windows\system32\dllcache\msxml6.dll
+ 2008-09-10 01:15:51 1,307,648 -c----w c:\windows\system32\dllcache\msxml6.dll
+ 2008-10-15 16:37:15 337,408 -c----w c:\windows\system32\dllcache\netapi32.dll
+ 2008-08-14 13:25:40 2,147,840 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-08-14 13:25:43 2,068,352 -c----w c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-08-14 13:24:57 2,026,496 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-08-14 13:25:41 2,191,488 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
+ 2008-05-09 10:55:19 180,224 -c----w c:\windows\system32\dllcache\scrobj.dll
+ 2008-05-09 10:55:19 172,032 -c----w c:\windows\system32\dllcache\scrrun.dll
- 2008-06-26 08:14:07 1,498,624 -c----w c:\windows\system32\dllcache\shdocvw.dll
+ 2008-10-16 01:01:57 1,498,624 -c----w c:\windows\system32\dllcache\shdocvw.dll
+ 2008-09-08 10:41:42 333,824 -c----w c:\windows\system32\dllcache\srv.sys
- 2008-04-14 06:11:56 246,814 -c----w c:\windows\system32\dllcache\strmdll.dll
+ 2008-10-03 10:03:58 247,326 -c----w c:\windows\system32\dllcache\strmdll.dll
- 2008-06-26 08:14:07 619,008 -c----w c:\windows\system32\dllcache\urlmon.dll
+ 2008-10-16 01:01:57 619,008 -c----w c:\windows\system32\dllcache\urlmon.dll
+ 2008-04-13 08:47:38 25,856 -c--a-w c:\windows\system32\dllcache\usbprint.sys
+ 2008-05-09 10:55:19 430,080 -c----w c:\windows\system32\dllcache\vbscript.dll
+ 2008-09-15 15:27:14 1,846,656 -c----w c:\windows\system32\dllcache\win32k.sys
- 2008-06-23 15:10:15 666,112 -c----w c:\windows\system32\dllcache\wininet.dll
+ 2008-10-16 01:01:57 666,112 -c----w c:\windows\system32\dllcache\wininet.dll
- 2005-01-28 11:44:28 1,027,072 -c--a-w c:\windows\system32\dllcache\wmnetmgr.dll
+ 2008-06-10 04:28:36 1,028,096 -c--a-w c:\windows\system32\dllcache\WMNetmgr.dll
- 2006-12-07 05:29:34 2,374,472 -c--a-w c:\windows\system32\dllcache\wmvcore.dll
+ 2008-06-10 05:07:24 2,376,760 -c--a-w c:\windows\system32\dllcache\WMVCore.dll
+ 2008-05-08 11:24:44 155,648 -c----w c:\windows\system32\dllcache\wscript.exe
+ 2008-05-09 10:55:19 90,112 -c----w c:\windows\system32\dllcache\wshext.dll
- 2007-07-30 16:19:36 549,720 -c--a-w c:\windows\system32\dllcache\wuapi.dll
+ 2008-10-16 12:12:20 561,688 -c--a-w c:\windows\system32\dllcache\wuapi.dll
- 2007-07-30 16:19:16 53,080 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
+ 2008-10-16 12:09:44 51,224 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
- 2007-07-30 16:19:42 1,712,984 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
+ 2008-10-16 12:13:40 1,809,944 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
- 2007-07-30 16:19:32 325,976 -c--a-w c:\windows\system32\dllcache\wucltui.dll
+ 2008-10-16 12:12:22 323,608 -c--a-w c:\windows\system32\dllcache\wucltui.dll
- 2007-07-30 16:18:40 33,624 -c--a-w c:\windows\system32\dllcache\wups.dll
+ 2008-10-16 12:08:58 34,328 -c--a-w c:\windows\system32\dllcache\wups.dll
- 2007-07-30 16:19:28 203,096 -c--a-w c:\windows\system32\dllcache\wuweb.dll
+ 2008-10-16 12:13:40 202,776 -c--a-w c:\windows\system32\dllcache\wuweb.dll
+ 2005-01-19 02:01:00 27,264 ----a-w c:\windows\system32\driver\RNDISMP.sys
+ 2005-01-19 02:01:00 27,264 ----a-w c:\windows\system32\driver\RNDISMPK.sys
+ 2005-01-19 02:01:00 11,136 ----a-w c:\windows\system32\driver\usb8023.sys
+ 2005-01-19 02:01:00 11,136 ----a-w c:\windows\system32\driver\usb8023k.sys
- 2008-06-20 11:40:08 138,496 ----a-w c:\windows\system32\drivers\afd.sys
+ 2008-08-14 10:04:36 138,496 ----a-w c:\windows\system32\drivers\afd.sys
+ 2007-05-23 02:33:00 442,752 ----a-w c:\windows\system32\drivers\ag300n5.sys
+ 2004-05-28 02:43:00 3,264 ----a-w c:\windows\system32\drivers\AIFILT.SYS
+ 2005-06-09 03:18:00 145,280 ----a-w c:\windows\system32\drivers\ar5523.bin
+ 2005-06-09 03:15:00 288,448 ----a-w c:\windows\system32\drivers\ar5523.sys
+ 2005-06-09 03:18:00 43,392 ----a-w c:\windows\system32\drivers\athfmwdl.sys
+ 2008-09-11 16:50:13 26,824 ----a-w c:\windows\system32\drivers\avgmfx86.sys
+ 2008-09-11 16:50:18 12,936 ----a-w c:\windows\system32\drivers\avgrkx86.sys
+ 2004-07-13 04:49:00 3,264 ----a-w c:\windows\system32\drivers\BFAIFILT.SYS
+ 2004-10-15 03:50:20 15,295 ----a-w c:\windows\system32\drivers\BrScnUsb.sys
+ 2006-07-05 08:48:00 473,696 ----a-w c:\windows\system32\drivers\cbag108.sys
+ 2006-10-12 07:28:56 604,928 ----a-w c:\windows\system32\drivers\cbg300n.SYS
+ 2007-08-08 06:32:04 536,576 ----a-w c:\windows\system32\drivers\cbg300n2.sys
+ 2005-11-01 08:13:00 372,480 ----a-w c:\windows\system32\drivers\CBG54.sys
+ 2004-04-04 04:07:00 83,320 ----a-w c:\windows\system32\drivers\FwRad16.bin
+ 2004-04-04 04:07:00 84,912 ----a-w c:\windows\system32\drivers\FwRad17.bin
+ 2008-09-17 18:33:32 25,280 ----a-w c:\windows\system32\drivers\hamachi.sys
+ 2004-09-08 07:04:00 262,656 ----a-w c:\windows\system32\drivers\I2220NTA.SYS
+ 2004-09-08 07:01:00 159,872 ----a-w c:\windows\system32\drivers\I2220NTX.SYS
- 2008-04-13 09:17:02 456,576 ----a-w c:\windows\system32\drivers\mrxsmb.sys
+ 2008-10-24 11:21:09 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
- 2008-04-13 09:15:12 334,848 ----a-w c:\windows\system32\drivers\srv.sys
+ 2008-09-08 10:41:42 333,824 ----a-w c:\windows\system32\drivers\srv.sys
+ 2006-03-06 07:08:00 8,946 ----a-w c:\windows\system32\drivers\tmimo3.bin
+ 2006-03-06 07:07:00 783,872 ----a-w c:\windows\system32\drivers\tmimo31p.SYS
+ 2004-04-18 15:20:00 385,792 ----a-w c:\windows\system32\drivers\TNET1130.SYS
+ 2006-11-19 17:04:00 499,328 ----a-w c:\windows\system32\drivers\U2G300N5.sys
+ 2005-10-17 10:50:00 245,376 ----a-w c:\windows\system32\drivers\U2KG54.SYS
+ 2006-08-24 04:44:00 477,696 ----a-w c:\windows\system32\drivers\U2KG54L.SYS
+ 2006-09-07 03:34:00 347,776 ----a-w c:\windows\system32\drivers\U2SG54HP.SYS
+ 2007-08-08 06:27:20 517,248 ----a-w c:\windows\system32\drivers\ucg300n.sys
+ 2006-02-02 23:59:00 355,616 ----a-w c:\windows\system32\drivers\USB2G542.sys
+ 2008-04-13 08:47:38 25,856 ----a-w c:\windows\system32\drivers\usbprint.sys
+ 2002-04-26 16:00:00 156,160 ----a-w c:\windows\system32\drivers\WLAGS48B.SYS
+ 2004-07-12 01:16:00 185,728 ----a-w c:\windows\system32\drivers\WLICBB11.SYS
+ 2003-03-20 00:24:00 619,648 ----a-w c:\windows\system32\drivers\WLIS11.SYS
+ 2003-08-01 00:56:00 640,128 ----a-w c:\windows\system32\drivers\WLIUKB11.SYS
+ 2002-11-14 11:17:00 179,712 ----a-w c:\windows\system32\drivers\WLMEL51B.SYS
+ 2005-01-26 09:23:00 5,374 ----a-w c:\windows\system32\drivers\WNI6000.BIN
+ 2005-01-26 09:24:00 826,880 ----a-w c:\windows\system32\drivers\WNIHDD51.SYS
- 1999-10-28 21:49:10 1,129,232 -c--a-w c:\windows\system32\FM20.DLL
+ 2007-08-22 22:03:38 1,195,888 ----a-w c:\windows\system32\FM20.DLL
- 1999-10-28 21:49:10 26,384 -c--a-w c:\windows\system32\FM20ENU.DLL
+ 2006-10-26 10:10:06 33,088 ----a-w c:\windows\system32\FM20ENU.DLL
- 2008-09-07 10:48:41 151,584 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2008-10-17 07:19:11 187,408 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2006-10-26 10:45:04 207,360 ----a-w c:\windows\system32\INKED.DLL
- 2008-04-14 06:11:38 512,000 ----a-w c:\windows\system32\jscript.dll
+ 2008-05-09 10:55:19 512,000 ----a-w c:\windows\system32\jscript.dll
- 2005-01-28 11:44:28 96,768 ----a-w c:\windows\system32\logagent.exe
+ 2008-06-10 03:52:04 96,768 ----a-w c:\windows\system32\logagent.exe
- 2008-05-29 23:35:11 17,486,968 ----a-w c:\windows\system32\MRT.exe
+ 2008-12-09 23:24:37 17,593,280 ----a-w c:\windows\system32\MRT.exe
- 2008-06-23 15:10:15 3,088,384 ----a-w c:\windows\system32\mshtml.dll
+ 2008-12-12 17:03:17 3,088,896 ----a-w c:\windows\system32\mshtml.dll
+ 2006-10-26 16:56:10 32,592 ----a-w c:\windows\system32\msonpmon.dll
- 2008-04-14 06:11:44 1,104,896 ----a-w c:\windows\system32\msxml3.dll
+ 2008-09-04 17:16:38 1,106,944 ----a-w c:\windows\system32\msxml3.dll
- 2008-04-14 06:11:44 1,306,624 ------w c:\windows\system32\msxml6.dll
+ 2008-09-10 01:15:51 1,307,648 ------w c:\windows\system32\msxml6.dll
- 2008-04-14 06:11:44 337,408 ----a-w c:\windows\system32\netapi32.dll
+ 2008-10-15 16:37:15 337,408 ----a-w c:\windows\system32\netapi32.dll
- 2008-04-14 05:49:32 2,068,224 ----a-w c:\windows\system32\ntkrnlpa.exe
+ 2008-08-14 13:25:43 2,068,352 ----a-w c:\windows\system32\ntkrnlpa.exe
- 2008-04-14 05:49:54 2,191,360 ----a-w c:\windows\system32\ntoskrnl.exe
+ 2008-08-14 13:25:41 2,191,488 ----a-w c:\windows\system32\ntoskrnl.exe
- 2008-09-07 10:51:04 63,528 ----a-w c:\windows\system32\perfc009.dat
+ 2008-12-27 17:18:41 63,528 ----a-w c:\windows\system32\perfc009.dat
- 2008-09-07 10:51:04 77,424 ----a-w c:\windows\system32\perfc00B.dat
+ 2008-12-27 17:18:41 77,424 ----a-w c:\windows\system32\perfc00B.dat
- 2008-09-07 10:51:04 406,328 ----a-w c:\windows\system32\perfh009.dat
+ 2008-12-27 17:18:41 406,328 ----a-w c:\windows\system32\perfh009.dat
- 2008-09-07 10:51:04 381,250 ----a-w c:\windows\system32\perfh00B.dat
+ 2008-12-27 17:18:41 381,250 ----a-w c:\windows\system32\perfh00B.dat
- 2008-04-14 06:11:46 180,224 ----a-w c:\windows\system32\scrobj.dll
+ 2008-05-09 10:55:19 180,224 ----a-w c:\windows\system32\scrobj.dll
- 2008-04-14 06:11:46 172,032 ----a-w c:\windows\system32\scrrun.dll
+ 2008-05-09 10:55:19 172,032 ----a-w c:\windows\system32\scrrun.dll
- 2008-06-26 08:14:07 1,498,624 ----a-w c:\windows\system32\shdocvw.dll
+ 2008-10-16 01:01:57 1,498,624 ----a-w c:\windows\system32\shdocvw.dll
+ 2008-07-18 19:10:20 36,552 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.784\wups.dll
+ 2008-10-16 12:08:58 34,328 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
+ 2008-07-18 19:10:40 45,768 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.784\wups2.dll
+ 2008-10-16 12:09:44 43,544 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll
+ 2006-12-21 01:57:00 163,789 ----a-w c:\windows\system32\spool\drivers\w32x86\3\acpdf210.dll
+ 2006-12-21 01:58:00 191,608 ----a-w c:\windows\system32\spool\drivers\w32x86\3\acpdfui210.dll
+ 2005-04-28 10:42:00 118,784 ----a-w c:\windows\system32\spool\drivers\w32x86\3\bril05a.dll
+ 2005-04-28 10:40:08 1,705,467 ----a-w c:\windows\system32\spool\drivers\w32x86\3\brio05a.dll
+ 2005-04-28 10:40:08 996,104 ----a-w c:\windows\system32\spool\drivers\w32x86\3\briu05a.dll
+ 2002-06-29 03:01:00 100,864 ----a-w c:\windows\system32\spool\drivers\w32x86\3\brqikmon.exe
+ 2006-12-21 02:00:00 1,081,344 ----a-w c:\windows\system32\spool\drivers\w32x86\3\cdintf210.dll
+ 2006-10-26 16:56:16 864,080 ----a-w c:\windows\system32\spool\drivers\w32x86\3\msonpdrv.dll
+ 2006-10-26 16:56:14 67,408 ----a-w c:\windows\system32\spool\drivers\w32x86\3\msonpui.dll
+ 2006-12-21 01:57:00 163,789 ----a-w c:\windows\system32\spool\drivers\w32x86\amyuni_amyunidocumentconverter210\acpdf210.dll
+ 2006-12-21 01:58:00 191,608 ----a-w c:\windows\system32\spool\drivers\w32x86\amyuni_amyunidocumentconverter210\acpdfui210.dll
+ 2006-12-21 02:00:00 1,081,344 ----a-w c:\windows\system32\spool\drivers\w32x86\amyuni_amyunidocumentconverter210\cdintf210.dll
+ 2005-04-28 10:42:00 118,784 ----a-w c:\windows\system32\spool\drivers\w32x86\brotherdcp_117c5508\bril05a.dll
+ 2005-04-28 10:40:08 1,705,467 ----a-w c:\windows\system32\spool\drivers\w32x86\brotherdcp_117c5508\brio05a.dll
+ 2005-04-28 10:40:08 996,104 ----a-w c:\windows\system32\spool\drivers\w32x86\brotherdcp_117c5508\briu05a.dll
+ 2002-06-29 03:01:00 100,864 ----a-w c:\windows\system32\spool\drivers\w32x86\brotherdcp_117c5508\brqikmon.exe
+ 2004-02-09 00:00:00 26,285 ----a-w c:\windows\system32\spool\prtprocs\w32x86\brmfpp1.dll
+ 2006-10-26 16:56:12 33,104 ----a-w c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
- 2008-04-14 06:12:32 60,416 ------w c:\windows\system32\tzchange.exe
+ 2008-10-23 10:06:59 62,976 ------w c:\windows\system32\tzchange.exe
- 2008-06-26 08:14:07 619,008 ----a-w c:\windows\system32\urlmon.dll
+ 2008-10-16 01:01:57 619,008 ----a-w c:\windows\system32\urlmon.dll
+ 2002-04-26 16:03:00 159,744 ----a-w c:\windows\system32\WAAGS48B.DLL
+ 2002-11-14 11:18:00 159,744 ----a-w c:\windows\system32\WAMEL51B.DLL
- 2008-04-14 06:11:56 434,176 ----a-w c:\windows\system32\vbscript.dll
+ 2008-05-09 10:55:19 430,080 ----a-w c:\windows\system32\vbscript.dll
+ 2002-04-26 16:02:00 69,632 ----a-w c:\windows\system32\WCAGS48B.EXE
+ 2002-11-14 11:18:00 69,632 ----a-w c:\windows\system32\WCMEL51B.EXE
+ 2002-04-26 16:04:00 8,704 ----a-w c:\windows\system32\WDAGS48B.DLL
+ 2008-04-14 06:11:38 14,336 ----a-w c:\windows\system32\wdmaud.sys
+ 2002-11-14 11:19:00 7,680 ----a-w c:\windows\system32\WDMEL51B.DLL
- 2008-04-14 05:41:30 1,845,888 ----a-w c:\windows\system32\win32k.sys
+ 2008-09-15 15:27:14 1,846,656 ----a-w c:\windows\system32\win32k.sys
+ 2006-10-26 10:45:04 293,376 ----a-w c:\windows\system32\WISPTIS.EXE
- 2005-01-28 11:44:28 1,027,072 ----a-w c:\windows\system32\wmnetmgr.dll
+ 2008-06-10 04:28:36 1,028,096 ----a-w c:\windows\system32\WMNetmgr.dll
- 2006-12-07 05:29:34 2,374,472 ----a-w c:\windows\system32\wmvcore.dll
+ 2008-06-10 05:07:24 2,376,760 ----a-w c:\windows\system32\WMVCore.dll
- 2008-04-14 06:12:36 155,648 ----a-w c:\windows\system32\wscript.exe
+ 2008-05-08 11:24:44 155,648 ----a-w c:\windows\system32\wscript.exe
- 2008-04-14 06:12:00 90,112 ----a-w c:\windows\system32\wshext.dll
+ 2008-05-09 10:55:19 90,112 ----a-w c:\windows\system32\wshext.dll
+ 2004-10-15 08:35:16 77,824 ----a-w c:\windows\twain_32\BrMfSc07\Common\BrScnDev.dll
+ 2004-08-16 06:49:14 49,152 ----a-w c:\windows\twain_32\BrMfSc07\Common\BrStiIf.dll
+ 2004-10-28 00:35:20 131,072 ----a-w c:\windows\twain_32\BrMfSc07\Common\BrTwds.dll
+ 2004-12-07 09:28:06 180,224 ----a-w c:\windows\twain_32\BrMfSc07\Common\BrTwdScn.dll
+ 2004-10-28 00:35:58 131,072 ----a-w c:\windows\twain_32\BrMfSc07\Common\BrTwdsUi.dll
+ 2004-11-16 01:32:10 73,728 ----a-w c:\windows\twain_32\BrMfSc07\Lang\BrTwdChn.dll
+ 2004-10-06 00:40:24 90,112 ----a-w c:\windows\twain_32\BrMfSc07\Lang\BrTwdDan.dll
+ 2004-10-06 00:40:26 90,112 ----a-w c:\windows\twain_32\BrMfSc07\Lang\BrTwdDut.dll
+ 2004-10-06 00:40:26 90,112 ----a-w c:\windows\twain_32\BrMfSc07\Lang\BrTwdEng.dll
+ 2004-10-06 00:40:28 94,208 ----a-w c:\windows\twain_32\BrMfSc07\Lang\BrTwdFre.dll
+ 2004-10-06 00:40:30 94,208 ----a-w c:\windows\twain_32\BrMfSc07\Lang\BrTwdGer.dll
+ 2004-10-06 00:40:30 94,208 ----a-w c:\windows\twain_32\BrMfSc07\Lang\BrTwdIta.dll
+ 2005-03-03 00:35:36 73,728 ----a-w c:\windows\twain_32\BrMfSc07\Lang\BrTwdJpn.dll
+ 2004-10-06 00:40:30 90,112 ----a-w c:\windows\twain_32\BrMfSc07\Lang\BrTwdNor.dll
+ 2004-10-06 00:40:32 94,208 ----a-w c:\windows\twain_32\BrMfSc07\Lang\BrTwdPor.dll
+ 2004-10-06 01:16:36 94,208 ----a-w c:\windows\twain_32\BrMfSc07\Lang\BrTwdSpa.dll
+ 2004-10-06 00:40:32 90,112 ----a-w c:\windows\twain_32\BrMfSc07\Lang\BrTwdSwe.dll
+ 2004-10-06 00:40:34 90,112 ----a-w c:\windows\twain_32\BrMfSc07\Lang\BrTwdUsa.dll
+ 2007-02-22 11:00:00 204,800 ----a-w c:\windows\UN800114.EXE
- 2008-04-08 16:38:48 60,862 ----a-w c:\windows\War3Unin.dat
+ 2008-09-17 18:57:20 61,810 ----a-w c:\windows\War3Unin.dat
+ 2008-09-30 14:42:08 1,286,152 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll
+ 2008-09-30 14:45:12 91,656 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
- 2005-09-22 21:49:12 95,744 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841\ATL80.dll
+ 2006-10-26 10:40:34 95,744 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841\ATL80.dll
+ 2006-12-01 19:56:00 96,256 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2006-12-01 21:46:44 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
+ 2008-04-15 17:49:33 1,724,416 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\GdiPlus.dll
.
-- Snapshot nollattu tähän hetkeen --
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-22 339968]
"Logitech Hardware Abstraction Layer"="c:\program files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2006-07-19 94208]
"AVG8_TRAY"="e:\avg\avgtray.exe" [2008-12-02 1261336]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-12-23 180269]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-07-19 c:\windows\KHALMNPR.Exe]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:\windows\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 22:34 24576 c:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll,avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
"aux"= wdmaud.sys

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"e:\\AVG\\avgemc.exe"=
"e:\\AVG\\avgupd.exe"=
"e:\\AVG\\avgnsx.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Curse\\CurseClient.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25920:TCP"= 25920:TCP:BitComet 25920 TCP
"25920:UDP"= 25920:UDP:BitComet 25920 UDP

R0 aliidex;aliidex;c:\windows\system32\drivers\aliidex.sys [2005-12-17 7040]
R0 aliperf;aliperf;c:\windows\system32\drivers\aliperf.sys [2005-12-17 7168]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\Drivers\avgrkx86.sys [2008-09-11 12936]
R0 uliagpkx;ULi AGP Bus Filter Driver;c:\windows\system32\DRIVERS\agpkx.sys [2005-12-17 44928]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-09-11 98440]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-09-11 90632]
R1 fsipfilter;Fleasome Ip Filter;c:\windows\system32\drivers\fsipfltr.sys [2006-08-23 84035]
R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [2005-12-19 11776]
R1 WRDRV;WRDRV;c:\windows\system32\drivers\wrdrv.sys [2006-12-13 80384]
R2 avg8emc;AVG8 E-mail Scanner;e:\avg\avgemc.exe [2008-12-02 874776]
R2 avg8wd;AVG8 WatchDog;e:\avg\avgwdsvc.exe [2008-09-11 231704]
R2 avgfws8;AVG8 Firewall;e:\avg\avgfws8.exe [2008-12-02 1212184]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys [2008-09-11 29208]
R3 ULI5261;ULi Based Ethernet NT Driver;c:\windows\system32\DRIVERS\ULILAN.SYS [2005-12-17 29696]
S2 WinRoute;Kerio WinRoute Firewall; []
S3 abugr;abugr;\??\c:\documents and settings\Mikael\Työpöytä\Glider\abugr.sys []
S3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys [2008-09-11 29208]
S3 kvpndev;Kerio VPN adapter;c:\windows\system32\DRIVERS\kvpndrv.sys [2006-12-13 59392]
S3 WLIU2KG125S;BUFFALO WLI-U2-KG125S Wireless LAN Adapter Driver;c:\windows\system32\DRIVERS\usb8023.sys [2001-10-09 12800]

*Newly Created Service* - SYSMONLOG
.
'Ajoitetut tehtävät'-kansion sisältö

2008-11-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe []
.
- - - - POISTETUT JÄMÄRIVIT - - - -

HKCU-Run-DAEMON Tools - c:\program files\DAEMON Tools\daemon.exe
HKCU-Run-PcSync - c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe
HKLM-Run-SmcService - c:\progra~1\Sygate\SPF\smc.exe
HKLM-Run-DAEMON Tools - c:\program files\DAEMON Tools\daemon.exe

.
------- Täydentävä tarkistus -------
.
uStart Page = hxxp://www.google.fi/
IE: V&ie Microsoft Exceliin - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FF - ProfilePath - c:\documents and settings\Mikael\Application Data\Mozilla\Firefox\Profiles\j88mpqeu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: e:\avg\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npigl.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-27 22:13:54
Windows 5.1.2600 Service Pack 3 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
--------------------- Prosesseihin ladatut DLLt ---------------------

- - - - - - - > 'winlogon.exe'(1336)
c:\windows\system32\avgrsstx.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll

- - - - - - - > 'lsass.exe'(1472)
c:\windows\system32\avgrsstx.dll
.
Valmistumisajankohta: 2008-12-27 22:15:26
ComboFix-quarantined-files.txt 2008-12-27 20:15:04

Ennen ajoa: 12ÿ978ÿ974ÿ720 tavua vapaana
Ajon jõlkeen: 13,028,265,984 tavua vapaana

708 --- E O F --- 2008-12-19 11:46:00

Apua mahd. pian kiitos..

[ + lainaa]