Kone täynnä kaiken laista p*skaa, Viruslab 2009?

Discussion in 'Virukset ja haittaohjelmat - HijackThis -logit' started by Sakado, Oct 18, 2008.

  1. Sakado

    Sakado Member

    Joined:
    Nov 8, 2007
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    11
    Jooh itse en ole käyttänyt tätä ja en myöskään tiedä mitä h**vettiä tällä on tehty..

    HJT Logi

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:36:46, on 18.10.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\system32\IoctlSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\ATI-CPanel\atiptaxx.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://windiwsfsearch.com
    R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://windiwsfsearch.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://windiwsfsearch.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://windiwsfsearch.com/ie6.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://windiwsfsearch.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://windiwsfsearch.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://windiwsfsearch.com/ie6.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://windiwsfsearch.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://windiwsfsearch.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://windiwsfsearch.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
    O4 - HKCU\..\Run: [wblogon] C:\WINDOWS\system32\algg.exe
    O4 - HKCU\..\Run: [VirusRL2009] "C:\Program Files\VirusRL2009\VirusRL2009.exe"
    O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
    O4 - HKLM\..\Policies\Explorer\Run: [smile] C:\Program Files\Applications\wcs.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
    O4 - HKUS\S-1-5-21-1482476501-963894560-682003330-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Suoranta&Seppi')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
    O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
    O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
    O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
    O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
    O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

    --
    End of file - 7257 bytes

    Postaan piakkoin Malwarebytesin login

    Malwarebytes:

    Malwarebytes' Anti-Malware 1.28
    Tietokantaversio: 1226
    Windows 5.1.2600 Service Pack 2

    18.10.2008 19:43:05
    mbam-log-2008-10-18 (19-43-05).txt

    Tarkistustyyppi: Pikatarkistus
    Tarkistetut kohteet: 46296
    Kulunut aika: 6 minute(s), 10 second(s)

    Saastuneita muistiprosesseja: 0
    Saastuneita muistimoduuleja: 0
    Saastuneita rekisteriavaimia: 10
    Saastuneita rekisteriarvoja: 2
    Saastuneita rekisterikohteita: 14
    Saastuneita hakemistoja: 2
    Saastuneita tiedostoja: 9

    Saastuneita muistiprosesseja:
    (Haitallisia kohteita ei löydetty)

    Saastuneita muistimoduuleja:
    (Haitallisia kohteita ei löydetty)

    Saastuneita rekisteriavaimia:
    HKEY_CLASSES_ROOT\Interface\{967a494a-6aec-4555-9caf-fa6eb00acf91} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{9692be2f-eb8f-49d9-a11c-c24c1ef734d5} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{a8954909-1f0f-41a5-a7fa-3b376d69e226} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Safety Alert (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\e405.e405mgr (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEBrowse Tool (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Warning Center (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\multimediaControls.chl (Trojan.Zlob) -> Quarantined and deleted successfully.

    Saastuneita rekisteriarvoja:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\smile (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wblogon (Trojan.Zlob) -> Quarantined and deleted successfully.

    Saastuneita rekisterikohteita:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.Search) -> Bad: (http://windiwsfsearch.com/ie6.html) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.Search) -> Bad: (http://windiwsfsearch.com/ie6.html) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://windiwsfsearch.com/search?q={searchTerms}) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://windiwsfsearch.com/search?q={searchTerms}) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://windiwsfsearch.com/search?q=%s) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://windiwsfsearch.com/search?q=%s) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

    Saastuneita hakemistoja:
    C:\Documents and Settings\All Users\Application Data\Software Licensors\Antispyware PRO XP (Rogue.AntiSpywareProXP) -> Quarantined and deleted successfully.
    C:\Program Files\AAV (Rogue.AdvancedAntivirus) -> Quarantined and deleted successfully.

    Saastuneita tiedostoja:
    C:\Documents and Settings\All Users\Application Data\Software Licensors\Antispyware PRO XP\asproxp.exe (Rogue.AntiSpywareProXP) -> Quarantined and deleted successfully.
    C:\Program Files\AAV\aav.ooo (Rogue.AdvancedAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\AAV\aav1.dat (Rogue.AdvancedAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\Applications\iebtu.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\Program Files\Applications\wcm.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\Program Files\Applications\wcs.exe (Trojan.Zlob) -> Delete on reboot.
    C:\Program Files\Applications\wcu.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sakado\Local Settings\Temp\xrg1.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Sakado\Application Data\Microsoft\Internet Explorer\Quick Launch\VirusResponse Lab 2009 2.1.lnk (Rogue.AntiVirusLab) -> Quarantined and deleted successfully.


    Sitten Combofix:

    ComboFix 08-10-17.01 - Sakado 2008-10-18 19:53:00.2 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.233 [GMT 3:00]
    Sijainti: C:\Documents and Settings\Sakado\Työpöytä\Sakado\ComboFix.exe
    * Uusi palautuspiste luotu
    .

    ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-09-18 to 2008-10-18 )))))))))))))))))
    .

    2008-10-18 19:44 . 2008-10-18 19:44 61,440 --a------ C:\WINDOWS\system32\drivers\zuwwfy.sys
    2008-10-17 21:25 . 2008-08-14 16:46 2,182,656 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
    2008-10-17 21:25 . 2008-08-14 16:46 2,138,624 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
    2008-10-17 21:25 . 2008-08-14 16:46 2,060,032 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
    2008-10-17 21:25 . 2008-08-14 16:46 2,018,304 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
    2008-10-10 21:21 . 2008-10-10 21:21 <KANSIO> d-------- C:\Documents and Settings\Suoranta&Seppi\Application Data\Malwarebytes
    2008-10-10 21:19 . 2008-10-18 19:43 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Software Licensors
    2008-10-10 17:26 . 2008-10-10 17:26 <KANSIO> d-------- C:\Documents and Settings\Suoranta&Seppi\Application Data\DAEMON Tools
    2008-10-10 15:34 . 2008-10-10 15:34 <KANSIO> d-------- C:\Documents and Settings\Suoranta&Seppi\Application Data\Soldat
    2008-10-05 13:27 . 2008-10-10 19:17 <KANSIO> d-------- C:\WINDOWS\system32\590075
    2008-10-05 13:26 . 2008-10-18 19:43 <KANSIO> d-------- C:\Program Files\Applications
    2008-10-05 10:20 . 2008-10-10 15:28 <KANSIO> d-------- C:\Documents and Settings\Suoranta&Seppi\Contacts
    2008-10-04 16:13 . 2008-10-04 16:13 <KANSIO> d-------- C:\Program Files\Lavalys
    2008-10-04 02:05 . 2008-10-04 02:07 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-10-04 02:05 . 2008-10-04 02:05 <KANSIO> d-------- C:\Documents and Settings\Sakado\Application Data\Malwarebytes
    2008-10-04 02:05 . 2008-10-04 02:05 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-10-04 02:05 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-10-04 02:05 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-10-04 00:13 . 2008-10-04 00:21 <KANSIO> d-------- C:\Program Files\xchat
    2008-10-03 20:13 . 2008-10-03 20:13 <KANSIO> d-------- C:\Documents and Settings\Sakado\Application Data\leafChat
    2008-09-21 17:15 . 2008-09-22 11:31 <KANSIO> d-------- C:\Program Files\Common Files\Labtec
    2008-09-21 17:15 . 2007-03-06 17:51 129,824 --a------ C:\WINDOWS\system32\lvci1051.dll
    2008-09-21 16:52 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
    2008-09-21 16:52 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
    2008-09-21 16:50 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
    2008-09-21 16:50 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
    2008-09-20 00:46 . 2008-09-20 00:46 <KANSIO> d-------- C:\Program Files\Trend Micro

    .
    (((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-18 16:44 1,322 ----a-w C:\Program Files\jihooe.txt
    2008-10-05 00:55 --------- d-----w C:\Documents and Settings\Sakado\Application Data\uTorrent
    2008-10-04 23:45 --------- d-----w C:\Program Files\Warcraft III
    2008-10-04 20:55 24 ----a-w C:\Documents and Settings\Sakado\jagex_runescape_preferences.dat
    2008-10-04 19:14 --------- d-----w C:\Documents and Settings\Sakado\Application Data\Audacity
    2008-10-04 09:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-10-03 22:15 --------- d-----w C:\Documents and Settings\Sakado\Application Data\X-Chat 2
    2008-10-03 17:56 --------- d-----w C:\Program Files\HyCam2
    2008-10-03 16:13 --------- d-----w C:\Program Files\EA GAMES
    2008-09-15 15:51 82,432 ----a-w C:\WINDOWS\system32\IEDFix.C.exe
    2008-09-15 15:40 1,846,272 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-09-08 20:38 88,576 ----a-w C:\WINDOWS\system32\AntiXPVSTFix.exe
    2008-09-06 18:24 --------- d-----w C:\Documents and Settings\Sakado\Application Data\Hamachi
    2008-09-06 15:09 --------- d-s---w C:\Program Files\Xfire
    2008-09-06 13:39 --------- d-----w C:\Program Files\Counter-Strike 1.6 V31
    2008-09-06 13:38 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-09-06 08:09 --------- d-----w C:\Documents and Settings\Sakado\Application Data\Xfire
    2008-09-06 07:59 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Xfire
    2008-09-05 17:20 --------- d-----w C:\Program Files\SystemRequirementsLab
    2008-09-05 17:20 --------- d-----w C:\Documents and Settings\Sakado\Application Data\SystemRequirementsLab
    2008-09-05 16:58 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
    2008-09-05 16:58 --------- d-----w C:\Program Files\Hamachi
    2008-09-02 13:51 86,528 ----a-w C:\WINDOWS\system32\VACFix.exe
    2008-08-29 12:39 --------- d-----w C:\Documents and Settings\Suoranta&Seppi\Application Data\PC Suite
    2008-08-29 12:39 --------- d-----w C:\Documents and Settings\Suoranta&Seppi\Application Data\Nokia
    2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys
    2008-08-27 21:03 42,320 ----a-w C:\WINDOWS\system32\xfcodec.dll
    2008-08-26 08:12 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-08-22 19:00 --------- d-----w C:\Program Files\Java
    2008-08-22 18:53 --------- d-----w C:\Program Files\Common Files\Java
    2008-08-22 16:53 --------- d-----w C:\Documents and Settings\Sakado\Application Data\gtk-2.0
    2008-08-21 15:11 --------- d-----w C:\Documents and Settings\Suoranta&Seppi\Application Data\AdobeUM
    2008-08-20 15:00 --------- d-----w C:\Program Files\MSN Messenger
    2008-08-20 14:48 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
    2008-08-20 14:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-08-20 14:08 --------- d-----w C:\Program Files\aMSN
    2008-08-19 15:57 --------- d-----w C:\Program Files\MSXML 4.0
    2008-08-18 09:19 82,432 ----a-w C:\WINDOWS\system32\404Fix.exe
    2008-08-14 13:46 2,182,656 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
    2008-08-14 13:46 2,060,032 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
    2008-08-01 05:40 9,928,704 ----a-w C:\WINDOWS\system32\atioglxx.dll
    2008-08-01 04:58 253,952 ----a-w C:\WINDOWS\system32\atiok3x2.dll
    2008-08-01 04:33 425,984 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
    2008-08-01 04:32 311,296 ----a-w C:\WINDOWS\system32\ati2dvag.dll
    2008-08-01 04:23 184,320 ----a-w C:\WINDOWS\system32\atipdlxx.dll
    2008-08-01 04:23 143,360 ----a-w C:\WINDOWS\system32\Oemdspif.dll
    2008-08-01 04:22 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
    2008-08-01 04:22 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
    2008-08-01 04:22 143,360 ----a-w C:\WINDOWS\system32\ati2evxx.dll
    2008-08-01 04:21 573,440 ----a-w C:\WINDOWS\system32\ati2evxx.exe
    2008-08-01 04:19 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
    2008-08-01 04:10 3,917,568 ----a-w C:\WINDOWS\system32\ati3duag.dll
    2008-08-01 03:59 2,183,552 ----a-w C:\WINDOWS\system32\ativvaxx.dll
    2008-08-01 03:46 48,640 ----a-w C:\WINDOWS\system32\amdpcom32.dll
    2008-08-01 03:42 376,832 ----a-w C:\WINDOWS\system32\atikvmag.dll
    2008-08-01 03:40 35,328 ----a-w C:\WINDOWS\system32\atiadlxx.dll
    2008-08-01 03:40 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
    2008-08-01 03:39 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
    2008-08-01 03:34 561,152 ----a-w C:\WINDOWS\system32\ati2cqag.dll
    2008-07-31 18:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
    2008-07-18 19:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
    2008-07-18 19:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2008-07-18 19:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
    2008-07-18 19:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
    2008-07-18 19:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
    2008-07-18 19:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
    2008-07-18 19:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
    2008-07-18 19:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2008-07-18 19:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
    2008-07-18 19:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
    2008-06-14 19:07 5,632 -csha-w C:\Program Files\Thumbs.db
    .

    ((((((((((((((((((((((((((((( snapshot@2008-09-19_19.30.19.93 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-02-26 11:49:28 297,984 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\SP2QFE\msctf.dll
    + 2007-03-06 01:31:09 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\spmsg.dll
    + 2007-03-06 01:31:14 214,752 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\spuninst.exe
    + 2007-03-06 01:31:07 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\update\spcustom.dll
    + 2007-03-06 01:31:32 717,536 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\update\update.exe
    + 2007-03-06 01:32:23 380,640 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\update\updspapi.dll
    + 2007-07-12 23:28:41 765,952 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\SP2QFE\vgx.dll
    + 2007-03-06 01:31:09 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\spmsg.dll
    + 2007-03-06 01:31:14 214,752 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\spuninst.exe
    + 2007-03-06 01:31:07 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\spcustom.dll
    + 2007-03-06 01:31:32 717,536 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\update.exe
    + 2007-03-06 01:32:23 380,640 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\updspapi.dll
    + 2007-11-30 12:39:27 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB938464\spmsg.dll
    + 2007-11-30 12:39:27 232,824 ----a-w C:\WINDOWS\$hf_mig$\KB938464\spuninst.exe
    + 2007-11-30 12:39:27 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB938464\update\spcustom.dll
    + 2007-11-30 11:19:03 757,112 ----a-w C:\WINDOWS\$hf_mig$\KB938464\update\update.exe
    + 2007-11-30 12:39:28 392,056 ----a-w C:\WINDOWS\$hf_mig$\KB938464\update\updspapi.dll
    + 2008-08-26 09:10:52 124,928 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\advpack.dll
    + 2008-08-26 09:10:52 347,136 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\dxtmsft.dll
    + 2008-08-26 09:10:52 214,528 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\dxtrans.dll
    + 2008-08-26 09:10:52 132,608 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\extmgr.dll
    + 2008-08-26 09:10:52 63,488 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\icardie.dll
    + 2008-08-25 08:43:21 70,656 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\ie4uinit.exe
    + 2008-08-26 09:10:52 153,088 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\ieakeng.dll
    + 2008-08-26 09:10:52 230,400 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\ieaksie.dll
    + 2008-08-23 05:54:50 161,792 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\ieakui.dll
    + 2007-04-17 09:32:38 2,455,488 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\ieapfltr.dat
    + 2008-08-26 09:10:53 380,928 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\ieapfltr.dll
    + 2008-08-26 09:10:53 388,608 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\iedkcs32.dll
    + 2008-10-03 16:23:28 6,068,224 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\ieframe.dll
    + 2008-08-26 09:10:54 44,544 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\iernonce.dll
    + 2008-08-26 09:10:54 267,776 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\iertutil.dll
    + 2008-08-25 08:43:21 13,824 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\ieudinit.exe
    + 2008-08-23 05:56:16 635,848 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\iexplore.exe
    + 2008-08-26 09:10:55 27,648 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\jsproxy.dll
    + 2008-08-26 09:10:55 459,264 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\msfeeds.dll
    + 2008-08-26 09:10:55 52,224 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\msfeedsbs.dll
    + 2008-08-26 09:10:56 3,594,752 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll
    + 2008-08-26 09:10:56 477,696 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\mshtmled.dll
    + 2008-08-26 09:10:56 193,024 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\msrating.dll
    + 2008-08-26 09:10:56 671,232 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\mstime.dll
    + 2008-08-26 09:10:56 102,912 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\occache.dll
    + 2008-08-26 09:10:56 44,544 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\pngfilt.dll
    + 2008-08-26 09:10:56 105,984 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\url.dll
    + 2008-08-26 09:10:56 1,162,752 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\urlmon.dll
    + 2008-08-26 09:10:56 233,472 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\webcheck.dll
    + 2008-08-26 09:10:56 827,904 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
    + 2007-03-06 01:31:09 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\spmsg.dll
    + 2007-03-06 01:31:14 214,752 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\spuninst.exe
    + 2007-03-06 01:31:07 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\update\spcustom.dll
    + 2007-03-06 01:31:32 717,536 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\update\update.exe
    + 2007-03-06 01:32:23 380,640 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\update\updspapi.dll
    + 2007-11-30 12:39:27 232,824 -c----w C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe
    + 2007-11-30 12:39:28 392,056 -c----w C:\WINDOWS\$NtUninstallKB938464$\spuninst\updspapi.dll
    + 2007-07-27 05:28:28 232,824 -c----w C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe
    + 2007-07-27 07:41:48 382,840 -c----w C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\updspapi.dll
    + 2006-10-18 18:47:20 295,936 -c----w C:\WINDOWS\$NtUninstallKB954154_WM11$\wmpeffects.dll
    + 2008-10-04 16:53:49 100,888 ----a-w C:\WINDOWS\.jagex_cache_32\loginapplet\cache--1999123318.dat
    + 2008-08-14 13:46:12 2,138,624 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe
    + 2008-08-14 13:46:15 2,060,032 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
    + 2008-08-14 13:46:10 2,018,304 ------w C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe
    + 2008-08-14 13:46:14 2,182,656 ------w C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
    + 2004-09-15 12:00:00 61,440 -c----w C:\WINDOWS\ie7\admparse.dll
    + 2004-09-15 12:00:00 100,864 -c----w C:\WINDOWS\ie7\advpack.dll
    + 2004-09-15 12:00:00 35,328 -c----w C:\WINDOWS\ie7\corpol.dll
    + 2006-06-02 19:32:28 33,792 -c----w C:\WINDOWS\ie7\custsat.dll
    + 2008-06-23 15:40:10 357,888 -c----w C:\WINDOWS\ie7\dxtmsft.dll
    + 2008-06-23 15:40:10 205,312 -c----w C:\WINDOWS\ie7\dxtrans.dll
    + 2008-06-23 15:40:10 55,808 -c----w C:\WINDOWS\ie7\extmgr.dll
    + 2004-09-15 12:00:00 38,912 -c----w C:\WINDOWS\ie7\hmmapi.dll
    + 2004-09-15 12:00:00 34,304 -c----w C:\WINDOWS\ie7\ie4uinit.exe
    + 2004-09-15 12:00:00 139,264 -c----w C:\WINDOWS\ie7\ieakeng.dll
    + 2004-09-15 12:00:00 218,112 -c----w C:\WINDOWS\ie7\ieaksie.dll
    + 2004-09-15 12:00:00 225,280 -c----w C:\WINDOWS\ie7\ieakui.dll
    + 2004-09-15 12:00:00 323,584 -c----w C:\WINDOWS\ie7\iedkcs32.dll
    + 2008-06-23 09:49:29 18,432 -c----w C:\WINDOWS\ie7\iedw.exe
    + 2004-09-15 12:00:00 81,920 -c----w C:\WINDOWS\ie7\ieencode.dll
    + 2008-06-23 15:40:11 250,880 -c----w C:\WINDOWS\ie7\iepeers.dll
    + 2004-09-15 12:00:00 48,640 -c----w C:\WINDOWS\ie7\iernonce.dll
    + 2004-09-15 12:00:00 62,976 -c----w C:\WINDOWS\ie7\iesetup.dll
    + 2004-09-15 12:00:00 93,184 -c----w C:\WINDOWS\ie7\iexplore.exe
    + 2004-09-15 12:00:00 35,840 -c----w C:\WINDOWS\ie7\imgutil.dll
    + 2008-06-23 15:40:11 96,256 -c----w C:\WINDOWS\ie7\inseng.dll
    + 2007-12-18 14:42:07 450,560 -c----w C:\WINDOWS\ie7\jscript.dll
    + 2008-06-23 15:40:11 16,384 -c----w C:\WINDOWS\ie7\jsproxy.dll
    + 2004-09-15 12:00:00 22,016 -c----w C:\WINDOWS\ie7\licmgr10.dll
    + 2004-09-15 12:00:00 29,184 -c----w C:\WINDOWS\ie7\mshta.exe
    + 2008-06-23 15:40:13 3,080,704 -c----w C:\WINDOWS\ie7\mshtml.dll
    + 2008-06-23 15:40:13 449,024 -c----w C:\WINDOWS\ie7\mshtmled.dll
    + 2004-09-15 12:00:00 57,344 -c----w C:\WINDOWS\ie7\mshtmler.dll
    + 2004-09-15 12:00:00 146,432 -c----w C:\WINDOWS\ie7\msls31.dll
    + 2008-06-23 15:40:13 146,432 -c----w C:\WINDOWS\ie7\msrating.dll
    + 2008-06-23 15:40:14 532,480 -c----w C:\WINDOWS\ie7\mstime.dll
    + 2004-09-15 12:00:00 96,768 -c----w C:\WINDOWS\ie7\occache.dll
    + 2008-06-23 15:40:14 39,424 -c----w C:\WINDOWS\ie7\pngfilt.dll
    + 2007-10-04 06:51:52 33,472 -c----w C:\WINDOWS\ie7\spuninst\iecustom.dll
    + 2007-10-04 06:49:32 66,048 -c--a-w C:\WINDOWS\ie7\spuninst\ieResetIcons.exe
    + 2006-09-06 14:43:26 214,752 -c----w C:\WINDOWS\ie7\spuninst\spuninst.exe
    + 2006-09-06 14:43:26 380,640 -c----w C:\WINDOWS\ie7\spuninst\updspapi.dll
    + 2004-09-15 12:00:00 37,888 -c----w C:\WINDOWS\ie7\url.dll
    + 2008-06-23 15:40:15 616,448 -c----w C:\WINDOWS\ie7\urlmon.dll
    + 2007-12-18 14:42:07 417,792 -c----w C:\WINDOWS\ie7\vbscript.dll
    + 2004-09-15 12:00:00 278,016 -c----w C:\WINDOWS\ie7\webcheck.dll
    + 2004-09-15 12:00:00 848,384 -c----w C:\WINDOWS\ie7\vgx.dll
    + 2008-06-23 15:40:16 659,456 -c----w C:\WINDOWS\ie7\wininet.dll
    + 2007-03-06 01:31:14 214,752 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe
    + 2007-03-06 01:32:23 380,640 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\updspapi.dll
    + 2007-08-13 15:54:10 765,952 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\vgx.dll
    + 2007-03-06 01:31:14 214,752 -c----w C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe
    + 2007-03-06 01:32:23 380,640 -c----w C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\updspapi.dll
    + 2007-07-12 23:31:31 765,952 -c----w C:\WINDOWS\ie7updates\KB938127-v2-IE7\vgx.dll
    + 2007-08-13 15:39:00 123,904 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\advpack.dll
    + 2007-08-13 15:35:46 346,624 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\dxtmsft.dll
    + 2007-08-13 15:35:38 214,528 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\dxtrans.dll
    + 2007-08-13 15:54:10 131,584 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\extmgr.dll
    + 2007-08-13 15:36:26 61,952 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\icardie.dll
    + 2007-08-13 15:39:06 54,784 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ie4uinit.exe
    + 2007-08-13 15:39:26 152,064 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieakeng.dll
    + 2007-08-13 15:39:54 229,376 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieaksie.dll
    + 2007-08-13 14:56:54 161,792 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieakui.dll
    + 2007-02-12 13:10:12 2,451,312 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieapfltr.dat
    + 2007-07-11 09:27:48 383,488 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieapfltr.dll
    + 2007-08-13 15:39:50 382,976 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iedkcs32.dll
    + 2007-08-13 15:54:10 6,049,280 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieframe.dll
    + 2007-08-13 15:39:10 43,008 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iernonce.dll
    + 2007-08-13 15:34:04 266,752 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iertutil.dll
    + 2007-08-13 15:39:10 13,312 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieudinit.exe
    + 2007-08-13 15:43:56 622,080 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iexplore.exe
    + 2007-08-13 15:54:10 27,136 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\jsproxy.dll
    + 2007-08-13 15:54:10 458,752 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\msfeeds.dll
    + 2007-08-13 15:54:10 50,688 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\msfeedsbs.dll
    + 2007-08-13 15:54:12 3,578,368 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\mshtml.dll
    + 2007-08-13 15:54:10 475,648 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\mshtmled.dll
    + 2007-08-13 15:44:26 192,000 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\msrating.dll
    + 2007-08-13 15:54:10 670,720 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\mstime.dll
    + 2007-08-13 15:44:06 101,376 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\occache.dll
    + 2007-08-13 15:36:12 44,544 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\pngfilt.dll
    + 2007-03-06 01:31:14 214,752 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe
    + 2007-03-06 01:32:23 380,640 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\updspapi.dll
    + 2007-08-13 15:44:30 105,984 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\url.dll
    + 2007-08-13 15:54:10 1,162,240 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\urlmon.dll
    + 2007-08-13 15:54:10 231,424 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\webcheck.dll
    + 2007-08-13 15:54:10 818,688 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\wininet.dll
    + 2008-06-23 16:29:13 124,928 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\advpack.dll
    + 2008-06-23 16:29:13 347,136 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\dxtmsft.dll
    + 2008-06-23 16:29:13 214,528 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\dxtrans.dll
    + 2008-06-23 16:29:13 133,120 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\extmgr.dll
    + 2008-06-23 16:29:13 63,488 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\icardie.dll
    + 2008-06-23 09:21:15 70,656 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ie4uinit.exe
    + 2008-06-23 16:29:13 153,088 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieakeng.dll
    + 2008-06-23 16:29:13 230,400 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieaksie.dll
    + 2008-06-21 05:23:54 161,792 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieakui.dll
    + 2008-06-23 16:29:13 383,488 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieapfltr.dll
    + 2008-06-23 16:29:13 384,512 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iedkcs32.dll
    + 2008-06-23 16:29:14 6,066,176 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieframe.dll
    + 2008-06-23 16:29:14 44,544 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iernonce.dll
    + 2008-06-23 16:29:14 267,776 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iertutil.dll
    + 2008-06-23 09:20:26 13,824 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieudinit.exe
    + 2008-06-23 09:21:31 625,664 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iexplore.exe
    + 2008-06-23 16:29:15 27,648 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\jsproxy.dll
    + 2008-06-23 16:29:15 459,264 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\msfeeds.dll
    + 2008-06-23 16:29:15 52,224 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\msfeedsbs.dll
    + 2008-06-24 07:29:16 3,592,192 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\mshtml.dll
    + 2008-06-23 16:29:15 477,696 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\mshtmled.dll
    + 2008-06-23 16:29:15 193,024 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\msrating.dll
    + 2008-06-23 16:29:15 671,232 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\mstime.dll
    + 2008-06-23 16:29:15 102,912 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\occache.dll
    + 2008-06-23 16:29:15 44,544 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\pngfilt.dll
    + 2007-03-06 01:31:14 214,752 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe
    + 2007-03-06 01:32:23 380,640 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\updspapi.dll
    + 2008-06-23 16:29:16 105,984 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\url.dll
    + 2008-06-23 16:29:16 1,159,680 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\urlmon.dll
    + 2008-06-23 16:29:16 233,472 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\webcheck.dll
    + 2008-06-23 16:29:16 826,368 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\wininet.dll
    - 2008-08-23 15:16:30 2,560 ----a-r C:\WINDOWS\Installer\{911B040B-6000-11D3-8CFE-0050048383C9}\cagicon.exe
    + 2008-10-17 18:30:00 2,560 ----a-r C:\WINDOWS\Installer\{911B040B-6000-11D3-8CFE-0050048383C9}\cagicon.exe
    - 2008-08-23 15:16:30 34,304 ----a-r C:\WINDOWS\Installer\{911B040B-6000-11D3-8CFE-0050048383C9}\misc.exe
    + 2008-10-17 18:30:00 34,304 ----a-r C:\WINDOWS\Installer\{911B040B-6000-11D3-8CFE-0050048383C9}\misc.exe
    - 2008-08-23 15:16:30 8,192 ----a-r C:\WINDOWS\Installer\{911B040B-6000-11D3-8CFE-0050048383C9}\mspicons.exe
    + 2008-10-17 18:30:00 8,192 ----a-r C:\WINDOWS\Installer\{911B040B-6000-11D3-8CFE-0050048383C9}\mspicons.exe
    - 2008-08-23 15:16:30 3,584 ----a-r C:\WINDOWS\Installer\{911B040B-6000-11D3-8CFE-0050048383C9}\opwicon.exe
    + 2008-10-17 18:30:00 3,584 ----a-r C:\WINDOWS\Installer\{911B040B-6000-11D3-8CFE-0050048383C9}\opwicon.exe
    - 2008-08-23 15:16:30 16,384 ----a-r C:\WINDOWS\Installer\{911B040B-6000-11D3-8CFE-0050048383C9}\PEicons.exe
    + 2008-10-17 18:30:00 16,384 ----a-r C:\WINDOWS\Installer\{911B040B-6000-11D3-8CFE-0050048383C9}\PEicons.exe
    - 2008-08-23 15:16:30 22,528 ----a-r C:\WINDOWS\Installer\{911B040B-6000-11D3-8CFE-0050048383C9}\unbndico.exe
    + 2008-10-17 18:30:00 22,528 ----a-r C:\WINDOWS\Installer\{911B040B-6000-11D3-8CFE-0050048383C9}\unbndico.exe
    - 2008-08-23 15:16:29 45,056 ----a-r C:\WINDOWS\Installer\{911B040B-6000-11D3-8CFE-0050048383C9}\wordicon.exe
    + 2008-10-17 18:30:00 45,056 ----a-r C:\WINDOWS\Installer\{911B040B-6000-11D3-8CFE-0050048383C9}\wordicon.exe
    + 2006-06-02 19:32:28 33,792 ------w C:\WINDOWS\network diagnostic\custsat.dll
    + 2006-10-10 12:44:50 557,568 ------w C:\WINDOWS\network diagnostic\xpnetdiag.exe
    - 2004-09-15 12:00:00 61,440 -c--a-w C:\WINDOWS\system32\admparse.dll
    + 2007-08-13 15:39:20 71,680 ----a-w C:\WINDOWS\system32\admparse.dll
    - 2004-09-15 12:00:00 100,864 ----a-w C:\WINDOWS\system32\advpack.dll
    + 2008-08-26 08:12:24 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
    + 2005-03-18 14:19:58 2,337,488 ----a-w C:\WINDOWS\system32\d3dx9_25.dll
    - 2004-09-15 12:00:00 61,440 -c--a-w C:\WINDOWS\system32\dllcache\admparse.dll
    + 2007-08-13 15:39:20 71,680 -c--a-w C:\WINDOWS\system32\dllcache\admparse.dll
    - 2004-09-15 12:00:00 100,864 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll
    + 2008-08-26 08:12:24 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
    - 2008-06-20 10:44:38 138,368 -c--a-w C:\WINDOWS\system32\dllcache\afd.sys
    + 2008-08-14 09:51:43 138,368 -c--a-w C:\WINDOWS\system32\dllcache\afd.sys
    - 2007-07-30 16:19:20 92,504 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll
    + 2008-07-18 19:10:48 94,920 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll
    - 2004-09-15 12:00:00 28,672 -c--a-w C:\WINDOWS\system32\dllcache\custsat.dll
    + 2007-08-13 15:54:10 33,792 -c--a-w C:\WINDOWS\system32\dllcache\custsat.dll
    - 2008-06-23 15:40:10 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
    + 2008-08-26 08:12:24 347,136 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll
    - 2008-06-23 15:40:10 205,312 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
    + 2008-08-26 08:12:24 214,528 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
    - 2008-06-23 15:40:10 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
    + 2008-08-26 08:12:24 133,120 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
    - 2004-09-15 12:00:00 38,912 -c--a-w C:\WINDOWS\system32\dllcache\hmmapi.dll
    + 2007-08-13 15:18:02 60,416 -c--a-w C:\WINDOWS\system32\dllcache\hmmapi.dll
    + 2008-08-26 08:12:24 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
    - 2004-09-15 12:00:00 34,304 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    + 2008-08-25 08:38:49 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    - 2004-09-15 12:00:00 139,264 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
    + 2008-08-26 08:12:24 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
    - 2004-09-15 12:00:00 218,112 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
    + 2008-08-26 08:12:24 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
    - 2004-09-15 12:00:00 225,280 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
    + 2008-08-23 05:54:51 161,792 -c----w C:\WINDOWS\system32\dllcache\ieakui.dll
    + 2007-04-17 09:32:38 2,455,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dat
    + 2008-08-26 08:12:24 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
    - 2004-09-15 12:00:00 323,584 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
    + 2008-08-26 08:12:24 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
    - 2008-06-23 09:49:29 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
    + 2007-08-13 15:44:02 69,120 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
    - 2004-09-15 12:00:00 81,920 -c--a-w C:\WINDOWS\system32\dllcache\ieencode.dll
    + 2007-08-13 15:45:18 78,336 -c--a-w C:\WINDOWS\system32\dllcache\ieencode.dll
    + 2008-10-03 17:12:24 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
    - 2008-06-23 15:40:11 250,880 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
    + 2007-08-13 15:54:10 191,488 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
    - 2004-09-15 12:00:00 48,640 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll
    + 2008-08-26 08:12:25 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
    + 2008-08-26 08:12:25 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
    - 2004-09-15 12:00:00 62,976 -c--a-w C:\WINDOWS\system32\dllcache\iesetup.dll
    + 2007-08-13 15:39:12 55,296 -c--a-w C:\WINDOWS\system32\dllcache\iesetup.dll
    + 2008-08-25 08:38:00 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
    - 2004-09-15 12:00:00 93,184 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe
    + 2008-08-23 05:56:15 635,848 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
    - 2004-09-15 12:00:00 35,840 -c--a-w C:\WINDOWS\system32\dllcache\imgutil.dll
    + 2007-08-13 15:36:06 36,352 -c--a-w C:\WINDOWS\system32\dllcache\imgutil.dll
    - 2008-06-23 15:40:11 96,256 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
    + 2007-08-13 15:39:02 92,672 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
    - 2007-12-18 14:42:07 450,560 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
    + 2007-08-13 15:38:04 491,520 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
    - 2008-06-23 15:40:11 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
    + 2008-08-26 08:12:25 27,648 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
    - 2004-09-15 12:00:00 22,016 -c--a-w C:\WINDOWS\system32\dllcache\licmgr10.dll
    + 2007-08-13 15:44:18 40,960 -c--a-w C:\WINDOWS\system32\dllcache\licmgr10.dll
    - 2004-09-15 12:00:00 294,400 -c--a-w C:\WINDOWS\system32\dllcache\msctf.dll
    + 2008-02-26 12:00:47 294,912 -c--a-w C:\WINDOWS\system32\dllcache\msctf.dll
    + 2008-08-26 08:12:25 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
    + 2008-08-26 08:12:25 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    - 2004-09-15 12:00:00 29,184 -c--a-w C:\WINDOWS\system32\dllcache\mshta.exe
    + 2007-08-13 15:32:30 45,568 -c--a-w C:\WINDOWS\system32\dllcache\mshta.exe
    - 2008-06-23 15:40:13 3,080,704 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
    + 2008-08-27 09:12:28 3,593,216 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
    - 2008-06-23 15:40:13 449,024 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
    + 2008-08-26 08:12:26 477,696 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
    - 2004-09-15 12:00:00 57,344 -c--a-w C:\WINDOWS\system32\dllcache\mshtmler.dll
    + 2007-08-13 15:01:12 48,128 -c--a-w C:\WINDOWS\system32\dllcache\mshtmler.dll
    - 2004-09-15 12:00:00 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msls31.dll
    + 2007-08-13 15:54:10 156,160 -c--a-w C:\WINDOWS\system32\dllcache\msls31.dll
    - 2008-06-23 15:40:13 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
    + 2008-08-26 08:12:26 193,024 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
    - 2008-06-23 15:40:14 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
    + 2008-08-26 08:12:26 671,232 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
    - 2004-09-15 12:00:00 96,768 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll
    + 2008-08-26 08:12:26 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll
    - 2008-06-23 15:40:14 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
    + 2008-08-26 08:12:26 44,544 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll
    - 2004-09-15 12:00:00 336,256 -c--a-w C:\WINDOWS\system32\dllcache\srv.sys
    + 2008-08-28 10:04:17 333,056 -c--a-w C:\WINDOWS\system32\dllcache\srv.sys
    - 2004-09-15 12:00:00 37,888 -c--a-w C:\WINDOWS\system32\dllcache\url.dll
    + 2008-08-26 08:12:26 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
    - 2008-06-23 15:40:15 616,448 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
    + 2008-08-26 08:12:26 1,159,680 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
    - 2007-12-18 14:42:07 417,792 -c--a-w C:\WINDOWS\system32\dllcache\vbscript.dll
    + 2007-08-13 15:54:10 413,696 -c--a-w C:\WINDOWS\system32\dllcache\vbscript.dll
    - 2004-09-15 12:00:00 49,152 -c--a-w C:\WINDOWS\system32\dllcache\wdigest.dll
    + 2006-03-24 04:37:51 49,152 -c--a-w C:\WINDOWS\system32\dllcache\wdigest.dll
    - 2004-09-15 12:00:00 278,016 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll
    + 2008-08-26 08:12:26 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
    - 2004-09-15 12:00:00 848,384 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll
    + 2008-05-27 17:25:42 765,952 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll
    - 2004-09-15 12:00:00 1,836,160 -c--a-w C:\WINDOWS\system32\dllcache\win32k.sys
    + 2008-09-15 15:40:30 1,846,272 -c--a-w C:\WINDOWS\system32\dllcache\win32k.sys
    - 2008-06-23 15:40:16 659,456 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
    + 2008-08-26 08:12:26 826,368 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
    - 2007-07-30 16:19:36 549,720 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll
    + 2008-07-18 19:09:44 563,912 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll
    - 2007-07-30 16:19:16 53,080 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
    + 2008-07-18 19:10:42 53,448 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
    - 2007-07-30 16:19:42 1,712,984 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
    + 2008-07-18 19:09:42 1,811,656 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
    - 2007-07-30 16:19:32 325,976 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll
    + 2008-07-18 19:09:46 325,832 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll
    - 2007-07-30 16:18:40 33,624 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll
    + 2008-07-18 19:10:20 36,552 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll
    - 2007-07-30 16:19:28 203,096 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll
    + 2008-07-18 19:09:44 205,000 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll
    - 2008-06-20 10:44:38 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
    + 2008-08-14 09:51:43 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
    + 2004-07-31 15:50:36 51,200 ----a-w C:\WINDOWS\system32\dumphive.exe
    - 2008-06-23 15:40:10 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
    + 2008-08-26 08:12:24 347,136 ------w C:\WINDOWS\system32\dxtmsft.dll
    - 2008-06-23 15:40:10 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
    + 2008-08-26 08:12:24 214,528 ------w C:\WINDOWS\system32\dxtrans.dll
    - 2008-06-23 15:40:10 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
    + 2008-08-26 08:12:24 133,120 ------w C:\WINDOWS\system32\extmgr.dll
    - 2008-08-23 14:53:05 255,064 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
    + 2008-10-17 18:33:12 255,064 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
    + 2008-08-26 08:12:24 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
    + 2006-06-29 05:05:44 26,112 ------w C:\WINDOWS\system32\idndl.dll
    - 2004-09-15 12:00:00 34,304 -c--a-w C:\WINDOWS\system32\ie4uinit.exe
    + 2008-08-25 08:38:49 70,656 ------w C:\WINDOWS\system32\ie4uinit.exe
    - 2004-09-15 12:00:00 139,264 -c--a-w C:\WINDOWS\system32\ieakeng.dll
    + 2008-08-26 08:12:24 153,088 ------w C:\WINDOWS\system32\ieakeng.dll
    - 2004-09-15 12:00:00 218,112 -c--a-w C:\WINDOWS\system32\ieaksie.dll
    + 2008-08-26 08:12:24 230,400 ------w C:\WINDOWS\system32\ieaksie.dll
    - 2004-09-15 12:00:00 225,280 -c--a-w C:\WINDOWS\system32\ieakui.dll
    + 2008-08-23 05:54:51 161,792 ------w C:\WINDOWS\system32\ieakui.dll
    + 2007-04-17 09:32:38 2,455,488 ----a-w C:\WINDOWS\system32\ieapfltr.dat
    + 2008-08-26 08:12:24 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
    + 2008-05-18 18:40:35 82,944 ----a-w C:\WINDOWS\system32\IEDFix.exe
    - 2004-09-15 12:00:00 323,584 -c--a-w C:\WINDOWS\system32\iedkcs32.dll
    + 2008-08-26 08:12:24 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll
    - 2004-09-15 12:00:00 81,920 -c--a-w C:\WINDOWS\system32\ieencode.dll
    + 2007-08-13 15:45:18 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll
    + 2008-10-03 17:12:24 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
    - 2008-06-23 15:40:11 250,880 ----a-w C:\WINDOWS\system32\iepeers.dll
    + 2007-08-13 15:54:10 191,488 ----a-w C:\WINDOWS\system32\iepeers.dll
    - 2004-09-15 12:00:00 48,640 -c--a-w C:\WINDOWS\system32\iernonce.dll
    + 2008-08-26 08:12:25 44,544 ------w C:\WINDOWS\system32\iernonce.dll
    + 2008-08-26 08:12:25 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
    - 2004-09-15 12:00:00 62,976 -c--a-w C:\WINDOWS\system32\iesetup.dll
    + 2007-08-13 15:39:12 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll
    + 2008-08-25 08:38:00 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
    + 2007-08-13 15:54:10 180,736 ------w C:\WINDOWS\system32\ieui.dll
    - 2004-09-15 12:00:00 35,840 ----a-w C:\WINDOWS\system32\imgutil.dll
    + 2007-08-13 15:36:06 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll
    - 2008-06-23 15:40:11 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
    + 2007-08-13 15:39:02 92,672 ----a-w C:\WINDOWS\system32\inseng.dll
    - 2007-12-18 14:42:07 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
    + 2007-08-13 15:38:04 491,520 ----a-w C:\WINDOWS\system32\jscript.dll
    - 2008-06-23 15:40:11 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
    + 2008-08-26 08:12:25 27,648 ------w C:\WINDOWS\system32\jsproxy.dll
    - 2004-09-15 12:00:00 22,016 -c--a-w C:\WINDOWS\system32\licmgr10.dll
    + 2007-08-13 15:44:18 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll
    - 2008-08-05 08:11:02 15,888,504 ----a-w C:\WINDOWS\system32\MRT.exe
    + 2008-10-07 19:19:40 16,721,856 ----a-w C:\WINDOWS\system32\MRT.exe
    - 2004-09-15 12:00:00 294,400 ----a-w C:\WINDOWS\system32\MSCTF.dll
    + 2008-02-26 12:00:47 294,912 ----a-w C:\WINDOWS\system32\msctf.dll
    + 2008-08-26 08:12:25 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
    + 2008-08-26 08:12:25 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
    + 2007-08-13 15:36:40 12,288 ------w C:\WINDOWS\system32\msfeedssync.exe
    - 2004-09-15 12:00:00 29,184 ----a-w C:\WINDOWS\system32\mshta.exe
    + 2007-08-13 15:32:30 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
    - 2008-06-23 15:40:13 3,080,704 ----a-w C:\WINDOWS\system32\mshtml.dll
    + 2008-08-27 09:12:28 3,593,216 ----a-w C:\WINDOWS\system32\mshtml.dll
    - 2008-06-23 15:40:13 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
    + 2008-08-26 08:12:26 477,696 ------w C:\WINDOWS\system32\mshtmled.dll
    - 2004-09-15 12:00:00 57,344 ----a-w C:\WINDOWS\system32\mshtmler.dll
    + 2007-08-13 15:01:12 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
    - 2004-09-15 12:00:00 146,432 ----a-w C:\WINDOWS\system32\msls31.dll
    + 2007-08-13 15:54:10 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
    - 2008-06-23 15:40:13 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
    + 2008-08-26 08:12:26 193,024 ------w C:\WINDOWS\system32\msrating.dll
    - 2008-06-23 15:40:14 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
    + 2008-08-26 08:12:26 671,232 ------w C:\WINDOWS\system32\mstime.dll
    + 2006-06-28 14:59:26 24,576 ------w C:\WINDOWS\system32\nlsdl.dll
    + 2006-06-29 05:05:44 23,552 ------w C:\WINDOWS\system32\normaliz.dll
    - 2004-09-15 12:00:00 96,768 ----a-w C:\WINDOWS\system32\occache.dll
    + 2008-08-26 08:12:26 102,912 ------w C:\WINDOWS\system32\occache.dll
    - 2008-06-23 15:40:14 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
    + 2008-08-26 08:12:26 44,544 ------w C:\WINDOWS\system32\pngfilt.dll
    + 2003-06-05 18:13:00 53,248 ----a-w C:\WINDOWS\system32\Process.exe
    + 2008-07-18 19:10:20 36,552 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.784\wups.dll
    + 2008-07-18 19:10:40 45,768 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.784\wups2.dll
    - 2006-09-25 14:58:48 14,640 ----a-w C:\WINDOWS\system32\spmsg.dll
    + 2007-11-30 11:19:02 17,272 ------w C:\WINDOWS\system32\spmsg.dll
    + 2006-04-27 14:49:30 288,417 ----a-w C:\WINDOWS\system32\SrchSTS.exe
    + 2006-01-09 07:36:06 40,960 ----a-w C:\WINDOWS\system32\swsc.exe
    - 2004-09-15 12:00:00 37,888 ----a-w C:\WINDOWS\system32\url.dll
    + 2008-08-26 08:12:26 105,984 ----a-w C:\WINDOWS\system32\url.dll
    - 2008-06-23 15:40:15 616,448 ----a-w C:\WINDOWS\system32\urlmon.dll
    + 2008-08-26 08:12:26 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
    - 2007-12-18 14:42:07 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
    + 2007-08-13 15:54:10 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll
    + 2007-09-05 21:22:23 289,144 ----a-w C:\WINDOWS\system32\VCCLSID.exe
    - 2004-09-15 12:00:00 49,152 ----a-w C:\WINDOWS\system32\wdigest.dll
    + 2006-03-24 04:37:51 49,152 ----a-w C:\WINDOWS\system32\wdigest.dll
    - 2004-09-15 12:00:00 278,016 ----a-w C:\WINDOWS\system32\webcheck.dll
    + 2008-08-26 08:12:26 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
    + 2007-08-13 15:45:16 206,336 ------w C:\WINDOWS\system32\WinFXDocObj.exe
    - 2006-10-18 18:47:20 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
    + 2008-06-24 15:12:58 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
    + 2007-10-03 21:36:46 25,600 ----a-w C:\WINDOWS\system32\WS2Fix.exe
    + 2006-07-14 15:51:51 121,856 ------w C:\WINDOWS\system32\xmllite.dll
    + 2008-10-18 15:15:04 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_7c0.dat
    + 2007-03-06 14:55:14 166,688 ----a-w C:\WINDOWS\twain_32\QuickCam\lvWIAext.dll
    + 2008-04-15 18:01:18 1,724,416 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\GdiPlus.dll
    .
    -- Snapshot nollattu tähän hetkeen --
    .
    (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 15360]
    "PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-03-28 1079296]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIPTA"="C:\ATI-CPanel\atiptaxx.exe" [2003-08-12 335872]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
    "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
    "Malwarebytes Anti-Malware (reboot)"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2008-09-10 1253040]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 15360]

    C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.XFR1"= xfcodec.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\Xfire\\ua_lsp_inst.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "C:\\Program Files\\Counter-Strike 1.6 V31\\hl.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
    "C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
    "C:\\Soldat\\Soldat.exe"=
    "C:\\Program Files\\aMSN\\bin\\wish.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
    "C:\\Program Files\\Hamachi\\hamachi.exe"=
    "C:\\Program Files\\Xfire\\Xfire.exe"=
    "C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"=
    "C:\\Documents and Settings\\Sakado\\Työpöytä\\Sakado\\lancraft.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\NeverwinterNights\\NWN\\nwmain.exe"=
    "C:\\Program Files\\xchat\\xchat.exe"=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "C:\\Program Files\\Sniper Elite[W-Fx41]\\SniperElite.exe"=

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
    R2 ithsgt;ithsgt;C:\WINDOWS\system32\DRIVERS\ithsgt.sys [2008-05-31 162432]
    R2 lilsgt;lilsgt;C:\WINDOWS\system32\DRIVERS\lilsgt.sys [2008-05-31 12032]
    R3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\system32\drivers\mbamswissarmy.sys [2008-09-10 38528]
    S3 V0090VID;Creative WebCam Vista Plus;C:\WINDOWS\system32\DRIVERS\V0090Vid.sys [2005-04-14 138112]

    *Newly Created Service* - MBAMSWISSARMY
    .
    - - - - POISTETUT JÄMÄRIVIT - - - -

    HKCU-Run-VirusRL2009 - C:\Program Files\VirusRL2009\VirusRL2009.exe


    .
    ------- Täydentävä tarkistus -------
    .
    FireFox -: Profile - C:\Documents and Settings\Sakado\Application Data\Mozilla\Firefox\Profiles\9dgnvs0k.default\
    FireFox -: prefs.js - STARTUP.HOMEPAGE - www.youtube.com
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-18 19:54:21
    Windows 5.1.2600 Service Pack 2 NTFS

    tarkistaa piilotettuja prosesseja ...

    tarkistaa piilotettuja käynnistysarvoja ...

    tarkistaa piilotettuja tiedostoja ...

    tarkistus on valmis
    piilotetut tiedostot: 0

    **************************************************************************
    .
    --------------------- Prosesseihin ladatut DLLt ---------------------

    PROSESSI: C:\WINDOWS\system32\lsass.exe
    -> C:\WINDOWS\system32\xfire_lsp_9028.dll
    .
    Valmistumisajankohta: 2008-10-18 19:56:28
    ComboFix-quarantined-files.txt 2008-10-18 16:55:56
    ComboFix2.txt 2008-09-19 16:30:42

    Ennen ajoa: 58 001 121 280 tavua vapaana
    Ajon jälkeen: 58,032,300,032 tavua vapaana

    WindowsXP-KB310994-SP2-Home-BootDisk-FIN.EXE
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

    607 --- E O F --- 2008-10-18 05:50:17
     
    Last edited: Oct 18, 2008
    Sakado, Oct 18, 2008
    #1
  2. yaht

    yaht Regular member

    Joined:
    Dec 6, 2005
    Messages:
    2,261
    Likes Received:
    0
    Trophy Points:
    46
    Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi.

    Käynnistä koneesi vikasietotilaan:

    sammuta ja käynnistä
    käynnistyksen yhteydessä hakkaa F8 nappia
    valitse nuolinäppäimellä vikasietotila
    paina enter ja enter
    valitse käyttäjätilisi
    paina kyllä

    Jossakin koneissa hakataan F8:sin sijasta F5:tä

    " Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix.
    " Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
    " Paina Y käynnistääksesi skriptin.
    " Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
    " Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
    " Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
    " Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
    " Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
    " Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis:n lokin kera.
     
    yaht, Oct 18, 2008
    #2
  3. Sakado

    Sakado Member

    Joined:
    Nov 8, 2007
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    11
    Sakado, Oct 18, 2008
    #3

Share This Page