Prosim o kontrolu

Zpráva

Marwin · #1 Příspěvek od **Marwin** » 26 led 2010 11:45

Zdravim prosim o kontrolu nejde mi nainstalovat NOD32,v NTB byla havet neco se mi podarilo odstranit ale urcite to neni vsechno.

Logfile of random's system information tool 1.06 (written by random/random)
Run by xp at 2010-01-26 11:36:56
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 216 GB (94%) free of 229 GB
Total RAM: 2047 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:37:10, on 26.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\xp\Plocha\RSIT.exe
C:\Program Files\trend micro\xp.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 4251588687
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 4691610968
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 4993 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-07-21 118784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\lsass.exe"="C:\WINDOWS\lsass.exe:*:Enabled:LSA Shell"
"C:\WINDOWS\system32\lsass.exe"="C:\WINDOWS\system32\lsass.exe:*:Enabled:LSA Shell"

======List of files/folders created in the last 1 months======

2010-01-26 11:36:57 ----D---- C:\Program Files\trend micro
2010-01-26 11:36:56 ----D---- C:\rsit
2010-01-26 09:38:20 ----D---- C:\WINDOWS\LastGood
2010-01-26 09:38:19 ----D---- C:\Program Files\ESET
2010-01-26 09:35:02 ----SHD---- C:\RECYCLER
2010-01-25 15:29:45 ----D---- C:\WINDOWS\temp
2010-01-25 15:29:43 ----A---- C:\ComboFix.txt
2010-01-25 13:29:31 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-25 13:17:34 ----D---- C:\Program Files\CCleaner
2010-01-25 12:56:13 ----A---- C:\WINDOWS\zip.exe
2010-01-25 12:56:13 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-01-25 12:56:13 ----A---- C:\WINDOWS\SWSC.exe
2010-01-25 12:56:13 ----A---- C:\WINDOWS\SWREG.exe
2010-01-25 12:56:13 ----A---- C:\WINDOWS\sed.exe
2010-01-25 12:56:13 ----A---- C:\WINDOWS\PEV.exe
2010-01-25 12:56:13 ----A---- C:\WINDOWS\NIRCMD.exe
2010-01-25 12:56:13 ----A---- C:\WINDOWS\MBR.exe
2010-01-25 12:56:13 ----A---- C:\WINDOWS\grep.exe
2010-01-25 12:54:40 ----D---- C:\WINDOWS\ERDNT
2010-01-25 12:54:37 ----A---- C:\WINDOWS\system32\CF24925.exe
2010-01-25 12:54:22 ----D---- C:\Qoobox
2010-01-24 21:49:02 ----N---- C:\WINDOWS\system32\userinit.exe
2010-01-23 15:52:19 ----D---- C:\Program Files\Enigma Software Group
2010-01-23 14:51:33 ----D---- C:\Documents and Settings\xp\Data aplikací\ScanSpyware
2010-01-23 12:25:51 ----D---- C:\spoolerlogs
2010-01-20 21:26:28 ----D---- C:\Documents and Settings\All Users\Data aplikací\Macromedia

======List of files/folders modified in the last 1 months======

2010-01-26 11:37:00 ----D---- C:\WINDOWS\Prefetch
2010-01-26 11:36:57 ----RD---- C:\Program Files
2010-01-26 11:34:40 ----SHD---- C:\WINDOWS\Installer
2010-01-26 10:16:46 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-26 09:38:21 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-01-26 09:38:20 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-26 09:38:20 ----D---- C:\WINDOWS
2010-01-26 09:29:16 ----D---- C:\WINDOWS\system32
2010-01-26 09:28:43 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-26 09:28:24 ----D---- C:\WINDOWS\system32\drivers
2010-01-26 09:26:43 ----SD---- C:\Documents and Settings\xp\Data aplikací\Microsoft
2010-01-25 15:26:30 ----A---- C:\WINDOWS\system.ini
2010-01-25 15:24:30 ----D---- C:\WINDOWS\AppPatch
2010-01-25 15:24:25 ----D---- C:\Program Files\Common Files
2010-01-25 15:20:54 ----D---- C:\WINDOWS\system32\config
2010-01-25 15:02:46 ----D---- C:\WINDOWS\security
2010-01-25 14:15:11 ----HDC---- C:\WINDOWS\$NtUninstallKB915800-v4$
2010-01-25 13:39:49 ----D---- C:\WINDOWS\Debug
2010-01-25 13:14:59 ----HD---- C:\WINDOWS\inf
2010-01-25 13:14:13 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-25 13:12:08 ----D---- C:\WINDOWS\repair
2010-01-25 13:08:39 ----D---- C:\WINDOWS\Help
2010-01-23 16:05:21 ----SHD---- C:\System Volume Information
2010-01-23 16:05:21 ----D---- C:\WINDOWS\system32\Restore
2010-01-23 15:47:44 ----A---- C:\WINDOWS\wininit.ini
2010-01-19 05:08:19 ----A---- C:\WINDOWS\NeroDigital.ini
2010-01-05 05:27:27 ----D---- C:\Program Files\Spybot - Search & Destroy

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eabfiltr;eabfiltr; C:\WINDOWS\system32\DRIVERS\eabfiltr.sys [2006-11-30 8192]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2008-11-21 1204128]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-07-21 2363904]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2007-02-14 530861]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2007-02-14 30459]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2007-02-14 868298]
R3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2007-02-14 182656]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2007-02-14 67960]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2007-04-12 250776]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2008-04-28 9344]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 NETw5x32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw5x32.sys [2008-11-17 3636864]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2006-03-02 5888]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2008-03-28 224672]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S2 AsyncMacs;AsyncMacs; \??\C:\WINDOWS\System32\DRIVERS\AsyncMacs.sys []
S3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys []
S3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2007-07-13 94976]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 NETw4x32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-10-31 2236544]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-07-21 483328]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2007-02-06 266295]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 AgereModemAudio;Agere Modem Call Progress Audio; C:\WINDOWS\system32\agrsmsvc.exe [2008-03-18 13312]
S2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#2 Příspěvek od **Rudy** » 26 led 2010 19:07

Včera jste dělal sken ComboFix. Dejte z něj log.

Marwin · #3 Příspěvek od **Marwin** » 27 led 2010 09:12

Zdravim omlouvam se driv sem se k NTB nedostal,combofix sem delal dvakrat pokazdy neco smazal tady sou oba logy.

ComboFix 10-01-24.04 - xp 25.01.2010 12:58:00.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1502 [GMT 1:00]
Spuštěný z: c:\documents and settings\xp\Plocha\ComboFix.exe

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\xp\LOCALS~1\Temp\teste1_p.exe
c:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\documents and settings\xp\imPlayok.exe
c:\documents and settings\xp\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\documents and settings\xp\reader_s.exe
C:\lsass.exe
c:\recycler\S-1-5-21-0243936033-3052116371-381863308-1811
c:\recycler\S-1-5-21-2021520779-4059468903-434407851-3702
c:\recycler\S-1-5-21-2035332094-9520223101-181617983-9010
c:\recycler\S-1-5-21-2951814089-9391521602-895656896-1025
c:\recycler\S-1-5-21-3599206331-1892120562-786985489-4720
c:\recycler\S-1-5-21-3923467100-0438318861-400896910-3250
c:\recycler\S-1-5-21-4176106502-6468731900-404052282-1204
c:\recycler\S-1-5-21-5395088771-7371747869-576308042-8188
c:\recycler\S-1-5-21-6262965852-4007106254-220834317-2604
c:\recycler\S-1-5-21-6262965852-4007106254-220834317-2604\Desktop.ini
c:\recycler\S-1-5-21-6262965852-4007106254-220834317-2604\wnzip32.exe
c:\recycler\S-1-5-21-6955197563-8748564726-774309019-9639
c:\recycler\S-1-5-21-7187594122-6053593473-297362500-5297
c:\recycler\S-1-5-21-7970194672-1187308940-575795338-5814
c:\recycler\S-1-5-21-9428086864-3312984088-846082007-0586
c:\windows\ccdrive32.exe
c:\windows\logfile32.txt
c:\windows\msdrv32.exe
c:\windows\odbn0.exe
c:\windows\system32\3965658215.dat
c:\windows\system32\flags.ini
c:\windows\system32\helper32.dll
c:\windows\system32\imPlayok.exe
c:\windows\system32\logon.exe
c:\windows\system32\lowsec
c:\windows\system32\reader_s.exe
c:\windows\system32\regedit.exe
c:\windows\system32\warning.html
c:\windows\tmp1201025.log
c:\windows\tmp1470664.log

Nakažená kopie c:\windows\system32\drivers\cdrom.sys byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ServicePackFiles\i386\cdrom.sys

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_KGOOTKIT
-------\Service_KGootkit

((((((((((((((((((((((((( Soubory vytvořené od 2009-12-25 do 2010-01-25 )))))))))))))))))))))))))))))))
.

2010-01-25 12:08 . 2010-01-25 12:08 -------- d-----w- c:\windows\LastGood
2010-01-25 11:54 . 2010-01-25 11:54 390144 ----a-w- c:\windows\system32\CF24925.exe
2010-01-24 21:50 . 2010-01-24 21:50 4 ----a-w- c:\program files\337203.dat
2010-01-24 21:50 . 2010-01-24 21:50 30976 ----a-w- c:\windows\system32\drivers\attcrzylii.sys
2010-01-24 21:50 . 2010-01-24 21:50 39440 ----a-w- C:\rjdnox.exe
2010-01-24 21:50 . 2010-01-25 11:52 116224 ----a-w- C:\iexeyn.exe
2010-01-24 21:50 . 2010-01-25 11:52 23552 ----a-w- C:\obtxlha.exe
2010-01-24 21:50 . 2010-01-24 21:50 73728 ----a-w- C:\kdyrg.exe
2010-01-24 20:49 . 2004-08-17 15:49 24576 ----a-w- c:\windows\system32\userinit.exe
2010-01-23 14:52 . 2010-01-23 14:52 -------- d-----w- c:\program files\Enigma Software Group
2010-01-23 13:22 . 2010-01-23 13:00 38709248 ----a-w- C:\ess_nt32_csy.msi
2010-01-23 11:30 . 2010-01-23 11:30 212224 -c--a-w- c:\windows\system32\dllcache\ndis.sys
2010-01-23 11:26 . 2010-01-25 12:08 756736 ----a-w- c:\windows\system32\drivers\ffmej.sys
2010-01-23 11:25 . 2010-01-23 11:25 -------- d-----w- C:\spoolerlogs
2010-01-23 11:25 . 2010-01-23 11:25 34304 ----a-w- c:\windows\system32\drivers\KGootkit.sys
2010-01-20 20:26 . 2010-01-20 20:26 11680 ----a-w- c:\windows\system32\drivers\AsyncMacs.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-24 22:11 . 2007-10-01 11:27 5776 ----a-w- c:\windows\system32\drivers\ADIHdAud.sys
2010-01-23 11:30 . 2006-03-02 12:00 212224 ----a-w- c:\windows\system32\drivers\ndis.sys
2010-01-05 04:27 . 2008-12-31 14:20 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-05 13:12 . 2006-03-02 12:00 82840 ----a-w- c:\windows\system32\perfc005.dat
2009-11-05 13:12 . 2006-03-02 12:00 437574 ----a-w- c:\windows\system32\perfh005.dat
.

------- Sigcheck -------

[-] 2010-01-23 . 1DF7F42665C94B825322FAE71721130D . 212224 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
[-] 2010-01-23 . 1DF7F42665C94B825322FAE71721130D . 212224 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ndis.sys
[7] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2006-03-02 . 1DF7F42665C94B825322FAE71721130D . 182912 . . [5.1.2600.5512] . . c:\windows\$NtServicePackUninstall$\ndis.sys

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9425B72F40257B45D45D24773273DAD0 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9425B72F40257B45D45D24773273DAD0 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 . ACCF5A9A1FFAA490F33DBA1C632B95E1 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2006-03-02 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-6 561213]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"23156"=C:\obtxlha.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\obtxlha.exe"=

R2 AsyncMacs;AsyncMacs;c:\windows\system32\drivers\AsyncMacs.sys [20.1.2010 21:26 11680]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - ffmej
.
.
------- Doplňkový sken -------
.
uStart Page =
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-25 13:07
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe >>UNKNOWN [0x8A756530]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74cbf28
\Driver\ACPI -> ACPI.sys @ 0xf735ecb8
\Driver\atapi -> atapi.sys @ 0xf71cf852
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ffmej]

.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(916)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(4728)
c:\windows\system32\btmmhook.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
c:\windows\system32\wscntfy.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
.
**************************************************************************
.
Celkový čas: 2010-01-25 13:13:50 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-25 12:13

Před spuštěním: Volných bajtů: 227 569 065 984
Po spuštění: Volných bajtů: 227 219 800 064

Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - B96D0DED8BF2381AF129EF6BC40524A4

druhy log:

ComboFix 10-01-24.05 - xp 25.01.2010 15:22:28.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1687 [GMT 1:00]
Spuštěný z: c:\documents and settings\xp\Plocha\ComboFix.exe

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\KGootkit.sys

Nakažená kopie c:\windows\system32\DRIVERS\atapi.sys byla nalezena a vyléčena.
Obnovena kopie z - Kitty ate it :p
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-25 do 2010-01-25 )))))))))))))))))))))))))))))))
.

2010-01-25 12:29 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-25 12:29 . 2010-01-25 12:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-25 12:29 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-25 12:17 . 2010-01-25 12:17 -------- d-----w- c:\program files\CCleaner
2010-01-25 11:54 . 2010-01-25 11:54 390144 ----a-w- c:\windows\system32\CF24925.exe
2010-01-24 21:50 . 2010-01-24 21:50 4 ----a-w- c:\program files\337203.dat
2010-01-24 21:50 . 2010-01-24 21:50 30976 ----a-w- c:\windows\system32\drivers\attcrzylii.sys
2010-01-24 20:49 . 2004-08-17 15:49 24576 ------w- c:\windows\system32\userinit.exe
2010-01-23 14:52 . 2010-01-23 14:52 -------- d-----w- c:\program files\Enigma Software Group
2010-01-23 13:22 . 2010-01-23 13:00 38709248 ----a-w- C:\ess_nt32_csy.msi
2010-01-23 11:30 . 2010-01-23 11:30 212224 -c--a-w- c:\windows\system32\dllcache\ndis.sys
2010-01-23 11:25 . 2010-01-23 11:25 -------- d-----w- C:\spoolerlogs

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-24 22:11 . 2007-10-01 11:27 5776 ----a-w- c:\windows\system32\drivers\ADIHdAud.sys
2010-01-23 11:30 . 2006-03-02 12:00 212224 ----a-w- c:\windows\system32\drivers\ndis.sys
2010-01-05 04:27 . 2008-12-31 14:20 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-05 13:12 . 2006-03-02 12:00 82840 ----a-w- c:\windows\system32\perfc005.dat
2009-11-05 13:12 . 2006-03-02 12:00 437574 ----a-w- c:\windows\system32\perfh005.dat
.

------- Sigcheck -------

[-] 2010-01-23 . 1DF7F42665C94B825322FAE71721130D . 212224 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
[-] 2010-01-23 . 1DF7F42665C94B825322FAE71721130D . 212224 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ndis.sys
[7] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2006-03-02 . 1DF7F42665C94B825322FAE71721130D . 182912 . . [5.1.2600.5512] . . c:\windows\$NtServicePackUninstall$\ndis.sys

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9425B72F40257B45D45D24773273DAD0 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9425B72F40257B45D45D24773273DAD0 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 . ACCF5A9A1FFAA490F33DBA1C632B95E1 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2006-03-02 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-01-25_12.07.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-07-30 17:19 . 2009-08-06 18:24 44768 c:\windows\system32\wups2.dll
+ 2008-06-06 09:25 . 2009-08-06 18:24 35552 c:\windows\system32\wups.dll
+ 2008-06-06 09:25 . 2009-08-06 18:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2006-03-02 12:00 . 2008-04-13 22:10 96512 c:\windows\system32\dllcache\atapi.sys
+ 2008-06-06 09:34 . 2010-01-25 14:03 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-06-06 09:34 . 2010-01-25 11:50 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-06-06 09:34 . 2010-01-25 14:03 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-06-06 09:34 . 2010-01-25 11:50 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-6 561213]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"23156"=C:\obtxlha.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=

S0 ffmej;ffmej; [x]
S2 AsyncMacs;AsyncMacs;\??\c:\windows\System32\DRIVERS\AsyncMacs.sys --> c:\windows\System32\DRIVERS\AsyncMacs.sys [?]
.
.
------- Doplňkový sken -------
.
uStart Page =
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-25 15:26
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe >>UNKNOWN [0x8A89F530]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74cbf28
\Driver\ACPI -> ACPI.sys @ 0xf735ecb8
\Driver\atapi -> atapi.sys @ 0xf72f0852
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
user & kernel MBR OK

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(912)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(5196)
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
c:\program files\Common Files\Microsoft Shared\Web Components\11\1029\OWCI11.DLL
c:\windows\system32\btmmhook.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
c:\windows\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-01-25 15:29:43 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-25 14:29
ComboFix2.txt 2010-01-25 12:13

Před spuštěním: Volných bajtů: 227 203 526 656
Po spuštění: Volných bajtů: 227 181 285 376

Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - FA6A1DAB910E477482CC9C1570F82BBD

#4 Příspěvek od **motji** » 27 led 2010 13:08

Rudy, omluva za vstup, byla jsem požádána přes sz

Máte to parádně zavirované, doufám že se nepotvrdí virut

.
Udělejte postupně::

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše


KillAll::
Driver::
ffmej
Collect::
c:\windows\system32\drivers\attcrzylii.sys
C:\obtxlha.exe
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"23156"=-
FCOPY::
c:\windows\ServicePackFiles\i386\ndis.sys | c:\windows\system32\drivers\ndis.sys
c:\windows\ServicePackFiles\i386\ndis.sys | c:\windows\system32\dllcache\ndis.sys
c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys | c:\windows\system32\dllcache\tcpip.sys
c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys | c:\windows\system32\drivers\tcpip.sys
FixCSet::

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:

Obrázek

-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

Stahněte z mého podpisu AVPTOOl http://www.viry.cz/forum/viewtopic.php?f=29&t=58179

-Podle návodu nainstalujte a proveďte sken
-co najde nechejte léčit, mazat
-sken může trvat několik hodin
-vložte zde log z výsledky

Otestujte na www.virustotal.com
c:\windows\system32\userinit.exe
c:\windows\system32\drivers\ndis.sys
c:\windows\system32\drivers\atapi.sys
c:\windows\system32\drivers\tcpip.sys
Do okénka zkopírujte cestu k souboru , pokud napíše, že soubor byl už testován, dejte otestovat znovu.
Sem vložte link s výsledky.

Marwin · #5 Příspěvek od **Marwin** » 27 led 2010 14:58

log Combofix :

ComboFix 10-01-26.05 - xp 27.01.2010 14:04:21.4.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1624 [GMT 1:00]
Spuštěný z: c:\documents and settings\xp\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\xp\Plocha\CFScript.txt

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\tmp.reg

.
--------------- FCopy ---------------

c:\windows\ServicePackFiles\i386\ndis.sys --> c:\windows\system32\drivers\ndis.sys
c:\windows\ServicePackFiles\i386\ndis.sys --> c:\windows\system32\dllcache\ndis.sys
c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys --> c:\windows\system32\dllcache\tcpip.sys
c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys --> c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FFMEJ
-------\Service_ffmej

((((((((((((((((((((((((( Soubory vytvořené od 2009-12-27 do 2010-01-27 )))))))))))))))))))))))))))))))
.

2010-01-26 10:36 . 2010-01-26 10:37 -------- d-----w- c:\program files\trend micro
2010-01-26 10:36 . 2010-01-26 10:37 -------- d-----w- C:\rsit
2010-01-25 12:29 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-25 12:29 . 2010-01-25 12:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-25 12:29 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-25 12:17 . 2010-01-25 12:17 -------- d-----w- c:\program files\CCleaner
2010-01-25 11:54 . 2010-01-25 11:54 390144 ----a-w- c:\windows\system32\CF24925.exe
2010-01-24 21:50 . 2010-01-24 21:50 4 ----a-w- c:\program files\337203.dat
2010-01-24 20:49 . 2004-08-17 15:49 24576 ------w- c:\windows\system32\userinit.exe
2010-01-23 14:52 . 2010-01-23 14:52 -------- d-----w- c:\program files\Enigma Software Group
2010-01-23 13:22 . 2010-01-23 13:00 38709248 ----a-w- C:\ess_nt32_csy.msi
2010-01-23 11:30 . 2008-04-13 22:50 182656 -c--a-w- c:\windows\system32\dllcache\ndis.sys
2010-01-23 11:25 . 2010-01-23 11:25 -------- d-----w- C:\spoolerlogs

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-05 04:27 . 2008-12-31 14:20 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-05 13:12 . 2006-03-02 12:00 82840 ----a-w- c:\windows\system32\perfc005.dat
2009-11-05 13:12 . 2006-03-02 12:00 437574 ----a-w- c:\windows\system32\perfh005.dat
.

((((((((((((((((((((((((((((( SnapShot@2010-01-25_12.07.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-07-30 17:19 . 2009-08-06 18:24 44768 c:\windows\system32\wups2.dll
+ 2008-06-06 09:25 . 2009-08-06 18:24 35552 c:\windows\system32\wups.dll
+ 2008-06-06 09:25 . 2009-08-06 18:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2006-03-02 12:00 . 2008-04-13 22:10 96512 c:\windows\system32\dllcache\atapi.sys
+ 2008-06-06 09:34 . 2010-01-25 14:03 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-06-06 09:34 . 2010-01-25 11:50 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-6 561213]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=

S2 AsyncMacs;AsyncMacs;\??\c:\windows\System32\DRIVERS\AsyncMacs.sys --> c:\windows\System32\DRIVERS\AsyncMacs.sys [?]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-27 14:08
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(912)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(4084)
c:\windows\system32\btmmhook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
c:\windows\system32\wscntfy.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
.
**************************************************************************
.
Celkový čas: 2010-01-27 14:11:30 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-27 13:11
ComboFix2.txt 2010-01-25 14:29
ComboFix3.txt 2010-01-25 12:13

Před spuštěním: Volných bajtů: 226 651 885 568
Po spuštění: Volných bajtů: 226 609 410 048

- - End Of File - - C50A09FEDE982B1A6ED0299B356F0C2B

log AVPTool :

Autoscan: completed <1 minute ago (events: 30, objects: 115350, time: 00:20:53)
27.1.2010 14:19:36 Task started
27.1.2010 14:24:07 Detected: Rootkit.Win32.Agent.aaew C:\Documents and Settings\xp\DoctorWeb\Quarantine\A0008092.sys
27.1.2010 14:24:07 Detected: Rootkit.Win32.Agent.aaew C:\Documents and Settings\xp\DoctorWeb\Quarantine\A0008093.sys
27.1.2010 14:25:00 Deleted: Rootkit.Win32.Agent.aaew C:\Documents and Settings\xp\DoctorWeb\Quarantine\A0008093.sys
27.1.2010 14:25:00 Deleted: Rootkit.Win32.Agent.aaew C:\Documents and Settings\xp\DoctorWeb\Quarantine\A0008092.sys
27.1.2010 14:29:57 Detected: Virus.Win32.Protector.d C:\Qoobox\Quarantine\C\WINDOWS\system32\dllcache\ndis.sys.vir
27.1.2010 14:29:58 Disinfected: Virus.Win32.Protector.d C:\Qoobox\Quarantine\C\WINDOWS\system32\dllcache\ndis.sys.vir
27.1.2010 14:29:58 Disinfected: Virus.Win32.Protector.d C:\Qoobox\Quarantine\C\WINDOWS\system32\dllcache\ndis.sys.vir
27.1.2010 14:30:59 Detected: Virus.Win32.Protector.d C:\System Volume Information\_restore{C4551DE6-A420-4761-AC36-C677EDBD537E}\RP13\A0009023.sys
27.1.2010 14:31:00 Disinfected: Virus.Win32.Protector.d C:\System Volume Information\_restore{C4551DE6-A420-4761-AC36-C677EDBD537E}\RP13\A0009023.sys
27.1.2010 14:31:00 Disinfected: Virus.Win32.Protector.d C:\System Volume Information\_restore{C4551DE6-A420-4761-AC36-C677EDBD537E}\RP13\A0009023.sys
27.1.2010 14:31:06 Detected: Rootkit.Win32.Agent.aaew C:\System Volume Information\_restore{C4551DE6-A420-4761-AC36-C677EDBD537E}\RP13\A0009370.sys
27.1.2010 14:31:07 Detected: Rootkit.Win32.Agent.aaew C:\System Volume Information\_restore{C4551DE6-A420-4761-AC36-C677EDBD537E}\RP13\A0009371.sys
27.1.2010 14:31:21 Detected: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{C4551DE6-A420-4761-AC36-C677EDBD537E}\RP2\A0000069.exe
27.1.2010 14:32:02 Deleted: Rootkit.Win32.Agent.aaew C:\System Volume Information\_restore{C4551DE6-A420-4761-AC36-C677EDBD537E}\RP13\A0009370.sys
27.1.2010 14:32:03 Detected: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{C4551DE6-A420-4761-AC36-C677EDBD537E}\RP2\A0000083.exe
27.1.2010 14:32:03 Deleted: Rootkit.Win32.Agent.aaew C:\System Volume Information\_restore{C4551DE6-A420-4761-AC36-C677EDBD537E}\RP13\A0009371.sys
27.1.2010 14:32:03 Detected: Trojan.Win32.Vilsel.rii C:\System Volume Information\_restore{C4551DE6-A420-4761-AC36-C677EDBD537E}\RP3\A0007088.exe
27.1.2010 14:32:03 Detected: Trojan.Win32.Vilsel.rii C:\System Volume Information\_restore{C4551DE6-A420-4761-AC36-C677EDBD537E}\RP3\A0008088.exe
27.1.2010 14:32:03 Detected: Rootkit.Win32.Bezopi.g C:\System Volume Information\_restore{C4551DE6-A420-4761-AC36-C677EDBD537E}\RP3\A0008089.sys
27.1.2010 14:32:03 Deleted: Trojan.Win32.Vilsel.rii C:\System Volume Information\_restore{C4551DE6-A420-4761-AC36-C677EDBD537E}\RP3\A0008088.exe
27.1.2010 14:32:03 Detected: Trojan.Win32.Vilsel.rii C:\System Volume Information\_restore{C4551DE6-A420-4761-AC36-C677EDBD537E}\RP3\A0008091.exe
27.1.2010 14:32:03 Deleted: Trojan.Win32.Vilsel.rii C:\System Volume Information\_restore{C4551DE6-A420-4761-AC36-C677EDBD537E}\RP3\A0007088.exe
27.1.2010 14:32:04 Deleted: Rootkit.Win32.Bezopi.g C:\System Volume Information\_restore{C4551DE6-A420-4761-AC36-C677EDBD537E}\RP3\A0008089.sys
27.1.2010 14:32:04 Deleted: Trojan.Win32.Vilsel.rii C:\System Volume Information\_restore{C4551DE6-A420-4761-AC36-C677EDBD537E}\RP3\A0008091.exe
27.1.2010 14:32:23 Detected: Rootkit.Win32.Bezopi.g C:\System Volume Information\_restore{C4551DE6-A420-4761-AC36-C677EDBD537E}\RP6\A0008582.sys
27.1.2010 14:32:23 Detected: Rootkit.Win32.Agent.afai C:\System Volume Information\_restore{C4551DE6-A420-4761-AC36-C677EDBD537E}\RP6\A0008583.sys
27.1.2010 14:32:24 Deleted: Rootkit.Win32.Bezopi.g C:\System Volume Information\_restore{C4551DE6-A420-4761-AC36-C677EDBD537E}\RP6\A0008582.sys
27.1.2010 14:32:25 Deleted: Rootkit.Win32.Agent.afai C:\System Volume Information\_restore{C4551DE6-A420-4761-AC36-C677EDBD537E}\RP6\A0008583.sys
27.1.2010 14:40:29 Task completed

a jeste vysledky s virustotal:

userinit.exe
http://www.virustotal.com/cs/analisis/4 ... 1264599816

ndis.sys
http://www.virustotal.com/cs/analisis/f ... 1264599857

atapi.sys
http://www.virustotal.com/cs/analisis/b ... 1264599895

tcpip.sys
http://www.virustotal.com/cs/analisis/f ... 1264599938

#6 Příspěvek od **motji** » 27 led 2010 15:03

Otestujte na www.virustotal.com
c:\windows\System32\DRIVERS\AsyncMacs.sys
c:\windows\system32\dllcache\atapi.sys
C:\ess_nt32_csy.msi
c:\program files\337203.dat

Poprosím o log ze Rsitu, viz můj podpis.
Jak to vypadá s počítačem?

Marwin · #7 Příspěvek od **Marwin** » 27 led 2010 15:25

c:\windows\System32\DRIVERS\AsyncMacs.sys tohle sem nenasel

atapi.sys vysledek
http://www.virustotal.com/cs/analisis/b ... 1264601675

C:\ess_nt32_csy.msi virustotal skoncil z chybou Bigger than may size.jinak je to instalacka NOD

c:\program files\337203.dat vysledek
http://www.virustotal.com/cs/analisis/6 ... 1264601725

Marwin · #8 Příspěvek od **Marwin** » 27 led 2010 15:30

Huraaa ESET uz se nainstaloval bez problemu tady je jeste log z Rsitu:

Logfile of random's system information tool 1.06 (written by random/random)
Run by xp at 2010-01-27 15:29:41
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 216 GB (94%) free of 229 GB
Total RAM: 2047 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:29:52, on 27.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\explorer.exe
C:\Documents and Settings\xp\Plocha\Virus Removal Tool\setup_9.0.0.722_27.01.2010_14-27\setup_9.0.0.722_27.01.2010_14-27.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\xp\Plocha\RSIT.exe
C:\Program Files\trend micro\xp.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: setup_9.0.0.722_27.01.2010_14-27.lnk = C:\Documents and Settings\xp\Plocha\Virus Removal Tool\setup_9.0.0.722_27.01.2010_14-27\startup.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 4251588687
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 4691610968
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 5615 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-11-16 2054360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Documents and Settings\xp\Nabídka Start\Programy\Po spuštění
setup_9.0.0.722_27.01.2010_14-27.lnk - C:\Documents and Settings\xp\Plocha\Virus Removal Tool\setup_9.0.0.722_27.01.2010_14-27\startup.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-07-21 118784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\lsass.exe"="C:\WINDOWS\lsass.exe:*:Enabled:LSA Shell"
"C:\WINDOWS\system32\lsass.exe"="C:\WINDOWS\system32\lsass.exe:*:Enabled:LSA Shell"

======List of files/folders created in the last 1 months======

2010-01-27 15:28:40 ----D---- C:\Documents and Settings\xp\Data aplikací\ESET
2010-01-27 15:27:38 ----D---- C:\Program Files\ESET
2010-01-27 15:27:38 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESET
2010-01-27 14:17:12 ----D---- C:\WINDOWS\LastGood
2010-01-27 14:15:35 ----SHD---- C:\RECYCLER
2010-01-27 14:11:32 ----D---- C:\WINDOWS\temp
2010-01-27 14:11:30 ----A---- C:\ComboFix.txt
2010-01-26 15:16:17 ----A---- C:\WINDOWS\system32\tmp.txt
2010-01-26 15:16:15 ----A---- C:\rapport.txt
2010-01-26 11:36:57 ----D---- C:\Program Files\trend micro
2010-01-26 11:36:56 ----D---- C:\rsit
2010-01-25 13:29:31 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-25 13:17:34 ----D---- C:\Program Files\CCleaner
2010-01-25 12:56:13 ----A---- C:\WINDOWS\zip.exe
2010-01-25 12:56:13 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-01-25 12:56:13 ----A---- C:\WINDOWS\SWSC.exe
2010-01-25 12:56:13 ----A---- C:\WINDOWS\SWREG.exe
2010-01-25 12:56:13 ----A---- C:\WINDOWS\sed.exe
2010-01-25 12:56:13 ----A---- C:\WINDOWS\PEV.exe
2010-01-25 12:56:13 ----A---- C:\WINDOWS\NIRCMD.exe
2010-01-25 12:56:13 ----A---- C:\WINDOWS\MBR.exe
2010-01-25 12:56:13 ----A---- C:\WINDOWS\grep.exe
2010-01-25 12:54:40 ----D---- C:\WINDOWS\ERDNT
2010-01-25 12:54:37 ----A---- C:\WINDOWS\system32\CF24925.exe
2010-01-25 12:54:22 ----D---- C:\Qoobox
2010-01-24 21:49:02 ----N---- C:\WINDOWS\system32\userinit.exe
2010-01-23 15:52:19 ----D---- C:\Program Files\Enigma Software Group
2010-01-23 14:51:33 ----D---- C:\Documents and Settings\xp\Data aplikací\ScanSpyware
2010-01-23 12:25:51 ----D---- C:\spoolerlogs
2010-01-20 21:26:28 ----D---- C:\Documents and Settings\All Users\Data aplikací\Macromedia

======List of files/folders modified in the last 1 months======

2010-01-27 15:29:48 ----D---- C:\WINDOWS\Prefetch
2010-01-27 15:28:30 ----SHD---- C:\WINDOWS\Installer
2010-01-27 15:28:19 ----HD---- C:\WINDOWS\inf
2010-01-27 15:28:19 ----D---- C:\WINDOWS\system32\drivers
2010-01-27 15:27:38 ----RD---- C:\Program Files
2010-01-27 14:17:55 ----SHD---- C:\System Volume Information
2010-01-27 14:17:12 ----D---- C:\WINDOWS
2010-01-27 14:16:33 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-01-27 14:10:28 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-27 14:08:31 ----A---- C:\WINDOWS\system.ini
2010-01-27 14:07:02 ----D---- C:\WINDOWS\system32\config
2010-01-27 14:06:35 ----D---- C:\WINDOWS\system32
2010-01-27 14:06:07 ----D---- C:\WINDOWS\AppPatch
2010-01-27 14:06:03 ----D---- C:\Program Files\Common Files
2010-01-27 14:04:27 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-27 14:03:42 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-01-26 09:38:21 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-01-26 09:26:43 ----SD---- C:\Documents and Settings\xp\Data aplikací\Microsoft
2010-01-25 15:02:46 ----D---- C:\WINDOWS\security
2010-01-25 14:15:11 ----HDC---- C:\WINDOWS\$NtUninstallKB915800-v4$
2010-01-25 13:39:49 ----D---- C:\WINDOWS\Debug
2010-01-25 13:14:13 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-25 13:12:08 ----D---- C:\WINDOWS\repair
2010-01-25 13:08:39 ----D---- C:\WINDOWS\Help
2010-01-23 16:05:21 ----D---- C:\WINDOWS\system32\Restore
2010-01-23 15:47:44 ----A---- C:\WINDOWS\wininit.ini
2010-01-19 05:08:19 ----A---- C:\WINDOWS\NeroDigital.ini
2010-01-05 05:27:27 ----D---- C:\Program Files\Spybot - Search & Destroy

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 72653211;72653211; C:\WINDOWS\system32\DRIVERS\72653211.sys [2009-09-25 128016]
R1 eabfiltr;eabfiltr; C:\WINDOWS\system32\DRIVERS\eabfiltr.sys [2006-11-30 8192]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2009-11-16 55768]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 setup_9.0.0.722_27.01.2010_14-27drv;setup_9.0.0.722_27.01.2010_14-27drv; C:\WINDOWS\system32\DRIVERS\7265321.sys [2009-10-09 315408]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-11-16 116520]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2009-12-18 135048]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2008-11-21 1204128]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-07-21 2363904]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2007-02-14 530861]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2007-02-14 30459]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2007-02-14 868298]
R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2007-04-12 250776]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2010-01-08 33096]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2008-04-28 9344]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 NETw5x32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw5x32.sys [2008-11-17 3636864]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2006-03-02 5888]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2008-03-28 224672]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S2 AsyncMacs;AsyncMacs; \??\C:\WINDOWS\System32\DRIVERS\AsyncMacs.sys []
S3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys []
S3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2007-07-13 94976]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2007-02-14 149123]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2007-02-14 67960]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mbr;mbr; \??\C:\DOCUME~1\xp\LOCALS~1\Temp\mbr.sys []
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 NETw4x32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-10-31 2236544]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\WINDOWS\system32\agrsmsvc.exe [2008-03-18 13312]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-07-21 483328]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2007-02-06 266295]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-11-16 735960]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-11-16 20680]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#9 Příspěvek od **motji** » 27 led 2010 15:43

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

Driver::
AsyncMacs
File::
C:\WINDOWS\System32\DRIVERS\AsyncMacs.sys
Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\WINDOWS\lsass.exe"=-
"C:\WINDOWS\system32\lsass.exe"=-

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:

Obrázek

-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

Já tu budu až večer, takže pak ještě provedte:

Odinstalujte combofix přes
Start >> Spustit zkopírujte do okénka:

ComboFix /Uninstall

stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.

Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir

Stahněte TFC a použijte
TFC (http://oldtimer.geekstogo.com/TFC.exe)

Stáhněte Ccleaner,viz můj podpis
-nainstalujte a vyčištěte dočasné soubory, i registry

Vložte nový log ze RSIT a řekněte co počítač,jak se chová,už je vše v pořádku?

Vidím v počítači mbam, udělejte sken a vložte zde log

Marwin · #10 Příspěvek od **Marwin** » 27 led 2010 17:09

Combofix log:
ComboFix 10-01-26.06 - xp 27.01.2010 16:14:32.5.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1621 [GMT 1:00]
Spuštěný z: c:\documents and settings\xp\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\xp\Plocha\CFScript.txt
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!

FILE ::
"c:\windows\System32\DRIVERS\AsyncMacs.sys"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASYNCMACS
-------\Service_AsyncMacs

((((((((((((((((((((((((( Soubory vytvořené od 2009-12-27 do 2010-01-27 )))))))))))))))))))))))))))))))
.

2010-01-27 15:11 . 2010-01-27 15:11 -------- d-sh--w- c:\documents and settings\xp\IETldCache
2010-01-27 14:56 . 2009-12-11 08:38 69120 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-01-27 14:56 . 2010-01-27 14:56 -------- d-----w- c:\windows\ie8updates
2010-01-27 14:56 . 2009-12-21 19:08 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-01-27 14:56 . 2009-12-21 19:08 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-01-27 14:54 . 2010-01-27 14:55 -------- dc-h--w- c:\windows\ie8
2010-01-27 14:27 . 2010-01-27 14:27 -------- d-----w- c:\program files\ESET
2010-01-26 10:36 . 2010-01-27 14:29 -------- d-----w- c:\program files\trend micro
2010-01-26 10:36 . 2010-01-26 10:37 -------- d-----w- C:\rsit
2010-01-25 12:17 . 2010-01-25 12:17 -------- d-----w- c:\program files\CCleaner
2010-01-25 12:14 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-25 12:12 . 2009-10-15 16:32 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-01-25 12:12 . 2009-10-15 16:32 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-01-25 12:12 . 2009-06-21 21:48 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-01-25 12:12 . 2009-07-10 13:28 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2010-01-25 11:54 . 2010-01-25 11:54 390144 ----a-w- c:\windows\system32\CF24925.exe
2010-01-24 21:50 . 2010-01-24 21:50 4 ----a-w- c:\program files\337203.dat
2010-01-24 20:49 . 2004-08-17 15:49 24576 ------w- c:\windows\system32\userinit.exe
2010-01-23 14:52 . 2010-01-23 14:52 -------- d-----w- c:\program files\Enigma Software Group
2010-01-23 13:22 . 2010-01-23 13:00 38709248 ----a-w- C:\ess_nt32_csy.msi
2010-01-23 11:30 . 2008-04-13 22:50 182656 -c--a-w- c:\windows\system32\dllcache\ndis.sys
2010-01-23 11:25 . 2010-01-23 11:25 -------- d-----w- C:\spoolerlogs
2010-01-08 07:13 . 2010-01-08 07:13 33096 ----a-w- c:\windows\system32\drivers\epfwndis.sys
2010-01-05 09:57 . 2010-01-05 09:57 78336 -c----w- c:\windows\system32\dllcache\ieencode.dll
2010-01-05 09:57 . 2010-01-05 09:57 78336 ------w- c:\windows\system32\ieencode.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-27 15:00 . 2006-03-02 12:00 82840 ----a-w- c:\windows\system32\perfc005.dat
2010-01-27 15:00 . 2006-03-02 12:00 437574 ----a-w- c:\windows\system32\perfh005.dat
2010-01-05 04:27 . 2008-12-31 14:20 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-21 19:08 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-18 14:02 . 2009-12-18 14:02 135048 ----a-w- c:\windows\system32\drivers\epfw.sys
2009-11-21 16:03 . 2006-03-02 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-16 08:06 . 2009-11-16 08:06 55768 ----a-w- c:\windows\system32\drivers\epfwtdi.sys
2009-11-16 08:03 . 2009-11-16 08:03 108792 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-11-16 07:56 . 2009-11-16 07:56 116520 ----a-w- c:\windows\system32\drivers\eamon.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-01-25_12.07.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-07-30 17:19 . 2009-08-06 18:24 44768 c:\windows\system32\wups2.dll
+ 2008-06-06 09:25 . 2009-08-06 18:24 35552 c:\windows\system32\wups.dll
+ 2006-03-02 12:00 . 2009-06-25 08:27 54272 c:\windows\system32\wdigest.dll
+ 2008-06-06 11:13 . 2009-10-28 15:07 46080 c:\windows\system32\tzchange.exe
+ 2006-03-02 12:00 . 2009-06-15 10:45 81408 c:\windows\system32\tlntsess.exe
+ 2006-03-02 12:00 . 2009-06-15 10:45 78336 c:\windows\system32\telnet.exe
+ 2008-06-06 09:49 . 2009-01-07 17:20 26144 c:\windows\system32\spupdsvc.exe
+ 2008-06-18 14:23 . 2009-01-07 17:20 17952 c:\windows\system32\spmsg.dll
- 2006-03-02 12:00 . 2009-02-03 19:58 56832 c:\windows\system32\secur32.dll
+ 2006-03-02 12:00 . 2009-06-25 08:27 56832 c:\windows\system32\secur32.dll
- 2006-03-02 12:00 . 2008-04-14 06:51 79872 c:\windows\system32\raschap.dll
+ 2006-03-02 12:00 . 2009-10-12 13:40 79872 c:\windows\system32\raschap.dll
+ 2006-03-02 12:00 . 2009-03-08 03:31 46592 c:\windows\system32\pngfilt.dll
- 2006-03-02 12:00 . 2009-11-05 13:12 71336 c:\windows\system32\perfc009.dat
+ 2006-03-02 12:00 . 2010-01-27 15:00 71336 c:\windows\system32\perfc009.dat
- 2006-06-29 06:05 . 2006-06-29 06:05 23552 c:\windows\system32\normaliz.dll
+ 2006-06-29 06:05 . 2009-01-07 17:20 23552 c:\windows\system32\normaliz.dll
+ 2006-06-28 15:59 . 2009-01-07 17:20 24576 c:\windows\system32\nlsdl.dll
- 2006-06-28 15:59 . 2006-06-28 15:59 24576 c:\windows\system32\nlsdl.dll
+ 2006-03-02 12:00 . 2009-03-08 03:31 48128 c:\windows\system32\mshtmler.dll
- 2006-03-02 12:00 . 2007-08-13 16:01 48128 c:\windows\system32\mshtmler.dll
+ 2006-03-02 12:00 . 2009-03-08 03:31 66560 c:\windows\system32\mshtmled.dll
+ 2006-03-02 12:00 . 2009-03-08 03:31 45568 c:\windows\system32\mshta.exe
- 2006-03-02 12:00 . 2007-08-13 16:32 45568 c:\windows\system32\mshta.exe
+ 2007-08-13 16:36 . 2009-03-08 03:31 13312 c:\windows\system32\msfeedssync.exe
+ 2007-08-13 16:54 . 2009-12-21 19:08 55296 c:\windows\system32\msfeedsbs.dll
+ 2006-03-02 12:00 . 2009-09-04 21:05 58880 c:\windows\system32\msasn1.dll
+ 2006-03-02 12:00 . 2009-03-08 03:34 43008 c:\windows\system32\licmgr10.dll
+ 2006-03-02 12:00 . 2009-12-21 19:08 25600 c:\windows\system32\jsproxy.dll
+ 2006-03-02 12:00 . 2009-03-08 03:32 94720 c:\windows\system32\inseng.dll
+ 2006-03-02 12:00 . 2009-03-08 03:31 34816 c:\windows\system32\imgutil.dll
+ 2007-08-13 16:39 . 2009-03-08 03:32 36864 c:\windows\system32\ieudinit.exe
+ 2006-03-02 12:00 . 2009-03-08 03:32 71680 c:\windows\system32\iesetup.dll
+ 2006-03-02 12:00 . 2009-03-08 03:32 55808 c:\windows\system32\iernonce.dll
- 2006-06-29 06:05 . 2006-06-29 06:05 26112 c:\windows\system32\idndl.dll
+ 2006-06-29 06:05 . 2009-01-07 17:20 26112 c:\windows\system32\idndl.dll
+ 2007-08-13 16:36 . 2009-03-08 03:31 59904 c:\windows\system32\icardie.dll
+ 2006-03-02 12:00 . 2009-10-15 16:32 81920 c:\windows\system32\fontsub.dll
+ 2006-03-02 12:00 . 2009-06-24 11:18 92928 c:\windows\system32\drivers\ksecdd.sys
+ 2008-06-06 09:25 . 2009-08-06 18:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2009-06-25 08:27 . 2009-06-25 08:27 54272 c:\windows\system32\dllcache\wdigest.dll
+ 2009-06-15 10:45 . 2009-06-15 10:45 81408 c:\windows\system32\dllcache\tlntsess.exe
+ 2009-06-15 10:45 . 2009-06-15 10:45 78336 c:\windows\system32\dllcache\telnet.exe
- 2009-02-03 19:58 . 2009-02-03 19:58 56832 c:\windows\system32\dllcache\secur32.dll
+ 2009-02-03 19:58 . 2009-06-25 08:27 56832 c:\windows\system32\dllcache\secur32.dll
+ 2009-10-12 13:40 . 2009-10-12 13:40 79872 c:\windows\system32\dllcache\raschap.dll
+ 2007-08-13 16:36 . 2009-03-08 03:31 46592 c:\windows\system32\dllcache\pngfilt.dll
- 2007-08-13 16:01 . 2007-08-13 16:01 48128 c:\windows\system32\dllcache\mshtmler.dll
+ 2007-08-13 16:01 . 2009-03-08 03:31 48128 c:\windows\system32\dllcache\mshtmler.dll
+ 2007-08-13 16:54 . 2009-03-08 03:31 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2007-08-13 16:32 . 2007-08-13 16:32 45568 c:\windows\system32\dllcache\mshta.exe
+ 2007-08-13 16:32 . 2009-03-08 03:31 45568 c:\windows\system32\dllcache\mshta.exe
+ 2008-06-11 14:44 . 2009-12-21 19:08 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-09-04 21:05 . 2009-09-04 21:05 58880 c:\windows\system32\dllcache\msasn1.dll
+ 2007-08-13 16:44 . 2009-03-08 03:34 43008 c:\windows\system32\dllcache\licmgr10.dll
+ 2009-06-24 11:18 . 2009-06-24 11:18 92928 c:\windows\system32\dllcache\ksecdd.sys
+ 2007-08-13 16:54 . 2009-12-21 19:08 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2007-08-13 16:39 . 2009-03-08 03:32 94720 c:\windows\system32\dllcache\inseng.dll
+ 2007-08-13 16:36 . 2009-03-08 03:31 34816 c:\windows\system32\dllcache\imgutil.dll
- 2008-06-11 14:44 . 2009-02-20 10:20 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2008-06-11 14:44 . 2009-12-31 15:32 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2007-08-13 16:39 . 2009-03-08 03:32 71680 c:\windows\system32\dllcache\iesetup.dll
+ 2007-08-13 16:39 . 2009-03-08 03:32 55808 c:\windows\system32\dllcache\iernonce.dll
+ 2008-06-11 14:44 . 2009-03-08 03:31 59904 c:\windows\system32\dllcache\icardie.dll
+ 2007-08-13 16:18 . 2009-03-08 03:24 68608 c:\windows\system32\dllcache\hmmapi.dll
+ 2007-08-13 16:42 . 2009-03-08 03:33 18944 c:\windows\system32\dllcache\corpol.dll
+ 2009-06-10 14:15 . 2009-06-10 14:15 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2009-07-17 19:04 . 2009-07-17 19:04 58880 c:\windows\system32\dllcache\atl.dll
+ 2006-03-02 12:00 . 2008-04-13 22:10 96512 c:\windows\system32\dllcache\atapi.sys
+ 2007-08-13 16:39 . 2009-03-08 03:32 72704 c:\windows\system32\dllcache\admparse.dll
+ 2006-03-02 12:00 . 2009-03-08 03:33 18944 c:\windows\system32\corpol.dll
- 2008-06-06 09:34 . 2010-01-25 11:50 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-06-06 09:34 . 2010-01-25 14:03 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-03-02 12:00 . 2008-04-14 06:51 84992 c:\windows\system32\avifil32.dll
+ 2006-03-02 12:00 . 2009-06-10 14:15 84992 c:\windows\system32\avifil32.dll
+ 2006-03-02 12:00 . 2009-07-17 19:04 58880 c:\windows\system32\atl.dll
- 2006-03-02 12:00 . 2008-04-14 06:51 58880 c:\windows\system32\atl.dll
+ 2006-03-02 12:00 . 2009-03-08 03:32 72704 c:\windows\system32\admparse.dll
+ 2009-06-24 18:56 . 2009-06-24 18:56 73728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
- 2007-04-13 18:58 . 2007-04-13 18:58 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2008-05-27 23:49 . 2008-05-27 23:49 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2007-04-13 18:57 . 2007-04-13 18:57 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2008-05-27 23:49 . 2008-05-27 23:49 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2007-04-13 18:57 . 2007-04-13 18:57 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2008-05-27 23:49 . 2008-05-27 23:49 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2007-04-13 19:30 . 2007-04-13 19:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2008-05-28 00:30 . 2008-05-28 00:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2010-01-27 14:28 . 2010-01-27 14:28 97360 c:\windows\Installer\{14B7A9EF-BB68-4529-9190-8CE164E0F548}\egui.exe
+ 2010-01-27 14:28 . 2010-01-27 14:28 10134 c:\windows\Installer\{14B7A9EF-BB68-4529-9190-8CE164E0F548}\callmsi.exe
+ 2010-01-27 14:56 . 2009-10-29 07:43 12800 c:\windows\ie8updates\KB978207-IE8\xpshims.dll
+ 2010-01-27 14:56 . 2009-10-29 07:43 55296 c:\windows\ie8updates\KB978207-IE8\msfeedsbs.dll
+ 2010-01-27 14:56 . 2009-10-29 07:43 25600 c:\windows\ie8updates\KB978207-IE8\jsproxy.dll
+ 2010-01-27 14:56 . 2009-03-08 03:33 12288 c:\windows\ie8updates\KB976325-IE8\xpshims.dll
+ 2010-01-27 14:56 . 2009-03-08 03:31 55296 c:\windows\ie8updates\KB976325-IE8\msfeedsbs.dll
+ 2010-01-27 14:56 . 2009-03-08 03:33 25600 c:\windows\ie8updates\KB976325-IE8\jsproxy.dll
+ 2010-01-27 14:55 . 2009-03-08 15:57 58448 c:\windows\ie8\spuninst\iecustom.dll
+ 2010-01-27 14:54 . 2009-02-20 17:13 44544 c:\windows\ie8\pngfilt.dll
+ 2010-01-27 14:54 . 2007-08-13 16:01 48128 c:\windows\ie8\mshtmler.dll
+ 2010-01-27 14:54 . 2007-08-13 16:32 45568 c:\windows\ie8\mshta.exe
+ 2010-01-27 14:54 . 2007-08-13 16:36 12288 c:\windows\ie8\msfeedssync.exe
+ 2010-01-27 14:54 . 2009-02-20 17:13 52224 c:\windows\ie8\msfeedsbs.dll
+ 2010-01-27 14:54 . 2007-08-13 16:44 40960 c:\windows\ie8\licmgr10.dll
+ 2010-01-27 14:54 . 2009-02-20 17:13 27648 c:\windows\ie8\jsproxy.dll
+ 2010-01-27 14:54 . 2007-08-13 16:39 92672 c:\windows\ie8\inseng.dll
+ 2010-01-27 14:54 . 2007-08-13 16:36 36352 c:\windows\ie8\imgutil.dll
+ 2010-01-27 14:54 . 2007-08-13 16:39 55296 c:\windows\ie8\iesetup.dll
+ 2010-01-27 14:54 . 2009-02-20 17:13 44544 c:\windows\ie8\iernonce.dll
+ 2010-01-27 14:54 . 2009-02-20 17:13 78336 c:\windows\ie8\ieencode.dll
+ 2010-01-27 14:54 . 2009-02-20 10:20 70656 c:\windows\ie8\ie4uinit.exe
+ 2010-01-27 14:54 . 2009-02-20 17:13 63488 c:\windows\ie8\icardie.dll
+ 2010-01-27 14:54 . 2007-08-13 16:18 60416 c:\windows\ie8\hmmapi.dll
+ 2010-01-27 14:54 . 2007-08-13 16:42 17408 c:\windows\ie8\corpol.dll
+ 2010-01-27 14:54 . 2007-08-13 16:39 71680 c:\windows\ie8\admparse.dll
+ 2010-01-27 15:04 . 2009-02-20 10:20 13824 c:\windows\ie7updates\KB978207-IE7\ieudinit.exe
+ 2010-01-27 14:58 . 2010-01-27 14:58 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_d9855919\System.Drawing.Design.dll
+ 2010-01-27 14:58 . 2010-01-27 14:58 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_1e4bea95\CustomMarshalers.dll
+ 2010-01-27 15:03 . 2010-01-27 15:03 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\b4a9e413d5cd6d6ec2d50aa05381e293\UIAutomationProvider.ni.dll
+ 2010-01-27 15:07 . 2010-01-27 15:07 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\8acb476a0d4ee17a12881e17ae74a6af\System.Windows.Presentation.ni.dll
+ 2010-01-27 15:07 . 2010-01-27 15:07 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\4b87ca3482a3c0ee733e028ecee7de65\System.Web.DynamicData.Design.ni.dll
+ 2010-01-27 15:06 . 2010-01-27 15:06 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\a0c71055364bd356971791284c3fb910\System.ComponentModel.DataAnnotations.ni.dll
+ 2010-01-27 15:06 . 2010-01-27 15:06 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f9a75bbdc2ce7db578b5977766a09b99\System.AddIn.Contract.ni.dll
+ 2010-01-27 15:01 . 2010-01-27 15:01 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\3dd0f86c966c75755d62eab8ddf0634c\PresentationFontCache.ni.exe
+ 2010-01-27 15:01 . 2010-01-27 15:01 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\034d081fe294bab1ee1ecc98c1181424\PresentationCFFRasterizer.ni.dll
+ 2010-01-27 15:06 . 2010-01-27 15:06 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\f2673aec397c52796aef05bb9d2668df\Microsoft.Vsa.ni.dll
+ 2010-01-27 15:05 . 2010-01-27 15:05 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\d513fe1a81c441e7656a9b062cff4e9f\Microsoft.Build.Framework.ni.dll
+ 2010-01-27 15:05 . 2010-01-27 15:05 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\c5d504724d7f351b1d034615dbb72a2a\Microsoft.Build.Framework.ni.dll
+ 2010-01-27 15:05 . 2010-01-27 15:05 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\a664ccab020f93f1d533919f57131190\dfsvc.ni.exe
+ 2010-01-27 15:04 . 2010-01-27 15:04 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\e63d6d26b8a664cfdfbd4ad75e03c14d\Accessibility.ni.dll
- 2009-04-18 21:02 . 2009-04-18 21:02 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-01-27 15:00 . 2010-01-27 15:00 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2009-04-18 21:02 . 2009-04-18 21:02 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-01-27 15:00 . 2010-01-27 15:00 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-01-27 15:00 . 2010-01-27 15:00 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2009-04-18 21:02 . 2009-04-18 21:02 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-01-27 15:00 . 2010-01-27 15:00 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2009-04-18 21:02 . 2009-04-18 21:02 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2009-04-18 21:02 . 2009-04-18 21:02 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-01-27 15:00 . 2010-01-27 15:00 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-01-27 15:00 . 2010-01-27 15:00 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2009-04-18 21:02 . 2009-04-18 21:02 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-01-27 15:00 . 2010-01-27 15:00 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2009-04-18 21:02 . 2009-04-18 21:02 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-01-27 15:00 . 2010-01-27 15:00 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2009-04-18 21:02 . 2009-04-18 21:02 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-01-27 15:00 . 2010-01-27 15:00 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2009-04-18 21:02 . 2009-04-18 21:02 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2009-04-18 21:02 . 2009-04-18 21:02 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2010-01-27 15:00 . 2010-01-27 15:00 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2010-01-27 15:00 . 2010-01-27 15:00 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2009-04-18 21:02 . 2009-04-18 21:02 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-01-27 15:00 . 2010-01-27 15:00 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2009-04-18 21:02 . 2009-04-18 21:02 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-01-27 15:00 . 2010-01-27 15:00 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2009-04-18 21:02 . 2009-04-18 21:02 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2009-04-18 21:02 . 2009-04-18 21:02 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2010-01-27 15:00 . 2010-01-27 15:00 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2010-01-27 14:56 . 2009-03-08 03:35 2048 c:\windows\ie8updates\KB978506-IE8\iecompat.dll
- 2009-04-18 21:02 . 2009-04-18 21:02 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-01-27 15:00 . 2010-01-27 15:00 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2009-04-18 21:02 . 2009-04-18 21:02 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-01-27 15:00 . 2010-01-27 15:00 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-01-27 15:00 . 2010-01-27 15:00 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2009-04-18 21:02 . 2009-04-18 21:02 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2009-04-18 21:02 . 2009-04-18 21:02 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-01-27 15:00 . 2010-01-27 15:00 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-01-27 15:00 . 2010-01-27 15:00 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2009-04-18 21:02 . 2009-04-18 21:02 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-01-27 15:00 . 2010-01-27 15:00 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2009-04-18 21:02 . 2009-04-18 21:02 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2008-06-06 11:13 . 2009-01-07 17:21 121856 c:\windows\system32\xmllite.dll
- 2008-06-06 11:13 . 2008-04-14 06:52 121856 c:\windows\system32\xmllite.dll
+ 2006-03-02 12:00 . 2009-04-01 22:02 604160 c:\windows\system32\wmspdmod.dll
+ 2006-03-02 12:00 . 2009-07-13 22:43 286208 c:\windows\system32\wmpdxm.dll
+ 2006-03-02 12:00 . 2009-06-10 06:16 132096 c:\windows\system32\wkssvc.dll
- 2006-03-02 12:00 . 2008-04-14 06:52 132096 c:\windows\system32\wkssvc.dll
+ 2007-08-13 16:45 . 2009-03-08 03:34 208384 c:\windows\system32\WinFXDocObj.exe
+ 2006-03-02 12:00 . 2009-03-08 03:34 236544 c:\windows\system32\webcheck.dll
+ 2006-03-02 12:00 . 2009-03-08 03:33 420352 c:\windows\system32\vbscript.dll
+ 2006-03-02 12:00 . 2009-03-08 03:34 105984 c:\windows\system32\url.dll
- 2006-03-02 12:00 . 2009-02-20 17:13 105984 c:\windows\system32\url.dll
+ 2006-03-02 12:00 . 2009-10-15 16:32 119808 c:\windows\system32\t2embed.dll
- 2006-03-02 12:00 . 2008-10-03 10:04 247326 c:\windows\system32\strmdll.dll
+ 2006-03-02 12:00 . 2009-08-26 08:02 247326 c:\windows\system32\strmdll.dll
+ 2006-03-02 12:00 . 2009-06-25 08:27 147456 c:\windows\system32\schannel.dll
+ 2006-03-02 12:00 . 2009-04-15 14:54 585216 c:\windows\system32\rpcrt4.dll
+ 2006-03-02 12:00 . 2009-10-12 13:40 150016 c:\windows\system32\rastls.dll
- 2006-03-02 12:00 . 2009-11-05 13:12 441018 c:\windows\system32\perfh009.dat
+ 2006-03-02 12:00 . 2010-01-27 15:00 441018 c:\windows\system32\perfh009.dat
+ 2006-03-02 12:00 . 2009-12-21 19:08 206848 c:\windows\system32\occache.dll
+ 2006-03-02 12:00 . 2009-10-13 10:34 271360 c:\windows\system32\oakley.dll
- 2006-03-02 12:00 . 2008-04-14 06:51 271360 c:\windows\system32\oakley.dll
+ 2006-03-02 12:00 . 2009-08-05 09:01 205312 c:\windows\system32\mswebdvd.dll
+ 2006-03-02 12:00 . 2009-09-11 14:19 136192 c:\windows\system32\msv1_0.dll
+ 2006-03-02 12:00 . 2009-03-08 03:32 611840 c:\windows\system32\mstime.dll
+ 2006-03-02 12:00 . 2009-03-08 03:34 193536 c:\windows\system32\msrating.dll
- 2006-03-02 12:00 . 2007-08-13 16:54 156160 c:\windows\system32\msls31.dll
+ 2006-03-02 12:00 . 2009-03-08 03:22 156160 c:\windows\system32\msls31.dll
+ 2007-08-13 16:54 . 2009-12-21 19:08 594432 c:\windows\system32\msfeeds.dll
+ 2009-01-07 17:20 . 2009-01-07 17:20 265720 c:\windows\system32\msdbg2.dll
+ 2006-03-02 12:00 . 2009-06-25 08:27 729088 c:\windows\system32\lsasrv.dll
+ 2006-03-02 12:00 . 2009-05-07 15:33 346624 c:\windows\system32\localspl.dll
+ 2006-03-02 12:00 . 2009-06-25 08:27 301568 c:\windows\system32\kerberos.dll
+ 2006-03-02 12:00 . 2009-03-08 03:33 726528 c:\windows\system32\jscript.dll
+ 2007-08-13 16:54 . 2009-03-08 03:22 164352 c:\windows\system32\ieui.dll
+ 2006-03-02 12:00 . 2009-12-21 19:08 184320 c:\windows\system32\iepeers.dll
+ 2006-03-02 12:00 . 2009-12-21 19:08 387584 c:\windows\system32\iedkcs32.dll
+ 2007-07-11 10:27 . 2009-03-08 03:11 445952 c:\windows\system32\ieapfltr.dll
+ 2006-03-02 12:00 . 2009-03-08 03:32 163840 c:\windows\system32\ieakui.dll
+ 2006-03-02 12:00 . 2009-03-08 03:33 229376 c:\windows\system32\ieaksie.dll
+ 2006-03-02 12:00 . 2009-03-08 03:33 125952 c:\windows\system32\ieakeng.dll
+ 2006-03-02 12:00 . 2009-12-21 13:18 173056 c:\windows\system32\ie4uinit.exe
- 2008-06-06 11:13 . 2009-09-10 03:24 137256 c:\windows\system32\FNTCACHE.DAT
+ 2008-06-06 11:13 . 2010-01-27 15:11 137256 c:\windows\system32\FNTCACHE.DAT
+ 2006-03-02 12:00 . 2010-01-05 09:57 133120 c:\windows\system32\extmgr.dll
- 2006-03-02 12:00 . 2009-02-20 17:13 133120 c:\windows\system32\extmgr.dll
+ 2006-03-02 12:00 . 2009-03-08 03:31 216064 c:\windows\system32\dxtrans.dll
+ 2006-03-02 12:00 . 2009-03-08 03:31 348160 c:\windows\system32\dxtmsft.dll
- 2006-03-02 12:00 . 2008-06-20 11:51 361600 c:\windows\system32\drivers\tcpip.sys
+ 2006-03-02 12:00 . 2008-06-20 11:59 361600 c:\windows\system32\drivers\tcpip.sys
+ 2006-03-02 12:00 . 2008-04-13 22:50 182656 c:\windows\system32\drivers\ndis.sys
+ 2006-03-02 12:00 . 2009-04-01 22:02 604160 c:\windows\system32\dllcache\wmspdmod.dll
+ 2006-03-02 12:00 . 2009-07-13 22:43 286208 c:\windows\system32\dllcache\wmpdxm.dll
+ 2009-06-10 06:16 . 2009-06-10 06:16 132096 c:\windows\system32\dllcache\wkssvc.dll
+ 2007-08-13 16:54 . 2009-12-21 19:08 916480 c:\windows\system32\dllcache\wininet.dll
+ 2007-08-13 16:54 . 2009-03-08 03:34 236544 c:\windows\system32\dllcache\webcheck.dll
+ 2007-08-13 16:54 . 2009-03-08 03:33 759296 c:\windows\system32\dllcache\VGX.dll
+ 2007-08-13 16:54 . 2009-03-08 03:33 420352 c:\windows\system32\dllcache\vbscript.dll
+ 2007-08-13 16:44 . 2009-03-08 03:34 105984 c:\windows\system32\dllcache\url.dll
- 2007-08-13 16:44 . 2009-02-20 17:13 105984 c:\windows\system32\dllcache\url.dll
- 2008-06-20 11:51 . 2008-06-20 11:51 361600 c:\windows\system32\dllcache\tcpip.sys
+ 2008-06-20 11:51 . 2008-06-20 11:59 361600 c:\windows\system32\dllcache\tcpip.sys
+ 2006-03-02 12:00 . 2009-08-26 08:02 247326 c:\windows\system32\dllcache\strmdll.dll
- 2006-03-02 12:00 . 2008-10-03 10:04 247326 c:\windows\system32\dllcache\strmdll.dll
+ 2009-01-07 17:20 . 2009-01-07 17:20 134144 c:\windows\system32\dllcache\sqmapi.dll
+ 2008-12-05 06:57 . 2009-06-25 08:27 147456 c:\windows\system32\dllcache\schannel.dll
+ 2009-04-15 14:54 . 2009-04-15 14:54 585216 c:\windows\system32\dllcache\rpcrt4.dll
+ 2009-10-12 13:40 . 2009-10-12 13:40 150016 c:\windows\system32\dllcache\rastls.dll
+ 2007-08-13 16:44 . 2009-12-21 19:08 206848 c:\windows\system32\dllcache\occache.dll
+ 2009-10-13 10:34 . 2009-10-13 10:34 271360 c:\windows\system32\dllcache\oakley.dll
+ 2009-08-05 09:01 . 2009-08-05 09:01 205312 c:\windows\system32\dllcache\mswebdvd.dll
+ 2009-06-25 08:27 . 2009-09-11 14:19 136192 c:\windows\system32\dllcache\msv1_0.dll
+ 2007-08-13 16:54 . 2009-03-08 03:32 611840 c:\windows\system32\dllcache\mstime.dll
+ 2007-08-13 16:44 . 2009-03-08 03:34 193536 c:\windows\system32\dllcache\msrating.dll
+ 2006-03-02 12:00 . 2009-03-08 03:22 156160 c:\windows\system32\dllcache\msls31.dll
- 2006-03-02 12:00 . 2007-08-13 16:54 156160 c:\windows\system32\dllcache\msls31.dll
+ 2008-06-11 14:44 . 2009-12-21 19:08 594432 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-04-15 03:52 . 2009-06-25 08:27 729088 c:\windows\system32\dllcache\lsasrv.dll
+ 2009-05-07 15:33 . 2009-05-07 15:33 346624 c:\windows\system32\dllcache\localspl.dll
+ 2009-06-25 08:27 . 2009-06-25 08:27 301568 c:\windows\system32\dllcache\kerberos.dll
+ 2007-08-13 16:38 . 2009-03-08 03:33 726528 c:\windows\system32\dllcache\jscript.dll
+ 2007-08-13 16:43 . 2009-03-08 13:09 638816 c:\windows\system32\dllcache\iexplore.exe
+ 2007-08-13 16:54 . 2009-12-21 19:08 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2007-08-13 16:39 . 2009-12-21 19:08 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-06-11 14:44 . 2009-03-08 03:11 445952 c:\windows\system32\dllcache\ieapfltr.dll
+ 2006-03-02 12:00 . 2009-03-08 03:32 163840 c:\windows\system32\dllcache\ieakui.dll
+ 2007-08-13 16:39 . 2009-03-08 03:33 229376 c:\windows\system32\dllcache\ieaksie.dll
+ 2007-08-13 16:39 . 2009-03-08 03:33 125952 c:\windows\system32\dllcache\ieakeng.dll
+ 2007-08-13 16:39 . 2009-12-21 13:18 173056 c:\windows\system32\dllcache\ie4uinit.exe
- 2007-08-13 16:54 . 2009-02-20 17:13 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2007-08-13 16:54 . 2010-01-05 09:57 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2007-08-13 16:35 . 2009-03-08 03:31 216064 c:\windows\system32\dllcache\dxtrans.dll
+ 2007-08-13 16:35 . 2009-03-08 03:31 348160 c:\windows\system32\dllcache\dxtmsft.dll
+ 2007-08-13 16:39 . 2009-03-08 03:32 128512 c:\windows\system32\dllcache\advpack.dll
+ 2006-03-02 12:00 . 2009-03-08 03:32 128512 c:\windows\system32\advpack.dll
+ 2009-08-07 22:51 . 2009-08-07 22:51 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2008-05-27 23:49 . 2008-05-27 23:49 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2007-04-13 18:58 . 2007-04-13 18:58 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2008-05-27 23:48 . 2008-05-27 23:48 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2007-04-13 18:56 . 2007-04-13 18:56 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2008-05-28 00:30 . 2008-05-28 00:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2007-04-13 19:30 . 2007-04-13 19:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2009-03-20 10:48 . 2009-03-20 10:48 183808 c:\windows\Installer\65b0d.msp
+ 2010-01-27 14:56 . 2008-07-08 12:59 391032 c:\windows\ie8updates\KB978506-IE8\spuninst\updspapi.dll
+ 2010-01-27 14:56 . 2008-07-08 12:59 233848 c:\windows\ie8updates\KB978506-IE8\spuninst\spuninst.exe
+ 2010-01-27 14:56 . 2009-10-29 07:43 916480 c:\windows\ie8updates\KB978207-IE8\wininet.dll
+ 2010-01-27 14:57 . 2009-05-26 11:40 391032 c:\windows\ie8updates\KB978207-IE8\spuninst\updspapi.dll
+ 2010-01-27 14:57 . 2008-07-08 12:59 233848 c:\windows\ie8updates\KB978207-IE8\spuninst\spuninst.exe
+ 2010-01-27 14:56 . 2009-10-29 07:43 206848 c:\windows\ie8updates\KB978207-IE8\occache.dll
+ 2010-01-27 14:56 . 2009-10-29 07:43 594432 c:\windows\ie8updates\KB978207-IE8\msfeeds.dll
+ 2010-01-27 14:56 . 2009-10-29 07:43 246272 c:\windows\ie8updates\KB978207-IE8\ieproxy.dll
+ 2010-01-27 14:56 . 2009-10-29 07:43 184320 c:\windows\ie8updates\KB978207-IE8\iepeers.dll
+ 2010-01-27 14:56 . 2009-10-29 07:43 387584 c:\windows\ie8updates\KB978207-IE8\iedkcs32.dll
+ 2010-01-27 14:56 . 2009-10-28 14:40 173056 c:\windows\ie8updates\KB978207-IE8\ie4uinit.exe
+ 2010-01-27 14:56 . 2009-03-08 03:34 914944 c:\windows\ie8updates\KB976325-IE8\wininet.dll
+ 2010-01-27 14:56 . 2009-05-26 11:40 391032 c:\windows\ie8updates\KB976325-IE8\spuninst\updspapi.dll
+ 2010-01-27 14:56 . 2009-05-26 11:40 233848 c:\windows\ie8updates\KB976325-IE8\spuninst\spuninst.exe
+ 2010-01-27 14:56 . 2009-03-08 03:34 109568 c:\windows\ie8updates\KB976325-IE8\occache.dll
+ 2010-01-27 14:56 . 2009-03-08 03:32 594432 c:\windows\ie8updates\KB976325-IE8\msfeeds.dll
+ 2010-01-27 14:56 . 2009-03-08 03:33 246784 c:\windows\ie8updates\KB976325-IE8\ieproxy.dll
+ 2010-01-27 14:56 . 2009-03-08 03:31 183808 c:\windows\ie8updates\KB976325-IE8\iepeers.dll
+ 2010-01-27 14:56 . 2009-03-08 13:09 391536 c:\windows\ie8updates\KB976325-IE8\iedkcs32.dll
+ 2010-01-27 14:56 . 2009-03-08 03:32 173056 c:\windows\ie8updates\KB976325-IE8\ie4uinit.exe
+ 2010-01-27 14:54 . 2009-03-03 00:14 826368 c:\windows\ie8\wininet.dll
+ 2010-01-27 14:54 . 2007-08-13 16:45 206336 c:\windows\ie8\winfxdocobj.exe
+ 2010-01-27 14:54 . 2009-02-20 17:13 233472 c:\windows\ie8\webcheck.dll
+ 2010-01-27 14:54 . 2008-05-27 17:26 765952 c:\windows\ie8\vgx.dll
+ 2010-01-27 14:54 . 2008-05-09 10:56 430080 c:\windows\ie8\vbscript.dll
+ 2010-01-27 14:54 . 2009-02-20 17:13 105984 c:\windows\ie8\url.dll
+ 2010-01-27 14:55 . 2009-01-07 17:20 390688 c:\windows\ie8\spuninst\updspapi.dll
+ 2010-01-27 14:55 . 2009-01-07 17:20 234016 c:\windows\ie8\spuninst\spuninst.exe
+ 2010-01-27 14:54 . 2006-09-06 15:42 215776 c:\windows\ie8\spuninst.exe
+ 2010-01-27 14:54 . 2009-02-20 17:13 102912 c:\windows\ie8\occache.dll
+ 2010-01-27 14:54 . 2009-02-20 17:13 671232 c:\windows\ie8\mstime.dll
+ 2010-01-27 14:54 . 2009-02-20 17:13 193024 c:\windows\ie8\msrating.dll
+ 2010-01-27 14:54 . 2007-08-13 16:54 156160 c:\windows\ie8\msls31.dll
+ 2010-01-27 14:54 . 2009-02-20 17:13 477696 c:\windows\ie8\mshtmled.dll
+ 2010-01-27 14:54 . 2009-02-20 17:13 459264 c:\windows\ie8\msfeeds.dll
+ 2010-01-27 14:54 . 2008-05-09 10:56 512000 c:\windows\ie8\jscript.dll
+ 2010-01-27 14:54 . 2009-02-28 04:54 636072 c:\windows\ie8\iexplore.exe
+ 2010-01-27 14:54 . 2007-08-13 16:54 180736 c:\windows\ie8\ieui.dll
+ 2010-01-27 14:54 . 2009-02-20 17:13 268288 c:\windows\ie8\iertutil.dll
+ 2010-01-27 14:54 . 2007-08-13 16:54 287744 c:\windows\ie8\ieproxy.dll
+ 2010-01-27 14:54 . 2007-08-13 16:54 191488 c:\windows\ie8\iepeers.dll
+ 2010-01-27 14:54 . 2009-02-20 17:13 385024 c:\windows\ie8\iedkcs32.dll
+ 2010-01-27 14:54 . 2009-02-20 17:13 383488 c:\windows\ie8\ieapfltr.dll
+ 2010-01-27 14:54 . 2009-02-20 05:14 161792 c:\windows\ie8\ieakui.dll
+ 2010-01-27 14:54 . 2009-02-20 17:13 230400 c:\windows\ie8\ieaksie.dll
+ 2010-01-27 14:54 . 2009-02-20 17:13 153088 c:\windows\ie8\ieakeng.dll
+ 2010-01-27 14:54 . 2009-02-20 17:13 214528 c:\windows\ie8\dxtrans.dll
+ 2010-01-27 14:54 . 2009-02-20 17:13 347136 c:\windows\ie8\dxtmsft.dll
+ 2010-01-27 14:54 . 2009-02-20 17:13 124928 c:\windows\ie8\advpack.dll
+ 2010-01-27 15:04 . 2009-05-26 11:40 391032 c:\windows\ie7updates\KB978207-IE7\spuninst\updspapi.dll
+ 2010-01-27 15:04 . 2009-05-26 11:40 233848 c:\windows\ie7updates\KB978207-IE7\spuninst\spuninst.exe
+ 2010-01-27 15:04 . 2009-02-20 17:13 133120 c:\windows\ie7updates\KB978207-IE7\extmgr.dll
+ 2010-01-27 14:58 . 2010-01-27 14:58 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_0694e749\System.Drawing.dll
+ 2010-01-27 14:58 . 2010-01-27 14:58 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_302557bd\System.Drawing.Design.dll
+ 2010-01-27 14:58 . 2010-01-27 14:58 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_15f4ceb6\CustomMarshalers.dll
+ 2010-01-27 15:05 . 2010-01-27 15:05 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\e2098e43d115155d6ba91ba3a7e577cf\WsatConfig.ni.exe
+ 2010-01-27 15:03 . 2010-01-27 15:03 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\bf92bc207f927cbbd6dfc9dc0c3eae68\WindowsFormsIntegration.ni.dll
+ 2010-01-27 15:03 . 2010-01-27 15:03 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\6f488b7644dc50a083868e91a4014466\UIAutomationTypes.ni.dll
+ 2010-01-27 15:03 . 2010-01-27 15:03 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\c2fbf25609b704061a93500efa6f241d\UIAutomationClient.ni.dll
+ 2010-01-27 15:07 . 2010-01-27 15:07 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\eb23b78564687badff1bd1f1d0a0ec97\System.Xml.Linq.ni.dll
+ 2010-01-27 15:07 . 2010-01-27 15:07 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\e7666364bf9f3ba5f4833c9efedd8218\System.Web.Routing.ni.dll
+ 2010-01-27 15:07 . 2010-01-27 15:07 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\b5f1b8791e6c47e5bd5e7018c346c586\System.Web.RegularExpressions.ni.dll
+ 2010-01-27 15:07 . 2010-01-27 15:07 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\884eacddf339b8b342f66aedff5f8ef9\System.Web.Extensions.Design.ni.dll
+ 2010-01-27 15:07 . 2010-01-27 15:07 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\9e199645bd26f1afe58ebe185d1e7f0f\System.Web.Entity.ni.dll
+ 2010-01-27 15:07 . 2010-01-27 15:07 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\652017ebe962ab2eb271c2524f31cd61\System.Web.Entity.Design.ni.dll
+ 2010-01-27 15:07 . 2010-01-27 15:07 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\d0070c1c1a642ae30394e00bc0d82336\System.Web.DynamicData.ni.dll
+ 2010-01-27 15:07 . 2010-01-27 15:07 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\1896753d02d146be1988d32241300f51\System.Web.Abstractions.ni.dll
+ 2010-01-27 15:07 . 2010-01-27 15:07 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\408e637346ef628a3f54fb1b9b83ac9f\System.Transactions.ni.dll
+ 2010-01-27 15:07 . 2010-01-27 15:07 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\1f61bccb700d687775cf778dd77752e9\System.ServiceProcess.ni.dll
+ 2010-01-27 15:05 . 2010-01-27 15:05 676352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\a9e9b885a6601469c4058375cc74d856\System.Security.ni.dll
+ 2010-01-27 15:06 . 2010-01-27 15:06 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\9bc34a79af9c3ed2cf17a0226c769b4c\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2010-01-27 15:06 . 2010-01-27 15:06 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\5f74a84e9d28c2332c51f6e30da0e125\System.Net.ni.dll
+ 2010-01-27 15:06 . 2010-01-27 15:06 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\2c208e4c5521f31057ea7d6e93c6a567\System.Management.ni.dll
+ 2010-01-27 15:06 . 2010-01-27 15:06 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\818b20a7c6f3b2fe97bf008ca24080c1\System.Management.Instrumentation.ni.dll
+ 2010-01-27 15:04 . 2010-01-27 15:04 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\6c273eb9d1ee8b66b5ecb073de4b785d\System.IO.Log.ni.dll
+ 2010-01-27 15:04 . 2010-01-27 15:04 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\7222db518afb4eaaa138824278249bc7\System.IdentityModel.Selectors.ni.dll
+ 2010-01-27 15:06 . 2010-01-27 15:06 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8a7d0bd0057a8ed38291d5662248f7a1\System.EnterpriseServices.Wrapper.dll
+ 2010-01-27 15:06 . 2010-01-27 15:06 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8a7d0bd0057a8ed38291d5662248f7a1\System.EnterpriseServices.ni.dll
+ 2010-01-27 15:03 . 2010-01-27 15:03 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\ca6d7208c0fb72ff97429f2636ced321\System.Drawing.Design.ni.dll
+ 2010-01-27 15:06 . 2010-01-27 15:06 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c92fc19800e701c90f90ab7a2ab44c47\System.DirectoryServices.AccountManagement.ni.dll
+ 2010-01-27 15:06 . 2010-01-27 15:06 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\a601f47a98ee67df424685c9a66ea449\System.DirectoryServices.Protocols.ni.dll
+ 2010-01-27 15:06 . 2010-01-27 15:06 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\b91b44015859163646f210d284f7166a\System.Data.Services.Client.ni.dll
+ 2010-01-27 15:06 . 2010-01-27 15:06 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1b35297e07b85071daecdb06f96750a1\System.Data.Services.Design.ni.dll
+ 2010-01-27 15:06 . 2010-01-27 15:06 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\cf906bf9146d1f0013451ec63b58e064\System.Data.Entity.Design.ni.dll
+ 2010-01-27 15:06 . 2010-01-27 15:06 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\4ff4134b0d490c090e03d74e104517c4\System.Data.DataSetExtensions.ni.dll
+ 2010-01-27 15:05 . 2010-01-27 15:05 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7c743462baccf29b3567b0e3ec9ac134\System.Configuration.ni.dll
+ 2010-01-27 15:06 . 2010-01-27 15:06 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\443e3a85c491b2de4a2ac654cb957484\System.Configuration.Install.ni.dll
+ 2010-01-27 15:06 . 2010-01-27 15:06 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\cba35f47925431a54d0e6ae147a292f1\System.AddIn.ni.dll
+ 2010-01-27 15:05 . 2010-01-27 15:05 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6af32fe5cbec0aa54e2efa6910c73651\SMSvcHost.ni.exe
+ 2010-01-27 15:05 . 2010-01-27 15:05 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\7602d7687fb9bd21cd9ae60d2b187c99\SMDiagnostics.ni.dll
+ 2010-01-27 15:05 . 2010-01-27 15:05 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\a23dc25782df04533a13e348203e4dc5\ServiceModelReg.ni.exe
+ 2010-01-27 15:02 . 2010-01-27 15:02 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\96f74da5fc40b92f09069230bc0df4f0\PresentationFramework.Royale.ni.dll
+ 2010-01-27 15:02 . 2010-01-27 15:02 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3bb4d16b042b72c2c85a0f8ac9d48f28\PresentationFramework.Luna.ni.dll
+ 2010-01-27 15:02 . 2010-01-27 15:02 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\30c5c2682d3c5bdaa83bb9a36ee48afa\PresentationFramework.Aero.ni.dll
+ 2010-01-27 15:02 . 2010-01-27 15:02 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07e952efd70f5608e221a008e6231ace\PresentationFramework.Classic.ni.dll
+ 2010-01-27 15:05 . 2010-01-27 15:05 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\eade8c1c9c1e8e5ffb50e6c9b9af0f6a\MSBuild.ni.exe
+ 2010-01-27 15:05 . 2010-01-27 15:05 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\fc4d66e0a92b3767006a84f2519d2457\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2010-01-27 15:06 . 2010-01-27 15:06 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\58ca3ecc52b7246b448c109817198a0b\Microsoft.Build.Utilities.ni.dll
+ 2010-01-27 15:06 . 2010-01-27 15:06 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\4dd43724dd92026577c6f588270137a0\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2010-01-27 15:05 . 2010-01-27 15:05 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\8c651f75bb741330370986dcad8e9e5b\Microsoft.Build.Engine.ni.dll
+ 2010-01-27 15:05 . 2010-01-27 15:05 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\a6dcbae619ccd938bfe808c54d6d3ae0\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2010-01-27 15:05 . 2010-01-27 15:05 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\77688ce14f221ed94a9f442ae4736123\CustomMarshalers.ni.dll
+ 2010-01-27 15:05 . 2010-01-27 15:05 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\a17c65f0cffaa4f792dd38d50df9d526\ComSvcConfig.ni.exe
+ 2010-01-27 15:04 . 2010-01-27 15:04 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\85d7c111956b478766d90625b35d963f\AspNetMMCExt.ni.dll
- 2009-04-18 21:02 . 2009-04-18 21:02 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-01-27 15:00 . 2010-01-27 15:00 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-01-27 15:00 . 2010-01-27 15:00 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2009-04-18 21:02 . 2009-04-18 21:02 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-01-27 15:00 . 2010-01-27 15:00 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2009-04-18 21:02 . 2009-04-18 21:02 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-01-27 15:00 . 2010-01-27 15:00 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2009-04-18 21:02 . 2009-04-18 21:02 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-01-27 15:00 . 2010-01-27 15:00 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2009-04-18 21:02 . 2009-04-18 21:02 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-01-27 15:00 . 2010-01-27 15:00 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2009-04-18 21:02 . 2009-04-18 21:02 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-01-27 15:00 . 2010-01-27 15:00 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2009-04-18 21:02 . 2009-04-18 21:02 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2009-04-18 21:02 . 2009-04-18 21:02 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-01-27 15:00 . 2010-01-27 15:00 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2009-04-18 21:02 . 2009-04-18 21:02 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-01-27 15:00 . 2010-01-27 15:00 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-01-27 15:00 . 2010-01-27 15:00 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2009-04-18 21:02 . 2009-04-18 21:02 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2009-04-18 21:02 . 2009-04-18 21:02 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-01-27 15:00 . 2010-01-27 15:00 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-01-27 15:00 . 2010-01-27 15:00 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2009-04-18 21:02 . 2009-04-18 21:02 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2009-04-18 21:02 . 2009-04-18 21:02 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-01-27 15:00 . 2010-01-27 15:00 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-01-27 15:00 . 2010-01-27 15:00 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2009-04-18 21:02 . 2009-04-18 21:02 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2009-04-18 21:02 . 2009-04-18 21:02 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-01-27 15:00 . 2010-01-27 15:00 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2009-04-18 21:02 . 2009-04-18 21:02 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-01-27 15:00 . 2010-01-27 15:00 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-01-27 15:00 . 2010-01-27 15:00 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2009-04-18 21:02 . 2009-04-18 21:02 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2009-04-18 21:02 . 2009-04-18 21:02 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-01-27 15:00 . 2010-01-27 15:00 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-01-27 15:00 . 2010-01-27 15:00 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2009-04-18 21:02 . 2009-04-18 21:02 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2009-04-18 21:02 . 2009-04-18 21:02 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2010-01-27 15:00 . 2010-01-27 15:00 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2009-04-18 21:02 . 2009-04-18 21:02 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-01-27 15:00 . 2010-01-27 15:00 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2009-04-18 21:02 . 2009-04-18 21:02 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-01-27 15:00 . 2010-01-27 15:00 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-01-27 15:00 . 2010-01-27 15:00 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2009-04-18 21:02 . 2009-04-18 21:02 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2009-04-18 21:02 . 2009-04-18 21:02 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

Marwin · #11 Příspěvek od **Marwin** » 27 led 2010 17:09

+ 2010-01-27 15:00 . 2010-01-27 15:00 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2010-01-27 15:00 . 2010-01-27 15:00 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2009-04-18 21:02 . 2009-04-18 21:02 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2010-01-27 15:00 . 2010-01-27 15:00 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2009-04-18 21:02 . 2009-04-18 21:02 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-01-25 12:14 . 2009-08-13 13:56 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
+ 2006-03-02 12:00 . 2009-05-20 03:56 2458112 c:\windows\system32\WMVCore.dll
- 2006-03-02 12:00 . 2008-06-18 04:03 2458112 c:\windows\system32\WMVCore.dll
+ 2006-03-02 12:00 . 2009-08-14 15:15 1850624 c:\windows\system32\win32k.sys
+ 2006-03-02 12:00 . 2009-12-21 19:08 1208832 c:\windows\system32\urlmon.dll
- 2006-03-02 12:00 . 2008-04-14 06:51 1437696 c:\windows\system32\query.dll
+ 2006-03-02 12:00 . 2009-07-17 16:17 1437696 c:\windows\system32\query.dll
+ 2006-03-02 12:00 . 2009-06-03 19:11 1293824 c:\windows\system32\quartz.dll
+ 2006-03-02 12:00 . 2009-08-04 17:29 2147328 c:\windows\system32\ntoskrnl.exe
- 2006-03-02 12:00 . 2009-02-09 11:26 2147328 c:\windows\system32\ntoskrnl.exe
+ 2004-08-17 15:45 . 2009-08-04 17:29 2025984 c:\windows\system32\ntkrnlpa.exe
- 2004-08-17 15:45 . 2009-02-09 11:26 2025984 c:\windows\system32\ntkrnlpa.exe
+ 2008-06-06 11:13 . 2009-07-31 09:05 1372672 c:\windows\system32\msxml6.dll
+ 2006-03-02 12:00 . 2009-07-31 04:35 1172480 c:\windows\system32\msxml3.dll
+ 2008-06-06 09:23 . 2009-06-10 08:21 2066432 c:\windows\system32\mstscax.dll
+ 2006-03-02 12:00 . 2009-12-21 19:08 5942784 c:\windows\system32\mshtml.dll
+ 2007-08-13 16:34 . 2009-12-21 19:08 1985536 c:\windows\system32\iertutil.dll
+ 2007-02-12 14:10 . 2009-02-06 20:07 3698584 c:\windows\system32\ieapfltr.dat
- 2006-03-02 12:00 . 2008-06-18 04:03 2458112 c:\windows\system32\dllcache\WMVCore.dll
+ 2006-03-02 12:00 . 2009-05-20 03:56 2458112 c:\windows\system32\dllcache\WMVCore.dll
+ 2008-10-15 04:13 . 2009-08-14 15:15 1850624 c:\windows\system32\dllcache\win32k.sys
+ 2007-08-13 16:54 . 2009-12-21 19:08 1208832 c:\windows\system32\dllcache\urlmon.dll
+ 2009-07-17 16:17 . 2009-07-17 16:17 1437696 c:\windows\system32\dllcache\query.dll
+ 2008-05-07 05:12 . 2009-06-03 19:11 1293824 c:\windows\system32\dllcache\quartz.dll
+ 2008-10-15 04:13 . 2009-08-04 21:59 2191360 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2008-10-15 04:13 . 2009-08-04 17:29 2025984 c:\windows\system32\dllcache\ntkrpamp.exe
- 2008-10-15 04:13 . 2009-02-09 11:26 2025984 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-10-15 04:13 . 2009-08-04 17:29 2068224 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2008-10-15 04:13 . 2009-02-10 17:09 2068224 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2008-10-15 04:13 . 2009-02-09 11:26 2147328 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-10-15 04:13 . 2009-08-04 17:29 2147328 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-06-06 11:13 . 2009-07-31 09:05 1372672 c:\windows\system32\dllcache\msxml6.dll
+ 2008-11-12 04:42 . 2009-07-31 04:35 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2008-06-06 09:23 . 2009-06-10 08:21 2066432 c:\windows\system32\dllcache\mstscax.dll
+ 2007-08-13 16:54 . 2009-12-21 19:08 5942784 c:\windows\system32\dllcache\mshtml.dll
+ 2008-06-11 14:44 . 2009-12-21 19:08 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2008-06-11 14:44 . 2009-02-06 20:07 3698584 c:\windows\system32\dllcache\ieapfltr.dat
+ 2009-08-07 22:51 . 2009-08-07 22:51 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
- 2008-11-25 02:59 . 2008-11-25 02:59 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2009-08-07 22:51 . 2009-08-07 22:51 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2007-04-13 19:35 . 2007-04-13 19:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2008-05-28 00:35 . 2008-05-28 00:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2008-05-28 00:35 . 2008-05-28 00:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2007-04-13 19:35 . 2007-04-13 19:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2007-04-13 18:57 . 2007-04-13 18:57 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2008-05-27 23:48 . 2008-05-27 23:48 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2008-05-27 23:48 . 2008-05-27 23:48 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2007-04-13 18:57 . 2007-04-13 18:57 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2007-04-13 18:50 . 2007-04-13 18:50 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2008-05-27 23:43 . 2008-05-27 23:43 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2010-01-27 14:28 . 2010-01-27 14:28 1139712 c:\windows\Installer\492c4f.msi
+ 2010-01-27 14:56 . 2009-10-29 07:43 1208832 c:\windows\ie8updates\KB978207-IE8\urlmon.dll
+ 2010-01-27 14:56 . 2009-10-29 07:43 5940736 c:\windows\ie8updates\KB978207-IE8\mshtml.dll
+ 2010-01-27 14:56 . 2009-10-29 07:43 1985536 c:\windows\ie8updates\KB978207-IE8\iertutil.dll
+ 2010-01-27 14:56 . 2009-03-08 03:34 1206784 c:\windows\ie8updates\KB976325-IE8\urlmon.dll
+ 2010-01-27 14:56 . 2009-03-08 03:41 5937152 c:\windows\ie8updates\KB976325-IE8\mshtml.dll
+ 2010-01-27 14:56 . 2009-03-08 03:32 1985024 c:\windows\ie8updates\KB976325-IE8\iertutil.dll
+ 2010-01-27 14:54 . 2009-02-20 17:13 1160192 c:\windows\ie8\urlmon.dll
+ 2010-01-27 14:54 . 2009-02-20 17:13 3595264 c:\windows\ie8\mshtml.dll
+ 2010-01-27 14:54 . 2009-02-20 17:13 6066176 c:\windows\ie8\ieframe.dll
+ 2010-01-27 14:54 . 2008-07-09 14:25 2455488 c:\windows\ie8\ieapfltr.dat
+ 2008-10-15 04:13 . 2009-08-04 21:59 2191360 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-10-15 04:13 . 2009-08-04 17:29 2025984 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2008-10-15 04:13 . 2009-02-09 11:26 2025984 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2008-10-15 04:13 . 2009-02-10 17:09 2068224 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-15 04:13 . 2009-08-04 17:29 2068224 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-15 04:13 . 2009-08-04 17:29 2147328 c:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2008-10-15 04:13 . 2009-02-09 11:26 2147328 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2010-01-27 14:58 . 2010-01-27 14:58 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_b8ed1021\System.dll
+ 2010-01-27 14:58 . 2010-01-27 14:58 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_98d46add\System.dll
+ 2010-01-27 14:58 . 2010-01-27 14:58 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_5d6f98a2\System.Xml.dll
+ 2010-01-27 14:58 . 2010-01-27 14:58 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_1e13a1bb\System.Xml.dll
+ 2010-01-27 14:58 . 2010-01-27 14:58 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_beb29d2d\System.Windows.Forms.dll
+ 2010-01-27 14:58 . 2010-01-27 14:58 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_0e4a667f\System.Windows.Forms.dll
+ 2010-01-27 14:59 . 2010-01-27 14:59 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_0514f238\System.Drawing.dll
+ 2010-01-27 14:58 . 2010-01-27 14:58 1466368 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_7e6e91cc\System.Design.dll
+ 2010-01-27 14:59 . 2010-01-27 14:59 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_7b5a8d8f\System.Design.dll
+ 2010-01-27 14:58 . 2010-01-27 14:58 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_fd096331\mscorlib.dll
+ 2010-01-27 14:59 . 2010-01-27 14:59 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_7ea92aa1\mscorlib.dll
+ 2010-01-27 15:01 . 2010-01-27 15:01 3313664 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\204d6e5b335134f23ca37638b9227ecf\WindowsBase.ni.dll
+ 2010-01-27 15:03 . 2010-01-27 15:03 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\0f2ed6a204eb13841e99b77025464afc\UIAutomationClientsideProviders.ni.dll
+ 2010-01-27 15:01 . 2010-01-27 15:01 7868416 c:\windows\assembly\NativeImages_v2.0.50727_32\System\3de5bd01124463d7862bd173af90bc83\System.ni.dll
+ 2010-01-27 15:03 . 2010-01-27 15:03 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5913d3f81e77194ec833991b1047a532\System.Xml.ni.dll
+ 2010-01-27 15:07 . 2010-01-27 15:07 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\fa48917b13629d8effa80dd4a2f2973d\System.WorkflowServices.ni.dll
+ 2010-01-27 15:07 . 2010-01-27 15:07 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6fe66ee6f3c81996bc148f1ebe7ec030\System.Workflow.Runtime.ni.dll
+ 2010-01-27 15:07 . 2010-01-27 15:07 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\9d0b61f2f1ebdc300bd970f594c422ef\System.Workflow.ComponentModel.ni.dll
+ 2010-01-27 15:07 . 2010-01-27 15:07 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\65328898148a720d394f802f192fc2a0\System.Workflow.Activities.ni.dll
+ 2010-01-27 15:07 . 2010-01-27 15:07 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\ea07ac791bb5cb9f83679e3dd1a0c0cc\System.Web.Services.ni.dll
+ 2010-01-27 15:07 . 2010-01-27 15:07 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\29e2f8b1fb691ced973acf49fcee6ec1\System.Web.Mobile.ni.dll
+ 2010-01-27 15:07 . 2010-01-27 15:07 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\981dea02bc63c0c083e335adf9018788\System.Web.Extensions.ni.dll
+ 2010-01-27 15:03 . 2010-01-27 15:03 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\99594bae1d022502925f5b9dfcdaae9a\System.Speech.ni.dll
+ 2010-01-27 15:07 . 2010-01-27 15:07 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\e182695d05ea57257568bc5f3208aca7\System.ServiceModel.Web.ni.dll
+ 2010-01-27 15:05 . 2010-01-27 15:05 2338304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\67ad55827f2542552b576170f0a7dc56\System.Runtime.Serialization.ni.dll
+ 2010-01-27 15:03 . 2010-01-27 15:03 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\e5313735a40c0800f116e27fba4754db\System.Printing.ni.dll
+ 2010-01-27 15:04 . 2010-01-27 15:04 1056768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c3b18fef5c6dc3bcdbe5df699fd21a55\System.IdentityModel.ni.dll
+ 2010-01-27 15:03 . 2010-01-27 15:03 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\abb2ac7e08bee026f857d8fa36f9fe6f\System.Drawing.ni.dll
+ 2010-01-27 15:06 . 2010-01-27 15:06 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f47ebb9db460874b1bcbfc391dc970b1\System.DirectoryServices.ni.dll
+ 2010-01-27 15:06 . 2010-01-27 15:06 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\c94a427baa7683f4221b91f90c18461b\System.Deployment.ni.dll
+ 2010-01-27 15:02 . 2010-01-27 15:02 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\694c07365e0fd6bba0bc304d4d2404a7\System.Data.ni.dll
+ 2010-01-27 15:05 . 2010-01-27 15:05 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\272152f0cc139490729e215611a4b244\System.Data.SqlXml.ni.dll
+ 2010-01-27 15:06 . 2010-01-27 15:06 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\112a48e34620a0210eb850040da8a31b\System.Data.Services.ni.dll
+ 2010-01-27 15:02 . 2010-01-27 15:02 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\32788c58ff9f8324460604cf1fe7681b\System.Data.Linq.ni.dll
+ 2010-01-27 15:06 . 2010-01-27 15:06 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\9012cac7819660f61f1c69cf8e4f2ccf\System.Data.Entity.ni.dll
+ 2010-01-27 15:02 . 2010-01-27 15:02 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\c0a42d2ad8a4078040b334f6770ea11f\System.Core.ni.dll
+ 2010-01-27 15:02 . 2010-01-27 15:02 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\954685c29689d2a6126ceca1fd55e904\ReachFramework.ni.dll
+ 2010-01-27 15:02 . 2010-01-27 15:02 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\a3a6f52ce1d09a7bdccc8e7fc664792d\PresentationUI.ni.dll
+ 2010-01-27 15:01 . 2010-01-27 15:01 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\f906701365083c1473db31519147e263\PresentationBuildTasks.ni.dll
+ 2010-01-27 15:06 . 2010-01-27 15:06 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6eee9b772b6d12d3dbd82f118c2ab2e5\Microsoft.VisualBasic.ni.dll
+ 2010-01-27 15:05 . 2010-01-27 15:05 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f19e9b439636d0744597fff1331cad04\Microsoft.Transactions.Bridge.ni.dll
+ 2010-01-27 15:06 . 2010-01-27 15:06 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\5b1af7b5be24c7ace065fe1c81c2b650\Microsoft.JScript.ni.dll
+ 2010-01-27 15:05 . 2010-01-27 15:05 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\9eec1cc7ac37e0c7f3205e8156149c5a\Microsoft.Build.Tasks.ni.dll
+ 2010-01-27 15:06 . 2010-01-27 15:06 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\28c0730288453d57d5dcd62903c4d31b\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2010-01-27 15:05 . 2010-01-27 15:05 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\5dd4f58999eed37c12aee7ea9f9863ac\Microsoft.Build.Engine.ni.dll
- 2009-04-18 21:02 . 2009-04-18 21:02 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2010-01-27 15:00 . 2010-01-27 15:00 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2010-01-27 15:00 . 2010-01-27 15:00 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2009-04-18 21:02 . 2009-04-18 21:02 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2009-04-18 21:02 . 2009-04-18 21:02 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-01-27 15:00 . 2010-01-27 15:00 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-01-27 15:00 . 2010-01-27 15:00 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2009-04-18 21:02 . 2009-04-18 21:02 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-01-27 15:00 . 2010-01-27 15:00 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-04-18 21:02 . 2009-04-18 21:02 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-01-27 15:00 . 2010-01-27 15:00 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2009-04-18 21:02 . 2009-04-18 21:02 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2009-04-18 21:02 . 2009-04-18 21:02 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-01-27 15:00 . 2010-01-27 15:00 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-01-27 14:58 . 2010-01-27 14:58 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2008-06-18 14:21 . 2008-06-18 14:21 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2010-01-27 14:58 . 2010-01-27 14:58 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2008-06-18 14:21 . 2008-06-18 14:21 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2006-03-02 12:00 . 2009-07-13 22:43 10841088 c:\windows\system32\wmp.dll
+ 2008-06-06 11:30 . 2010-01-04 15:17 29634504 c:\windows\system32\MRT.exe
+ 2007-08-13 16:54 . 2009-12-21 19:08 11070464 c:\windows\system32\ieframe.dll
+ 2006-03-02 12:00 . 2009-07-13 22:43 10841088 c:\windows\system32\dllcache\wmp.dll
+ 2008-06-11 14:44 . 2009-12-21 19:08 11070464 c:\windows\system32\dllcache\ieframe.dll
+ 2009-08-10 20:08 . 2009-08-10 20:08 11315712 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp
+ 2009-08-14 19:32 . 2009-08-14 19:32 11110912 c:\windows\Installer\65b30.msp
+ 2009-08-10 13:09 . 2009-08-10 13:09 17254912 c:\windows\Installer\65b26.msp
+ 2010-01-27 14:56 . 2009-10-29 07:43 11069952 c:\windows\ie8updates\KB978207-IE8\ieframe.dll
+ 2010-01-27 14:56 . 2009-03-08 03:39 11063808 c:\windows\ie8updates\KB976325-IE8\ieframe.dll
+ 2010-01-27 15:03 . 2010-01-27 15:03 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d2ea8d76f015817db1607075812b555f\System.Windows.Forms.ni.dll
+ 2010-01-27 15:07 . 2010-01-27 15:07 11796992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\5cea03cfb008f2eac1439a9905467f37\System.Web.ni.dll
+ 2010-01-27 15:05 . 2010-01-27 15:05 17317888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\06d6eab93282d2b136a377bd50b7c5a9\System.ServiceModel.ni.dll
+ 2010-01-27 15:02 . 2010-01-27 15:02 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\8b82e08c008924d51833cb0884bcbfc5\System.Design.ni.dll
+ 2010-01-27 15:02 . 2010-01-27 15:02 14327808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\58c7ac6b6054038dc9346d7ec8e32b4c\PresentationFramework.ni.dll
+ 2010-01-27 15:01 . 2010-01-27 15:01 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\94badbd64df59de7da249f71da38b1c2\PresentationCore.ni.dll
+ 2010-01-27 15:01 . 2010-01-27 15:01 11486720 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-11-16 2054360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-6 561213]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [16.11.2009 9:03 108792]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [16.11.2009 9:04 735960]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-27 16:20
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1264)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(4004)
c:\windows\system32\btmmhook.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
.
**************************************************************************
.
Celkový čas: 2010-01-27 16:23:41 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-27 15:23
ComboFix2.txt 2010-01-27 13:11
ComboFix3.txt 2010-01-25 14:29
ComboFix4.txt 2010-01-25 12:13

Před spuštěním: Volných bajtů: 225 440 911 360
Po spuštění: Volných bajtů: 225 415 303 168

- - End Of File - - 5DE79F6163FE34113BDF1C6E2553F7EC

Rsit log:

Logfile of random's system information tool 1.06 (written by random/random)
Run by xp at 2010-01-27 16:29:08
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 217 GB (95%) free of 229 GB
Total RAM: 2047 MB (78% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:29:16, on 27.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\xp\Plocha\RSIT.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\trend micro\xp.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 4251588687
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 4691610968
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 5174 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-11-16 2054360]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-07-21 118784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\lsass.exe"="C:\WINDOWS\lsass.exe:*:Enabled:LSA Shell"
"C:\WINDOWS\system32\lsass.exe"="C:\WINDOWS\system32\lsass.exe:*:Enabled:LSA Shell"

======List of files/folders created in the last 1 months======

2010-01-27 16:29:08 ----D---- C:\rsit
2010-01-27 16:25:41 ----SHD---- C:\RECYCLER
2010-01-27 16:23:43 ----D---- C:\WINDOWS\temp
2010-01-27 16:03:27 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-27 16:03:18 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-01-27 16:03:09 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-27 16:03:02 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-01-27 16:02:54 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-01-27 16:02:47 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2010-01-27 16:02:39 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-01-27 16:02:31 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2010-01-27 16:02:23 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-01-27 16:02:13 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-01-27 16:02:05 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-01-27 16:02:00 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2010-01-27 16:01:50 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2010-01-27 16:01:40 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-01-27 16:01:32 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-01-27 16:01:26 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-01-27 16:01:20 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2010-01-27 16:01:13 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2010-01-27 15:59:28 ----D---- C:\Config.Msi
2010-01-27 15:57:31 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2010-01-27 15:57:26 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2010-01-27 15:57:19 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-01-27 15:56:18 ----D---- C:\WINDOWS\ie8updates
2010-01-27 15:54:04 ----HDC---- C:\WINDOWS\ie8
2010-01-27 15:48:50 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-01-27 15:48:44 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-01-27 15:48:37 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-01-27 15:48:31 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-01-27 15:48:25 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2010-01-27 15:48:19 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2010-01-27 15:48:11 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-01-27 15:48:00 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2010-01-27 15:47:49 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2010-01-27 15:47:28 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2010-01-27 15:47:22 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2010-01-27 15:47:13 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2010-01-27 15:28:40 ----D---- C:\Documents and Settings\xp\Data aplikací\ESET
2010-01-27 15:27:38 ----D---- C:\Program Files\ESET
2010-01-27 15:27:38 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESET
2010-01-26 15:16:17 ----A---- C:\WINDOWS\system32\tmp.txt
2010-01-26 15:16:15 ----A---- C:\rapport.txt
2010-01-26 11:36:57 ----D---- C:\Program Files\trend micro
2010-01-25 13:17:34 ----D---- C:\Program Files\CCleaner
2010-01-24 21:49:02 ----N---- C:\WINDOWS\system32\userinit.exe
2010-01-23 15:52:19 ----D---- C:\Program Files\Enigma Software Group
2010-01-23 14:51:33 ----D---- C:\Documents and Settings\xp\Data aplikací\ScanSpyware
2010-01-23 12:25:51 ----D---- C:\spoolerlogs
2010-01-20 21:26:28 ----D---- C:\Documents and Settings\All Users\Data aplikací\Macromedia
2010-01-05 10:57:59 ----N---- C:\WINDOWS\system32\ieencode.dll

======List of files/folders modified in the last 1 months======

2010-01-27 16:28:29 ----D---- C:\WINDOWS\Debug
2010-01-27 16:28:29 ----D---- C:\WINDOWS
2010-01-27 16:28:00 ----D---- C:\WINDOWS\Prefetch
2010-01-27 16:27:59 ----D---- C:\WINDOWS\system32\Restore
2010-01-27 16:27:53 ----D---- C:\WINDOWS\system32
2010-01-27 16:25:33 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-27 16:23:44 ----D---- C:\WINDOWS\system32\drivers
2010-01-27 16:20:54 ----A---- C:\WINDOWS\system.ini
2010-01-27 16:17:17 ----D---- C:\WINDOWS\system32\config
2010-01-27 16:16:06 ----D---- C:\WINDOWS\AppPatch
2010-01-27 16:16:01 ----D---- C:\Program Files\Common Files
2010-01-27 16:13:54 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-01-27 16:11:22 ----D---- C:\WINDOWS\system32\cs-cz
2010-01-27 16:11:21 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-27 16:11:21 ----HD---- C:\WINDOWS\inf
2010-01-27 16:11:21 ----D---- C:\WINDOWS\Media
2010-01-27 16:11:21 ----D---- C:\WINDOWS\Help
2010-01-27 16:11:21 ----D---- C:\Program Files\Internet Explorer
2010-01-27 16:07:55 ----RSD---- C:\WINDOWS\assembly
2010-01-27 16:04:48 ----D---- C:\WINDOWS\Microsoft.NET
2010-01-27 16:03:27 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-27 16:02:01 ----D---- C:\WINDOWS\WinSxS
2010-01-27 16:00:59 ----SHD---- C:\WINDOWS\Installer
2010-01-27 16:00:53 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-01-27 15:48:27 ----D---- C:\Program Files\Outlook Express
2010-01-27 15:40:56 ----RD---- C:\Program Files
2010-01-27 14:17:55 ----SHD---- C:\System Volume Information
2010-01-27 14:16:33 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-01-26 09:38:21 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-01-26 09:26:43 ----SD---- C:\Documents and Settings\xp\Data aplikací\Microsoft
2010-01-25 15:02:46 ----D---- C:\WINDOWS\security
2010-01-25 14:15:11 ----HDC---- C:\WINDOWS\$NtUninstallKB915800-v4$
2010-01-25 13:12:08 ----D---- C:\WINDOWS\repair
2010-01-23 15:47:44 ----A---- C:\WINDOWS\wininit.ini
2010-01-19 05:08:19 ----A---- C:\WINDOWS\NeroDigital.ini
2010-01-05 10:57:58 ----A---- C:\WINDOWS\system32\extmgr.dll
2010-01-05 05:27:27 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-01-04 16:17:48 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eabfiltr;eabfiltr; C:\WINDOWS\system32\DRIVERS\eabfiltr.sys [2006-11-30 8192]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2009-11-16 55768]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-11-16 116520]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2009-12-18 135048]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2008-11-21 1204128]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-07-21 2363904]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2007-02-14 530861]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2007-02-14 30459]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2007-02-14 868298]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2007-04-12 250776]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2010-01-08 33096]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2008-04-28 9344]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 NETw5x32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw5x32.sys [2008-11-17 3636864]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2006-03-02 5888]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2008-03-28 224672]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys []
S3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2007-07-13 94976]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2007-02-14 149123]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2007-02-14 67960]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mbr;mbr; \??\C:\DOCUME~1\xp\LOCALS~1\Temp\mbr.sys []
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 NETw4x32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-10-31 2236544]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\WINDOWS\system32\agrsmsvc.exe [2008-03-18 13312]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-07-21 483328]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2007-02-06 266295]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-11-16 735960]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-11-16 20680]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Mbam log:

Malwarebytes' Anti-Malware 1.44
Verze databáze: 3645
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

27.1.2010 17:00:40
mbam-log-2010-01-27 (17-00-40).txt

Typ kontroly: Kompletní kontrola (C:\|D:\|E:\|)
Zkontrolované objekty: 168936
Uplynulý čas: 28 minute(s), 50 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
(Nebyly nalezeny žádné škodlivé položky)

Ntb vypada uz dobre ESET uz sel normalne nainstalovat a jinej problem nebyl.Dekuji moc za pomoc.

#12 Příspěvek od **motji** » 27 led 2010 17:49

Otevřete si Poznámkový blok a zkopírujte do něj text

Kód: Vybrat vše

REGEDIT4

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\WINDOWS\lsass.exe"=-
"C:\WINDOWS\system32\lsass.exe"=-

-uložte jako (typ: všechny soubory) kde za název souboru zadáte "smazani.reg" bez uvozovek,
klikněte na uložit, pak na soubor standardně 2X klikněte a potvrďte dialogové okno.

smažte
C:\WINDOWS\system32\tmp.txt
C:\rapport.txt

Pokud to jde, tak za 14 dní dejte log ze Rsitu na kontrolu.

I za kolegu není zač

Marwin · #13 Příspěvek od **Marwin** » 28 led 2010 11:16

Log se pokusim dodat ale nic neslibuju,jeste jednou moc dekuji obema.

#14 Příspěvek od **motji** » 28 led 2010 16:14

Není zač

VIRY.CZ

Prosim o kontrolu

Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu