falesny antivir. safety center (New.exe)

Zpráva

jamesbond007.cz · #1 Příspěvek od **jamesbond007.cz** » 07 lis 2009 21:33

Otvorila som video, ktore mi bolo poslane cez webovu stranky www.tagged.com. Vyzera to ako falosny antivirus. Nekolko krat do minuty obtazuje zakupenim licencie a nedari sa nam ho najst a odinstalovat. Malwarebytes' Anti-Malware tento program mi nasiel okolo vyse 30 virusov a trojskych koni.

Logfile of random's system information tool 1.06 (written by random/random)
Run by janaperfect at 2009-11-08 20:20:12
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 264 GB (89%) free of 295 GB
Total RAM: 3000 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:20:30, on 08/11/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Users\JANAPE~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\janaperfect\Downloads\RSIT.exe
C:\Program Files\trend micro\janaperfect.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... spire_5738
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... spire_5738
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... spire_5738
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Pomocník pri prihlasovaní v sieti Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -k
O4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe
O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe"
O4 - HKLM\..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [SafetyCenter] c:\SafetyCenter\start.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Orion.lnk = C:\Program Files\Convesoft\Orion\Messenger.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Pridat do blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Pridat do blogu v programe Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

--
End of file - 9939 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Google Software Updater.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pri prihlasovaní v sieti Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-09-06 256112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-09-25 762864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-09-06 458736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-09-06 256112]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-01-09 150040]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-01-09 178712]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-01-09 154136]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-02-19 6793760]
"PLFSetI"=C:\Windows\PLFSetI.exe [2008-07-29 200704]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-12-05 1410344]
"LManager"=C:\Program Files\Launch Manager\LManager.exe [2009-02-19 866824]
"BackupManagerTray"=C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [2009-04-11 249600]
"Acer ePower Management"=C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [2009-04-15 440864]
"EgisTecLiveUpdate"=C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe [2009-05-13 199464]
"mwlDaemon"=C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [2009-05-14 345384]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-09-08 305440]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"=oobefldr.dll,ShowWelcomeCenter []
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-09-05 68856]
"Skype"=C:\Program Files\Skype\\Phone\Skype.exe [2009-10-09 25623336]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SafetyCenter"=c:\SafetyCenter\start.exe [2009-11-08 986624]

C:\Users\janaperfect\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Orion.lnk - C:\Program Files\Convesoft\Orion\Messenger.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-12-23 221184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a1350dc-a5c0-11de-a70b-001f16a92829}]
shell\AutoRun\command - dogyx90.exe
shell\open\command - dogyx90.exe

======List of files/folders created in the last 1 months======

2009-11-08 20:20:12 ----D---- C:\rsit
2009-11-08 20:20:12 ----D---- C:\Program Files\trend micro
2009-11-08 18:43:52 ----D---- C:\Windows\system32\eu-ES
2009-11-08 18:43:52 ----D---- C:\Windows\system32\ca-ES
2009-11-08 18:43:51 ----D---- C:\Windows\system32\vi-VN
2009-11-08 18:26:50 ----D---- C:\Windows\system32\EventProviders
2009-11-08 18:15:47 ----D---- C:\Users\janaperfect\AppData\Roaming\Avira
2009-11-08 17:59:49 ----D---- C:\SafetyCenter
2009-11-05 18:56:10 ----A---- C:\Windows\system32\mshtml.dll
2009-11-03 07:38:27 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2009-11-02 11:21:09 ----N---- C:\Windows\system32\MpSigStub.exe
2009-11-01 11:47:34 ----D---- C:\ProgramData\Avira
2009-11-01 11:47:34 ----D---- C:\Program Files\Avira
2009-11-01 11:41:09 ----D---- C:\Program Files\Microsoft Visual Studio
2009-11-01 11:41:08 ----D---- C:\Program Files\Common Files\DESIGNER
2009-11-01 11:39:58 ----D---- C:\Program Files\Microsoft.NET
2009-11-01 11:37:11 ----D---- C:\Program Files\Microsoft Visual Studio 8
2009-11-01 10:41:22 ----D---- C:\Users\janaperfect\AppData\Roaming\Malwarebytes
2009-11-01 10:41:17 ----D---- C:\ProgramData\Malwarebytes
2009-11-01 10:41:17 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-30 18:54:20 ----A---- C:\Windows\system32\wups2.dll
2009-10-30 18:54:20 ----A---- C:\Windows\system32\wucltux.dll
2009-10-30 18:54:20 ----A---- C:\Windows\system32\wuaueng.dll
2009-10-30 18:54:20 ----A---- C:\Windows\system32\wuauclt.exe
2009-10-30 18:54:00 ----A---- C:\Windows\system32\wups.dll
2009-10-30 18:54:00 ----A---- C:\Windows\system32\wudriver.dll
2009-10-30 18:54:00 ----A---- C:\Windows\system32\wuapi.dll
2009-10-30 18:53:54 ----A---- C:\Windows\system32\wuwebv.dll
2009-10-30 18:53:54 ----A---- C:\Windows\system32\wuapp.exe
2009-10-28 23:28:25 ----A---- C:\Windows\system32\wmp.dll
2009-10-28 23:28:23 ----A---- C:\Windows\system32\unregmp2.exe
2009-10-28 23:28:21 ----A---- C:\Windows\system32\wmploc.DLL
2009-10-16 22:52:28 ----A---- C:\Windows\system32\lsasrv.dll
2009-10-16 22:52:27 ----A---- C:\Windows\system32\wdigest.dll
2009-10-16 22:52:27 ----A---- C:\Windows\system32\msv1_0.dll
2009-10-16 22:52:26 ----A---- C:\Windows\system32\secur32.dll
2009-10-16 22:52:25 ----A---- C:\Windows\system32\lsass.exe
2009-10-16 22:52:19 ----A---- C:\Windows\system32\ieframe.dll
2009-10-16 22:52:17 ----A---- C:\Windows\system32\wininet.dll
2009-10-16 22:52:16 ----A---- C:\Windows\system32\urlmon.dll
2009-10-16 22:52:14 ----A---- C:\Windows\system32\ieapfltr.dll
2009-10-16 22:52:12 ----A---- C:\Windows\system32\ieui.dll
2009-10-16 22:52:10 ----A---- C:\Windows\system32\ieencode.dll
2009-10-16 22:52:01 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-10-16 22:52:00 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-10-16 22:51:30 ----A---- C:\Windows\system32\msasn1.dll
2009-10-16 22:51:23 ----A---- C:\Windows\system32\WMSPDMOD.DLL

======List of files/folders modified in the last 1 months======

2009-11-08 20:20:16 ----D---- C:\Windows\Temp
2009-11-08 20:20:12 ----RD---- C:\Program Files
2009-11-08 20:10:26 ----D---- C:\Program Files\Mozilla Firefox
2009-11-08 19:59:38 ----D---- C:\Windows\System32
2009-11-08 19:59:38 ----D---- C:\Windows\inf
2009-11-08 19:59:38 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-11-08 19:54:56 ----D---- C:\Windows\Tasks
2009-11-08 19:29:02 ----D---- C:\Windows\rescache
2009-11-08 18:53:33 ----D---- C:\Windows\Microsoft.NET
2009-11-08 18:53:32 ----RSD---- C:\Windows\assembly
2009-11-08 18:50:43 ----D---- C:\Windows
2009-11-08 18:50:38 ----D---- C:\Windows\system32\catroot
2009-11-08 18:50:37 ----SHD---- C:\Boot
2009-11-08 18:50:34 ----D---- C:\Windows\Prefetch
2009-11-08 18:45:17 ----D---- C:\Program Files\Windows Mail
2009-11-08 18:45:17 ----D---- C:\Program Files\Windows Calendar
2009-11-08 18:45:17 ----D---- C:\Program Files\Movie Maker
2009-11-08 18:45:15 ----D---- C:\Program Files\Windows Sidebar
2009-11-08 18:45:15 ----D---- C:\Program Files\Internet Explorer
2009-11-08 18:45:14 ----D---- C:\Program Files\Windows Media Player
2009-11-08 18:45:14 ----D---- C:\Program Files\Windows Journal
2009-11-08 18:45:14 ----D---- C:\Program Files\Windows Collaboration
2009-11-08 18:45:11 ----D---- C:\Program Files\Windows Photo Gallery
2009-11-08 18:45:11 ----D---- C:\Program Files\Common Files\System
2009-11-08 18:45:07 ----D---- C:\Windows\servicing
2009-11-08 18:45:07 ----D---- C:\Windows\ehome
2009-11-08 18:45:07 ----D---- C:\Program Files\Windows Defender
2009-11-08 18:44:57 ----D---- C:\Windows\system32\XPSViewer
2009-11-08 18:44:57 ----D---- C:\Windows\IME
2009-11-08 18:44:56 ----D---- C:\Windows\system32\sk-SK
2009-11-08 18:44:56 ----D---- C:\Windows\system32\lv-LV
2009-11-08 18:44:56 ----D---- C:\Windows\system32\ko-KR
2009-11-08 18:44:56 ----D---- C:\Windows\system32\hr-HR
2009-11-08 18:44:56 ----D---- C:\Windows\system32\et-EE
2009-11-08 18:44:56 ----D---- C:\Windows\system32\da-DK
2009-11-08 18:44:55 ----D---- C:\Windows\system32\en-US
2009-11-08 18:44:54 ----D---- C:\Windows\system32\oobe
2009-11-08 18:44:54 ----D---- C:\Windows\system32\it-IT
2009-11-08 18:44:54 ----D---- C:\Windows\system32\el-GR
2009-11-08 18:44:54 ----D---- C:\Windows\system32\de-DE
2009-11-08 18:44:53 ----D---- C:\Windows\system32\migration
2009-11-08 18:44:49 ----D---- C:\Windows\system32\sv-SE
2009-11-08 18:44:49 ----D---- C:\Windows\system32\SLUI
2009-11-08 18:44:49 ----D---- C:\Windows\system32\setup
2009-11-08 18:44:49 ----D---- C:\Windows\system32\ru-RU
2009-11-08 18:44:49 ----D---- C:\Windows\system32\pt-PT
2009-11-08 18:44:49 ----D---- C:\Windows\system32\hu-HU
2009-11-08 18:44:49 ----D---- C:\Windows\system32\he-IL
2009-11-08 18:44:49 ----D---- C:\Windows\system32\fr-FR
2009-11-08 18:44:49 ----D---- C:\Windows\system32\fi-FI
2009-11-08 18:44:49 ----D---- C:\Windows\system32\cs-CZ
2009-11-08 18:44:49 ----D---- C:\Windows\system32\AdvancedInstallers
2009-11-08 18:44:48 ----D---- C:\Windows\system32\zh-TW
2009-11-08 18:44:48 ----D---- C:\Windows\system32\zh-CN
2009-11-08 18:44:48 ----D---- C:\Windows\system32\uk-UA
2009-11-08 18:44:48 ----D---- C:\Windows\system32\sr-Latn-CS
2009-11-08 18:44:48 ----D---- C:\Windows\system32\sl-SI
2009-11-08 18:44:48 ----D---- C:\Windows\system32\ro-RO
2009-11-08 18:44:48 ----D---- C:\Windows\system32\pl-PL
2009-11-08 18:44:48 ----D---- C:\Windows\system32\manifeststore
2009-11-08 18:44:48 ----D---- C:\Windows\system32\ja-JP
2009-11-08 18:44:48 ----D---- C:\Windows\system32\es-ES
2009-11-08 18:44:48 ----D---- C:\Windows\system32\en
2009-11-08 18:44:48 ----D---- C:\Windows\system32\bg-BG
2009-11-08 18:44:46 ----D---- C:\Windows\system32\th-TH
2009-11-08 18:44:46 ----D---- C:\Windows\system32\drivers
2009-11-08 18:44:45 ----D---- C:\Windows\system32\wbem
2009-11-08 18:44:45 ----D---- C:\Windows\system32\tr-TR
2009-11-08 18:44:44 ----D---- C:\Windows\system32\nl-NL
2009-11-08 18:44:44 ----D---- C:\Windows\system32\nb-NO
2009-11-08 18:44:44 ----D---- C:\Windows\system32\lt-LT
2009-11-08 18:44:44 ----D---- C:\Windows\system32\ar-SA
2009-11-08 18:44:43 ----D---- C:\Windows\system32\pt-BR
2009-11-08 18:44:43 ----D---- C:\Windows\system32\migwiz
2009-11-08 18:43:59 ----RSD---- C:\Windows\Fonts
2009-11-08 18:43:58 ----D---- C:\Windows\AppPatch
2009-11-08 18:43:51 ----D---- C:\Windows\system32\Boot
2009-11-08 18:43:04 ----D---- C:\Windows\system32\RTCOM
2009-11-08 18:37:21 ----D---- C:\Windows\winsxs
2009-11-08 18:28:13 ----SHD---- C:\System Volume Information
2009-11-08 18:17:06 ----D---- C:\Users\janaperfect\AppData\Roaming\Skype
2009-11-08 16:01:13 ----D---- C:\Users\janaperfect\AppData\Roaming\skypePM
2009-11-08 14:20:39 ----D---- C:\Windows\Debug
2009-11-05 18:55:39 ----D---- C:\Windows\system32\catroot2
2009-11-03 07:38:50 ----SHD---- C:\Windows\Installer
2009-11-03 07:38:50 ----D---- C:\ProgramData\Microsoft Help
2009-11-01 20:25:30 ----A---- C:\Windows\win.ini
2009-11-01 20:23:46 ----D---- C:\Program Files\Common Files\microsoft shared
2009-11-01 11:47:34 ----HD---- C:\ProgramData
2009-11-01 11:42:02 ----D---- C:\Program Files\MSBuild
2009-11-01 11:41:33 ----D---- C:\Program Files\Microsoft Office
2009-11-01 11:41:08 ----D---- C:\Program Files\Common Files
2009-11-01 11:41:03 ----D---- C:\Windows\ShellNew
2009-11-01 11:39:58 ----SD---- C:\Users\janaperfect\AppData\Roaming\Microsoft
2009-11-01 11:39:58 ----SD---- C:\ProgramData\Microsoft
2009-11-01 10:46:15 ----D---- C:\Windows\system32\Tasks
2009-11-01 10:44:22 ----D---- C:\ProgramData\McAfee
2009-10-29 21:33:56 ----D---- C:\Program Files\Google
2009-10-29 21:32:31 ----D---- C:\Program Files\Acer GameZone
2009-10-29 21:31:09 ----D---- C:\ProgramData\Google
2009-10-29 21:30:42 ----D---- C:\Program Files\Yahoo!
2009-10-29 21:11:45 ----HD---- C:\Program Files\InstallShield Installation Information
2009-10-29 21:11:32 ----D---- C:\Program Files\eSobi
2009-10-29 21:01:41 ----D---- C:\Program Files\Acer
2009-10-29 21:00:56 ----D---- C:\ProgramData\CyberLink
2009-10-12 00:59:10 ----D---- C:\Windows\system32\WDI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-07-28 55656]
R2 irda;IrDA Protocol; C:\Windows\system32\DRIVERS\irda.sys [2008-01-21 95744]
R2 mwlPSDFilter;mwlPSDFilter; C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [2008-10-09 19504]
R2 mwlPSDNServ;mwlPSDNServ; C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [2008-10-09 16432]
R2 mwlPSDVDisk;mwlPSDVDisk; C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [2008-10-09 59952]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2008-02-29 1202560]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-12-29 952832]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-03 21264]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-12-23 2476032]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-02-19 2323680]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI; C:\Windows\system32\drivers\IntcHdmi.sys [2008-09-22 112128]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60x.sys [2008-09-04 223232]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\Drivers\NTIDrvr.sys [2009-03-25 15360]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-12-05 204976]
R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2009-08-05 54632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NSCIRDA;NSC Infrared Device Driver; C:\Windows\system32\DRIVERS\nscirda.sys [2008-01-21 30720]
S3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2008-12-02 62976]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2008-03-18 13312]
R2 AntiVirMailService;Avira AntiVir MailGuard; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [2009-05-11 194817]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 AntiVirWebService;Avira AntiVir WebGuard; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2009-05-12 434945]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ePowerSvc;Acer ePower Service; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-04-15 703008]
R2 Irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 MWLService;MyWinLocker Service; C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-05-14 305448]
R2 NTI IScheduleSvc;NTI IScheduleSvc; C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-04-11 61184]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-09-08 545568]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-11 194032]
S3 fsssvc;Služba Bezpecnost rodiny v službe Windows Live; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

jamesbond007.cz · #2 Příspěvek od **jamesbond007.cz** » 07 lis 2009 22:27

a jeste log z combofixu. predpokladam ze by mi byl doporucen.

ComboFix 09-11-06.03 - janaperfect 08/11/2009 21:11.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3000.1946 [GMT 0:00]
Running from: c:\users\janaperfect\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1532837770-1080338674-2631915440-500
c:\windows\010112010146101105.rx
c:\windows\Suyin.reg

.
((((((((((((((((((((((((( Files Created from 2009-10-08 to 2009-11-08 )))))))))))))))))))))))))))))))
.

2009-11-08 20:20 . 2009-11-08 20:20 -------- d-----w- C:\rsit
2009-11-08 20:20 . 2009-11-08 20:20 4096 d-----w- c:\program files\trend micro
2009-11-08 18:43 . 2009-11-08 18:44 -------- d-----w- c:\windows\system32\ca-ES
2009-11-08 18:43 . 2009-11-08 18:44 -------- d-----w- c:\windows\system32\eu-ES
2009-11-08 18:43 . 2009-11-08 18:44 -------- d-----w- c:\windows\system32\vi-VN
2009-11-08 18:26 . 2009-11-08 18:26 4096 d-----w- c:\windows\system32\EventProviders
2009-11-08 18:15 . 2009-11-08 18:15 -------- d-----w- c:\users\janaperfect\AppData\Roaming\Avira
2009-11-08 17:59 . 2009-11-08 17:59 4096 d-----w- C:\SafetyCenter
2009-11-03 07:38 . 2009-11-03 07:38 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-11-02 11:21 . 2009-11-02 20:42 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-01 11:47 . 2009-07-28 16:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-01 11:47 . 2009-03-30 10:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-11-01 11:47 . 2009-11-01 11:47 -------- d-----w- c:\programdata\Avira
2009-11-01 11:47 . 2009-11-01 11:47 -------- d-----w- c:\program files\Avira
2009-11-01 11:39 . 2009-11-01 11:39 -------- d-----w- c:\program files\Microsoft.NET
2009-11-01 11:37 . 2009-11-01 11:37 4096 d-----w- c:\program files\Microsoft Visual Studio 8
2009-11-01 10:41 . 2009-11-01 10:41 -------- d-----w- c:\users\janaperfect\AppData\Roaming\Malwarebytes
2009-11-01 10:41 . 2009-09-10 14:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-01 10:41 . 2009-11-01 10:41 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-01 10:41 . 2009-11-01 10:41 -------- d-----w- c:\programdata\Malwarebytes
2009-11-01 10:41 . 2009-09-10 14:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-30 18:54 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-30 18:54 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-30 18:54 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-30 18:54 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-30 18:54 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-30 18:54 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-30 18:54 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-30 18:53 . 2009-08-06 19:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-30 18:53 . 2009-08-06 18:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-28 23:28 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-28 23:28 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-16 22:51 . 2009-09-04 11:41 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-16 22:51 . 2009-09-14 09:29 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-16 22:51 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-08 18:45 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-11-08 18:45 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-11-08 18:45 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Sidebar
2009-11-08 18:45 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Journal
2009-11-08 18:45 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Collaboration
2009-11-08 18:45 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Photo Gallery
2009-11-08 18:45 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Defender
2009-11-08 18:43 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-08 18:17 . 2009-09-11 18:27 4096 d-----w- c:\users\janaperfect\AppData\Roaming\Skype
2009-11-08 16:01 . 2009-09-11 18:31 12288 d-----w- c:\users\janaperfect\AppData\Roaming\skypePM
2009-11-03 07:38 . 2009-02-18 12:10 12288 d-----w- c:\programdata\Microsoft Help
2009-11-01 11:55 . 2009-09-05 23:50 101856 ----a-w- c:\users\janaperfect\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-01 11:42 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild
2009-11-01 10:44 . 2009-02-18 11:55 4096 d-----w- c:\programdata\McAfee
2009-10-31 23:20 . 2009-09-08 17:45 6080 ----a-w- c:\users\janaperfect\AppData\Local\d3d9caps.dat
2009-10-29 21:33 . 2009-09-05 23:49 4096 d-----w- c:\program files\Google
2009-10-29 21:32 . 2009-02-18 12:01 8192 d-----w- c:\program files\Acer GameZone
2009-10-29 21:30 . 2009-09-06 03:42 -------- d-----w- c:\program files\Yahoo!
2009-10-29 21:11 . 2009-02-11 20:16 4096 d--h--w- c:\program files\InstallShield Installation Information
2009-10-29 21:11 . 2009-06-19 11:12 -------- d-----w- c:\program files\eSobi
2009-10-29 21:01 . 2009-06-19 11:10 -------- d-----w- c:\program files\Acer
2009-10-29 21:00 . 2009-02-18 12:22 -------- d-----w- c:\programdata\CyberLink
2009-10-29 20:57 . 2009-02-18 12:23 36864 ----a-w- c:\programdata\Temp\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\PostBuild.exe
2009-09-23 08:07 . 2009-09-22 19:51 4096 d-----w- c:\program files\Microsoft Silverlight
2009-09-23 08:06 . 2009-02-18 12:11 28672 d-----w- c:\program files\Microsoft Works
2009-09-22 19:51 . 2009-02-18 12:26 4096 d-----w- c:\program files\Windows Live
2009-09-22 19:50 . 2009-09-22 19:50 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-09-22 19:47 . 2009-09-22 19:47 -------- d-----w- c:\program files\Microsoft
2009-09-18 21:36 . 2009-09-18 21:36 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-09-18 21:36 . 2009-09-11 21:43 -------- d-----w- c:\programdata\Apple
2009-09-12 19:55 . 2009-09-12 19:55 -------- d-----w- c:\users\janaperfect\AppData\Roaming\SoftDMA
2009-09-12 19:55 . 2009-09-12 19:55 -------- d-----w- c:\users\janaperfect\AppData\Roaming\CyberLink
2009-09-11 22:23 . 2009-09-11 22:23 4096 d-----w- c:\programdata\Google Updater
2009-09-11 22:07 . 2009-09-11 22:04 -------- d-----w- c:\users\janaperfect\AppData\Roaming\Apple Computer
2009-09-11 22:03 . 2009-09-11 22:00 4096 d-----w- c:\program files\iTunes
2009-09-11 22:03 . 2009-09-11 22:00 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-11 22:00 . 2009-09-11 22:00 -------- d-----w- c:\program files\iPod
2009-09-11 22:00 . 2009-09-11 21:43 -------- d-----w- c:\program files\Common Files\Apple
2009-09-11 22:00 . 2009-09-11 21:49 -------- d-----w- c:\programdata\Apple Computer
2009-09-11 21:52 . 2009-09-11 21:52 -------- d-----w- c:\program files\Bonjour
2009-09-11 21:51 . 2009-09-11 21:49 4096 d-----w- c:\program files\QuickTime
2009-09-11 21:46 . 2009-09-11 21:46 4096 d-----w- c:\program files\Apple Software Update
2009-09-11 21:13 . 2009-09-11 21:13 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-09-11 20:06 . 2009-09-11 18:45 4096 d-----w- c:\users\janaperfect\AppData\Roaming\vlc
2009-09-11 18:51 . 2009-06-19 11:12 -------- d-----w- c:\programdata\eSobi
2009-09-11 18:49 . 2009-09-11 18:49 -------- d-----w- c:\users\janaperfect\AppData\Roaming\eSobi
2009-09-11 18:43 . 2009-09-11 18:43 -------- d-----w- c:\program files\VideoLAN
2009-09-11 18:31 . 2009-09-11 18:31 56 ---ha-w- c:\programdata\ezsidmv.dat
2009-09-11 18:27 . 2009-09-11 18:26 -------- d-----r- c:\program files\Skype
2009-09-11 18:26 . 2009-09-11 18:26 -------- d-----w- c:\program files\Common Files\Skype
2009-09-11 18:26 . 2009-09-11 18:26 -------- d-----w- c:\programdata\Skype
2009-09-10 18:21 . 2009-06-19 11:11 4096 d-----w- c:\program files\EgisTec Egis Software Update
2009-09-10 18:19 . 2009-09-10 18:17 20692840 ----a-w- c:\programdata\EgisTec\EgisTec Software Update\1.0\Cache\8ad88a5a2254770c0122547c09e10001\MyWinLocker3.1.59.0.exe
2009-09-10 16:48 . 2009-10-16 22:52 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-08 20:43 . 2009-09-08 20:43 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.0.70\SetupAdmin.exe
2009-08-29 00:27 . 2009-09-06 05:04 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-06 05:04 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 18:42 . 2009-08-28 18:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-28 18:42 . 2009-08-28 18:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-27 13:29 . 2009-10-16 22:52 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-27 12:40 . 2009-10-16 22:52 834048 ----a-w- c:\windows\system32\wininet.dll
2009-08-17 22:33 . 2009-08-17 22:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-14 16:27 . 2009-09-09 21:19 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-09 21:19 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-09 21:19 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-09 21:19 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-09 21:19 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-09 21:19 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-09 21:19 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-09 21:19 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-09 21:19 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-09 21:19 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-09 21:19 105984 ----a-w- c:\windows\system32\netiohlp.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-05-14 22:02 120104 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-05 68856]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-10-09 25623336]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2009-04-11 2153472]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SafetyCenter"="c:\safetycenter\start.exe" [2009-11-08 986624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-09 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-09 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-09 154136]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-19 6793760]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-05 1410344]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-02-19 866824]
"BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-04-11 249600]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-04-15 440864]
"EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2009-05-13 199464]
"mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-05-14 345384]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-08 305440]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

c:\users\janaperfect\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Orion.lnk - c:\program files\Convesoft\Orion\Messenger.exe [2008-10-21 7892992]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
SetupExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):72,b0,71,6b,a4,60,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1532837770-1080338674-2631915440-1000]
"EnableNotificationsRef"=dword:00000001

R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [01/11/2009 11:47 194817]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [01/11/2009 11:47 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [01/11/2009 11:47 434945]
R2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [19/06/2009 11:10 703008]
R2 mwlPSDFilter;mwlPSDFilter;c:\windows\System32\drivers\mwlPSDFilter.sys [09/10/2008 15:47 19504]
R2 mwlPSDNServ;mwlPSDNServ;c:\windows\System32\drivers\mwlPSDNserv.sys [09/10/2008 15:47 16432]
R2 mwlPSDVDisk;mwlPSDVDisk;c:\windows\System32\drivers\mwlPSDVDisk.sys [09/10/2008 15:47 59952]
R2 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\MWLService.exe [14/05/2009 22:03 305448]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [11/04/2009 18:32 61184]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [23/09/2008 14:11 144632]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\System32\drivers\IntcHdmi.sys [19/06/2009 18:36 112128]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\k57nd60x.sys [04/09/2008 04:12 223232]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [21/01/2008 02:23 179712]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [22/09/2009 19:51 54632]
S3 fsssvc;Služba Bezpecnost rodiny v službe Windows Live;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 21:48 704864]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [23/09/2008 14:11 50424]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
Contents of the 'Scheduled Tasks' folder

2009-11-08 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-05 22:23]
.
.
------- Supplementary Scan -------
.
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vp32&d=0609&m=aspire_5738
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vp32&d=0609&m=aspire_5738
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vp32&d=0609&m=aspire_5738
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
FF - ProfilePath - c:\users\janaperfect\AppData\Roaming\Mozilla\Firefox\Profiles\4sstc50o.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
.
------- File Associations -------
.
regedit=regedit.exe "%1"
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-mcmscsvc
SafeBoot-MCODS

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msiserver]
"ImagePath"="%systemroot%\system32\msiexec /V"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2009-11-08 21:23
ComboFix-quarantined-files.txt 2009-11-08 21:22

Pre-Run: 276,488,728,576 bytes free
Post-Run: 276,682,121,216 bytes free

- - End Of File - - 3CD1810F2FCFD101FB981044E3F6B015

#3 Příspěvek od **motji** » 08 lis 2009 07:53

Dobré ránko

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

Folder::
c:\SafetyCenter
Registry::
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes Anti-Malware (reboot)"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SafetyCenter"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a1350dc-a5c0-11de-a70b-001f16a92829}]

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:

Obrázek

-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

Dejte soubor otestovat na http://www.virustotal.com

C:\Program Files\Convesoft\Orion\Messenger.exe

Do okénka zkopírujte cestu k souboru , pokud napíše, že soubor byl už testován, dejte otestovat znovu.
Sem vložte link s výsledky.

Stahněte z mého podpisu AVPTOOl http://www.viry.cz/forum/viewtopic.php?f=29&t=58179

-Podle návodu nainstalujte a proveďte sken
-vložte zde log z výsledky

jamesbond007.cz · #4 Příspěvek od **jamesbond007.cz** » 16 lis 2009 21:41

tak jsem aplikoval script. ale neco se stejne deje a neni jeste o.k. combofix jel docela dlouho a musel jsem vymazat a znovu se pripojit k siti. log je zde:

ComboFix 09-11-16.05 - janaperfect 17/11/2009 20:16.3.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3000.1650 [GMT 0:00]
Running from: c:\users\janaperfect\Downloads\ComboFix.exe
Command switches used :: c:\users\janaperfect\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\SafetyCenter
c:\safetycenter\main.ico
c:\safetycenter\new.exe
c:\safetycenter\protector.exe
c:\safetycenter\sound.wav
c:\safetycenter\uninstall.exe

.
((((((((((((((((((((((((( Files Created from 2009-10-17 to 2009-11-17 )))))))))))))))))))))))))))))))
.

2009-11-17 20:25 . 2009-11-17 20:25 -------- d-----w- c:\users\janaperfect\AppData\Local\temp
2009-11-17 20:25 . 2009-11-17 20:25 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-11-17 20:25 . 2009-11-17 20:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-17 20:14 . 2009-11-17 20:15 24576 d-----w- C:\32788R22FWJFW
2009-11-12 19:13 . 2009-08-14 13:27 2036736 ----a-w- c:\windows\system32\win32k.sys
2009-11-12 19:13 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-10 19:51 . 2009-11-10 19:51 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-11-08 20:20 . 2009-11-08 20:20 -------- d-----w- C:\rsit
2009-11-08 20:20 . 2009-11-08 20:20 4096 d-----w- c:\program files\trend micro
2009-11-08 18:43 . 2009-11-08 18:44 -------- d-----w- c:\windows\system32\ca-ES
2009-11-08 18:43 . 2009-11-08 18:44 -------- d-----w- c:\windows\system32\eu-ES
2009-11-08 18:43 . 2009-11-08 18:44 -------- d-----w- c:\windows\system32\vi-VN
2009-11-08 18:26 . 2009-11-08 18:26 4096 d-----w- c:\windows\system32\EventProviders
2009-11-08 18:15 . 2009-11-08 18:15 -------- d-----w- c:\users\janaperfect\AppData\Roaming\Avira
2009-11-03 07:38 . 2009-11-03 07:38 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-11-02 11:21 . 2009-11-02 20:42 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-01 11:47 . 2009-07-28 16:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-01 11:47 . 2009-03-30 10:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-11-01 11:47 . 2009-11-01 11:47 -------- d-----w- c:\programdata\Avira
2009-11-01 11:47 . 2009-11-01 11:47 -------- d-----w- c:\program files\Avira
2009-11-01 11:39 . 2009-11-01 11:39 -------- d-----w- c:\program files\Microsoft.NET
2009-11-01 11:37 . 2009-11-01 11:37 4096 d-----w- c:\program files\Microsoft Visual Studio 8
2009-11-01 10:41 . 2009-11-01 10:41 -------- d-----w- c:\users\janaperfect\AppData\Roaming\Malwarebytes
2009-11-01 10:41 . 2009-09-10 14:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-01 10:41 . 2009-11-01 10:41 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-01 10:41 . 2009-11-01 10:41 -------- d-----w- c:\programdata\Malwarebytes
2009-11-01 10:41 . 2009-09-10 14:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-30 18:54 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-30 18:54 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-30 18:54 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-30 18:54 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-30 18:54 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-30 18:54 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-30 18:54 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-30 18:53 . 2009-08-06 19:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-30 18:53 . 2009-08-06 18:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-28 23:28 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-28 23:28 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-17 20:05 . 2009-09-11 18:27 4096 d-----w- c:\users\janaperfect\AppData\Roaming\Skype
2009-11-17 18:55 . 2009-09-11 18:31 12288 d-----w- c:\users\janaperfect\AppData\Roaming\skypePM
2009-11-13 03:21 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-11-13 03:06 . 2009-02-18 12:10 12288 d-----w- c:\programdata\Microsoft Help
2009-11-08 18:45 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-11-08 18:45 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Sidebar
2009-11-08 18:45 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Journal
2009-11-08 18:45 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Collaboration
2009-11-08 18:45 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Photo Gallery
2009-11-08 18:45 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Defender
2009-11-08 18:43 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-01 11:55 . 2009-09-05 23:50 101856 ----a-w- c:\users\janaperfect\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-01 11:42 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild
2009-11-01 10:44 . 2009-02-18 11:55 4096 d-----w- c:\programdata\McAfee
2009-10-31 23:20 . 2009-09-08 17:45 6080 ----a-w- c:\users\janaperfect\AppData\Local\d3d9caps.dat
2009-10-29 21:33 . 2009-09-05 23:49 4096 d-----w- c:\program files\Google
2009-10-29 21:32 . 2009-02-18 12:01 8192 d-----w- c:\program files\Acer GameZone
2009-10-29 21:30 . 2009-09-06 03:42 -------- d-----w- c:\program files\Yahoo!
2009-10-29 21:11 . 2009-02-11 20:16 4096 d--h--w- c:\program files\InstallShield Installation Information
2009-10-29 21:11 . 2009-06-19 11:12 -------- d-----w- c:\program files\eSobi
2009-10-29 21:01 . 2009-06-19 11:10 -------- d-----w- c:\program files\Acer
2009-10-29 21:00 . 2009-02-18 12:22 -------- d-----w- c:\programdata\CyberLink
2009-10-29 20:57 . 2009-02-18 12:23 36864 ----a-w- c:\programdata\Temp\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\PostBuild.exe
2009-09-23 08:07 . 2009-09-22 19:51 4096 d-----w- c:\program files\Microsoft Silverlight
2009-09-23 08:06 . 2009-02-18 12:11 28672 d-----w- c:\program files\Microsoft Works
2009-09-22 19:51 . 2009-02-18 12:26 4096 d-----w- c:\program files\Windows Live
2009-09-22 19:50 . 2009-09-22 19:50 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-09-22 19:47 . 2009-09-22 19:47 -------- d-----w- c:\program files\Microsoft
2009-09-18 21:36 . 2009-09-18 21:36 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-09-18 21:36 . 2009-09-11 21:43 -------- d-----w- c:\programdata\Apple
2009-09-14 09:29 . 2009-10-16 22:51 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-09-10 18:19 . 2009-09-10 18:17 20692840 ----a-w- c:\programdata\EgisTec\EgisTec Software Update\1.0\Cache\8ad88a5a2254770c0122547c09e10001\MyWinLocker3.1.59.0.exe
2009-09-10 16:48 . 2009-10-16 22:52 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-08 20:43 . 2009-09-08 20:43 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.0.70\SetupAdmin.exe
2009-09-04 11:41 . 2009-10-16 22:51 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 00:27 . 2009-09-06 05:04 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-06 05:04 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 18:42 . 2009-08-28 18:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-28 18:42 . 2009-08-28 18:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-27 13:29 . 2009-10-16 22:52 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-27 12:40 . 2009-10-16 22:52 834048 ----a-w- c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-11-08_21.20.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2009-11-13 03:25 50468 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-11-13 03:25 76790 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-09-05 23:50 . 2009-11-17 20:03 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-09-05 23:50 . 2009-11-08 21:07 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-09-05 23:50 . 2009-11-08 21:07 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-09-05 23:50 . 2009-11-17 20:03 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-09-05 23:50 . 2009-11-17 20:03 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-09-05 23:50 . 2009-11-08 21:07 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-01 11:44 . 2009-11-13 03:06 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-11-01 11:44 . 2009-11-03 07:38 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-11-01 11:44 . 2009-11-13 03:06 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-11-01 11:44 . 2009-11-03 07:38 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-11-01 11:44 . 2009-11-03 07:38 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-11-01 11:44 . 2009-11-13 03:06 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-10-31 03:01 . 2009-10-31 03:01 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2009-11-13 03:04 . 2009-11-13 03:04 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2006-10-26 21:13 . 2006-10-26 21:13 72472 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XL12CNVP.DLL
+ 2009-11-10 03:24 . 2009-11-10 03:24 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\8039c53d0b2703fe649d06f76984743e\WindowsLiveWriter.ni.exe
+ 2009-11-10 03:24 . 2009-11-10 03:24 99840 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0a8d3929fd7c6f5983d7c800325058ee\WindowsLive.Writer.Api.ni.dll
+ 2009-11-10 03:25 . 2009-11-10 03:25 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\71446066f8f87652fa7303395df566cc\UIAutomationProvider.ni.dll
+ 2009-11-10 03:26 . 2009-11-10 03:26 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\f7cfb619815540da7efa7d0ce6cd581c\System.Windows.Presentation.ni.dll
+ 2009-11-10 03:26 . 2009-11-10 03:26 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\94a159c32cf1d5ff553e2c12861c7e9f\System.Web.DynamicData.Design.ni.dll
+ 2009-11-10 03:25 . 2009-11-10 03:25 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\fd2d9c558d28fb6fc1d5b650e2aaba6a\System.ComponentModel.DataAnnotations.ni.dll
+ 2009-11-10 03:25 . 2009-11-10 03:25 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\ef965cf9c5c75294aef56d47f4b0eb26\System.AddIn.Contract.ni.dll
+ 2009-11-10 03:23 . 2009-11-10 03:23 44032 c:\windows\assembly\NativeImages_v2.0.50727_32\stdole\6fb97ad4786df4e2a5c0edaa3a284de8\stdole.ni.dll
+ 2009-11-10 03:25 . 2009-11-10 03:25 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\28aa280d39ac935204e8f97b628dd25e\PresentationFontCache.ni.exe
+ 2009-11-10 03:25 . 2009-11-10 03:25 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\32d58b6e9270ca077d0f3e787acd0a37\PresentationCFFRasterizer.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 79872 c:\windows\assembly\NativeImages_v2.0.50727_32\napcrypt\ec37fe0ddb66e6ed277cc9c83c39e134\napcrypt.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\e69555c56ddd01d1e809c1cf9e5cbf93\Microsoft.Vsa.ni.dll
+ 2009-11-10 03:22 . 2009-11-10 03:22 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\84dda64a3e7cec7239ede8d5e48b5847\Microsoft.VisualC.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\f156806d82a796faf4968b2cb872141d\Microsoft.Build.Framework.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\2990c6a100dc31f3a36bd8c2afafa92b\Microsoft.Build.Framework.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 68608 c:\windows\assembly\NativeImages_v2.0.50727_32\loadmxf\c06ed1ec9b9930295dd73986fe660559\loadmxf.ni.exe
+ 2009-11-10 03:23 . 2009-11-10 03:23 57856 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiUserXp\9e40e4d9ddeac7b337afb0ab2a45b7c7\ehiUserXp.ni.dll
+ 2009-11-10 03:23 . 2009-11-10 03:23 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiReplay\53c8ef024a64e5e6c4a1a4e23db7c753\ehiReplay.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 23552 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiExtCOM\3c3b9f210946ad30b80aef7c2c61bec1\ehiExtCOM.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtCOM\2e777c70743dc2d17184d2c777c98568\ehExtCOM.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\8b295851a21fc513dcb5dbcd9b5385e6\dfsvc.ni.exe
+ 2009-11-10 03:23 . 2009-11-10 03:23 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\1bcbcac5237f54c73628936552c55b69\Accessibility.ni.dll
+ 2009-09-05 23:50 . 2009-11-13 03:25 5998 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1532837770-1080338674-2631915440-1000_UserData.bin
+ 2009-11-13 03:22 . 2009-11-13 03:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-11-08 21:07 . 2009-11-08 21:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-11-13 03:22 . 2009-11-13 03:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-11-08 21:07 . 2009-11-08 21:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-11-12 19:13 . 2009-08-10 12:39 355328 c:\windows\winsxs\x86_wsdapi_31bf3856ad364e35_6.0.6002.22194_none_c0c6531463dfed55\WSDApi.dll
+ 2009-11-12 19:13 . 2009-08-10 12:35 355328 c:\windows\winsxs\x86_wsdapi_31bf3856ad364e35_6.0.6002.18085_none_c048867f4ab94af1\WSDApi.dll
+ 2009-11-12 19:13 . 2009-08-10 13:03 351232 c:\windows\winsxs\x86_wsdapi_31bf3856ad364e35_6.0.6001.22491_none_bedce04e66bc4c2c\WSDApi.dll
+ 2009-11-12 19:13 . 2009-08-10 13:05 351232 c:\windows\winsxs\x86_wsdapi_31bf3856ad364e35_6.0.6001.18306_none_beb994414d512f9c\WSDApi.dll
+ 2009-11-12 19:13 . 2009-08-10 12:53 323072 c:\windows\winsxs\x86_wsdapi_31bf3856ad364e35_6.0.6000.21103_none_bd59c9aa694b25b2\WSDApi.dll
+ 2009-11-12 19:13 . 2009-08-10 13:08 321536 c:\windows\winsxs\x86_wsdapi_31bf3856ad364e35_6.0.6000.16903_none_bcd054bd502d52a6\WSDApi.dll
+ 2009-11-10 03:00 . 2009-09-04 06:59 388920 c:\windows\winsxs\x86_netfx-sos_dll_b03f5f7f11d50a3a_6.0.6002.22219_none_fcfe427e14d1391e\SOS.dll
+ 2009-11-10 03:00 . 2009-09-04 06:59 388936 c:\windows\winsxs\x86_netfx-sos_dll_b03f5f7f11d50a3a_6.0.6002.18107_none_13cb1683fb2a8c7f\SOS.dll
+ 2009-11-10 03:00 . 2009-09-04 06:58 989528 c:\windows\winsxs\x86_netfx-mscordacwks_b03f5f7f11d50a3a_6.0.6002.22219_none_142ffabd20dc5d09\mscordacwks.dll
+ 2009-11-10 03:00 . 2009-09-04 06:58 989000 c:\windows\winsxs\x86_netfx-mscordacwks_b03f5f7f11d50a3a_6.0.6002.18107_none_2afccec30735b06a\mscordacwks.dll
+ 2009-09-07 12:28 . 2009-11-17 19:13 218532 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2009-09-07 10:41 . 2009-11-17 18:55 231386 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2006-11-02 10:33 . 2009-11-08 21:15 603282 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-11-13 03:28 603282 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-11-13 03:28 106696 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-11-08 21:15 106696 c:\windows\System32\perfc009.dat
+ 2006-11-02 12:47 . 2009-11-13 03:23 379640 c:\windows\System32\FNTCACHE.DAT
- 2006-11-02 12:47 . 2009-11-08 18:48 379640 c:\windows\System32\FNTCACHE.DAT
- 2009-09-11 18:10 . 2009-03-30 04:42 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2009-11-10 03:00 . 2009-09-04 06:59 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2009-11-10 03:00 . 2009-09-04 06:58 989000 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
- 2009-09-11 18:10 . 2009-03-30 04:42 989000 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
- 2009-11-01 11:44 . 2009-11-03 07:38 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-11-01 11:44 . 2009-11-13 03:06 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-11-01 11:44 . 2009-11-03 07:38 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-11-01 11:44 . 2009-11-13 03:06 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2009-11-01 11:44 . 2009-11-03 07:38 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-11-01 11:44 . 2009-11-13 03:06 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2009-11-01 11:44 . 2009-11-03 07:38 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-11-01 11:44 . 2009-11-13 03:06 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-11-01 11:44 . 2009-11-13 03:06 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2009-11-01 11:44 . 2009-11-03 07:38 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2009-11-01 11:44 . 2009-11-03 07:38 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-11-01 11:44 . 2009-11-13 03:06 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-11-01 11:44 . 2009-11-13 03:06 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2009-11-01 11:44 . 2009-11-03 07:38 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2006-10-26 19:48 . 2006-10-26 19:48 434528 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DWTRIG20.EXE
+ 2009-11-10 03:24 . 2009-11-10 03:24 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\e238b43f36388fcb7c57b80bdc1f7d62\WsatConfig.ni.exe
+ 2009-11-10 03:24 . 2009-11-10 03:24 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\722a7911f43794c1c020ee3b1f350b22\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\fba5f4fe46e69058aa06be917a533f5d\WindowsLive.Writer.BrowserControl.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e7806ba50403c85018a59c72525d24dc\WindowsLive.Writer.Mshtml.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 118784 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e3ed22c184efec9d19d85e6324060668\WindowsLive.Writer.Extensibility.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 313856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\dc9e378eca978b5e4d7155b0469b0632\WindowsLive.Writer.Interop.SHDocVw.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\d7799148a419bc09357901d984655920\WindowsLive.Writer.HtmlParser.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\bc49adcd29c410b26288f975e6f2cd94\WindowsLive.Writer.FileDestinations.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\b8a363ab5a3dbcd27dcd4a8c3042065f\WindowsLive.Writer.Instrumentation.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 851968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\851effe22cf0915f4d6972e0d679ebf2\WindowsLive.Writer.BlogClient.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 843776 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\75a642f7c4551268fef722abf0843a40\WindowsLive.Writer.Controls.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 319488 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\694fe4b717187686318f1327ae1bd701\WindowsLive.Writer.Interop.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 428032 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\4b7f6a44c197d9c791e44ac1989bdf92\WindowsLive.Writer.Localization.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 334848 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\4a7ecc7fe4e6d45d3682880c9d271b03\WindowsLive.Writer.Interop.Mshtml.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 594944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3795351a740a36f1bb91bd860d1e98b4\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 108544 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\2bdecfaa5c6626ddc8c69e3e7bbf2992\WindowsLive.Writer.Passport.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 322048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\07f97bb56361d8a25a0ecb14c92f3fcb\WindowsLive.Writer.SpellChecker.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 145920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\2c363b22ceaf65f54fb49bf7805be1d5\WindowsLive.Client.ni.dll
+ 2009-11-10 03:26 . 2009-11-10 03:26 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\8f9e7faa17ad97b10b90647dc804bd02\WindowsFormsIntegration.ni.dll
+ 2009-11-10 03:25 . 2009-11-10 03:25 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\4609787a9b076765ecb68581a25df450\UIAutomationTypes.ni.dll
+ 2009-11-10 03:26 . 2009-11-10 03:26 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\a7b063c683276e3a82a58ba41c52df12\UIAutomationClient.ni.dll
+ 2009-11-10 03:26 . 2009-11-10 03:26 235520 c:\windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\254b382cfc56f408ee61524805812f29\TaskScheduler.ni.dll
+ 2009-11-10 03:26 . 2009-11-10 03:26 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\0eae6266b8c2becb2131349055187233\System.Xml.Linq.ni.dll
+ 2009-11-10 03:26 . 2009-11-10 03:26 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\9ab2b63a74f18bded73c752dfad29b7b\System.Web.Routing.ni.dll
+ 2009-11-10 03:23 . 2009-11-10 03:23 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\67190e73b89e98b6488dcf6af49c216f\System.Web.RegularExpressions.ni.dll
+ 2009-11-10 03:26 . 2009-11-10 03:26 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\c6abb45c13e5b9122696522bec0d2ecf\System.Web.Extensions.Design.ni.dll
+ 2009-11-10 03:26 . 2009-11-10 03:26 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\eaa2ae0c44f344b227b2c382c846f7a4\System.Web.Entity.ni.dll
+ 2009-11-10 03:26 . 2009-11-10 03:26 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\5c0af069194b9d1f5d6ee63dbb90ee8d\System.Web.Entity.Design.ni.dll
+ 2009-11-10 03:26 . 2009-11-10 03:26 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\03efddc7dbc191f65c0b343666f27026\System.Web.DynamicData.ni.dll
+ 2009-11-10 03:26 . 2009-11-10 03:26 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\f064a5d32c3dbf54f7e6923b3cba5f35\System.Web.Abstractions.ni.dll
+ 2009-11-10 03:22 . 2009-11-10 03:22 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\5790f8446c866b543ab1740fd27aaec5\System.Transactions.ni.dll
+ 2009-11-10 03:23 . 2009-11-10 03:23 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\b0d40c6d0fc00ba251010b710ca452a6\System.ServiceProcess.ni.dll
+ 2009-11-10 03:22 . 2009-11-10 03:22 676352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\3bf0444969d6c9bf5e3106c9aa59c1d0\System.Security.ni.dll
+ 2009-11-10 03:23 . 2009-11-10 03:23 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\f91c1865b06602c72f0efc99a0d4634a\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2009-11-10 03:22 . 2009-11-10 03:22 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5fada30bf7c201ababed5104184b9754\System.Runtime.Remoting.ni.dll
+ 2009-11-10 03:25 . 2009-11-10 03:25 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\23ca5e14f05c37fb49bc0df6521a314e\System.Net.ni.dll
+ 2009-11-10 03:23 . 2009-11-10 03:23 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\9c037a2101174ed32002e0d492504573\System.Messaging.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3554229f9241c34b5acd5061bb7a9b6\System.Management.ni.dll
+ 2009-11-10 03:25 . 2009-11-10 03:25 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\072654567a9c8a9788fc1dc3c36ecfc7\System.Management.Instrumentation.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\f5ec612354e6e5abf31cf67ac57698e2\System.IO.Log.ni.dll
+ 2009-11-10 03:23 . 2009-11-10 03:23 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\6fac519fcb4fe727abbd0e00b5ed358d\System.IdentityModel.Selectors.ni.dll
+ 2009-11-10 03:22 . 2009-11-10 03:22 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\7315b1a64bf46430386b938ae3257e27\System.EnterpriseServices.Wrapper.dll
+ 2009-11-10 03:22 . 2009-11-10 03:22 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\7315b1a64bf46430386b938ae3257e27\System.EnterpriseServices.ni.dll
+ 2009-11-10 03:20 . 2009-11-10 03:20 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\cf90c37ebdf793f7d485cdf1461cefd7\System.Drawing.Design.ni.dll
+ 2009-11-10 03:23 . 2009-11-10 03:23 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\384bafb2a4f81a682eb2ae2c7fea976b\System.DirectoryServices.Protocols.ni.dll
+ 2009-11-10 03:25 . 2009-11-10 03:25 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\34472e4436b3e385c07ee148575e09f6\System.DirectoryServices.AccountManagement.ni.dll
+ 2009-11-10 03:25 . 2009-11-10 03:25 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\e7535982e4bf2036e9e7269641b7be96\System.Data.Services.Client.ni.dll
+ 2009-11-10 03:25 . 2009-11-10 03:25 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\d8591d22020c2da6180edf325b1a5d06\System.Data.Services.Design.ni.dll
+ 2009-11-10 03:25 . 2009-11-10 03:25 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\6a8e0561391bca5f520ea52bd10130dd\System.Data.Entity.Design.ni.dll
+ 2009-11-10 03:25 . 2009-11-10 03:25 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\75651a5359122974884b64b98dc1af0f\System.Data.DataSetExtensions.ni.dll
+ 2009-11-10 03:22 . 2009-11-10 03:22 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\78aac991cacbc9665c628f5466cec9c1\System.Configuration.ni.dll
+ 2009-11-10 03:23 . 2009-11-10 03:23 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\97b0e9c797db7eb8c7e15a81d88b0f1f\System.Configuration.Install.ni.dll
+ 2009-11-10 03:25 . 2009-11-10 03:25 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\de36037cdb70cd63979b9642fe1e916a\System.AddIn.ni.dll
+ 2009-11-10 03:25 . 2009-11-10 03:25 232448 c:\windows\assembly\NativeImages_v2.0.50727_32\sysglobl\723e877d7b2a6ef55f2ae48ce7c1ee09\sysglobl.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\0e2d201c84bf5d3207ff863642cd9aae\SMSvcHost.ni.exe
+ 2009-11-10 03:23 . 2009-11-10 03:23 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\0813dc1488145bd9dd8547099ade2caf\SMDiagnostics.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\927f3f5537ce459700658426fe372255\ServiceModelReg.ni.exe
+ 2009-11-10 03:19 . 2009-11-10 03:19 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6a409c40a6067264d0592415fcfc266d\PresentationFramework.Luna.ni.dll
+ 2009-11-10 03:19 . 2009-11-10 03:19 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\54e0042aba64d42f476234184b1b8f77\PresentationFramework.Classic.ni.dll
+ 2009-11-10 03:19 . 2009-11-10 03:19 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3ae3d45b608b6e0fcb51d3a903563621\PresentationFramework.Royale.ni.dll
+ 2009-11-10 03:19 . 2009-11-10 03:19 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\0fa8eb806fadfff925850522a53c3c18\PresentationFramework.Aero.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 724992 c:\windows\assembly\NativeImages_v2.0.50727_32\napsnap\b4b826189fd5456365147b7b09e85a36\napsnap.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 110080 c:\windows\assembly\NativeImages_v2.0.50727_32\napinit\67f068987514ee7cafd3d78f3a0c1d03\napinit.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 115712 c:\windows\assembly\NativeImages_v2.0.50727_32\naphlpr\fb54f69405c0a16d69c0ff218b8b226c\naphlpr.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\f5f5c57412a953a4cf89bef422dde61a\MSBuild.ni.exe
+ 2009-11-10 03:24 . 2009-11-10 03:24 285184 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\49c2fd76ae8103221e9342bdba6c9c8d\MMCFxCommon.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\7d051e6ee6923e5db3ccab7a275f0812\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2009-11-10 03:23 . 2009-11-10 03:23 659968 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\cd3cb0a0113a7ccccff31da63487ede7\Microsoft.MediaCenter.Sports.ni.dll
+ 2009-11-10 03:23 . 2009-11-10 03:23 227840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\42794bc8e41260b935b11c24f7b36916\Microsoft.MediaCenter.Shell.ni.dll
+ 2009-11-10 03:23 . 2009-11-10 03:23 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\20c04c834cf047afa7256415151818a8\Microsoft.MediaCenter.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 558592 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\89756299b1ce3b6cc00b69d39685ab1b\Microsoft.ManagementConsole.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\8c80eafc04a20c51f6009ddd7920fbc1\Microsoft.Build.Utilities.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\6766c368a48789e57637e36681e397ce\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 888320 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\e32b8f3a1267236ca7f2bd9606e67ffd\Microsoft.Build.Engine.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\5a16c39ea69c4ddcaa76b9b2f5c70ef7\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 238592 c:\windows\assembly\NativeImages_v2.0.50727_32\Mcx2Dvcs\5c546e94a6ce162317a9c41298c07b98\Mcx2Dvcs.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 254976 c:\windows\assembly\NativeImages_v2.0.50727_32\mcupdate\c00d89371d1e93f341bef3ec8e889ef5\mcupdate.ni.exe
+ 2009-11-10 03:23 . 2009-11-10 03:23 225280 c:\windows\assembly\NativeImages_v2.0.50727_32\mcstoredb\d766ca6bde8ee7051ddc96d713d776cd\mcstoredb.ni.dll
+ 2009-11-10 03:23 . 2009-11-10 03:23 641536 c:\windows\assembly\NativeImages_v2.0.50727_32\mcstore\d6bf92ec4c3c212e4323bf15386be21a\mcstore.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 543744 c:\windows\assembly\NativeImages_v2.0.50727_32\EventViewer\2bcdc9c4b2d9b6fe5f34b2556d937b1d\EventViewer.ni.dll
+ 2009-11-10 03:23 . 2009-11-10 03:23 103936 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiWUapi\9bbb6b6e4992b9aef63f5f299d479a9d\ehiWUapi.ni.dll
+ 2009-11-10 03:23 . 2009-11-10 03:23 338432 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiwmp\94f6a3674e8f4e4e8fa82e4e93bb4094\ehiwmp.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 797696 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiVidCtl\54c4dad0ab77449a338f9b0e17f7b7d0\ehiVidCtl.ni.dll
+ 2009-11-10 03:23 . 2009-11-10 03:23 965632 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiProxy\266cdaf9ab6478fe4dfad14dccd6434c\ehiProxy.ni.dll
+ 2009-11-10 03:23 . 2009-11-10 03:23 565760 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiPlay\ef0016884aa8f2aff3b31dcc02b96ed0\ehiPlay.ni.dll
+ 2009-11-10 03:23 . 2009-11-10 03:23 160768 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiExtens\d33a77b9163bfb5a488ed34cea5ef217\ehiExtens.ni.dll
+ 2009-11-10 03:23 . 2009-11-10 03:23 243200 c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtHost\6da0bd473a25740c9f037c3c180bd5d2\ehExtHost.ni.exe
+ 2009-11-10 03:23 . 2009-11-10 03:23 305152 c:\windows\assembly\NativeImages_v2.0.50727_32\ehepgdat\934e9445770ccc7acac7fb36f6202a0f\ehepgdat.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 220160 c:\windows\assembly\NativeImages_v2.0.50727_32\ehCIR\2993150a626a90f2bd7853457f9fd6ac\ehCIR.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\11e7010bbb22a78ec4f9310bb5906686\CustomMarshalers.ni.dll
+ 2009-11-10 03:22 . 2009-11-10 03:22 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\8cdd74f26f632d6087e8f79651870033\ComSvcConfig.ni.exe
+ 2009-11-10 03:22 . 2009-11-10 03:22 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\BDATunePIA\61ee0d5f74301a686fa114678b23149a\BDATunePIA.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\5f5dce4fc044ca88c9be8513d05fd5c6\AspNetMMCExt.ni.dll
+ 2009-11-10 03:00 . 2009-09-04 06:59 5818704 c:\windows\winsxs\x86_netfx-mscorwks_dll_b03f5f7f11d50a3a_6.0.6002.22219_none_1b6bd7d648db5136\mscorwks.dll
+ 2009-11-10 03:00 . 2009-09-04 06:59 5812544 c:\windows\winsxs\x86_netfx-mscorwks_dll_b03f5f7f11d50a3a_6.0.6002.18107_none_3238abdc2f34a497\mscorwks.dll
+ 2009-11-10 03:00 . 2009-09-04 06:58 4550656 c:\windows\winsxs\x86_mscorlib_b77a5c561934e089_6.0.6002.22219_none_b0c508e8db53ecb1\mscorlib.dll
+ 2009-11-10 03:00 . 2009-09-04 06:58 4550656 c:\windows\winsxs\x86_mscorlib_b77a5c561934e089_6.0.6002.18107_none_c791dceec1ad4012\mscorlib.dll
+ 2009-11-12 19:13 . 2009-08-14 13:29 2045440 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6002.22200_none_bb639005b0cab34a\win32k.sys
+ 2009-11-12 19:13 . 2009-08-14 13:27 2036736 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6002.18091_none_ba79a25297f52b29\win32k.sys
+ 2009-11-12 19:13 . 2009-08-14 13:46 2036224 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.22497_none_b922cef1b3e70dd9\win32k.sys
+ 2009-11-12 19:13 . 2009-08-14 13:53 2035712 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.18311_none_b8e9afca9a8df67d\win32k.sys
+ 2009-11-12 19:13 . 2009-08-15 21:08 2032128 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.21108_none_b79eb803b676ce08\win32k.sys
+ 2009-11-12 19:13 . 2009-08-14 14:01 2031104 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.16908_none_b71543169d58fafc\win32k.sys
+ 2009-11-12 19:13 . 2009-10-16 08:39 2409776 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.22247_none_f4d3f2c581d85dd6\OESpamFilter.dat
+ 2009-11-12 19:13 . 2009-10-16 08:36 2409776 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.18124_none_f45cf4f468ad3a25\OESpamFilter.dat
+ 2009-11-12 19:13 . 2009-10-16 08:38 2409776 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22544_none_f2ea7fff84b4bcad\OESpamFilter.dat
+ 2009-11-12 19:13 . 2009-10-16 08:39 2409776 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18344_none_f260e14e6b971fbc\OESpamFilter.dat
+ 2009-11-12 19:13 . 2009-10-16 08:40 2409776 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.21142_none_f102170187902f29\OESpamFilter.dat
+ 2009-11-12 19:13 . 2009-10-16 08:41 2409776 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16939_none_f08a74066e63f18d\OESpamFilter.dat
+ 2006-11-02 10:22 . 2009-11-13 03:33 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2006-11-02 10:22 . 2009-11-08 19:51 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-11-10 03:00 . 2009-09-04 06:59 5812544 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
- 2009-09-11 18:11 . 2009-03-30 04:42 5812544 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
- 2009-09-11 18:10 . 2009-03-30 04:42 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2009-11-10 03:00 . 2009-09-04 06:58 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2009-10-16 07:03 . 2009-10-16 07:03 5003776 c:\windows\Installer\f64da2e.msp
+ 2009-08-18 12:58 . 2009-08-18 12:58 8301056 c:\windows\Installer\f64d9e6.msp
+ 2009-08-18 12:57 . 2009-08-18 12:57 9122304 c:\windows\Installer\f64d9d0.msp
+ 2009-11-01 11:44 . 2009-11-13 03:06 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-11-01 11:44 . 2009-11-03 07:38 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-11-01 11:44 . 2009-11-13 03:06 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2009-11-01 11:44 . 2009-11-03 07:38 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2006-10-26 20:42 . 2006-10-26 20:42 8423224 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OARTCONV.DLL
+ 2009-11-17 20:06 . 2009-11-17 20:15 6365184 c:\windows\ERDNT\Hiv-backup\SCHEMA.DAT
+ 2009-11-10 03:24 . 2009-11-10 03:24 1105920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ddebbfd1ee2ce89b79981458ca6820e7\WindowsLive.Writer.ApplicationFramework.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 2002432 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\92769de1858261093d6b2d3f73389b54\WindowsLive.Writer.CoreServices.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 6392832 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3cbfbaa02498e2d273645e698fc9d2c2\WindowsLive.Writer.PostEditor.ni.dll
+ 2009-11-10 03:19 . 2009-11-10 03:19 3314176 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c681da7e1c7b648cb456f2d90e7c50fe\WindowsBase.ni.dll
+ 2009-11-10 03:26 . 2009-11-10 03:26 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\2105c56c3fe48843fcb0b488cbe3a9d4\UIAutomationClientsideProviders.ni.dll
+ 2009-11-10 03:19 . 2009-11-10 03:19 7868416 c:\windows\assembly\NativeImages_v2.0.50727_32\System\13cce38e8de5fd54853390e4e98abd0e\System.ni.dll
+ 2009-11-10 03:20 . 2009-11-10 03:20 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\99e7927ccb9099e607035349814d4cf6\System.Xml.ni.dll
+ 2009-11-10 03:26 . 2009-11-10 03:26 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\6cd20be7cbc4f149f2cb27342632f52e\System.WorkflowServices.ni.dll
+ 2009-11-10 03:20 . 2009-11-10 03:20 1911296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\1f48aa633e1390542786d1f4aadf4d9c\System.Workflow.Runtime.ni.dll
+ 2009-11-10 03:20 . 2009-11-10 03:20 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\ea04089f9339c24a5b9049f225d644d6\System.Workflow.ComponentModel.ni.dll
+ 2009-11-10 03:20 . 2009-11-10 03:20 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\d0cab30213f071a1d29756cc384b1c40\System.Workflow.Activities.ni.dll
+ 2009-11-10 03:23 . 2009-11-10 03:23 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\3ac86230f8672732e33a9607b9d850c0\System.Web.Services.ni.dll
+ 2009-11-10 03:26 . 2009-11-10 03:26 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\40409c8e5284e8a59e3ea9d2969be855\System.Web.Mobile.ni.dll
+ 2009-11-10 03:26 . 2009-11-10 03:26 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\84f6711a2dcbe862949b0d01ac8568ba\System.Web.Extensions.ni.dll
+ 2009-11-10 03:25 . 2009-11-10 03:25 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\a9bb974635790a38d3530b441a9c93cc\System.Speech.ni.dll
+ 2009-11-10 03:25 . 2009-11-10 03:25 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\1c98099c39a6925b6292b7f00c3010a5\System.ServiceModel.Web.ni.dll
+ 2009-11-10 03:23 . 2009-11-10 03:23 2346496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\d70a3a621f0536c8cb151dc4775d3409\System.Runtime.Serialization.ni.dll
+ 2009-11-10 03:25 . 2009-11-10 03:25 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\3e90149cc7c633d9a631839308bb9bc3\System.Printing.ni.dll
+ 2009-11-10 03:23 . 2009-11-10 03:23 1056768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\22c0c18be8858e433fe561c693a2c556\System.IdentityModel.ni.dll
+ 2009-11-10 03:20 . 2009-11-10 03:20 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\57e722244d3b48cb92b340bc92d7a191\System.Drawing.ni.dll
+ 2009-11-10 03:22 . 2009-11-10 03:22 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f8f2dbea11afbca27219a6aca87a60f9\System.DirectoryServices.ni.dll
+ 2009-11-10 03:23 . 2009-11-10 03:23 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\4edeee9bfffbaea5bc43ebdac1db3580\System.Deployment.ni.dll
+ 2009-11-10 03:19 . 2009-11-10 03:19 6621696 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\74114632794c536c35d28a5c60f694ab\System.Data.ni.dll
+ 2009-11-10 03:22 . 2009-11-10 03:22 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\84b5a57d2a24d4fdda2f25e93fdd4c65\System.Data.SqlXml.ni.dll
+ 2009-11-10 03:25 . 2009-11-10 03:25 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\96217e2185e9b019a4a8d78e43be3124\System.Data.Services.ni.dll
+ 2009-11-10 03:23 . 2009-11-10 03:23 1119232 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\b4fecb0f2495c3ac69d59cc207d2734d\System.Data.OracleClient.ni.dll
+ 2009-11-10 03:19 . 2009-11-10 03:19 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\70de236a6b9a2ddf910f719c4c679226\System.Data.Linq.ni.dll
+ 2009-11-10 03:25 . 2009-11-10 03:25 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\ea5d154e33f61d3d949efae409d02356\System.Data.Entity.ni.dll
+ 2009-11-10 03:19 . 2009-11-10 03:19 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\670d343c8b3213883fa70837195f7f81\System.Core.ni.dll
+ 2009-11-10 03:25 . 2009-11-10 03:25 2146816 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\316de585c1205c92cf4b0a70fa34c874\ReachFramework.ni.dll
+ 2009-11-10 03:25 . 2009-11-10 03:25 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\52d83973b6c5886042800865d5321ef9\PresentationUI.ni.dll
+ 2009-11-10 03:25 . 2009-11-10 03:25 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\03a073b4f13b073e27c0b2c8629fa7b8\PresentationBuildTasks.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 2538496 c:\windows\assembly\NativeImages_v2.0.50727_32\Narrator\6d984081192a52d32ed475100a28b6c5\Narrator.ni.exe
+ 2009-11-10 03:24 . 2009-11-10 03:24 1536512 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCEx\8de0a36d04d521a7287537f5d90f9c66\MMCEx.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 6340096 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\cdbb5f1840a16aea2579a03a61ab56a2\MIGUIControls.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 1711616 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\e3d4c11809bddd2154fe7b704695e070\Microsoft.VisualBasic.ni.dll
+ 2009-11-10 03:23 . 2009-11-10 03:23 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\e39b79c69a798731568441a7d2fe90b6\Microsoft.Transactions.Bridge.ni.dll
+ 2009-11-10 03:23 . 2009-11-10 03:23 5486080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\edbd7d666fb3b01d2eb15a9b86c75e40\Microsoft.MediaCenter.UI.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\a385166106bab1601126773d27135895\Microsoft.JScript.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\8685307d6582feb851388fff44046b56\Microsoft.Ink.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\d02204eeabd2364b82eeaca997636b83\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\c3369952e0cde298bed8a00aa548123d\Microsoft.Build.Tasks.ni.dll
+ 2009-11-10 03:24 . 2009-11-10 03:24 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\0c3e11851cedaf97c03a74131b5f9293\Microsoft.Build.Engine.ni.dll
+ 2009-11-10 03:23 . 2009-11-10 03:23 1732608 c:\windows\assembly\NativeImages_v2.0.50727_32\ehRecObj\e6b488913d24a333cdb8b0dde82eed76\ehRecObj.ni.dll
+ 2009-11-10 03:23 . 2009-11-10 03:23 2130432 c:\windows\assembly\NativeImages_v2.0.50727_32\ehepg\f5d8c5451c6a49960dc7cde827d4909f\ehepg.ni.dll
+ 2009-11-10 03:00 . 2009-09-04 06:58 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2009-09-11 18:10 . 2009-03-30 04:42 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2006-11-02 10:24 . 2009-11-05 17:36 26768832 c:\windows\System32\mrt.exe
+ 2009-08-18 13:19 . 2009-08-18 13:19 10098688 c:\windows\Installer\f64da18.msp
+ 2008-09-24 12:05 . 2008-09-24 12:05 16381440 c:\windows\Installer\f64da01.msp
+ 2006-10-26 21:13 . 2006-10-26 21:13 14674216 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XL12CNV.EXE
+ 2006-10-27 15:14 . 2006-10-27 15:14 14151456 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OART.DLL
+ 2006-10-27 15:26 . 2006-10-27 15:26 16870712 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSO.DLL
+ 2009-11-10 03:20 . 2009-11-10 03:20 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\425e95df110b77abad261a46fca54e99\System.Windows.Forms.ni.dll
+ 2009-11-10 03:23 . 2009-11-10 03:23 11800576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\7742aef93bc3679a986cb5dab148cd76\System.Web.ni.dll
+ 2009-11-10 03:23 . 2009-11-10 03:23 17328640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\830b346e51c9671cacaa75c4fd9bcfb3\System.ServiceModel.ni.dll
+ 2009-11-10 03:19 . 2009-11-10 03:20 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\1097f0aba9cd9bdb9295ab05ca7e68b8\System.Design.ni.dll
+ 2009-11-10 03:19 . 2009-11-10 03:19 14327808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\394fd96b27f367e6ffb13bc8c35fdcb2\PresentationFramework.ni.dll
+ 2009-11-10 03:19 . 2009-11-10 03:19 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\bfbe98e8737c97d8c938275ceca2b1d8\PresentationCore.ni.dll
+ 2009-11-10 03:18 . 2009-11-10 03:18 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\894183c0c47bd4772fbfad4c1a7e3b71\mscorlib.ni.dll
+ 2009-11-10 03:23 . 2009-11-10 03:23 11587584 c:\windows\assembly\NativeImages_v2.0.50727_32\ehshell\a2a3779d05fd2f244006562903f3bd37\ehshell.ni.dll
+ 2009-09-08 07:08 . 2009-11-12 19:12 199255407 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-05-14 22:02 120104 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-05 68856]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-10-09 25623336]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2009-04-11 2153472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-09 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-09 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-09 154136]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-19 6793760]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-05 1410344]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-02-19 866824]
"BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-04-11 249600]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-04-15 440864]
"EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2009-05-13 199464]
"mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-05-14 345384]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-08 305440]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

c:\users\janaperfect\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Orion.lnk - c:\program files\Convesoft\Orion\Messenger.exe [2008-10-21 7892992]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):72,b0,71,6b,a4,60,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1532837770-1080338674-2631915440-1000]
"EnableNotificationsRef"=dword:00000001

R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [01/11/2009 11:47 194817]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [01/11/2009 11:47 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [01/11/2009 11:47 434945]
R2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [19/06/2009 11:10 703008]
R2 mwlPSDFilter;mwlPSDFilter;c:\windows\System32\drivers\mwlPSDFilter.sys [09/10/2008 15:47 19504]
R2 mwlPSDNServ;mwlPSDNServ;c:\windows\System32\drivers\mwlPSDNserv.sys [09/10/2008 15:47 16432]
R2 mwlPSDVDisk;mwlPSDVDisk;c:\windows\System32\drivers\mwlPSDVDisk.sys [09/10/2008 15:47 59952]
R2 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\MWLService.exe [14/05/2009 22:03 305448]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [11/04/2009 18:32 61184]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [23/09/2008 14:11 144632]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\System32\drivers\IntcHdmi.sys [19/06/2009 18:36 112128]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\k57nd60x.sys [04/09/2008 04:12 223232]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [21/01/2008 02:23 179712]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [22/09/2009 19:51 54632]
S3 fsssvc;Služba Bezpecnost rodiny v službe Windows Live;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 21:48 704864]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [23/09/2008 14:11 50424]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
Contents of the 'Scheduled Tasks' folder

2009-11-17 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-05 22:23]
.
.
------- Supplementary Scan -------

jamesbond007.cz · #5 Příspěvek od **jamesbond007.cz** » 16 lis 2009 21:44

zde je zbytek logu protoze se sem najednou nevesel

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vp32&d=0609&m=aspire_5738
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
FF - ProfilePath - c:\users\janaperfect\AppData\Roaming\Mozilla\Firefox\Profiles\4sstc50o.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-17 20:25
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

[0] 0x99620285
[0] 0x9F3A0231
scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2009-11-17 20:27
ComboFix-quarantined-files.txt 2009-11-17 20:27
ComboFix2.txt 2009-11-08 21:23

Pre-Run: 255,771,148,288 bytes free
Post-Run: 255,736,541,184 bytes free

- - End Of File - - C87E64F2C65ADD730ADB7A9D8A7B0E79

#6 Příspěvek od **motji** » 16 lis 2009 22:04

Provedte ještě ty další body a potom

Stáhněte Rootkit Unhooker http://forum.sysinternals.com/uploads/2 ... 300509.rar
-spusťte, klikněte na Report a potom klikněte na tlačítko Scan
-objeví se tabulka, dáte fajfku do všech okének a OK
-až se objeví tabulka "Select Disk for scan", vypněte ji křížkem v pravém horním rohu
-proběhne sken, objeví se okno z výsledky.Označte text a pravým tl. myši zkopírujte výsledky zde

jamesbond007.cz · #7 Příspěvek od **jamesbond007.cz** » 28 lis 2009 03:18

hazi mi ten posledni program chybu error loading driver, NTSTATUS code: C0000001

#8 Příspěvek od **motji** » 28 lis 2009 09:07

Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, klikněte na Save a tím si uložíte log,který sem vložíte

-Podle návodu v odkazu provedete druhý sken a log sem také vložíte.

jamesbond007.cz · #9 Příspěvek od **jamesbond007.cz** » 26 led 2010 23:56

asi uz nebudu nikomu pomahat. Kamaradka se nakonec rozhodla pro W7, coz jsem ji misto Vist nabizel hned. pro mne je jednodussi udelat novy system nez nekoho otravovat, protoze o data nakonec stejne prisla. laptopa ma uz asi mesic a pul kdosi jiny a ze az bude cas tak to udela. omlouvam se za vasi ztratu casu.

#10 Příspěvek od **motji** » 27 led 2010 05:01

proč přišla o data?
Není zač

jamesbond007.cz

asi proto ze ji ten ''Zkusenejsi'' kolega zformatoval disk. ja se ji to snazil aspon s vasi pomoci vycistit, jenze jsme se dlouho nevideli a vir udelal sve. zdemoloval system.

#12 Příspěvek od **motji** » 27 led 2010 12:32

logy vypadali už docela čistě, musela ještě někde něco chytnout. Data se dají vydolovat i z nefunkčního systému.
Hezký den

jamesbond007.cz

Nevim co kdo delal. kazdopadne se mu to nepovedlo. mohla byste se mi prosim podivat na toto? odpovedel jsem sam sobe a zatim si me nikdo nevsiml

http://www.viry.cz/forum/viewtopic.php?f=13&t=93205

Dekuji

#14 Příspěvek od **motji** » 27 led 2010 20:55

Stalo se

Zde

VIRY.CZ

falesny antivir. safety center (New.exe)

falesny antivir. safety center (New.exe)

Re: falesny antivir. safety center (New.exe)

Re: falesny antivir. safety center (New.exe)

Re: falesny antivir. safety center (New.exe)

Re: falesny antivir. safety center (New.exe)

Re: falesny antivir. safety center (New.exe)

Re: falesny antivir. safety center (New.exe)

Re: falesny antivir. safety center (New.exe)

Re: falesny antivir. safety center (New.exe)

Re: falesny antivir. safety center (New.exe)

Re: falesny antivir. safety center (New.exe)

Re: falesny antivir. safety center (New.exe)

Re: falesny antivir. safety center (New.exe)

Re: falesny antivir. safety center (New.exe)