rez. štít AVG nalezl BackDoor.Generic12.AEIU-pomale PC

[vorvan]

Dobrý den,
chtěl bych požádat o pomoc. Rezidentní štít AVG nalezl vir BackDoor.Generic12.AEIU, umístěný v C:\WINDOWS\system32\drivers\asyncmac.sys. Po kontrole tohoto konkrétního souboru AVG nic nehlasí. Od té doby je PC velmi pomalé a CPU využito na 100%.
Níže log z RSIT

Předem díky za pomoc

Logfile of random's system information tool 1.06 (written by random/random)
Run by Pavel at 2010-03-01 07:50:47
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 30 GB (39%) free of 76 GB
Total RAM: 1024 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:51:54, on 1.3.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Pavel\Plocha\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Pavel.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ABUNINSTALLEX] c:\documents and settings\all users\data aplikací\ab studio\ABUnInstallEx.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: winesm32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {640373B0-6978-4FA5-A9FC-420ECBBC61C7} (Web Viewer Class) - file://pracant/data%20(d)/PORSCHEolomouc/DPS/GEMO%20dilenska%20dokumentace,%20materialy/ocelovka/model%20aktualni%20SO02/PORSCHE_Olomouc_virtualni_model_SO%2002/dll/zkitlib.dll
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://217.112.167.135:30080/activex/AMC.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: winmm.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AbSoftMgr4 - AB Studio - C:\Program Files\Common Files\AB Studio Shared\AbSoftMgr4.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 5837 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-12-11 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll [2006-10-12 434279]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AudioDeck"=C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe [2006-11-02 528384]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-05-15 339968]
"Smapp"=C:\Program Files\Analog Devices\SoundMAX\SMTray.exe [2003-05-05 143360]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-12-11 2043160]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ABUNINSTALLEX"=c:\documents and settings\all users\data aplikací\ab studio\ABUnInstallEx.exe [2007-07-03 263664]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

C:\Documents and Settings\Pavel\Nabídka Start\Programy\Po spuštění
winesm32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="winmm.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2004-05-15 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-07-31 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Documents and Settings\Pavel\Data aplikací\U3\000118710353048C\0DE4F643-C398-46ec-9339-2362F2311932\Exec\skype.exe"="C:\Documents and Settings\Pavel\Data aplikací\U3\000118710353048C\0DE4F643-C398-46ec-9339-2362F2311932\Exec\skype.exe:*:Enabled:Skype"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\AVG\AVG8\avgam.exe"="C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.scr - open - "C:\WINDOWS\system32\notepad.exe" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2010-03-01 07:50:51 ----D---- C:\Program Files\trend micro
2010-03-01 07:50:47 ----D---- C:\rsit
2010-02-26 20:11:37 ----D---- C:\AVGTemp
2010-02-26 18:05:12 ----D---- C:\Program Files\ESET
2010-02-24 17:49:02 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-02-10 16:59:28 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-10 16:59:20 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-10 16:56:33 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-10 16:56:25 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-10 16:56:17 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-10 16:56:09 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-10 16:55:17 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-10 16:55:04 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-10 16:54:46 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$

======List of files/folders modified in the last 1 months======

2010-03-01 07:50:54 ----D---- C:\WINDOWS\Temp
2010-03-01 07:50:51 ----RD---- C:\Program Files
2010-03-01 07:50:02 ----D---- C:\WINDOWS\Prefetch
2010-03-01 07:40:08 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-27 02:50:45 ----D---- C:\zaloha
2010-02-26 20:22:05 ----D---- C:\WINDOWS\system32
2010-02-26 18:07:23 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-26 18:05:22 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-02-26 15:07:30 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-02-26 15:07:25 ----D---- C:\WINDOWS\system32\drivers
2010-02-25 08:19:29 ----D---- C:\$AVG8.VAULT$
2010-02-25 07:34:48 ----D---- C:\WINDOWS
2010-02-24 17:49:10 ----HD---- C:\WINDOWS\inf
2010-02-19 08:32:57 ----D---- C:\Pavel M
2010-02-10 16:59:31 ----A---- C:\WINDOWS\imsins.BAK
2010-02-10 16:59:26 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-10 16:56:00 ----SHD---- C:\WINDOWS\Installer
2010-02-10 16:55:52 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2010-02-10 11:33:20 ----D---- C:\Documents and Settings\Pavel\Data aplikací\The Bat!

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41600]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-07-31 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-07-31 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-04-27 108552]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-05-15 745984]
R3 EL2000;3Com 3C2000x EtherLink XL Adapter; C:\WINDOWS\system32\DRIVERS\EL2K_XP.sys [2003-07-31 147456]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-05-27 578304]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS []
S3 catchme;catchme; \??\C:\DOCUME~1\Pavel\LOCALS~1\Temp\catchme.sys []
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 VIAudio;Vinyl AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\viaudios.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-05-15 376832]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-07-31 297752]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2004-05-15 516096]
S3 AbSoftMgr4;AbSoftMgr4; C:\Program Files\Common Files\AB Studio Shared\AbSoftMgr4.exe [2007-06-27 450560]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2008-01-15 85096]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[cernohous13]

Zdravím a vítám tě u nás,

Stáhni OTM z odkazu a rozbal nejlépe na plochu.
http://oldtimer.geekstogo.com/OTM.exe

Spusť program „OTM.exe“
Do okna pod žlutou čáru vlož celý text zeleným písmem ze „Scriptu“

Klikni na červené „Moveit!“
Do své odpovědi vlož obsah zeleného okna
Při nabídce restartu „YES“
a log potom najdeš v C:\_OTM\MovedFiles\

OTMscript

Kód: Vybrat vše

:Processes
explorer.exe

:Files
C:\Documents and Settings\Pavel\Nabídka Start\Programy\Po spuštění\winesm32.exe

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=""

:Commands
[emptytemp]
[clearallrestorepoints]
[Reboot]

Stáhni a nainstaluj MBAM zde http://www.download.com/Malwarebytes-An ... tag=button
Spustit > na 3.záložce "Aktualizace" > Kontrola aktualizací
následně na 1.záložce "Skener" > Provést rychlý sken > Skenovat
po dokončení scanu vyskočí okno Notepad s výsledkem - obsah zkopíruj do své odpovědi
zatím nic nemazat - počkej na posouzení

[vorvan]

Díky za přivítání ikdyž abych pravdu řekl, chtěl bych se tu se svými problémy vyskytovat co nejméně

Níže jsem vložil zatím výstup z OTM (počítač vyžadoval restart). Jakmile doběhne test vložím samozřejmě ještě výstup ten další požadovaný výstup z MBAM.


All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File move failed. C:\Documents and Settings\Pavel\Nabídka Start\Programy\Po spuštění\winesm32.exe scheduled to be moved on reboot.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLS"|"" /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49286 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Pavel
->Temp folder emptied: 601701994 bytes
->Temporary Internet Files folder emptied: 36538056 bytes
->Java cache emptied: 9023699 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1043099 bytes
%systemroot%\System32 .tmp files removed: 2504 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 75940646 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 691,00 mb


Restore points cleared and new OTM Restore Point set!

OTM by OldTimer - Version 3.1.9.0 log created on 03012010_084623

[vorvan]

Tak vkládám ještě ty výsledky z MBAM


Malwarebytes' Anti-Malware 1.44
Verze databáze: 3808
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

1.3.2010 9:54:42
mbam-log-2010-03-01 (09-54-21).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 111264
Uplynulý čas: 38 minute(s), 48 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 2

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
C:\Documents and Settings\Pavel\Nabídka Start\Programy\Po spuštění\winesm32.exe (Worm.KoobFace) -> No action taken.
C:\Documents and Settings\Pavel\Data aplikací\avdrn.dat (Malware.Trace) -> No action taken.

[cernohous13]

MBAM spustit znovu - dát Kompletní kontrola
po ukončení -> Zobrazit výsledky -> zkontrolovat zda je vše označeno -> Odstranit označené
vyběhne log, ve kterém budou záznamy tohoto typu:
Infikované adresáře:
C:\Program Files\xxxxxx -> Quarantined and deleted successfully.
ten bych taky rád viděl

stáhneš speciální verzi G-Mer
Special
ulož na plochu a spusť -> proběhne krátký scan
když dostaneš hlášku rootkit activity and asks if you want to run scan>>klikneš NO<<
a nastavíš to takto


>> klikneš scan,<<
na konci scanu >>SAVE<< název dej Gspeclog.txt>>ulož na plochu a obsah logu zkopíruj sem

[vorvan]

Po nekonečném čekání se konečně se MBAM dotestoval a výsledek je takovýto....viz níže (výsledky G-mer doplním po požadovaném restartu)
-------------------------------------------------------------------------------------------

Malwarebytes' Anti-Malware 1.44
Verze databáze: 3808
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

1.3.2010 16:11:22
mbam-log-2010-03-01 (16-11-22).txt

Typ kontroly: Kompletní kontrola (C:\|)
Zkontrolované objekty: 226619
Uplynulý čas: 5 hour(s), 43 minute(s), 28 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 2

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
C:\Documents and Settings\Pavel\Nabídka Start\Programy\Po spuštění\winesm32.exe (Worm.KoobFace) -> Delete on reboot.
C:\Documents and Settings\Pavel\Data aplikací\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.

[vorvan]

Tak přikládám ješte log z GMERu


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-03-01 16:30:24
Windows 5.1.2600 Service Pack 3
Running: zc2dk5t7.exe; Driver: C:\DOCUME~1\Pavel\LOCALS~1\Temp\ugtdapow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----

[cernohous13]

Tak už nikde nic nevidím

Popiš současné problémy a dej aktuální RSIT

[vorvan]

No z mého pohledu laika se PC zdá být funkční jako před napadením
Jen jedna věc mi přišla poněkud zvláštní .... zatím se to stalo jenom jednou, ale naběhla mi tam hláška "AUTOMATICKÉ VYPNUTÍ SYSTÉMU" (celý text jsem si nestačil zapamatovat, ale ještě se tam psalo, že to vyvolal servises.exe nebo tak nějak, fakt nevím) no a odpočítával....a po té windowsi odešly Bůh ví kam No ale po restartu zase normálně naběhly..tak nevím.

No a tady je ten nový log z RSIT
-------------------------------

Logfile of random's system information tool 1.06 (written by random/random)
Run by Pavel at 2010-03-01 17:39:05
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 33 GB (43%) free of 76 GB
Total RAM: 1024 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:39:24, on 1.3.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Pavel\Plocha\RSIT.exe
C:\Program Files\trend micro\Pavel.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ABUNINSTALLEX] c:\documents and settings\all users\data aplikací\ab studio\ABUnInstallEx.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {640373B0-6978-4FA5-A9FC-420ECBBC61C7} (Web Viewer Class) - file://pracant/data%20(d)/PORSCHEolomouc/DPS/GEMO%20dilenska%20dokumentace,%20materialy/ocelovka/model%20aktualni%20SO02/PORSCHE_Olomouc_virtualni_model_SO%2002/dll/zkitlib.dll
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://217.112.167.135:30080/activex/AMC.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AbSoftMgr4 - AB Studio - C:\Program Files\Common Files\AB Studio Shared\AbSoftMgr4.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 5395 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-12-11 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll [2006-10-12 434279]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AudioDeck"=C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe [2006-11-02 528384]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-05-15 339968]
"Smapp"=C:\Program Files\Analog Devices\SoundMAX\SMTray.exe [2003-05-05 143360]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-12-11 2043160]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ABUNINSTALLEX"=c:\documents and settings\all users\data aplikací\ab studio\ABUnInstallEx.exe [2007-07-03 263664]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2004-05-15 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-07-31 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Documents and Settings\Pavel\Data aplikací\U3\000118710353048C\0DE4F643-C398-46ec-9339-2362F2311932\Exec\skype.exe"="C:\Documents and Settings\Pavel\Data aplikací\U3\000118710353048C\0DE4F643-C398-46ec-9339-2362F2311932\Exec\skype.exe:*:Enabled:Skype"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\AVG\AVG8\avgam.exe"="C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.scr - open - "C:\WINDOWS\system32\notepad.exe" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2010-03-01 09:05:29 ----D---- C:\Documents and Settings\Pavel\Data aplikací\Malwarebytes
2010-03-01 09:05:13 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-03-01 09:05:12 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-03-01 08:46:23 ----D---- C:\_OTM
2010-03-01 07:50:51 ----D---- C:\Program Files\trend micro
2010-03-01 07:50:47 ----D---- C:\rsit
2010-02-26 20:11:37 ----D---- C:\AVGTemp
2010-02-26 18:05:12 ----D---- C:\Program Files\ESET
2010-02-24 17:49:02 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-02-10 16:59:28 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-10 16:59:20 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-10 16:56:33 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-10 16:56:25 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-10 16:56:17 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-10 16:56:09 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-10 16:55:17 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-10 16:55:04 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-10 16:54:46 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$

======List of files/folders modified in the last 1 months======

2010-03-01 17:38:54 ----D---- C:\WINDOWS\Temp
2010-03-01 16:23:26 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-01 16:22:57 ----D---- C:\WINDOWS\system32\drivers
2010-03-01 09:05:12 ----RD---- C:\Program Files
2010-03-01 09:04:52 ----D---- C:\WINDOWS\Prefetch
2010-03-01 08:53:52 ----SHD---- C:\System Volume Information
2010-03-01 08:53:52 ----D---- C:\WINDOWS\system32\Restore
2010-03-01 08:48:10 ----D---- C:\WINDOWS\system32
2010-03-01 08:48:10 ----D---- C:\WINDOWS
2010-02-27 02:50:45 ----D---- C:\zaloha
2010-02-26 18:07:23 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-26 18:05:22 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-02-26 15:07:30 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-02-25 08:19:29 ----D---- C:\$AVG8.VAULT$
2010-02-24 17:49:10 ----HD---- C:\WINDOWS\inf
2010-02-19 08:32:57 ----D---- C:\Pavel M
2010-02-10 16:59:31 ----A---- C:\WINDOWS\imsins.BAK
2010-02-10 16:59:26 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-10 16:56:00 ----SHD---- C:\WINDOWS\Installer
2010-02-10 16:55:52 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2010-02-10 11:33:20 ----D---- C:\Documents and Settings\Pavel\Data aplikací\The Bat!

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41600]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-07-31 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-07-31 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-04-27 108552]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-05-15 745984]
R3 EL2000;3Com 3C2000x EtherLink XL Adapter; C:\WINDOWS\system32\DRIVERS\EL2K_XP.sys [2003-07-31 147456]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-05-27 578304]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS []
S3 catchme;catchme; \??\C:\DOCUME~1\Pavel\LOCALS~1\Temp\catchme.sys []
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 VIAudio;Vinyl AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\viaudios.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-05-15 376832]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-07-31 297752]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2004-05-15 516096]
S3 AbSoftMgr4;AbSoftMgr4; C:\Program Files\Common Files\AB Studio Shared\AbSoftMgr4.exe [2007-06-27 450560]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2008-01-15 85096]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[cernohous13]

Automatické vypnutí není až tak neobvyklá záležitost. Pokud dojde k nějakému náhodnému konfliktu (může být HW i SW) systém na to reaguje vypnutím, aby nedošlo k nějakému poškození. Když je to jev ojedinělý, není nutno řešit. Kdyby se vyskytoval pravidelně, musí se hledat příčina.

Pár otázek:
- používáš program AB Studio
- komunikuješ pomocí Windows Messenger
- vyžaduješ při startu spuštění WinZip

Ještě bych to rád zkontroloval hlubším scanem

Stáhni si ComboFix
a ulož ho na plochu.
Ukonči všechna aktivní okna,vypni Antispy a Antivir a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Při výzvě k instalaci Konzole pro zotavení - nemusíš
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna a nic nespouštěj
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Kdyby ti po použití ComboFixu systém nenaběhl - při restartu F8 a poslední známá funkční konfigurace

[vorvan]

Tak to AB studio je vydavatel Cadkonu což je nádstavba na AutoCad a ten používám. Windows Messenger
ne a WinZip...tam mě nenapadá důvod proč bych při startu požadoval jeho spuštění
No a protože už nejem bohužel u toho počítače, tak to tím Combofixem projedu až ráno a hodím to sem.

Zatím mockrát díky

[cernohous13]

OK - po logu z ComboFixu to upravíme

[vorvan]

No asi budu za hlupáka, ale nic z komponent AVG neumím vypnout ...teda až možná na rezidentní štít .... je to AVG Anti-Virus Network Edition.

[cernohous13]

Ano, po čas scanu zastav rezident - když se nepovede, nech tak a CF spusť.

[vorvan]

Takže se povedlo a dokonce bez restartu Během testu vyskočila hláška windows...V APLIKACI PEV.EXE DOŠLO K PROBLÉMU JE TŘEBA JI ZAVŘÍT. OMLOUVÁME..........

No a tady je ten log rozdělený na dvě části

-------------------------------------------------------------------------------------------

ComboFix 10-03-01.01 - Pavel 02.03.2010 6:50.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1024.640 [GMT 1:00]
Spuštěný z: c:\documents and settings\Pavel\Plocha\ComboFix.exe
AV: AVG Anti-Virus Network Edition *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-854245398-1202660629-1343024091-1004

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-02 do 2010-03-02 )))))))))))))))))))))))))))))))
.

2010-03-01 08:05 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-01 08:05 . 2010-03-01 08:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-01 08:05 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-01 07:46 . 2010-03-01 07:46 -------- d-----w- C:\_OTM
2010-03-01 06:50 . 2010-03-01 16:39 -------- d-----w- c:\program files\trend micro
2010-03-01 06:50 . 2010-03-01 06:52 -------- d-----w- C:\rsit
2010-02-26 19:11 . 2010-02-26 19:11 -------- d-----w- C:\AVGTemp
2010-02-26 17:05 . 2010-02-26 17:05 -------- d-----w- c:\program files\ESET

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-28 14:42 . 2008-01-15 15:37 49 ----a-w- c:\windows\wpd99.drv
2010-01-05 09:58 . 2006-03-02 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 09:57 . 2006-03-02 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 09:57 . 2006-03-02 12:00 17408 ------w- c:\windows\system32\corpol.dll
2009-12-31 16:50 . 2006-03-02 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-17 07:42 . 2008-01-14 13:46 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2006-03-02 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-10 06:46 . 2006-03-02 12:00 79062 ----a-w- c:\windows\system32\perfc005.dat
2009-12-10 06:46 . 2006-03-02 12:00 432004 ----a-w- c:\windows\system32\perfh005.dat
2009-12-09 10:11 . 2006-03-02 12:00 2191360 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:11 . 2004-08-17 15:45 2068224 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2006-03-02 12:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-11-06_15.20.46 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-13 11:31 . 2009-07-14 11:03 46080 c:\windows\system32\tzchange.exe
+ 2007-11-13 11:31 . 2010-01-23 08:11 46080 c:\windows\system32\tzchange.exe
+ 2006-03-02 12:00 . 2009-10-21 05:40 75776 c:\windows\system32\strmfilt.dll
- 2006-03-02 12:00 . 2008-04-14 03:22 75776 c:\windows\system32\strmfilt.dll
+ 2006-03-02 12:00 . 2009-10-12 13:40 79872 c:\windows\system32\raschap.dll
- 2006-03-02 12:00 . 2008-04-14 03:21 79872 c:\windows\system32\raschap.dll
+ 2006-03-02 12:00 . 2010-01-05 09:58 44544 c:\windows\system32\pngfilt.dll
- 2006-03-02 12:00 . 2009-08-29 07:30 44544 c:\windows\system32\pngfilt.dll
+ 2006-03-02 12:00 . 2009-12-10 06:46 68156 c:\windows\system32\perfc009.dat
- 2006-03-02 12:00 . 2009-10-26 07:21 68156 c:\windows\system32\perfc009.dat
+ 2004-08-17 15:49 . 2009-11-27 17:14 17920 c:\windows\system32\msyuv.dll
+ 2006-03-02 12:00 . 2009-11-27 16:09 28672 c:\windows\system32\msvidc32.dll
- 2006-03-02 12:00 . 2008-04-14 03:21 11264 c:\windows\system32\msrle32.dll
+ 2006-03-02 12:00 . 2009-11-27 16:09 11264 c:\windows\system32\msrle32.dll
- 2007-08-13 17:54 . 2009-08-29 07:30 52224 c:\windows\system32\msfeedsbs.dll
+ 2007-08-13 17:54 . 2010-01-05 09:58 52224 c:\windows\system32\msfeedsbs.dll
+ 2003-09-04 12:14 . 2003-09-04 13:14 94208 c:\windows\system32\Macromed\Flash\GetFlash.exe
- 2003-09-04 12:14 . 2003-09-04 12:14 94208 c:\windows\system32\Macromed\Flash\GetFlash.exe
- 2006-03-02 12:00 . 2009-08-29 07:30 27648 c:\windows\system32\jsproxy.dll
+ 2006-03-02 12:00 . 2010-01-05 09:58 27648 c:\windows\system32\jsproxy.dll
+ 2004-08-17 15:49 . 2009-11-27 16:09 48128 c:\windows\system32\iyuv_32.dll
+ 2007-08-13 17:39 . 2009-12-31 15:32 13824 c:\windows\system32\ieudinit.exe
- 2007-08-13 17:39 . 2009-08-28 10:27 13824 c:\windows\system32\ieudinit.exe
+ 2006-03-02 12:00 . 2010-01-05 09:58 44544 c:\windows\system32\iernonce.dll
- 2006-03-02 12:00 . 2009-08-29 07:30 44544 c:\windows\system32\iernonce.dll
- 2006-03-02 12:00 . 2009-08-28 10:27 70656 c:\windows\system32\ie4uinit.exe
+ 2006-03-02 12:00 . 2009-12-31 15:32 70656 c:\windows\system32\ie4uinit.exe
- 2007-08-13 17:36 . 2009-08-29 07:30 63488 c:\windows\system32\icardie.dll
+ 2007-08-13 17:36 . 2010-01-05 09:57 63488 c:\windows\system32\icardie.dll
+ 2006-03-02 12:00 . 2009-10-21 05:40 25088 c:\windows\system32\httpapi.dll
- 2006-03-02 12:00 . 2009-06-16 14:40 81920 c:\windows\system32\fontsub.dll
+ 2006-03-02 12:00 . 2009-10-15 16:32 81920 c:\windows\system32\fontsub.dll
+ 2009-10-21 05:40 . 2009-10-21 05:40 75776 c:\windows\system32\dllcache\strmfilt.dll
+ 2009-10-12 13:40 . 2009-10-12 13:40 79872 c:\windows\system32\dllcache\raschap.dll
- 2006-03-02 12:00 . 2009-08-29 07:30 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2006-03-02 12:00 . 2010-01-05 09:58 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2009-11-27 17:14 . 2009-11-27 17:14 17920 c:\windows\system32\dllcache\msyuv.dll
+ 2006-03-02 12:00 . 2009-11-27 16:09 28672 c:\windows\system32\dllcache\msvidc32.dll
+ 2009-11-27 16:09 . 2009-11-27 16:09 11264 c:\windows\system32\dllcache\msrle32.dll
- 2007-10-10 23:50 . 2009-08-29 07:30 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2007-10-10 23:50 . 2010-01-05 09:58 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2006-03-02 12:00 . 2010-01-05 09:58 27648 c:\windows\system32\dllcache\jsproxy.dll
- 2006-03-02 12:00 . 2009-08-29 07:30 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-11-27 16:09 . 2009-11-27 16:09 48128 c:\windows\system32\dllcache\iyuv_32.dll
- 2007-10-10 10:59 . 2009-08-28 10:27 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2007-10-10 10:59 . 2009-12-31 15:32 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2006-03-02 12:00 . 2010-01-05 09:58 44544 c:\windows\system32\dllcache\iernonce.dll
- 2006-03-02 12:00 . 2009-08-29 07:30 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2009-02-20 17:13 . 2010-01-05 09:57 78336 c:\windows\system32\dllcache\ieencode.dll
- 2009-02-20 17:13 . 2009-08-29 07:30 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2006-03-02 12:00 . 2009-12-31 15:32 70656 c:\windows\system32\dllcache\ie4uinit.exe
- 2006-03-02 12:00 . 2009-08-28 10:27 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2007-10-10 23:50 . 2010-01-05 09:57 63488 c:\windows\system32\dllcache\icardie.dll
- 2007-10-10 23:50 . 2009-08-29 07:30 63488 c:\windows\system32\dllcache\icardie.dll
+ 2009-10-21 05:40 . 2009-10-21 05:40 25088 c:\windows\system32\dllcache\httpapi.dll
- 2009-06-16 14:40 . 2009-06-16 14:40 81920 c:\windows\system32\dllcache\fontsub.dll
+ 2009-06-16 14:40 . 2009-10-15 16:32 81920 c:\windows\system32\dllcache\fontsub.dll
+ 2009-12-14 07:10 . 2009-12-14 07:10 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2009-06-29 15:59 . 2010-01-05 09:57 17408 c:\windows\system32\dllcache\corpol.dll
- 2009-06-29 15:59 . 2009-08-29 07:30 17408 c:\windows\system32\dllcache\corpol.dll
+ 2009-06-10 14:15 . 2009-11-27 16:09 84992 c:\windows\system32\dllcache\avifil32.dll
- 2009-06-10 14:15 . 2009-06-10 14:15 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2006-03-02 12:00 . 2008-04-13 18:57 14336 c:\windows\system32\dllcache\asyncmac.sys
- 2008-01-14 13:52 . 2008-09-02 16:02 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-01-14 13:52 . 2010-02-26 07:03 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-01-14 13:52 . 2008-09-02 16:02 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-02-26 07:03 . 2010-02-26 07:03 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2006-03-02 12:00 . 2009-06-10 14:15 84992 c:\windows\system32\avifil32.dll
+ 2006-03-02 12:00 . 2009-11-27 16:09 84992 c:\windows\system32\avifil32.dll
- 2008-01-15 12:20 . 2009-10-16 18:07 17534 c:\windows\Installer\{C73B5B3B-F974-48CA-8B91-3E8A432AEA5B}\gtngstrtd.exe
+ 2008-01-15 12:20 . 2009-12-09 17:04 17534 c:\windows\Installer\{C73B5B3B-F974-48CA-8B91-3E8A432AEA5B}\gtngstrtd.exe
- 2008-01-15 12:20 . 2009-10-16 18:07 65536 c:\windows\Installer\{C73B5B3B-F974-48CA-8B91-3E8A432AEA5B}\_FE468FE98084_446D_A4A8_8A441B85C048.exe
+ 2008-01-15 12:20 . 2009-12-09 17:04 65536 c:\windows\Installer\{C73B5B3B-F974-48CA-8B91-3E8A432AEA5B}\_FE468FE98084_446D_A4A8_8A441B85C048.exe
+ 2008-01-15 12:20 . 2009-12-09 17:04 65536 c:\windows\Installer\{C73B5B3B-F974-48CA-8B91-3E8A432AEA5B}\_90425395AB40_4AB9_9F85_1788682122AD.exe
- 2008-01-15 12:20 . 2009-10-16 18:07 65536 c:\windows\Installer\{C73B5B3B-F974-48CA-8B91-3E8A432AEA5B}\_90425395AB40_4AB9_9F85_1788682122AD.exe
- 2008-01-15 12:20 . 2009-10-16 18:07 65536 c:\windows\Installer\{C73B5B3B-F974-48CA-8B91-3E8A432AEA5B}\_1DBC5C383090_4F38_B27E_98ACC1821F21.exe
+ 2008-01-15 12:20 . 2009-12-09 17:04 65536 c:\windows\Installer\{C73B5B3B-F974-48CA-8B91-3E8A432AEA5B}\_1DBC5C383090_4F38_B27E_98ACC1821F21.exe
+ 2008-01-15 12:26 . 2010-02-10 15:56 35088 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-01-15 12:26 . 2009-10-16 18:09 35088 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-01-15 12:26 . 2009-10-16 18:09 18704 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-01-15 12:26 . 2010-02-10 15:55 18704 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-01-15 12:26 . 2009-10-16 18:09 20240 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-01-15 12:26 . 2010-02-10 15:55 20240 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-01-15 12:42 . 2009-11-06 15:37 73728 c:\windows\Installer\{5783F2D7-6009-0405-0002-0060B0CE6BBA}\Acadlt162_icon.exe
- 2008-01-15 12:42 . 2009-04-07 11:39 73728 c:\windows\Installer\{5783F2D7-6009-0405-0002-0060B0CE6BBA}\Acadlt162_icon.exe
+ 2006-07-24 09:50 . 2006-07-24 09:50 47920 c:\windows\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.6425\VBAME.DLL
+ 2006-07-24 09:50 . 2006-07-24 09:50 92976 c:\windows\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.6425\MSADDNDR.DLL
+ 2006-10-26 18:59 . 2006-10-26 18:59 15672 c:\windows\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.4518\SMARTTAGINSTALL.EXE
+ 2006-10-26 18:49 . 2006-10-26 18:49 34104 c:\windows\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.4518\SETLANG.EXE
+ 2006-10-26 19:12 . 2006-10-26 19:12 40424 c:\windows\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.4518\REFIEBAR.DLL
+ 2006-10-26 18:59 . 2006-10-26 18:59 46936 c:\windows\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.4518\OSETUPPS.DLL
+ 2006-10-26 18:59 . 2006-10-26 18:59 18760 c:\windows\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.4518\OPHPROXY.DLL
+ 2006-10-26 18:59 . 2006-10-26 18:59 16728 c:\windows\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.4518\OMUOPTINPS.DLL
+ 2006-10-26 19:00 . 2006-10-26 19:00 23392 c:\windows\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.4518\OISCTRL.DLL
+ 2006-10-27 14:11 . 2006-10-27 14:11 54680 c:\windows\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.4518\OFFRHD.DLL
+ 2006-10-26 18:59 . 2006-10-26 18:59 43832 c:\windows\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.4518\MSSH.DLL
+ 2006-10-27 14:26 . 2006-10-27 14:26 35152 c:\windows\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.4518\MSOSTYLE.DLL
+ 2006-10-26 18:52 . 2006-10-26 18:52 66368 c:\windows\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.4518\MSOMSE.DLL
+ 2006-10-26 19:12 . 2006-10-26 19:12 67896 c:\windows\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.4518\MSOHTMED.EXE
+ 2006-10-27 14:01 . 2006-10-27 14:01 76088 c:\windows\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.4518\MSOHEV.DLL
+ 2006-10-26 18:59 . 2006-10-26 18:59 19768 c:\windows\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.4518\MSMH.DLL
+ 2006-10-26 18:52 . 2006-10-26 18:52 48424 c:\windows\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.4518\MSE7.EXE
+ 2006-10-26 19:12 . 2006-10-26 19:12 89400 c:\windows\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.4518\METCONV.DLL
+ 2006-10-26 19:12 . 2006-10-26 19:12 53576 c:\windows\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.4518\AUTHZAX.DLL
+ 2010-01-22 16:05 . 2009-10-29 07:45 44544 c:\windows\ie7updates\KB978207-IE7\pngfilt.dll
+ 2010-01-22 16:05 . 2009-10-29 07:45 52224 c:\windows\ie7updates\KB978207-IE7\msfeedsbs.dll
+ 2010-01-22 16:05 . 2009-10-29 07:45 27648 c:\windows\ie7updates\KB978207-IE7\jsproxy.dll
+ 2010-01-22 16:05 . 2009-10-28 14:35 13824 c:\windows\ie7updates\KB978207-IE7\ieudinit.exe
+ 2010-01-22 16:05 . 2009-10-29 07:45 44544 c:\windows\ie7updates\KB978207-IE7\iernonce.dll
+ 2010-01-22 16:05 . 2009-10-29 07:45 78336 c:\windows\ie7updates\KB978207-IE7\ieencode.dll
+ 2010-01-22 16:05 . 2009-10-28 14:35 70656 c:\windows\ie7updates\KB978207-IE7\ie4uinit.exe
+ 2010-01-22 16:05 . 2009-10-29 07:45 63488 c:\windows\ie7updates\KB978207-IE7\icardie.dll
+ 2010-01-22 16:05 . 2009-10-29 07:45 17408 c:\windows\ie7updates\KB978207-IE7\corpol.dll
+ 2009-12-09 17:05 . 2009-08-29 07:30 44544 c:\windows\ie7updates\KB976325-IE7\pngfilt.dll
+ 2009-12-09 17:05 . 2009-08-29 07:30 52224 c:\windows\ie7updates\KB976325-IE7\msfeedsbs.dll
+ 2009-12-09 17:05 . 2009-08-29 07:30 27648 c:\windows\ie7updates\KB976325-IE7\jsproxy.dll
+ 2009-12-09 17:05 . 2009-08-28 10:27 13824 c:\windows\ie7updates\KB976325-IE7\ieudinit.exe
+ 2009-12-09 17:05 . 2009-08-29 07:30 44544 c:\windows\ie7updates\KB976325-IE7\iernonce.dll
+ 2009-12-09 17:05 . 2009-08-29 07:30 78336 c:\windows\ie7updates\KB976325-IE7\ieencode.dll
+ 2009-12-09 17:05 . 2009-08-28 10:27 70656 c:\windows\ie7updates\KB976325-IE7\ie4uinit.exe
+ 2009-12-09 17:05 . 2009-08-29 07:30 63488 c:\windows\ie7updates\KB976325-IE7\icardie.dll
+ 2009-12-09 17:05 . 2009-08-29 07:30 17408 c:\windows\ie7updates\KB976325-IE7\corpol.dll
+ 2009-11-27 17:14 . 2009-11-27 17:14 17920 c:\windows\Driver Cache\i386\msyuv.dll
+ 2009-11-27 16:09 . 2009-11-27 16:09 48128 c:\windows\Driver Cache\i386\iyuv_32.dll
+ 2009-11-06 15:09 . 2009-10-25 05:11 77312 c:\windows\aaaMBR.exe
+ 2009-11-25 19:35 . 2009-07-14 11:03 46080 c:\windows\$NtUninstallKB976098-v2$\tzchange.exe
+ 2009-11-25 19:35 . 2009-10-29 02:05 16896 c:\windows\$NtUninstallKB976098-v2$\spuninst\tzchange.dll
+ 2009-12-09 17:06 . 2008-04-14 03:21 79872 c:\windows\$NtUninstallKB974318$\raschap.dll
+ 2010-01-13 19:04 . 2009-06-16 14:40 81920 c:\windows\$NtUninstallKB972270$\fontsub.dll
+ 2009-12-09 17:06 . 2008-04-14 03:22 75776 c:\windows\$NtUninstallKB970430$\strmfilt.dll
+ 2009-12-09 17:06 . 2008-04-14 03:21 24576 c:\windows\$NtUninstallKB970430$\httpapi.dll
+ 2010-01-22 16:05 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB978207-IE7\update\spcustom.dll
+ 2010-01-22 16:05 . 2009-05-26 11:40 18296 c:\windows\$hf_mig$\KB978207-IE7\spmsg.dll
+ 2010-01-05 09:48 . 2010-01-05 09:48 44544 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\pngfilt.dll
+ 2010-01-05 09:48 . 2010-01-05 09:48 52224 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\msfeedsbs.dll
+ 2010-01-05 09:48 . 2010-01-05 09:48 27648 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\jsproxy.dll
+ 2010-01-01 06:54 . 2010-01-01 06:54 13824 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\ieudinit.exe
+ 2010-01-05 09:48 . 2010-01-05 09:48 44544 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\iernonce.dll
+ 2010-01-05 09:48 . 2010-01-05 09:48 78336 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\ieencode.dll
+ 2010-01-01 06:54 . 2010-01-01 06:54 70656 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\ie4uinit.exe
+ 2010-01-05 09:48 . 2010-01-05 09:48 63488 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\icardie.dll
+ 2010-01-05 09:48 . 2010-01-05 09:48 17408 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\corpol.dll
+ 2009-12-09 17:05 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB976325-IE7\update\spcustom.dll
+ 2009-12-09 17:05 . 2009-05-26 11:40 18296 c:\windows\$hf_mig$\KB976325-IE7\spmsg.dll
+ 2009-10-29 07:37 . 2009-10-29 07:37 44544 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\pngfilt.dll
+ 2009-10-29 07:37 . 2009-10-29 07:37 52224 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\msfeedsbs.dll
+ 2009-10-29 07:37 . 2009-10-29 07:37 27648 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\jsproxy.dll
+ 2009-10-28 14:04 . 2009-10-28 14:04 13824 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\ieudinit.exe
+ 2009-10-29 07:37 . 2009-10-29 07:37 44544 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\iernonce.dll
+ 2009-10-29 07:37 . 2009-10-29 07:37 78336 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\ieencode.dll
+ 2009-10-28 14:04 . 2009-10-28 14:04 70656 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\ie4uinit.exe
+ 2009-10-29 07:37 . 2009-10-29 07:37 63488 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\icardie.dll
+ 2009-10-29 07:37 . 2009-10-29 07:37 17408 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\corpol.dll
+ 2009-12-09 17:04 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB974392\update\spcustom.dll
+ 2009-12-09 17:04 . 2009-05-26 11:40 18296 c:\windows\$hf_mig$\KB974392\spmsg.dll
+ 2009-12-09 17:06 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB974318\update\spcustom.dll
+ 2009-12-09 17:06 . 2009-05-26 11:40 18296 c:\windows\$hf_mig$\KB974318\spmsg.dll
+ 2009-10-12 13:33 . 2009-10-12 13:33 79872 c:\windows\$hf_mig$\KB974318\SP3QFE\raschap.dll
+ 2009-12-09 17:06 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB973904\update\spcustom.dll
+ 2009-12-09 17:06 . 2009-05-26 11:40 18296 c:\windows\$hf_mig$\KB973904\spmsg.dll
+ 2009-11-25 19:34 . 2008-07-08 12:59 26488 c:\windows\$hf_mig$\KB973687\update\spcustom.dll
+ 2009-11-25 19:34 . 2008-07-08 12:59 18296 c:\windows\$hf_mig$\KB973687\spmsg.dll
+ 2010-01-13 19:04 . 2008-07-08 12:59 26488 c:\windows\$hf_mig$\KB972270\update\spcustom.dll
+ 2010-01-13 19:04 . 2008-07-08 12:59 18296 c:\windows\$hf_mig$\KB972270\spmsg.dll
+ 2010-01-13 06:19 . 2009-10-15 16:40 81920 c:\windows\$hf_mig$\KB972270\SP3QFE\fontsub.dll
+ 2009-12-09 17:04 . 2008-07-08 12:59 26488 c:\windows\$hf_mig$\KB971737\update\spcustom.dll
+ 2009-12-09 17:04 . 2008-07-08 12:59 18296 c:\windows\$hf_mig$\KB971737\spmsg.dll
+ 2009-12-09 17:06 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB970430\update\spcustom.dll
+ 2009-12-09 17:06 . 2009-05-26 11:40 18296 c:\windows\$hf_mig$\KB970430\spmsg.dll
+ 2009-10-21 05:42 . 2009-10-21 05:42 75776 c:\windows\$hf_mig$\KB970430\SP3QFE\strmfilt.dll
+ 2009-10-21 05:42 . 2009-10-21 05:42 25088 c:\windows\$hf_mig$\KB970430\SP3QFE\httpapi.dll
+ 2009-11-11 07:40 . 2008-07-08 12:59 26488 c:\windows\$hf_mig$\KB969947\update\spcustom.dll
+ 2009-11-11 07:40 . 2008-07-08 12:59 18296 c:\windows\$hf_mig$\KB969947\spmsg.dll
+ 2010-01-13 19:04 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB955759\update\spcustom.dll
+ 2010-01-13 19:04 . 2009-05-26 11:40 18296 c:\windows\$hf_mig$\KB955759\spmsg.dll
+ 2001-10-24 12:25 . 2009-11-27 16:09 8704 c:\windows\system32\tsbyuv.dll
+ 2009-11-27 16:09 . 2009-11-27 16:09 8704 c:\windows\system32\dllcache\tsbyuv.dll
+ 2008-01-15 12:20 . 2009-12-09 17:04 4710 c:\windows\Installer\{C73B5B3B-F974-48CA-8B91-3E8A432AEA5B}\WSBico.exe
- 2008-01-15 12:20 . 2009-10-16 18:07 4710 c:\windows\Installer\{C73B5B3B-F974-48CA-8B91-3E8A432AEA5B}\WSBico.exe
- 2008-01-15 12:20 . 2009-10-16 18:07 4710 c:\windows\Installer\{C73B5B3B-F974-48CA-8B91-3E8A432AEA5B}\Win2Kico.exe
+ 2008-01-15 12:20 . 2009-12-09 17:04 4710 c:\windows\Installer\{C73B5B3B-F974-48CA-8B91-3E8A432AEA5B}\Win2Kico.exe
+ 2009-11-27 16:09 . 2009-11-27 16:09 8704 c:\windows\Driver Cache\i386\tsbyuv.dll
+ 2006-03-02 12:00 . 2009-08-25 09:19 354816 c:\windows\system32\winhttp.dll
+ 2006-03-02 12:00 . 2010-01-05 09:58 233472 c:\windows\system32\webcheck.dll
- 2006-03-02 12:00 . 2009-08-29 07:31 233472 c:\windows\system32\webcheck.dll
+ 2006-03-02 12:00 . 2010-01-05 09:58 105984 c:\windows\system32\url.dll
- 2006-03-02 12:00 . 2009-08-29 07:30 105984 c:\windows\system32\url.dll
- 2006-03-02 12:00 . 2009-06-16 14:40 119808 c:\windows\system32\t2embed.dll
+ 2006-03-02 12:00 . 2009-10-15 16:32 119808 c:\windows\system32\t2embed.dll
+ 2006-03-02 12:00 . 2009-12-08 09:25 474112 c:\windows\system32\shlwapi.dll
- 2006-03-02 12:00 . 2008-04-14 03:21 474112 c:\windows\system32\shlwapi.dll
+ 2006-03-02 12:00 . 2009-10-12 13:40 150016 c:\windows\system32\rastls.dll
- 2006-03-02 12:00 . 2009-10-26 07:21 435260 c:\windows\system32\perfh009.dat
+ 2006-03-02 12:00 . 2009-12-10 06:46 435260 c:\windows\system32\perfh009.dat
+ 2006-03-02 12:00 . 2010-01-05 09:58 102912 c:\windows\system32\occache.dll
- 2006-03-02 12:00 . 2009-08-29 07:30 102912 c:\windows\system32\occache.dll
+ 2006-03-02 12:00 . 2009-10-13 10:34 271360 c:\windows\system32\oakley.dll
- 2006-03-02 12:00 . 2008-04-14 03:21 271360 c:\windows\system32\oakley.dll
+ 2008-01-15 12:28 . 2009-08-06 18:23 215920 c:\windows\system32\muweb.dll
+ 2008-01-15 12:28 . 2009-08-06 18:23 274288 c:\windows\system32\mucltui.dll
- 2006-03-02 12:00 . 2009-08-29 07:30 671232 c:\windows\system32\mstime.dll
+ 2006-03-02 12:00 . 2010-01-05 09:58 671232 c:\windows\system32\mstime.dll
+ 2006-03-02 12:00 . 2010-01-05 09:58 193024 c:\windows\system32\msrating.dll
- 2006-03-02 12:00 . 2009-08-29 07:30 193024 c:\windows\system32\msrating.dll
- 2006-03-02 12:00 . 2009-08-29 07:30 477696 c:\windows\system32\mshtmled.dll
+ 2006-03-02 12:00 . 2010-01-05 09:58 477696 c:\windows\system32\mshtmled.dll
- 2007-08-13 17:54 . 2009-08-29 07:30 459264 c:\windows\system32\msfeeds.dll
+ 2007-08-13 17:54 . 2010-01-05 09:58 459264 c:\windows\system32\msfeeds.dll
+ 2007-08-13 17:34 . 2010-01-05 09:58 268288 c:\windows\system32\iertutil.dll
- 2007-08-13 17:34 . 2009-08-29 07:30 268288 c:\windows\system32\iertutil.dll
+ 2006-03-02 12:00 . 2010-01-05 09:58 192512 c:\windows\system32\iepeers.dll
+ 2006-03-02 12:00 . 2010-01-05 09:57 385024 c:\windows\system32\iedkcs32.dll
- 2006-03-02 12:00 . 2009-08-29 07:30 385024 c:\windows\system32\iedkcs32.dll
+ 2007-07-11 11:27 . 2010-01-05 09:57 380928 c:\windows\system32\ieapfltr.dll
- 2007-07-11 11:27 . 2009-08-29 07:30 380928 c:\windows\system32\ieapfltr.dll
+ 2006-03-02 12:00 . 2009-12-18 13:04 161792 c:\windows\system32\ieakui.dll
- 2006-03-02 12:00 . 2009-08-27 05:18 161792 c:\windows\system32\ieakui.dll
+ 2006-03-02 12:00 . 2010-01-05 09:57 230400 c:\windows\system32\ieaksie.dll
- 2006-03-02 12:00 . 2009-08-29 07:30 230400 c:\windows\system32\ieaksie.dll
+ 2006-03-02 12:00 . 2010-01-05 09:57 153088 c:\windows\system32\ieakeng.dll
- 2006-03-02 12:00 . 2009-08-29 07:30 153088 c:\windows\system32\ieakeng.dll
- 2008-01-14 14:19 . 2009-08-17 04:28 269392 c:\windows\system32\FNTCACHE.DAT
+ 2008-01-14 14:19 . 2009-11-11 07:46 269392 c:\windows\system32\FNTCACHE.DAT
+ 2006-03-02 12:00 . 2010-01-05 09:57 133120 c:\windows\system32\extmgr.dll
- 2006-03-02 12:00 . 2009-08-29 07:30 133120 c:\windows\system32\extmgr.dll
- 2006-03-02 12:00 . 2009-08-29 07:30 214528 c:\windows\system32\dxtrans.dll
+ 2006-03-02 12:00 . 2010-01-05 09:57 214528 c:\windows\system32\dxtrans.dll
+ 2006-03-02 12:00 . 2010-01-05 09:57 347136 c:\windows\system32\dxtmsft.dll
- 2006-03-02 12:00 . 2009-08-29 07:30 347136 c:\windows\system32\dxtmsft.dll
+ 2006-03-02 12:00 . 2009-10-20 16:20 265728 c:\windows\system32\drivers\http.sys
- 2006-03-02 12:00 . 2009-08-29 07:31 832512 c:\windows\system32\dllcache\wininet.dll
+ 2006-03-02 12:00 . 2010-01-05 09:58 832512 c:\windows\system32\dllcache\wininet.dll
+ 2008-12-16 12:32 . 2009-08-25 09:19 354816 c:\windows\system32\dllcache\winhttp.dll
+ 2006-03-02 12:00 . 2010-01-05 09:58 233472 c:\windows\system32\dllcache\webcheck.dll
- 2006-03-02 12:00 . 2009-08-29 07:31 233472 c:\windows\system32\dllcache\webcheck.dll
- 2006-03-02 12:00 . 2009-08-29 07:30 105984 c:\windows\system32\dllcache\url.dll
+ 2006-03-02 12:00 . 2010-01-05 09:58 105984 c:\windows\system32\dllcache\url.dll
+ 2009-06-16 14:40 . 2009-10-15 16:32 119808 c:\windows\system32\dllcache\t2embed.dll
- 2009-06-16 14:40 . 2009-06-16 14:40 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2008-10-16 06:03 . 2009-12-31 16:50 353792 c:\windows\system32\dllcache\srv.sys
+ 2009-12-08 09:25 . 2009-12-08 09:25 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2009-10-12 13:40 . 2009-10-12 13:40 150016 c:\windows\system32\dllcache\rastls.dll
- 2006-03-02 12:00 . 2009-08-29 07:30 102912 c:\windows\system32\dllcache\occache.dll
+ 2006-03-02 12:00 . 2010-01-05 09:58 102912 c:\windows\system32\dllcache\occache.dll
+ 2009-10-13 10:34 . 2009-10-13 10:34 271360 c:\windows\system32\dllcache\oakley.dll
+ 2006-03-02 12:00 . 2010-01-05 09:58 671232 c:\windows\system32\dllcache\mstime.dll
- 2006-03-02 12:00 . 2009-08-29 07:30 671232 c:\windows\system32\dllcache\mstime.dll
+ 2006-03-02 12:00 . 2010-01-05 09:58 193024 c:\windows\system32\dllcache\msrating.dll
- 2006-03-02 12:00 . 2009-08-29 07:30 193024 c:\windows\system32\dllcache\msrating.dll
+ 2009-12-17 07:42 . 2009-12-17 07:42 343552 c:\windows\system32\dllcache\mspaint.exe
- 2006-03-02 12:00 . 2009-08-29 07:30 477696 c:\windows\system32\dllcache\mshtmled.dll
+ 2006-03-02 12:00 . 2010-01-05 09:58 477696 c:\windows\system32\dllcache\mshtmled.dll
+ 2007-10-10 23:50 . 2010-01-05 09:58 459264 c:\windows\system32\dllcache\msfeeds.dll
- 2007-10-10 23:50 . 2009-08-29 07:30 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-11-13 06:35 . 2009-12-04 18:22 455424 c:\windows\system32\dllcache\mrxsmb.sys
+ 2008-01-14 13:47 . 2009-12-18 13:05 634648 c:\windows\system32\dllcache\iexplore.exe
- 2008-01-14 13:47 . 2009-08-27 05:18 634648 c:\windows\system32\dllcache\iexplore.exe
+ 2007-10-10 23:50 . 2010-01-05 09:58 268288 c:\windows\system32\dllcache\iertutil.dll
- 2007-10-10 23:50 . 2009-08-29 07:30 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2006-03-02 12:00 . 2010-01-05 09:58 192512 c:\windows\system32\dllcache\iepeers.dll
+ 2006-03-02 12:00 . 2010-01-05 09:57 385024 c:\windows\system32\dllcache\iedkcs32.dll
- 2006-03-02 12:00 . 2009-08-29 07:30 385024 c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-10-10 23:50 . 2010-01-05 09:57 380928 c:\windows\system32\dllcache\ieapfltr.dll
- 2007-10-10 23:50 . 2009-08-29 07:30 380928 c:\windows\system32\dllcache\ieapfltr.dll
- 2006-03-02 12:00 . 2009-08-27 05:18 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2006-03-02 12:00 . 2009-12-18 13:04 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2006-03-02 12:00 . 2010-01-05 09:57 230400 c:\windows\system32\dllcache\ieaksie.dll
- 2006-03-02 12:00 . 2009-08-29 07:30 230400 c:\windows\system32\dllcache\ieaksie.dll
- 2006-03-02 12:00 . 2009-08-29 07:30 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2006-03-02 12:00 . 2010-01-05 09:57 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2009-10-20 16:20 . 2009-10-20 16:20 265728 c:\windows\system32\dllcache\http.sys
+ 2006-03-02 12:00 . 2010-01-05 09:57 133120 c:\windows\system32\dllcache\extmgr.dll
- 2006-03-02 12:00 . 2009-08-29 07:30 133120 c:\windows\system32\dllcache\extmgr.dll
- 2006-03-02 12:00 . 2009-08-29 07:30 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2006-03-02 12:00 . 2010-01-05 09:57 214528 c:\windows\system32\dllcache\dxtrans.dll
- 2006-03-02 12:00 . 2009-08-29 07:30 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2006-03-02 12:00 . 2010-01-05 09:57 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-01-14 14:10 . 2008-04-13 16:39 142592 c:\windows\system32\dllcache\aec.sys
+ 2006-03-02 12:00 . 2010-01-05 09:57 124928 c:\windows\system32\dllcache\advpack.dll
- 2006-03-02 12:00 . 2009-08-29 07:30 124928 c:\windows\system32\dllcache\advpack.dll
+ 2010-01-13 06:19 . 2009-11-21 16:03 471552 c:\windows\system32\dllcache\aclayers.dll
+ 2006-03-02 12:00 . 2010-01-05 09:57 124928 c:\windows\system32\advpack.dll
- 2006-03-02 12:00 . 2009-08-29 07:30 124928 c:\windows\system32\advpack.dll
+ 2009-04-04 16:14 . 2009-04-04 16:14 971776 c:\windows\Installer\388825.msp
+ 2008-01-15 12:20 . 2009-12-09 17:04 184320 c:\windows\Installer\{C73B5B3B-F974-48CA-8B91-3E8A432AEA5B}\_C972BD9D7706_488C_8635_19ED3B6B3854.exe
- 2008-01-15 12:20 . 2009-10-16 18:07 184320 c:\windows\Installer\{C73B5B3B-F974-48CA-8B91-3E8A432AEA5B}\_C972BD9D7706_488C_8635_19ED3B6B3854.exe
+ 2008-01-15 12:26 . 2010-02-10 15:56 888080 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-01-15 12:26 . 2009-10-16 18:09 888080 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-01-15 12:26 . 2010-02-10 15:55 922384 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\pptico.exe
- 2008-01-15 12:26 . 2009-10-16 18:09 922384 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-01-15 12:26 . 2010-02-10 15:55 845584 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\outicon.exe
- 2008-01-15 12:26 . 2009-10-16 18:09 845584 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\outicon.exe
- 2008-01-15 12:26 . 2009-10-16 18:09 217864 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\misc.exe
+ 2008-01-15 12:26 . 2010-02-10 15:55 217864 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\misc.exe
+ 2009-11-09 08:48 . 2009-11-09 08:48 217864 c:\windows\Installer\{90120000-006E-0405-0000-0000000FF1CE}\misc.exe
- 2008-08-07 14:58 . 2008-08-07 14:58 217864 c:\windows\Installer\{90120000-006E-0405-0000-0000000FF1CE}\misc.exe
+ 2007-06-07 17:51 . 2007-06-07 17:51 125320 c:\windows\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.6425\SSGEN.DLL
+ 2007-06-07 17:51 . 2007-06-07 17:51 465800 c:\windows\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.6425\OUTLFLTR.DLL
+ 2006-07-24 09:50 . 2006-07-24 09:50 125744 c:\windows\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.6425\MSSTDFMT.DLL
+ 2006-10-26 19:49 . 2006-10-26 19:49 509200 c:\windows\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.4518\WRD12CVR.DLL
+ 2006-10-26 20:07 . 2006-10-26 20:07 368968 c:\windows\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.4518\PPSLAX.DLL
+ 2006-10-20 07:37 . 2006-10-20 07:37 637744 c:\windows\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.4518\OGALEGIT.DLL
+ 2006-10-26 18:55 . 2006-10-26 18:55 145688 c:\windows\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.4518\MSTORE.EXE
+ 2006-10-26 13:47 . 2006-10-26 13:47 727840 c:\windows\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.4518\MSPROOF6.DLL
+ 2006-10-26 18:52 . 2006-10-26 18:52 460616 c:\windows\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.4518\MODHELP.DLL
+ 2006-10-26 19:00 . 2006-10-26 19:00 178488 c:\windows\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.4518\IETAG.DLL
+ 2006-10-26 19:12 . 2006-10-26 19:12 106824 c:\windows\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.4518\DSSM.EXE
+ 2010-01-22 16:05 . 2009-10-29 07:45 832512 c:\windows\ie7updates\KB978207-IE7\wininet.dll
+ 2010-01-22 16:05 . 2009-10-29 07:45 233472 c:\windows\ie7updates\KB978207-IE7\webcheck.dll
+ 2010-01-22 16:05 . 2009-10-29 07:45 105984 c:\windows\ie7updates\KB978207-IE7\url.dll
+ 2010-01-22 16:05 . 2009-05-26 11:40 391032 c:\windows\ie7updates\KB978207-IE7\spuninst\updspapi.dll
+ 2010-01-22 16:05 . 2009-05-26 11:40 233848 c:\windows\ie7updates\KB978207-IE7\spuninst\spuninst.exe
+ 2010-01-22 16:05 . 2009-10-29 07:45 102912 c:\windows\ie7updates\KB978207-IE7\occache.dll
+ 2010-01-22 16:05 . 2009-10-29 07:45 671232 c:\windows\ie7updates\KB978207-IE7\mstime.dll
+ 2010-01-22 16:05 . 2009-10-29 07:45 193024 c:\windows\ie7updates\KB978207-IE7\msrating.dll
+ 2010-01-22 16:05 . 2009-10-29 07:45 477696 c:\windows\ie7updates\KB978207-IE7\mshtmled.dll
+ 2010-01-22 16:05 . 2009-10-29 07:45 459264 c:\windows\ie7updates\KB978207-IE7\msfeeds.dll
+ 2010-01-22 16:05 . 2009-10-28 06:54 634632 c:\windows\ie7updates\KB978207-IE7\iexplore.exe
+ 2010-01-22 16:05 . 2009-10-29 07:45 268288 c:\windows\ie7updates\KB978207-IE7\iertutil.dll
+ 2010-01-22 16:05 . 2007-08-13 17:54 191488 c:\windows\ie7updates\KB978207-IE7\iepeers.dll
+ 2010-01-22 16:05 . 2009-10-29 07:45 385024 c:\windows\ie7updates\KB978207-IE7\iedkcs32.dll
+ 2010-01-22 16:05 . 2009-10-29 07:45 380928 c:\windows\ie7updates\KB978207-IE7\ieapfltr.dll
+ 2010-01-22 16:05 . 2009-10-28 06:52 161792 c:\windows\ie7updates\KB978207-IE7\ieakui.dll
+ 2010-01-22 16:05 . 2009-10-29 07:45 230400 c:\windows\ie7updates\KB978207-IE7\ieaksie.dll
+ 2010-01-22 16:05 . 2009-10-29 07:45 153088 c:\windows\ie7updates\KB978207-IE7\ieakeng.dll
+ 2010-01-22 16:05 . 2009-10-29 07:45 133120 c:\windows\ie7updates\KB978207-IE7\extmgr.dll
+ 2010-01-22 16:05 . 2009-10-29 07:45 214528 c:\windows\ie7updates\KB978207-IE7\dxtrans.dll
+ 2010-01-22 16:05 . 2009-10-29 07:45 347136 c:\windows\ie7updates\KB978207-IE7\dxtmsft.dll
+ 2010-01-22 16:05 . 2009-10-29 07:45 124928 c:\windows\ie7updates\KB978207-IE7\advpack.dll
+ 2009-12-09 17:05 . 2009-08-29 07:31 832512 c:\windows\ie7updates\KB976325-IE7\wininet.dll
+ 2009-12-09 17:05 . 2009-08-29 07:31 233472 c:\windows\ie7updates\KB976325-IE7\webcheck.dll
+ 2009-12-09 17:05 . 2009-08-29 07:30 105984 c:\windows\ie7updates\KB976325-IE7\url.dll
+ 2009-12-09 17:05 . 2009-05-26 11:40 391032 c:\windows\ie7updates\KB976325-IE7\spuninst\updspapi.dll
+ 2009-12-09 17:05 . 2009-05-26 11:40 233848 c:\windows\ie7updates\KB976325-IE7\spuninst\spuninst.exe
+ 2009-12-09 17:05 . 2009-08-29 07:30 102912 c:\windows\ie7updates\KB976325-IE7\occache.dll
+ 2009-12-09 17:05 . 2009-08-29 07:30 671232 c:\windows\ie7updates\KB976325-IE7\mstime.dll
+ 2009-12-09 17:05 . 2009-08-29 07:30 193024 c:\windows\ie7updates\KB976325-IE7\msrating.dll
+ 2009-12-09 17:05 . 2009-08-29 07:30 477696 c:\windows\ie7updates\KB976325-IE7\mshtmled.dll
+ 2009-12-09 17:05 . 2009-08-29 07:30 459264 c:\windows\ie7updates\KB976325-IE7\msfeeds.dll
+ 2009-12-09 17:05 . 2009-08-27 05:18 634648 c:\windows\ie7updates\KB976325-IE7\iexplore.exe
+ 2009-12-09 17:05 . 2009-08-29 07:30 268288 c:\windows\ie7updates\KB976325-IE7\iertutil.dll
+ 2009-12-09 17:05 . 2009-08-29 07:30 385024 c:\windows\ie7updates\KB976325-IE7\iedkcs32.dll
+ 2009-12-09 17:05 . 2009-08-29 07:30 380928 c:\windows\ie7updates\KB976325-IE7\ieapfltr.dll
+ 2009-12-09 17:05 . 2009-08-27 05:18 161792 c:\windows\ie7updates\KB976325-IE7\ieakui.dll
+ 2009-12-09 17:05 . 2009-08-29 07:30 230400 c:\windows\ie7updates\KB976325-IE7\ieaksie.dll
+ 2009-12-09 17:05 . 2009-08-29 07:30 153088 c:\windows\ie7updates\KB976325-IE7\ieakeng.dll
+ 2009-12-09 17:05 . 2009-08-29 07:30 133120 c:\windows\ie7updates\KB976325-IE7\extmgr.dll
+ 2009-12-09 17:05 . 2009-08-29 07:30 214528 c:\windows\ie7updates\KB976325-IE7\dxtrans.dll
+ 2009-12-09 17:05 . 2009-08-29 07:30 347136 c:\windows\ie7updates\KB976325-IE7\dxtmsft.dll
+ 2009-12-09 17:05 . 2009-08-29 07:30 124928 c:\windows\ie7updates\KB976325-IE7\advpack.dll
+ 2008-11-13 06:35 . 2009-12-04 18:22 455424 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2009-10-20 16:20 . 2009-10-20 16:20 265728 c:\windows\Driver Cache\i386\http.sys
+ 2006-03-02 12:00 . 2009-11-21 16:03 471552 c:\windows\AppPatch\aclayers.dll
+ 2009-11-06 15:09 . 2009-11-06 09:53 267264 c:\windows\aaaPEV.exe
+ 2009-11-25 19:35 . 2009-05-26 11:40 391032 c:\windows\$NtUninstallKB976098-v2$\spuninst\updspapi.dll
+ 2009-11-25 19:35 . 2009-05-26 11:40 233848 c:\windows\$NtUninstallKB976098-v2$\spuninst\spuninst.exe
+ 2009-12-09 17:04 . 2009-05-26 11:40 391032 c:\windows\$NtUninstallKB974392$\spuninst\updspapi.dll
+ 2009-12-09 17:04 . 2009-05-26 11:40 233848 c:\windows\$NtUninstallKB974392$\spuninst\spuninst.exe
+ 2009-12-09 17:04 . 2008-04-14 03:21 271360 c:\windows\$NtUninstallKB974392$\oakley.dll
+ 2009-12-09 17:06 . 2009-05-26 11:40 391032 c:\windows\$NtUninstallKB974318$\spuninst\updspapi.dll
+ 2009-12-09 17:06 . 2009-05-26 11:40 233848 c:\windows\$NtUninstallKB974318$\spuninst\spuninst.exe
+ 2009-12-09 17:06 . 2008-04-14 03:21 150528 c:\windows\$NtUninstallKB974318$\rastls.dll
+ 2009-12-09 17:06 . 2009-05-26 11:40 391032 c:\windows\$NtUninstallKB973904$\spuninst\updspapi.dll
+ 2009-12-09 17:06 . 2009-05-26 11:40 233848 c:\windows\$NtUninstallKB973904$\spuninst\spuninst.exe
+ 2009-11-25 19:34 . 2009-05-26 11:40 391032 c:\windows\$NtUninstallKB973687$\spuninst\updspapi.dll
+ 2009-11-25 19:34 . 2008-07-08 12:59 233848 c:\windows\$NtUninstallKB973687$\spuninst\spuninst.exe
+ 2010-01-13 19:04 . 2009-06-16 14:40 119808 c:\windows\$NtUninstallKB972270$\t2embed.dll
+ 2010-01-13 19:04 . 2008-07-08 12:59 391032 c:\windows\$NtUninstallKB972270$\spuninst\updspapi.dll
+ 2010-01-13 19:04 . 2008-07-08 12:59 233848 c:\windows\$NtUninstallKB972270$\spuninst\spuninst.exe
+ 2009-12-09 17:04 . 2008-12-16 12:32 354304 c:\windows\$NtUninstallKB971737$\winhttp.dll
+ 2009-12-09 17:04 . 2009-05-26 11:40 391032 c:\windows\$NtUninstallKB971737$\spuninst\updspapi.dll
+ 2009-12-09 17:04 . 2008-07-08 12:59 233848 c:\windows\$NtUninstallKB971737$\spuninst\spuninst.exe
+ 2009-12-09 17:06 . 2009-05-26 11:40 391032 c:\windows\$NtUninstallKB970430$\spuninst\updspapi.dll
+ 2009-12-09 17:06 . 2009-05-26 11:40 233848 c:\windows\$NtUninstallKB970430$\spuninst\spuninst.exe
+ 2009-12-09 17:06 . 2008-04-13 18:53 264832 c:\windows\$NtUninstallKB970430$\http.sys
+ 2009-11-11 07:40 . 2009-05-26 11:40 391032 c:\windows\$NtUninstallKB969947$\spuninst\updspapi.dll
+ 2009-11-11 07:40 . 2008-07-08 12:59 233848 c:\windows\$NtUninstallKB969947$\spuninst\spuninst.exe