Dobry den, pouzivam Kaspersky Anti-virus 2010 a vzdy mi najde tento virus a zahlasi ze se musi restartovat pocitat pro jeho odstraneni. Ale po restartu tam tento virus najde vzdy znovu a znovu. Tady je log.
Logfile of random's system information tool 1.06 (written by random/random)
Run by TwoRik at 2010-04-09 13:01:15
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 1 GB (3%) free of 51 GB
Total RAM: 2046 MB (54% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:01:29, on 9.4.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\Program Files\NETGATE\Spy Emergency\SpyEmergencySrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Razer\razerhid.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Program Files\Razer\Diamondback 3G\razerhid.exe
C:\Program Files\Razer\Diamondback 3G\razertra.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Razer\razertra.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Razer\Diamondback 3G\razerofa.exe
C:\Program Files\Razer\razerofa.exe
C:\Documents and Settings\TwoRik\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\TwoRik\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\TwoRik\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Documents and Settings\TwoRik\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\TwoRik\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
E:\Downloads\RSIT.exe
C:\Program Files\trend micro\TwoRik.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - (no file)
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKLM\..\Run: [Diamondback] C:\Program Files\Razer\Diamondback 3G\razerhid.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\TwoRik\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpyEmergency] C:\Program Files\NETGATE\Spy Emergency\SpyEmergency.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.cz/OnlineScanner.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: Služba inteligentního přenosu na pozadí (BITS) (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Unknown owner - E:\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\Sandisk\Sansa Updater\SansaSvr.exe (file missing)
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: SeekappSrch Service - Unknown owner - C:\Documents and Settings\All Users\Data aplikací\SeekappSrch\seekapp139.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
O23 - Service: Spy Emergency Engine Service (SpyEmrgSrv) - NETGATE Technologies s.r.o. - C:\Program Files\NETGATE\Spy Emergency\SpyEmergencySrv.exe
O23 - Service: Automatické aktualizace (wuauserv) - Unknown owner - C:\WINDOWS\
--
End of file - 10160 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-152049171-839522115-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-152049171-839522115-1003UA.job
C:\WINDOWS\tasks\PCConfidential.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-03-12 370296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll [2009-10-20 68112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll [2007-07-12 501136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D187A56B-A33F-4CBE-9D77-459FC0BAE012}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll [2009-10-20 268816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
BS Player Toolbar - C:\Program Files\BS_Player\tbBS_1.dll [2010-02-20 2349080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} - FlashGet Bar - C:\PROGRA~1\FlashGet\fgiebar.dll [2005-06-07 86016]
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - BS Player Toolbar - C:\Program Files\BS_Player\tbBS_1.dll [2010-02-20 2349080]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-01-03 1019128]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-03-12 185896]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-03-28 413696]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"razer"=C:\Program Files\Razer\razerhid.exe [2005-05-17 147456]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe [2009-10-20 340456]
"Diamondback"=C:\Program Files\Razer\Diamondback 3G\razerhid.exe [2007-08-01 147456]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-08-08 490952]
"OEXPRESS"= []
"Google Update"=C:\Documents and Settings\TwoRik\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2010-03-11 135664]
"SpyEmergency"=C:\Program Files\NETGATE\Spy Emergency\SpyEmergency.exe [2010-02-23 1948216]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-01-15 147456]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe -lang 1033 []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
C:\WINDOWS\system32\PSDrvCheck.exe [2004-03-11 406016]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QIP2005]
C:\Program Files\QIP\qip.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-03-28 413696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2006-07-21 16261632]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [2007-07-12 132496]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^ WinCinema Manager.lnk]
C:\PROGRA~1\Sandisk\Common\Bin\WINCIN~1.EXE []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2005-09-24 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^TwoRik^Nabídka Start^Programy^Po spuštění^OpenOffice.org 2.0.lnk]
C:\PROGRA~1\OPENOF~1.0\program\QUICKS~1.EXE [2006-02-26 393216]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MSDTC"=3
"lanmanserver"=2
"CryptSvc"=2
C:\Documents and Settings\TwoRik\Nabídka Start\Programy\Po spuštění
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-06-13 139264]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2009-10-20 219664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
WgaLogon.dll []
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\Games\World of Warcraft\WoW-1.12.0-enGB-downloader.exe"="E:\Games\World of Warcraft\WoW-1.12.0-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\mIRC\nnuninst.exe"="C:\Program Files\mIRC\nnuninst.exe:*:Enabled:nnuninst"
"C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe"="C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe:*:Enabled:Teamspeak RC2"
"E:\sdc202\StrongDC.exe"="E:\sdc202\StrongDC.exe:*:Enabled:StrongDC++"
"C:\Program Files\ICQLite\ICQLite.exe"="C:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\MirandaIM\miranda32.exe"="C:\MirandaIM\miranda32.exe:*:Enabled:Miranda IM"
"C:\Program Files\Tortun\gui.exe"="C:\Program Files\Tortun\gui.exe:*:Enabled:gui"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\keyclone\keyclone.exe"="C:\Program Files\keyclone\keyclone.exe:*:Enabled:keyclone"
"C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2009\Czech\setup.exe"="C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2009\Czech\setup.exe:*:Enabled:Kaspersky Anti-Virus 2009 Setup"
"C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\Czech\setup.exe"="C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\Czech\setup.exe:*:Enabled:Kaspersky Internet Security 2009 Setup"
"E:\Games\CoD4\iw3mp.exe"="E:\Games\CoD4\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"E:\Games\World of Warcraft\Launcher.exe"="E:\Games\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Half-Life 2\hl2.exe"="C:\Half-Life 2\hl2.exe:*:Enabled:hl2"
"C:\MirandaIM\Miranda IM\miranda32.exe"="C:\MirandaIM\Miranda IM\miranda32.exe:*:Enabled:Miranda IM"
"C:\Program Files\Miranda IM\miranda32.exe"="C:\Program Files\Miranda IM\miranda32.exe:*:Enabled:Miranda IM"
"C:\Documents and Settings\TwoRik\Plocha\Mir4nda-IM-0.7.17-Pack-v2.2\miranda32.exe"="C:\Documents and Settings\TwoRik\Plocha\Mir4nda-IM-0.7.17-Pack-v2.2\miranda32.exe:*:Enabled:Miranda IM"
"C:\Program Files\Miranda IM PBR\v2.1.7\Miranda IM\miranda32.exe"="C:\Program Files\Miranda IM PBR\v2.1.7\Miranda IM\miranda32.exe:*:Enabled:Miranda IM"
"C:\Miranda\Mir4nda-IM-0.7.17-Pack-v2.2\miranda32.exe"="C:\Miranda\Mir4nda-IM-0.7.17-Pack-v2.2\miranda32.exe:*:Enabled:Miranda IM"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"E:\UT2004\System\UT2004.exe"="E:\UT2004\System\UT2004.exe:*:Enabled:UT2004"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======File associations======
.js - open - "C:\Program Files\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe","%1"
======List of files/folders created in the last 1 months======
2010-03-24 14:01:51 ----D---- C:\Documents and Settings\TwoRik\Data aplikací\Spy Emergency
2010-03-24 14:01:38 ----D---- C:\Documents and Settings\All Users\Data aplikací\NETGATE
2010-03-24 14:01:28 ----D---- C:\Program Files\NETGATE
2010-03-24 11:45:24 ----D---- C:\Documents and Settings\TwoRik\Data aplikací\Stardock
2010-03-24 11:45:02 ----HDC---- C:\Documents and Settings\All Users\Data aplikací\{1EB63B4B-5639-4477-8E24-05C31B5F8019}
2010-03-24 11:44:44 ----D---- C:\Program Files\Stardock
2010-03-24 11:44:43 ----D---- C:\Documents and Settings\All Users\Data aplikací\Stardock
2010-03-12 01:09:13 ----D---- C:\rsit
2010-03-12 01:09:13 ----D---- C:\Program Files\trend micro
======List of files/folders modified in the last 1 months======
2010-04-09 13:01:20 ----D---- C:\WINDOWS\Prefetch
2010-04-09 13:01:20 ----D---- C:\WINDOWS
2010-04-09 12:55:53 ----D---- C:\WINDOWS\Temp
2010-04-09 12:49:51 ----D---- C:\Documents and Settings\TwoRik\Data aplikací\Skype
2010-04-09 12:33:33 ----D---- C:\Documents and Settings\TwoRik\Data aplikací\skypePM
2010-04-09 12:30:47 ----D---- C:\WINDOWS\system32
2010-04-09 12:30:47 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-04-09 12:27:41 ----D---- C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab
2010-04-08 20:49:00 ----A---- C:\WINDOWS\NeroDigital.ini
2010-04-08 18:55:56 ----D---- C:\Documents and Settings\TwoRik\Data aplikací\uTorrent
2010-04-08 02:19:11 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-07 16:14:32 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-07 10:34:28 ----SHD---- C:\WINDOWS\Installer
2010-04-07 10:34:28 ----SHD---- C:\Config.Msi
2010-04-07 10:34:24 ----D---- C:\WINDOWS\WinSxS
2010-03-31 18:10:18 ----A---- C:\WINDOWS\system32\CmdLineExt03.dll
2010-03-31 13:24:41 ----HD---- C:\Program Files\InstallShield Installation Information
2010-03-27 15:33:56 ----D---- C:\Downloads
2010-03-24 14:01:51 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-03-24 14:01:40 ----D---- C:\WINDOWS\system32\drivers
2010-03-24 14:01:28 ----RD---- C:\Program Files
2010-03-24 13:57:56 ----A---- C:\WINDOWS\tmp2Level.ini
2010-03-24 13:57:56 ----A---- C:\WINDOWS\level.ini
2010-03-24 11:46:41 ----RSD---- C:\WINDOWS\assembly
2010-03-24 11:45:29 ----D---- C:\WINDOWS\Microsoft.NET
2010-03-16 00:32:27 ----D---- C:\2
2010-03-13 13:43:54 ----D---- C:\Program Files\uTorrent
2010-03-12 14:15:49 ----D---- C:\Program Files\Mozilla Firefox
2010-03-11 20:26:48 ----SD---- C:\WINDOWS\Tasks
2010-03-11 12:03:55 ----D---- C:\Documents and Settings\TwoRik\Data aplikací\ICQ
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kl1;Kl1; \??\C:\WINDOWS\system32\drivers\kl1.sys []
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2010-01-01 315408]
R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
R1 SbFw;SbFw; C:\WINDOWS\system32\drivers\SbFw.sys [2008-10-31 270888]
R1 sbhips;Sunbelt HIPS Driver; C:\WINDOWS\system32\drivers\sbhips.sys [2008-06-21 66600]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2006-09-09 30988]
R1 SpyEmrg;Spy Emergency Driver; C:\WINDOWS\System32\Drivers\spyemrg.sys [2009-09-17 12344]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-05-20 278984]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-08-08 18048]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2008-06-13 3100672]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2008-05-21 93696]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-07-24 4353024]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2009-09-14 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [2009-10-02 19472]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-06-02 171008]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 Razerlow;Diamondback 3G USB Filter Driver; C:\WINDOWS\System32\Drivers\DB3G.sys [2005-04-24 13225]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport; C:\WINDOWS\system32\DRIVERS\sbfwim.sys [2008-06-21 65576]
R3 SpyEmrgGuard;Spy Emergency Real-Time Shield Driver; C:\WINDOWS\System32\Drivers\spyemrg_guard.sys [2009-09-17 14392]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2006-07-12 248192]
S1 835bcd8b;835bcd8b; C:\WINDOWS\System32\drivers\835bcd8b.sys []
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S2 ATE_PROCMON;ATE_PROCMON; \??\C:\Program Files\Anti Trojan Elite\ATEPMon.sys []
S3 anrwcyqb;anrwcyqb; C:\WINDOWS\system32\drivers\anrwcyqb.sys []
S3 ATIAVAIW;ATI T200 Unified AVStream service; C:\WINDOWS\System32\DRIVERS\atinavt2.sys [2008-05-15 171520]
S3 catchme;catchme; \??\C:\DOCUME~1\TwoRik\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2007-04-09 26056]
S3 MPE;BDA MPE Filter; C:\WINDOWS\System32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SpyEmrgAccess;Spy Emergency OnAccess Driver; C:\WINDOWS\System32\Drivers\spyemrg_access.sys [2009-09-17 18232]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-06-13 552960]
R2 AVP;Kaspersky Anti-Virus; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe [2009-10-20 340456]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-01-03 246520]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-07-24 75064]
R2 SbPF.Launcher;SbPF.Launcher; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
R2 SPF4;Sunbelt Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
R2 SpyEmrgSrv;Spy Emergency Engine Service; C:\Program Files\NETGATE\Spy Emergency\SpyEmergencySrv.exe [2010-02-02 1821240]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-06-12 593920]
S2 PinnacleSys.MediaServer;Pinnacle Systems Media Service; E:\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe []
S2 SansaService;Sansa Updater Service; C:\Program Files\Sandisk\Sansa Updater\SansaSvr.exe []
S2 SeekappSrch Service;SeekappSrch Service; C:\Documents and Settings\All Users\Data aplikací\SeekappSrch\seekapp139.exe [2009-05-07 54760]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2010-01-21 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-02-01 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-15 774144]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-01-15 266240]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Nejde odstranit virus virus.Rootkit.Win32.agent.bdov
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Nejde odstranit virus virus.Rootkit.Win32.agent.bdov
ahoj,
Presun ComboFix
na plochu (ak tam este nie je)
otvor si Poznamkovy blok - notepad
do neho zkopiruj skript z nasledujiceho okna:
uloz vytvoreny textovy soubor ako CFScript.txt na plochu
po ulozeni uchop vytvoreny skript lavym tlacitkom mysi a presun ho nad ikonu Combofixu, nad nim skript upust:
po aplikacii by mal vzniknut dalsi log, ten vloz sem
Presun ComboFix
na plochu (ak tam este nie je)
otvor si Poznamkovy blok - notepad
do neho zkopiruj skript z nasledujiceho okna:
Kód: Vybrat vše
Driver::
835bcd8b
File::
C:\WINDOWS\System32\drivers\835bcd8b.sys
po ulozeni uchop vytvoreny skript lavym tlacitkom mysi a presun ho nad ikonu Combofixu, nad nim skript upust:
po aplikacii by mal vzniknut dalsi log, ten vloz sem
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: Nejde odstranit virus virus.Rootkit.Win32.agent.bdov
ComboFix 10-04-08.02 - TwoRik 09.04.2010 13:50:37.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1434 [GMT 2:00]
Spuštěný z: c:\documents and settings\TwoRik\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\TwoRik\Plocha\CFScript.txt
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kerio Personal Firewall *disabled* {CB8DE467-2367-41d1-87BA-D0AE12284F9A}
FW: Sunbelt Personal Firewall *enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
SP: Kaspersky Anti-Virus *disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Spy Emergency *disabled* (Updated) {82117492-906E-4b02-A33A-84D42A2DD907}
* Vytvořen nový Bod Obnovení
FILE ::
"c:\windows\System32\drivers\835bcd8b.sys"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Data aplikací\SeekappSrch
c:\documents and settings\All Users\Data aplikací\SeekappSrch\seekapp139.exe
c:\windows\eSellerateEngine.dll
c:\windows\System32\drivers\835bcd8b.sys
c:\windows\system32\Drivers\oreans32.sys
c:\windows\system32\ieuinit.inf
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_835bcd8b
-------\Legacy_SeekappSrch_Service
-------\Service_SeekappSrch Service
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-09 do 2010-04-09 )))))))))))))))))))))))))))))))
.
2010-04-09 12:04 . 2010-04-09 12:06 -------- d-----w- c:\windows\LastGood
2010-03-24 12:01 . 2009-09-17 06:58 18232 ----a-w- c:\windows\system32\drivers\spyemrg_access.sys
2010-03-24 12:01 . 2009-09-17 06:58 14392 ----a-w- c:\windows\system32\drivers\spyemrg_guard.sys
2010-03-24 12:01 . 2009-09-17 06:58 12344 ----a-w- c:\windows\system32\drivers\spyemrg.sys
2010-03-24 12:01 . 2010-03-24 12:01 -------- d-----w- c:\program files\NETGATE
2010-03-24 09:44 . 2010-03-24 09:44 -------- d-----w- c:\program files\Stardock
2010-03-11 23:09 . 2010-04-09 11:01 -------- d-----w- c:\program files\trend micro
2010-03-11 23:09 . 2010-03-11 23:09 -------- d-----w- C:\rsit
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-09 12:12 . 2010-02-28 04:34 802304 ----a-w- c:\windows\system32\drivers\oskpmhwm.sys
2010-04-09 12:10 . 2001-10-25 14:00 804202 ----a-w- c:\windows\system32\perfh005.dat
2010-04-09 12:10 . 2001-10-25 14:00 214072 ----a-w- c:\windows\system32\perfc005.dat
2010-03-31 16:10 . 2006-10-06 07:09 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2010-03-31 11:24 . 2006-09-28 09:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-13 11:43 . 2007-10-12 16:51 -------- d-----w- c:\program files\uTorrent
2010-03-02 23:00 . 2009-03-05 11:54 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-02-27 02:10 . 2010-02-27 02:10 -------- d-----w- c:\program files\ICQ6Toolbar
2010-02-20 13:06 . 2009-08-13 01:13 -------- d-----w- c:\program files\BS_Player
2010-02-18 17:35 . 2010-02-18 17:35 -------- d-----w- c:\program files\LucasArts
2010-01-28 21:26 . 2010-01-28 21:26 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-10-22 19:07 . 2009-11-09 12:07 23864 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_1.dll" [2010-02-20 2349080]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2010-02-20 13:07 2349080 ----a-w- c:\program files\BS_Player\tbBS_1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_1.dll" [2010-02-20 2349080]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_1.dll" [2010-02-20 2349080]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"Google Update"="c:\documents and settings\TwoRik\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-03-11 135664]
"SpyEmergency"="c:\program files\NETGATE\Spy Emergency\SpyEmergency.exe" [2010-02-23 1948216]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-03-12 185896]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"razer"="c:\program files\Razer\razerhid.exe" [2005-05-17 147456]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2009-10-20 340456]
"Diamondback"="c:\program files\Razer\Diamondback 3G\razerhid.exe" [2007-08-01 147456]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\TwoRik\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^ WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\ WinCinema Manager.lnk
backup=c:\windows\pss\ WinCinema Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^TwoRik^Nabídka Start^Programy^Po spuštění^OpenOffice.org 2.0.lnk]
path=c:\documents and settings\TwoRik\Nabídka Start\Programy\Po spuštění\OpenOffice.org 2.0.lnk
backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 16:43 69632 ----a-r- c:\windows\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-01-15 15:14 147456 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:22 1695232 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
2004-03-10 22:26 406016 ----a-w- c:\windows\system32\PSDrvCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-03-28 21:37 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-07-21 14:56 16261632 ----a-r- c:\windows\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 12:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 16:04 2879488 ----a-r- c:\windows\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-07-12 02:00 132496 ----a-w- c:\program files\Java\jre1.6.0_02\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MSDTC"=3 (0x3)
"lanmanserver"=2 (0x2)
"CryptSvc"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\mIRC\\nnuninst.exe"=
"c:\\Program Files\\Teamspeak2_RC2\\TeamSpeak.exe"=
"e:\\sdc202\\StrongDC.exe"=
"c:\\Program Files\\ICQLite\\ICQLite.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\MirandaIM\\miranda32.exe"=
"c:\\Program Files\\Tortun\\gui.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\keyclone\\keyclone.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\Czech\\setup.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\Czech\\setup.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\MirandaIM\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"c:\\Miranda\\Mir4nda-IM-0.7.17-Pack-v2.2\\miranda32.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\UT2004\\System\\UT2004.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [14.10.2009 22:18 36880]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5.10.2006 22:45 717296]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [7.11.2009 11:45 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21.6.2008 5:54 66600]
R1 SpyEmrg;Spy Emergency Driver;c:\windows\system32\drivers\spyemrg.sys [24.3.2010 14:01 12344]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [27.2.2010 4:10 246520]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 8:24 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 8:24 1365288]
R2 SpyEmrgSrv;Spy Emergency Engine Service;c:\program files\NETGATE\Spy Emergency\SpyEmergencySrv.exe [24.3.2010 14:01 1821240]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14.9.2009 15:42 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2.10.2009 20:39 19472]
R3 Razerlow;Diamondback 3G USB Filter Driver;c:\windows\system32\drivers\DB3G.sys [4.1.2010 18:45 13225]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [7.11.2009 11:45 65576]
R3 SpyEmrgGuard;Spy Emergency Real-Time Shield Driver;c:\windows\system32\drivers\spyemrg_guard.sys [24.3.2010 14:01 14392]
S2 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys --> c:\program files\Anti Trojan Elite\ATEPMon.sys [?]
S3 SpyEmrgAccess;Spy Emergency OnAccess Driver;c:\windows\system32\drivers\spyemrg_access.sys [24.3.2010 14:01 18232]
--- Ostatní služby/ovladače v paměti ---
*Deregistered* - oskpmhwm
.
Obsah adresáře 'Naplánované úlohy'
2009-11-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:57]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = *.local
IE: Çŕęŕ÷ŕňü ÂŃĹ ďđč ďîěîůč Download Master
IE: Çŕęŕ÷ŕňü ďđč ďîěîůč Download Master
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\TwoRik\Data aplikací\Mozilla\Firefox\Profiles\vs8yc1bx.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.1&q=
FF - component: c:\program files\Mozilla Firefox\components\Scriptff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
BHO-{D187A56B-A33F-4CBE-9D77-459FC0BAE012} - (no file)
WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)
HKCU-Run-OEXPRESS - (no file)
MSConfigStartUp-ATICCC - c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe
MSConfigStartUp-DAEMON Tools - c:\program files\DAEMON Tools\daemon.exe
MSConfigStartUp-QIP2005 - c:\program files\QIP\qip.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-09 14:09
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys atapi.sys spma.sys >>UNKNOWN [0x8A8FC938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0fcf28
\Driver\ACPI -> ACPI.sys @ 0xb9e67cb8
\Driver\atapi -> sfsync02.sys @ 0xba0c98b4
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller -> SendCompleteHandler -> NDIS.sys @ 0xb9bd9bb0
PacketIndicateHandler -> NDIS.sys @ 0xb9be6a21
SendHandler -> NDIS.sys @ 0xb9bc487b
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\oskpmhwm]
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-746137067-152049171-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:0b,f0,6b,5f,c1,ad,39,2d,9d,04,5c,d9,bf,d3,a1,65,3f,c3,5e,20,50,e6,9d,
20,94,c3,22,5c,f8,85,f4,18,71,8a,a6,0f,2f,07,29,54,fc,d5,cd,fd,8e,c2,25,6c,\
"??"=hex:0a,ad,90,f0,65,3c,48,de,9a,dd,e5,c4,ed,13,f0,dd
[HKEY_USERS\S-1-5-21-746137067-152049171-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:bc,2c,1b,2c,1f,2c,82,02,5b,33,e7,85,03,7c,e8,2a,31,a9,db,6a,1a,
13,24,73,c4,6e,69,ec,dc,1f,eb,d4,f7,3d,ea,21,f0,4d,21,41,29,89,95,d7,41,b1,\
"rkeysecu"=hex:8d,80,84,4c,27,f3,a9,a5,07,d4,c2,6c,bf,c0,04,cd
[HKEY_LOCAL_MACHINE\software\swearware\backup\winsock2]
@DACL=(02 0000)
@SACL=
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1528)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3536)
c:\program files\NETGATE\Spy Emergency\webspam.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Sunbelt Software\Personal Firewall\SbPFCl.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Razer\Diamondback 3G\razertra.exe
c:\program files\Razer\razertra.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\Razer\razerofa.exe
c:\program files\Razer\Diamondback 3G\razerofa.exe
.
**************************************************************************
.
Celkový čas: 2010-04-09 14:23:23 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-09 12:16
ComboFix2.txt 2009-06-22 05:20
Před spuštěním: 1 352 179 712
Po spuštění: 2 750 812 160
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 4F4CC18ADE48265A713B15D6CA9D4BFF
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1434 [GMT 2:00]
Spuštěný z: c:\documents and settings\TwoRik\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\TwoRik\Plocha\CFScript.txt
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kerio Personal Firewall *disabled* {CB8DE467-2367-41d1-87BA-D0AE12284F9A}
FW: Sunbelt Personal Firewall *enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
SP: Kaspersky Anti-Virus *disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Spy Emergency *disabled* (Updated) {82117492-906E-4b02-A33A-84D42A2DD907}
* Vytvořen nový Bod Obnovení
FILE ::
"c:\windows\System32\drivers\835bcd8b.sys"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Data aplikací\SeekappSrch
c:\documents and settings\All Users\Data aplikací\SeekappSrch\seekapp139.exe
c:\windows\eSellerateEngine.dll
c:\windows\System32\drivers\835bcd8b.sys
c:\windows\system32\Drivers\oreans32.sys
c:\windows\system32\ieuinit.inf
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_835bcd8b
-------\Legacy_SeekappSrch_Service
-------\Service_SeekappSrch Service
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-09 do 2010-04-09 )))))))))))))))))))))))))))))))
.
2010-04-09 12:04 . 2010-04-09 12:06 -------- d-----w- c:\windows\LastGood
2010-03-24 12:01 . 2009-09-17 06:58 18232 ----a-w- c:\windows\system32\drivers\spyemrg_access.sys
2010-03-24 12:01 . 2009-09-17 06:58 14392 ----a-w- c:\windows\system32\drivers\spyemrg_guard.sys
2010-03-24 12:01 . 2009-09-17 06:58 12344 ----a-w- c:\windows\system32\drivers\spyemrg.sys
2010-03-24 12:01 . 2010-03-24 12:01 -------- d-----w- c:\program files\NETGATE
2010-03-24 09:44 . 2010-03-24 09:44 -------- d-----w- c:\program files\Stardock
2010-03-11 23:09 . 2010-04-09 11:01 -------- d-----w- c:\program files\trend micro
2010-03-11 23:09 . 2010-03-11 23:09 -------- d-----w- C:\rsit
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-09 12:12 . 2010-02-28 04:34 802304 ----a-w- c:\windows\system32\drivers\oskpmhwm.sys
2010-04-09 12:10 . 2001-10-25 14:00 804202 ----a-w- c:\windows\system32\perfh005.dat
2010-04-09 12:10 . 2001-10-25 14:00 214072 ----a-w- c:\windows\system32\perfc005.dat
2010-03-31 16:10 . 2006-10-06 07:09 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2010-03-31 11:24 . 2006-09-28 09:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-13 11:43 . 2007-10-12 16:51 -------- d-----w- c:\program files\uTorrent
2010-03-02 23:00 . 2009-03-05 11:54 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-02-27 02:10 . 2010-02-27 02:10 -------- d-----w- c:\program files\ICQ6Toolbar
2010-02-20 13:06 . 2009-08-13 01:13 -------- d-----w- c:\program files\BS_Player
2010-02-18 17:35 . 2010-02-18 17:35 -------- d-----w- c:\program files\LucasArts
2010-01-28 21:26 . 2010-01-28 21:26 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-10-22 19:07 . 2009-11-09 12:07 23864 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_1.dll" [2010-02-20 2349080]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2010-02-20 13:07 2349080 ----a-w- c:\program files\BS_Player\tbBS_1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_1.dll" [2010-02-20 2349080]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_1.dll" [2010-02-20 2349080]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"Google Update"="c:\documents and settings\TwoRik\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-03-11 135664]
"SpyEmergency"="c:\program files\NETGATE\Spy Emergency\SpyEmergency.exe" [2010-02-23 1948216]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-03-12 185896]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"razer"="c:\program files\Razer\razerhid.exe" [2005-05-17 147456]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2009-10-20 340456]
"Diamondback"="c:\program files\Razer\Diamondback 3G\razerhid.exe" [2007-08-01 147456]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\TwoRik\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^ WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\ WinCinema Manager.lnk
backup=c:\windows\pss\ WinCinema Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^TwoRik^Nabídka Start^Programy^Po spuštění^OpenOffice.org 2.0.lnk]
path=c:\documents and settings\TwoRik\Nabídka Start\Programy\Po spuštění\OpenOffice.org 2.0.lnk
backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 16:43 69632 ----a-r- c:\windows\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-01-15 15:14 147456 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:22 1695232 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
2004-03-10 22:26 406016 ----a-w- c:\windows\system32\PSDrvCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-03-28 21:37 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-07-21 14:56 16261632 ----a-r- c:\windows\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 12:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 16:04 2879488 ----a-r- c:\windows\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-07-12 02:00 132496 ----a-w- c:\program files\Java\jre1.6.0_02\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MSDTC"=3 (0x3)
"lanmanserver"=2 (0x2)
"CryptSvc"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\mIRC\\nnuninst.exe"=
"c:\\Program Files\\Teamspeak2_RC2\\TeamSpeak.exe"=
"e:\\sdc202\\StrongDC.exe"=
"c:\\Program Files\\ICQLite\\ICQLite.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\MirandaIM\\miranda32.exe"=
"c:\\Program Files\\Tortun\\gui.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\keyclone\\keyclone.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\Czech\\setup.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\Czech\\setup.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\MirandaIM\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"c:\\Miranda\\Mir4nda-IM-0.7.17-Pack-v2.2\\miranda32.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\UT2004\\System\\UT2004.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [14.10.2009 22:18 36880]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5.10.2006 22:45 717296]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [7.11.2009 11:45 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21.6.2008 5:54 66600]
R1 SpyEmrg;Spy Emergency Driver;c:\windows\system32\drivers\spyemrg.sys [24.3.2010 14:01 12344]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [27.2.2010 4:10 246520]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 8:24 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 8:24 1365288]
R2 SpyEmrgSrv;Spy Emergency Engine Service;c:\program files\NETGATE\Spy Emergency\SpyEmergencySrv.exe [24.3.2010 14:01 1821240]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14.9.2009 15:42 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2.10.2009 20:39 19472]
R3 Razerlow;Diamondback 3G USB Filter Driver;c:\windows\system32\drivers\DB3G.sys [4.1.2010 18:45 13225]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [7.11.2009 11:45 65576]
R3 SpyEmrgGuard;Spy Emergency Real-Time Shield Driver;c:\windows\system32\drivers\spyemrg_guard.sys [24.3.2010 14:01 14392]
S2 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys --> c:\program files\Anti Trojan Elite\ATEPMon.sys [?]
S3 SpyEmrgAccess;Spy Emergency OnAccess Driver;c:\windows\system32\drivers\spyemrg_access.sys [24.3.2010 14:01 18232]
--- Ostatní služby/ovladače v paměti ---
*Deregistered* - oskpmhwm
.
Obsah adresáře 'Naplánované úlohy'
2009-11-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:57]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = *.local
IE: Çŕęŕ÷ŕňü ÂŃĹ ďđč ďîěîůč Download Master
IE: Çŕęŕ÷ŕňü ďđč ďîěîůč Download Master
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\TwoRik\Data aplikací\Mozilla\Firefox\Profiles\vs8yc1bx.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.1&q=
FF - component: c:\program files\Mozilla Firefox\components\Scriptff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
BHO-{D187A56B-A33F-4CBE-9D77-459FC0BAE012} - (no file)
WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)
HKCU-Run-OEXPRESS - (no file)
MSConfigStartUp-ATICCC - c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe
MSConfigStartUp-DAEMON Tools - c:\program files\DAEMON Tools\daemon.exe
MSConfigStartUp-QIP2005 - c:\program files\QIP\qip.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-09 14:09
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys atapi.sys spma.sys >>UNKNOWN [0x8A8FC938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0fcf28
\Driver\ACPI -> ACPI.sys @ 0xb9e67cb8
\Driver\atapi -> sfsync02.sys @ 0xba0c98b4
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller -> SendCompleteHandler -> NDIS.sys @ 0xb9bd9bb0
PacketIndicateHandler -> NDIS.sys @ 0xb9be6a21
SendHandler -> NDIS.sys @ 0xb9bc487b
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\oskpmhwm]
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-746137067-152049171-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:0b,f0,6b,5f,c1,ad,39,2d,9d,04,5c,d9,bf,d3,a1,65,3f,c3,5e,20,50,e6,9d,
20,94,c3,22,5c,f8,85,f4,18,71,8a,a6,0f,2f,07,29,54,fc,d5,cd,fd,8e,c2,25,6c,\
"??"=hex:0a,ad,90,f0,65,3c,48,de,9a,dd,e5,c4,ed,13,f0,dd
[HKEY_USERS\S-1-5-21-746137067-152049171-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:bc,2c,1b,2c,1f,2c,82,02,5b,33,e7,85,03,7c,e8,2a,31,a9,db,6a,1a,
13,24,73,c4,6e,69,ec,dc,1f,eb,d4,f7,3d,ea,21,f0,4d,21,41,29,89,95,d7,41,b1,\
"rkeysecu"=hex:8d,80,84,4c,27,f3,a9,a5,07,d4,c2,6c,bf,c0,04,cd
[HKEY_LOCAL_MACHINE\software\swearware\backup\winsock2]
@DACL=(02 0000)
@SACL=
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1528)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3536)
c:\program files\NETGATE\Spy Emergency\webspam.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Sunbelt Software\Personal Firewall\SbPFCl.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Razer\Diamondback 3G\razertra.exe
c:\program files\Razer\razertra.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\Razer\razerofa.exe
c:\program files\Razer\Diamondback 3G\razerofa.exe
.
**************************************************************************
.
Celkový čas: 2010-04-09 14:23:23 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-09 12:16
ComboFix2.txt 2009-06-22 05:20
Před spuštěním: 1 352 179 712
Po spuštění: 2 750 812 160
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 4F4CC18ADE48265A713B15D6CA9D4BFF
Re: Nejde odstranit virus virus.Rootkit.Win32.agent.bdov
odinstaluj Spy Emergency + Anti Trojan Elite a snad bude hotovo
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: Nejde odstranit virus virus.Rootkit.Win32.agent.bdov
Vsechno uz vypada v poradku, diky
Re: Nejde odstranit virus virus.Rootkit.Win32.agent.bdov
Tak sem se unahlil, problem pretrvava, Spy emergency sem odstranil, ale Anti-trojan Elite sem nikde nenasel. Opet se hlasi ten samy virus.
Re: Nejde odstranit virus virus.Rootkit.Win32.agent.bdov
1. dalsi CFScript:
2. vycisti PC s MBAM
Kód: Vybrat vše
Driver::
ATE_PROCMON
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: Nejde odstranit virus virus.Rootkit.Win32.agent.bdov
Novy combofix log:
ComboFix 10-04-08.02 - TwoRik 10.04.2010 15:11:56.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1593 [GMT 2:00]
Spuštěný z: c:\documents and settings\TwoRik\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\TwoRik\Plocha\CFScript.txt
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kerio Personal Firewall *disabled* {CB8DE467-2367-41d1-87BA-D0AE12284F9A}
FW: Sunbelt Personal Firewall *enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
SP: Kaspersky Anti-Virus *disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ATE_PROCMON
-------\Service_ATE_PROCMON
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-10 do 2010-04-10 )))))))))))))))))))))))))))))))
.
2010-04-09 16:39 . 2010-04-09 16:39 -------- d-----w- c:\program files\ReviverSoft
2010-04-09 12:09 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-04-09 12:08 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-04-09 12:08 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-03-24 09:44 . 2010-03-24 09:44 -------- d-----w- c:\program files\Stardock
2010-03-11 23:09 . 2010-04-09 11:01 -------- d-----w- c:\program files\trend micro
2010-03-11 23:09 . 2010-03-11 23:09 -------- d-----w- C:\rsit
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-10 13:27 . 2010-02-28 04:34 802304 ----a-w- c:\windows\system32\drivers\oskpmhwm.sys
2010-04-10 13:25 . 2001-10-25 14:00 819978 ----a-w- c:\windows\system32\perfh005.dat
2010-04-10 13:25 . 2001-10-25 14:00 222190 ----a-w- c:\windows\system32\perfc005.dat
2010-03-31 16:10 . 2006-10-06 07:09 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2010-03-31 11:24 . 2006-09-28 09:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-13 11:43 . 2007-10-12 16:51 -------- d-----w- c:\program files\uTorrent
2010-03-02 23:00 . 2009-03-05 11:54 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-02-27 02:10 . 2010-02-27 02:10 -------- d-----w- c:\program files\ICQ6Toolbar
2010-02-26 05:43 . 2002-09-20 18:05 668160 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 05:43 . 2006-09-28 10:13 81920 ------w- c:\windows\system32\ieencode.dll
2010-02-18 17:35 . 2010-02-18 17:35 -------- d-----w- c:\program files\LucasArts
2010-01-28 21:26 . 2010-01-28 21:26 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-10-22 19:07 . 2009-11-09 12:07 23864 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-04-09_12.09.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-05-26 02:16 . 2009-08-06 17:24 44768 c:\windows\system32\wups2.dll
+ 2006-09-28 10:13 . 2009-08-06 17:24 35552 c:\windows\system32\wups.dll
+ 2001-10-25 14:00 . 2009-06-25 08:27 54272 c:\windows\system32\wdigest.dll
+ 2007-01-29 08:58 . 2010-01-23 08:11 46080 c:\windows\system32\tzchange.exe
- 2007-01-29 08:58 . 2009-07-14 11:03 46080 c:\windows\system32\tzchange.exe
+ 2008-07-09 09:14 . 2009-05-26 11:40 18296 c:\windows\system32\spmsg.dll
+ 2002-09-20 18:04 . 2009-06-25 08:27 56832 c:\windows\system32\secur32.dll
- 2002-09-20 18:04 . 2009-02-03 19:58 56832 c:\windows\system32\secur32.dll
- 2002-09-20 18:04 . 2008-04-14 03:21 79872 c:\windows\system32\raschap.dll
+ 2002-09-20 18:04 . 2009-10-12 13:40 79872 c:\windows\system32\raschap.dll
+ 2006-09-28 09:51 . 2009-11-27 17:14 17920 c:\windows\system32\msyuv.dll
+ 2001-10-25 14:00 . 2009-11-27 16:09 28672 c:\windows\system32\msvidc32.dll
- 2002-09-20 18:04 . 2008-04-14 03:21 11264 c:\windows\system32\msrle32.dll
+ 2002-09-20 18:04 . 2009-11-27 16:09 11264 c:\windows\system32\msrle32.dll
+ 2001-10-25 14:00 . 2009-09-04 21:05 58880 c:\windows\system32\msasn1.dll
+ 2001-10-24 12:24 . 2009-11-27 16:09 48128 c:\windows\system32\iyuv_32.dll
- 2001-10-25 14:00 . 2009-06-16 14:40 81920 c:\windows\system32\fontsub.dll
+ 2001-10-25 14:00 . 2009-10-15 16:32 81920 c:\windows\system32\fontsub.dll
+ 2001-10-25 14:00 . 2009-06-24 11:18 92928 c:\windows\system32\drivers\ksecdd.sys
+ 2006-09-28 10:13 . 2009-08-06 17:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2009-06-25 08:27 . 2009-06-25 08:27 54272 c:\windows\system32\dllcache\wdigest.dll
+ 2009-02-03 19:58 . 2009-06-25 08:27 56832 c:\windows\system32\dllcache\secur32.dll
- 2009-02-03 19:58 . 2009-02-03 19:58 56832 c:\windows\system32\dllcache\secur32.dll
+ 2009-10-12 13:40 . 2009-10-12 13:40 79872 c:\windows\system32\dllcache\raschap.dll
+ 2009-11-27 17:14 . 2009-11-27 17:14 17920 c:\windows\system32\dllcache\msyuv.dll
+ 2001-10-25 14:00 . 2009-11-27 16:09 28672 c:\windows\system32\dllcache\msvidc32.dll
+ 2009-11-27 16:09 . 2009-11-27 16:09 11264 c:\windows\system32\dllcache\msrle32.dll
+ 2009-09-04 21:05 . 2009-09-04 21:05 58880 c:\windows\system32\dllcache\msasn1.dll
+ 2009-06-24 11:18 . 2009-06-24 11:18 92928 c:\windows\system32\dllcache\ksecdd.sys
+ 2009-11-27 16:09 . 2009-11-27 16:09 48128 c:\windows\system32\dllcache\iyuv_32.dll
- 2009-02-20 08:12 . 2009-06-26 16:51 81920 c:\windows\system32\dllcache\ieencode.dll
+ 2009-02-20 08:12 . 2010-02-26 05:43 81920 c:\windows\system32\dllcache\ieencode.dll
+ 2009-06-16 14:40 . 2009-10-15 16:32 81920 c:\windows\system32\dllcache\fontsub.dll
- 2009-06-16 14:40 . 2009-06-16 14:40 81920 c:\windows\system32\dllcache\fontsub.dll
+ 2009-12-14 07:10 . 2009-12-14 07:10 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2009-06-10 14:15 . 2009-11-27 16:09 84992 c:\windows\system32\dllcache\avifil32.dll
- 2009-06-10 14:15 . 2009-06-10 14:15 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2002-09-20 18:03 . 2009-12-14 07:10 33280 c:\windows\system32\csrsrv.dll
- 2002-09-20 18:03 . 2009-06-10 14:15 84992 c:\windows\system32\avifil32.dll
+ 2002-09-20 18:03 . 2009-11-27 16:09 84992 c:\windows\system32\avifil32.dll
+ 2009-06-24 17:56 . 2009-06-24 17:56 73728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
+ 2008-05-27 22:49 . 2008-05-27 22:49 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2003-02-20 17:09 . 2003-02-20 17:09 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2003-02-20 17:09 . 2003-02-20 17:09 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2008-05-27 22:49 . 2008-05-27 22:49 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2004-07-14 22:32 . 2004-07-14 22:32 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2008-05-27 22:49 . 2008-05-27 22:49 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2004-07-14 23:49 . 2004-07-14 23:49 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2008-05-27 23:30 . 2008-05-27 23:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2010-04-09 12:48 . 2010-04-09 12:48 32768 c:\windows\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}\icon.exe
+ 2010-04-09 16:39 . 2010-04-09 16:39 45056 c:\windows\Installer\{DBD88705-2570-4ABA-8EC8-432ACE0481A6}\UninstallIcon.exe
+ 2010-04-09 16:39 . 2010-04-09 16:39 69632 c:\windows\Installer\{DBD88705-2570-4ABA-8EC8-432ACE0481A6}\MainExeIcon.exe
+ 2010-04-09 16:39 . 2010-04-09 16:39 69632 c:\windows\Installer\{DBD88705-2570-4ABA-8EC8-432ACE0481A6}\MainExe32Shortcut_C3C22600D39C4A25963EC1AFC2D74343.exe
+ 2010-04-09 16:39 . 2010-04-09 16:39 10134 c:\windows\Installer\{DBD88705-2570-4ABA-8EC8-432ACE0481A6}\ARPPRODUCTICON.exe
+ 2009-11-27 17:14 . 2009-11-27 17:14 17920 c:\windows\Driver Cache\i386\msyuv.dll
+ 2009-11-27 16:09 . 2009-11-27 16:09 48128 c:\windows\Driver Cache\i386\iyuv_32.dll
+ 2010-04-09 12:49 . 2010-04-09 12:49 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_f63f0495\System.Drawing.Design.dll
+ 2010-04-09 12:49 . 2010-04-09 12:49 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_3992d21f\CustomMarshalers.dll
+ 2010-04-09 13:29 . 2010-04-09 13:29 36352 c:\windows\assembly\NativeImages_v2.0.50727_32\WBOCXLib\d99e71131f88c9e4a0e721fa007dfda6\WBOCXLib.ni.dll
+ 2010-04-09 13:01 . 2010-04-09 13:01 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\b4a9e413d5cd6d6ec2d50aa05381e293\UIAutomationProvider.ni.dll
+ 2010-04-09 13:32 . 2010-04-09 13:32 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\8acb476a0d4ee17a12881e17ae74a6af\System.Windows.Presentation.ni.dll
+ 2010-04-09 13:32 . 2010-04-09 13:32 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\4b87ca3482a3c0ee733e028ecee7de65\System.Web.DynamicData.Design.ni.dll
+ 2010-04-09 13:30 . 2010-04-09 13:30 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\a0c71055364bd356971791284c3fb910\System.ComponentModel.DataAnnotations.ni.dll
+ 2010-04-09 13:30 . 2010-04-09 13:30 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f9a75bbdc2ce7db578b5977766a09b99\System.AddIn.Contract.ni.dll
+ 2010-04-09 13:29 . 2010-04-09 13:29 50688 c:\windows\assembly\NativeImages_v2.0.50727_32\StardockCentralDSkin\b3f6c84f0a5a79912f98525608bf82d1\StardockCentralDSkin.ni.dll
+ 2010-04-09 13:29 . 2010-04-09 13:29 56320 c:\windows\assembly\NativeImages_v2.0.50727_32\Stardock.Central.Se#\6d45a2edb12d8b34061944f4fbc14ba9\Stardock.Central.Security.ni.dll
+ 2010-04-09 13:29 . 2010-04-09 13:29 77312 c:\windows\assembly\NativeImages_v2.0.50727_32\Sd.Uninstall\d0ba5acd89e1abe737731931446a6c07\Sd.Uninstall.ni.dll
+ 2010-04-09 13:01 . 2010-04-09 13:01 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\3dd0f86c966c75755d62eab8ddf0634c\PresentationFontCache.ni.exe
+ 2010-04-09 13:00 . 2010-04-09 13:00 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\034d081fe294bab1ee1ecc98c1181424\PresentationCFFRasterizer.ni.dll
+ 2010-04-09 13:29 . 2010-04-09 13:29 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\f2673aec397c52796aef05bb9d2668df\Microsoft.Vsa.ni.dll
+ 2010-04-09 13:01 . 2010-04-09 13:01 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\1ded203bd27031c3a5e3441f94b528c0\Microsoft.VisualC.ni.dll
+ 2010-04-09 13:00 . 2010-04-09 13:00 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\d513fe1a81c441e7656a9b062cff4e9f\Microsoft.Build.Framework.ni.dll
+ 2010-04-09 13:30 . 2010-04-09 13:30 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\c5d504724d7f351b1d034615dbb72a2a\Microsoft.Build.Framework.ni.dll
+ 2010-04-09 13:30 . 2010-04-09 13:30 44544 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop\ae4ec6acbc5ffcc3ad6e8c33405be33d\Interop.ni.dll
+ 2010-04-09 13:30 . 2010-04-09 13:30 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\a664ccab020f93f1d533919f57131190\dfsvc.ni.exe
+ 2010-04-09 13:30 . 2010-04-09 13:30 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\ControlLibrary\2fe1bd5a9e53c92655253c031537b8cc\ControlLibrary.ni.dll
+ 2010-04-09 13:30 . 2010-04-09 13:30 53248 c:\windows\assembly\NativeImages_v2.0.50727_32\AjaVideoProperties\608e1333861002ba0957d1133e8b35ae\AjaVideoProperties.ni.dll
+ 2010-04-09 13:01 . 2010-04-09 13:01 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\e63d6d26b8a664cfdfbd4ad75e03c14d\Accessibility.ni.dll
+ 2010-04-09 12:58 . 2010-04-09 12:58 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-04-09 12:58 . 2010-04-09 12:58 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-04-09 12:59 . 2010-04-09 12:59 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-04-09 12:58 . 2010-04-09 12:58 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-04-09 12:58 . 2010-04-09 12:58 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-04-09 12:58 . 2010-04-09 12:58 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-04-09 12:59 . 2010-04-09 12:59 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-04-09 12:59 . 2010-04-09 12:59 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-04-09 12:58 . 2010-04-09 12:58 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-04-09 12:58 . 2010-04-09 12:58 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2010-04-09 12:58 . 2010-04-09 12:58 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-04-09 12:58 . 2010-04-09 12:58 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-04-09 12:58 . 2010-04-09 12:58 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-04-09 12:46 . 2008-07-08 12:59 26488 c:\windows\$hf_mig$\KB968389\update\spcustom.dll
+ 2010-04-09 12:46 . 2008-07-08 12:59 18296 c:\windows\$hf_mig$\KB968389\spmsg.dll
+ 2009-06-25 08:42 . 2009-06-25 08:42 54272 c:\windows\$hf_mig$\KB968389\SP3QFE\wdigest.dll
+ 2009-06-25 08:42 . 2009-06-25 08:42 56832 c:\windows\$hf_mig$\KB968389\SP3QFE\secur32.dll
+ 2009-06-24 10:28 . 2009-06-24 10:28 92928 c:\windows\$hf_mig$\KB968389\SP3QFE\ksecdd.sys
+ 2010-04-09 12:58 . 2010-04-09 12:58 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2001-10-24 12:25 . 2009-11-27 16:09 8704 c:\windows\system32\tsbyuv.dll
+ 2001-10-24 12:25 . 2009-11-27 16:09 8704 c:\windows\system32\dllcache\tsbyuv.dll
+ 2009-11-27 16:09 . 2009-11-27 16:09 8704 c:\windows\Driver Cache\i386\tsbyuv.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-04-09 12:58 . 2010-04-09 12:58 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-04-09 12:59 . 2010-04-09 12:59 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-04-09 12:58 . 2010-04-09 12:58 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-04-09 12:58 . 2010-04-09 12:58 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-04-09 12:59 . 2010-04-09 12:59 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-04-09 12:59 . 2010-04-09 12:59 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2006-09-28 10:13 . 2009-04-09 23:01 413032 c:\windows\system32\wmspdmod.dll
+ 2002-09-20 18:04 . 2010-02-26 05:43 627200 c:\windows\system32\urlmon.dll
+ 2001-10-25 14:00 . 2009-10-15 16:32 119808 c:\windows\system32\t2embed.dll
- 2001-10-25 14:00 . 2009-06-16 14:40 119808 c:\windows\system32\t2embed.dll
- 2002-09-20 18:04 . 2008-10-03 10:04 247326 c:\windows\system32\strmdll.dll
+ 2002-09-20 18:04 . 2009-08-26 08:02 247326 c:\windows\system32\strmdll.dll
+ 2002-09-20 18:04 . 2009-06-25 08:27 147456 c:\windows\system32\schannel.dll
+ 2002-09-20 18:04 . 2009-12-08 09:25 474112 c:\windows\system32\shlwapi.dll
- 2002-09-20 18:04 . 2008-04-14 03:21 474112 c:\windows\system32\shlwapi.dll
+ 2002-09-20 18:04 . 2009-10-12 13:40 150016 c:\windows\system32\rastls.dll
+ 2001-10-25 14:00 . 2010-04-10 13:25 804780 c:\windows\system32\perfh009.dat
+ 2001-10-25 14:00 . 2010-04-10 13:25 210478 c:\windows\system32\perfc009.dat
+ 2002-09-20 18:04 . 2009-10-13 10:34 271360 c:\windows\system32\oakley.dll
- 2002-09-20 18:04 . 2008-04-14 03:21 271360 c:\windows\system32\oakley.dll
+ 2002-09-20 18:04 . 2009-09-11 14:19 136192 c:\windows\system32\msv1_0.dll
- 2006-09-27 18:10 . 2008-04-14 03:22 343552 c:\windows\system32\mspaint.exe
+ 2006-09-27 18:10 . 2009-12-17 07:42 343552 c:\windows\system32\mspaint.exe
+ 2002-09-20 18:04 . 2009-06-25 08:27 729088 c:\windows\system32\lsasrv.dll
+ 2002-09-20 18:04 . 2009-06-25 08:27 301568 c:\windows\system32\kerberos.dll
- 2002-09-20 18:03 . 2008-04-14 03:21 251904 c:\windows\system32\iepeers.dll
+ 2002-09-20 18:03 . 2010-02-26 05:43 251904 c:\windows\system32\iepeers.dll
+ 2001-10-25 14:00 . 2009-12-31 16:50 353792 c:\windows\system32\drivers\srv.sys
+ 2002-08-29 01:59 . 2009-12-04 18:22 455424 c:\windows\system32\drivers\mrxsmb.sys
+ 2006-09-28 10:13 . 2009-04-09 23:01 413032 c:\windows\system32\dllcache\wmspdmod.dll
+ 2008-04-21 06:45 . 2010-02-26 05:43 668160 c:\windows\system32\dllcache\wininet.dll
+ 2008-06-26 08:14 . 2010-02-26 05:43 627200 c:\windows\system32\dllcache\urlmon.dll
+ 2009-06-16 14:40 . 2009-10-15 16:32 119808 c:\windows\system32\dllcache\t2embed.dll
- 2009-06-16 14:40 . 2009-06-16 14:40 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2006-08-24 12:19 . 2009-08-26 08:02 247326 c:\windows\system32\dllcache\strmdll.dll
- 2006-08-24 12:19 . 2008-10-03 10:04 247326 c:\windows\system32\dllcache\strmdll.dll
+ 2008-10-15 19:30 . 2009-12-31 16:50 353792 c:\windows\system32\dllcache\srv.sys
+ 2008-12-05 06:57 . 2009-06-25 08:27 147456 c:\windows\system32\dllcache\schannel.dll
+ 2009-12-08 09:25 . 2009-12-08 09:25 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2009-10-12 13:40 . 2009-10-12 13:40 150016 c:\windows\system32\dllcache\rastls.dll
+ 2009-10-13 10:34 . 2009-10-13 10:34 271360 c:\windows\system32\dllcache\oakley.dll
+ 2009-06-25 08:27 . 2009-09-11 14:19 136192 c:\windows\system32\dllcache\msv1_0.dll
+ 2009-12-17 07:42 . 2009-12-17 07:42 343552 c:\windows\system32\dllcache\mspaint.exe
+ 2008-11-11 18:50 . 2009-12-04 18:22 455424 c:\windows\system32\dllcache\mrxsmb.sys
+ 2009-04-17 10:21 . 2009-06-25 08:27 729088 c:\windows\system32\dllcache\lsasrv.dll
+ 2009-06-25 08:27 . 2009-06-25 08:27 301568 c:\windows\system32\dllcache\kerberos.dll
+ 2010-02-26 05:43 . 2010-02-26 05:43 251904 c:\windows\system32\dllcache\iepeers.dll
+ 2009-08-07 21:51 . 2009-08-07 21:51 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2008-05-27 22:49 . 2008-05-27 22:49 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2004-07-14 22:33 . 2004-07-14 22:33 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2008-05-27 22:48 . 2008-05-27 22:48 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2004-07-14 22:25 . 2004-07-14 22:25 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2008-05-27 23:30 . 2008-05-27 23:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2004-07-14 23:49 . 2004-07-14 23:49 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2010-04-09 12:48 . 2010-04-09 12:48 429568 c:\windows\Installer\867d3.msi
+ 2008-11-11 18:50 . 2009-12-04 18:22 455424 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2010-04-09 12:50 . 2010-04-09 12:50 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_33f48b12\System.Drawing.dll
+ 2010-04-09 12:50 . 2010-04-09 12:50 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_d956e383\System.Drawing.Design.dll
+ 2010-04-09 12:50 . 2010-04-09 12:50 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_6b253d6c\CustomMarshalers.dll
+ 2010-04-09 13:30 . 2010-04-09 13:30 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\e2098e43d115155d6ba91ba3a7e577cf\WsatConfig.ni.exe
+ 2010-04-09 13:04 . 2010-04-09 13:04 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\bf92bc207f927cbbd6dfc9dc0c3eae68\WindowsFormsIntegration.ni.dll
+ 2010-04-09 13:29 . 2010-04-09 13:29 372736 c:\windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\d3924d7d4cabe93f93c281c4e5e44ad9\VistaBridgeLibrary.ni.dll
+ 2010-04-09 13:29 . 2010-04-09 13:29 611328 c:\windows\assembly\NativeImages_v2.0.50727_32\VDialog\c6625f20a6628f887f320aa01bf4280a\VDialog.ni.dll
+ 2010-04-09 13:01 . 2010-04-09 13:01 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\6f488b7644dc50a083868e91a4014466\UIAutomationTypes.ni.dll
+ 2010-04-09 13:03 . 2010-04-09 13:03 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\c2fbf25609b704061a93500efa6f241d\UIAutomationClient.ni.dll
+ 2010-04-09 13:56 . 2010-04-09 13:56 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\eb23b78564687badff1bd1f1d0a0ec97\System.Xml.Linq.ni.dll
+ 2010-04-09 13:31 . 2010-04-09 13:31 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\e7666364bf9f3ba5f4833c9efedd8218\System.Web.Routing.ni.dll
+ 2010-04-09 13:03 . 2010-04-09 13:03 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\b5f1b8791e6c47e5bd5e7018c346c586\System.Web.RegularExpressions.ni.dll
+ 2010-04-09 13:32 . 2010-04-09 13:32 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\884eacddf339b8b342f66aedff5f8ef9\System.Web.Extensions.Design.ni.dll
+ 2010-04-09 13:32 . 2010-04-09 13:32 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\9e199645bd26f1afe58ebe185d1e7f0f\System.Web.Entity.ni.dll
+ 2010-04-09 13:32 . 2010-04-09 13:32 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\652017ebe962ab2eb271c2524f31cd61\System.Web.Entity.Design.ni.dll
+ 2010-04-09 13:32 . 2010-04-09 13:32 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\d0070c1c1a642ae30394e00bc0d82336\System.Web.DynamicData.ni.dll
+ 2010-04-09 13:31 . 2010-04-09 13:31 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\1896753d02d146be1988d32241300f51\System.Web.Abstractions.ni.dll
+ 2010-04-09 13:02 . 2010-04-09 13:02 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\408e637346ef628a3f54fb1b9b83ac9f\System.Transactions.ni.dll
+ 2010-04-09 13:03 . 2010-04-09 13:03 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\1f61bccb700d687775cf778dd77752e9\System.ServiceProcess.ni.dll
+ 2010-04-09 13:00 . 2010-04-09 13:00 676352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\a9e9b885a6601469c4058375cc74d856\System.Security.ni.dll
+ 2010-04-09 13:01 . 2010-04-09 13:01 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\9bc34a79af9c3ed2cf17a0226c769b4c\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2010-04-09 13:02 . 2010-04-09 13:02 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\af21e3011fb4e107b13ea5c40c351ec4\System.Runtime.Remoting.ni.dll
+ 2010-04-09 13:31 . 2010-04-09 13:31 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\5f74a84e9d28c2332c51f6e30da0e125\System.Net.ni.dll
+ 2010-04-09 13:32 . 2010-04-09 13:32 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\8ad38ebb07c0d5b5bbf15f8f3c11c6be\System.Messaging.ni.dll
+ 2010-04-09 13:29 . 2010-04-09 13:29 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\2c208e4c5521f31057ea7d6e93c6a567\System.Management.ni.dll
+ 2010-04-09 13:31 . 2010-04-09 13:31 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\818b20a7c6f3b2fe97bf008ca24080c1\System.Management.Instrumentation.ni.dll
+ 2010-04-09 13:28 . 2010-04-09 13:28 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\6c273eb9d1ee8b66b5ecb073de4b785d\System.IO.Log.ni.dll
+ 2010-04-09 13:28 . 2010-04-09 13:28 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\7222db518afb4eaaa138824278249bc7\System.IdentityModel.Selectors.ni.dll
+ 2010-04-09 13:02 . 2010-04-09 13:02 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8a7d0bd0057a8ed38291d5662248f7a1\System.EnterpriseServices.Wrapper.dll
+ 2010-04-09 13:02 . 2010-04-09 13:02 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8a7d0bd0057a8ed38291d5662248f7a1\System.EnterpriseServices.ni.dll
+ 2010-04-09 13:03 . 2010-04-09 13:03 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\ca6d7208c0fb72ff97429f2636ced321\System.Drawing.Design.ni.dll
+ 2010-04-09 13:31 . 2010-04-09 13:31 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c92fc19800e701c90f90ab7a2ab44c47\System.DirectoryServices.AccountManagement.ni.dll
+ 2010-04-09 13:03 . 2010-04-09 13:03 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\a601f47a98ee67df424685c9a66ea449\System.DirectoryServices.Protocols.ni.dll
+ 2010-04-09 13:31 . 2010-04-09 13:31 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\b91b44015859163646f210d284f7166a\System.Data.Services.Client.ni.dll
+ 2010-04-09 13:31 . 2010-04-09 13:31 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1b35297e07b85071daecdb06f96750a1\System.Data.Services.Design.ni.dll
+ 2010-04-09 13:31 . 2010-04-09 13:31 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\cf906bf9146d1f0013451ec63b58e064\System.Data.Entity.Design.ni.dll
+ 2010-04-09 13:30 . 2010-04-09 13:30 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\4ff4134b0d490c090e03d74e104517c4\System.Data.DataSetExtensions.ni.dll
+ 2010-04-09 13:00 . 2010-04-09 13:00 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7c743462baccf29b3567b0e3ec9ac134\System.Configuration.ni.dll
+ 2010-04-09 13:03 . 2010-04-09 13:03 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\443e3a85c491b2de4a2ac654cb957484\System.Configuration.Install.ni.dll
+ 2010-04-09 13:30 . 2010-04-09 13:30 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\cba35f47925431a54d0e6ae147a292f1\System.AddIn.ni.dll
+ 2010-04-09 13:03 . 2010-04-09 13:03 232448 c:\windows\assembly\NativeImages_v2.0.50727_32\sysglobl\3677b81a93d21c46cbac72c051f8c986\sysglobl.ni.dll
+ 2010-04-09 13:30 . 2010-04-09 13:30 928256 c:\windows\assembly\NativeImages_v2.0.50727_32\Sony.Vegas\f104ae325652095916b7df15ff59bbaf\Sony.Vegas.ni.dll
+ 2010-04-09 13:30 . 2010-04-09 13:30 222208 c:\windows\assembly\NativeImages_v2.0.50727_32\Sony.Vegas.NetRender\2975078ac309f164b027445400af73e3\Sony.Vegas.NetRender.ni.dll
+ 2010-04-09 13:30 . 2010-04-09 13:30 279040 c:\windows\assembly\NativeImages_v2.0.50727_32\Sony.MediaSoftware.#\690a6f21cce8c0f533d129369670cff1\Sony.MediaSoftware.ExternalVideoDevice.ni.dll
+ 2010-04-09 13:30 . 2010-04-09 13:30 646656 c:\windows\assembly\NativeImages_v2.0.50727_32\Sony.Capture\2b14dc0d36ac5f2ef8c90ba71f3441ab\Sony.Capture.ni.dll
+ 2010-04-09 13:30 . 2010-04-09 13:30 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6af32fe5cbec0aa54e2efa6910c73651\SMSvcHost.ni.exe
+ 2010-04-09 13:30 . 2010-04-09 13:30 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\7602d7687fb9bd21cd9ae60d2b187c99\SMDiagnostics.ni.dll
+ 2010-04-09 13:29 . 2010-04-09 13:29 128000 c:\windows\assembly\NativeImages_v2.0.50727_32\SharpBITS.Base\db18ee3afe6b34e8497f2eddb9d46a0a\SharpBITS.Base.ni.dll
+ 2010-04-09 13:30 . 2010-04-09 13:30 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\a23dc25782df04533a13e348203e4dc5\ServiceModelReg.ni.exe
+ 2010-04-09 13:29 . 2010-04-09 13:29 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\Sd\2cb7ff992aed0a12b5e4a30f01a1d91b\Sd.ni.dll
+ 2010-04-09 13:30 . 2010-04-09 13:30 459776 c:\windows\assembly\NativeImages_v2.0.50727_32\Sd.Zip\6906e9dbd84880095dd4199109c89b21\Sd.Zip.ni.dll
+ 2010-04-09 13:29 . 2010-04-09 13:29 524800 c:\windows\assembly\NativeImages_v2.0.50727_32\Sd.Web\3fa7a14b8a6e610084876a8094f6d8f4\Sd.Web.ni.dll
+ 2010-04-09 13:29 . 2010-04-09 13:29 155648 c:\windows\assembly\NativeImages_v2.0.50727_32\Sd.UI\c870e267fec4c8b9779daeeb5ad98f7f\Sd.UI.ni.dll
+ 2010-04-09 13:29 . 2010-04-09 13:29 782848 c:\windows\assembly\NativeImages_v2.0.50727_32\Sd.Irc\c1f91a47eafdd814c8a0e3c41b403440\Sd.Irc.ni.dll
+ 2010-04-09 13:29 . 2010-04-09 13:29 279040 c:\windows\assembly\NativeImages_v2.0.50727_32\Sd.InstallManager\cd40d1df1c5c84d523a72b17d1916c91\Sd.InstallManager.ni.dll
+ 2010-04-09 13:29 . 2010-04-09 13:29 483840 c:\windows\assembly\NativeImages_v2.0.50727_32\Sd.Common.XmlSerial#\92d70860d73459cecd8ffc6a5337f0e0\Sd.Common.XmlSerializers.ni.dll
+ 2010-04-09 13:29 . 2010-04-09 13:29 132096 c:\windows\assembly\NativeImages_v2.0.50727_32\sd.central.cmp.serv#\5c3d41b4fad30839e97f655f74a13149\sd.central.cmp.server.ni.dll
+ 2010-04-09 13:29 . 2010-04-09 13:29 100352 c:\windows\assembly\NativeImages_v2.0.50727_32\Sd.Central.Archive\a41243c7fe8d921baae9d822d5522285\Sd.Central.Archive.ni.dll
+ 2010-04-09 13:29 . 2010-04-09 13:29 271872 c:\windows\assembly\NativeImages_v2.0.50727_32\Sd.Central.Archive.#\7b0a42362aac66dbf9d3f5c326347346\Sd.Central.Archive.XmlSerializers.ni.dll
+ 2010-04-09 13:03 . 2010-04-09 13:03 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\96f74da5fc40b92f09069230bc0df4f0\PresentationFramework.Royale.ni.dll
+ 2010-04-09 13:03 . 2010-04-09 13:03 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3bb4d16b042b72c2c85a0f8ac9d48f28\PresentationFramework.Luna.ni.dll
+ 2010-04-09 13:03 . 2010-04-09 13:03 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\30c5c2682d3c5bdaa83bb9a36ee48afa\PresentationFramework.Aero.ni.dll
+ 2010-04-09 13:03 . 2010-04-09 13:03 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07e952efd70f5608e221a008e6231ace\PresentationFramework.Classic.ni.dll
+ 2010-04-09 13:29 . 2010-04-09 13:29 291328 c:\windows\assembly\NativeImages_v2.0.50727_32\MyDock.Util\86eefca9a2f319f42eb6e356844bc37e\MyDock.Util.ni.dll
+ 2010-04-09 13:30 . 2010-04-09 13:30 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\eade8c1c9c1e8e5ffb50e6c9b9af0f6a\MSBuild.ni.exe
+ 2010-04-09 13:30 . 2010-04-09 13:30 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\fc4d66e0a92b3767006a84f2519d2457\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2010-04-09 13:00 . 2010-04-09 13:00 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\58ca3ecc52b7246b448c109817198a0b\Microsoft.Build.Utilities.ni.dll
+ 2010-04-09 13:30 . 2010-04-09 13:30 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\4dd43724dd92026577c6f588270137a0\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2010-04-09 13:30 . 2010-04-09 13:30 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\8c651f75bb741330370986dcad8e9e5b\Microsoft.Build.Engine.ni.dll
+ 2010-04-09 13:30 . 2010-04-09 13:30 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\a6dcbae619ccd938bfe808c54d6d3ae0\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2010-04-09 13:29 . 2010-04-09 13:29 100864 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.IWshRuntime#\db85a5c318b24cac7b48e50f3e22c96d\Interop.IWshRuntimeLibrary.ni.dll
+ 2010-04-09 13:29 . 2010-04-09 13:29 724480 c:\windows\assembly\NativeImages_v2.0.50727_32\ICSharpCode.SharpZi#\210456f21d81f5f6038ac408af1e837b\ICSharpCode.SharpZipLib.ni.dll
+ 2010-04-09 13:29 . 2010-04-09 13:29 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\77688ce14f221ed94a9f442ae4736123\CustomMarshalers.ni.dll
+ 2010-04-09 13:30 . 2010-04-09 13:30 326144 c:\windows\assembly\NativeImages_v2.0.50727_32\CoreUI\c0b0b036c304d64e9990ee081ba986a9\CoreUI.ni.dll
+ 2010-04-09 13:30 . 2010-04-09 13:30 818688 c:\windows\assembly\NativeImages_v2.0.50727_32\CoreUI.XmlSerialize#\bbd049a7a088a074e6f859475d426ab8\CoreUI.XmlSerializers.ni.dll
+ 2010-04-09 13:30 . 2010-04-09 13:30 119808 c:\windows\assembly\NativeImages_v2.0.50727_32\CorePrimitives\40e164ba6af1fdd3f7818a0f17a3259c\CorePrimitives.ni.dll
+ 2010-04-09 13:30 . 2010-04-09 13:30 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\a17c65f0cffaa4f792dd38d50df9d526\ComSvcConfig.ni.exe
+ 2010-04-09 13:28 . 2010-04-09 13:28 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\85d7c111956b478766d90625b35d963f\AspNetMMCExt.ni.dll
+ 2010-04-09 12:58 . 2010-04-09 12:58 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-04-09 12:58 . 2010-04-09 12:58 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-04-09 12:58 . 2010-04-09 12:58 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-04-09 12:59 . 2010-04-09 12:59 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-04-09 12:59 . 2010-04-09 12:59 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-04-09 12:59 . 2010-04-09 12:59 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-04-09 12:59 . 2010-04-09 12:59 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-04-09 12:59 . 2010-04-09 12:59 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-04-09 12:59 . 2010-04-09 12:59 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2010-04-09 12:58 . 2010-04-09 12:58 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-04-09 12:58 . 2010-04-09 12:58 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-04-09 12:59 . 2010-04-09 12:59 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-04-09 12:59 . 2010-04-09 12:59 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-04-09 12:59 . 2010-04-09 12:59 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-04-09 12:59 . 2010-04-09 12:59 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-04-09 12:58 . 2010-04-09 12:58 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-04-09 12:58 . 2010-04-09 12:58 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-04-09 12:58 . 2010-04-09 12:58 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-04-09 12:58 . 2010-04-09 12:58 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-04-09 12:59 . 2010-04-09 12:59 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-04-09 12:59 . 2010-04-09 12:59 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-04-09 12:58 . 2010-04-09 12:58 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-04-09 12:58 . 2010-04-09 12:58 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2010-04-09 12:59 . 2010-04-09 12:59 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2010-04-09 12:59 . 2010-04-09 12:59 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-04-09 12:59 . 2010-04-09 12:59 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2002-09-20 18:03 . 2009-11-21 16:03 471552 c:\windows\AppPatch\aclayers.dll
+ 2010-04-09 12:46 . 2009-05-26 11:40 391032 c:\windows\$hf_mig$\KB968389\update\updspapi.dll
+ 2010-04-09 12:46 . 2009-05-26 11:40 759160 c:\windows\$hf_mig$\KB968389\update\update.exe
+ 2010-04-09 12:46 . 2008-07-08 12:59 233848 c:\windows\$hf_mig$\KB968389\spuninst.exe
+ 2009-06-25 08:42 . 2009-06-25 08:42 147456 c:\windows\$hf_mig$\KB968389\SP3QFE\schannel.dll
+ 2009-06-25 08:42 . 2009-06-25 08:42 136704 c:\windows\$hf_mig$\KB968389\SP3QFE\msv1_0.dll
+ 2009-06-26 09:42 . 2009-06-26 09:42 729088 c:\windows\$hf_mig$\KB968389\SP3QFE\lsasrv.dll
+ 2009-06-25 08:42 . 2009-06-25 08:42 301568 c:\windows\$hf_mig$\KB968389\SP3QFE\kerberos.dll
+ 2010-04-09 12:09 . 2009-08-13 13:56 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
+ 2009-07-20 22:03 . 2009-07-20 22:03 1348432 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9876.0_x-ww_a621d1d5\msxml4.dll
+ 2002-09-20 17:41 . 2009-08-14 15:15 1850624 c:\windows\system32\win32k.sys
+ 2002-09-20 18:04 . 2010-03-10 04:43 1510400 c:\windows\system32\shdocvw.dll
- 2002-09-20 18:04 . 2009-07-18 16:05 1510400 c:\windows\system32\shdocvw.dll
+ 2002-09-20 18:04 . 2009-07-17 16:17 1437696 c:\windows\system32\query.dll
- 2002-09-20 18:04 . 2008-04-14 03:21 1437696 c:\windows\system32\query.dll
ComboFix 10-04-08.02 - TwoRik 10.04.2010 15:11:56.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1593 [GMT 2:00]
Spuštěný z: c:\documents and settings\TwoRik\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\TwoRik\Plocha\CFScript.txt
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kerio Personal Firewall *disabled* {CB8DE467-2367-41d1-87BA-D0AE12284F9A}
FW: Sunbelt Personal Firewall *enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
SP: Kaspersky Anti-Virus *disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ATE_PROCMON
-------\Service_ATE_PROCMON
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-10 do 2010-04-10 )))))))))))))))))))))))))))))))
.
2010-04-09 16:39 . 2010-04-09 16:39 -------- d-----w- c:\program files\ReviverSoft
2010-04-09 12:09 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-04-09 12:08 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-04-09 12:08 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-03-24 09:44 . 2010-03-24 09:44 -------- d-----w- c:\program files\Stardock
2010-03-11 23:09 . 2010-04-09 11:01 -------- d-----w- c:\program files\trend micro
2010-03-11 23:09 . 2010-03-11 23:09 -------- d-----w- C:\rsit
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-10 13:27 . 2010-02-28 04:34 802304 ----a-w- c:\windows\system32\drivers\oskpmhwm.sys
2010-04-10 13:25 . 2001-10-25 14:00 819978 ----a-w- c:\windows\system32\perfh005.dat
2010-04-10 13:25 . 2001-10-25 14:00 222190 ----a-w- c:\windows\system32\perfc005.dat
2010-03-31 16:10 . 2006-10-06 07:09 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2010-03-31 11:24 . 2006-09-28 09:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-13 11:43 . 2007-10-12 16:51 -------- d-----w- c:\program files\uTorrent
2010-03-02 23:00 . 2009-03-05 11:54 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-02-27 02:10 . 2010-02-27 02:10 -------- d-----w- c:\program files\ICQ6Toolbar
2010-02-26 05:43 . 2002-09-20 18:05 668160 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 05:43 . 2006-09-28 10:13 81920 ------w- c:\windows\system32\ieencode.dll
2010-02-18 17:35 . 2010-02-18 17:35 -------- d-----w- c:\program files\LucasArts
2010-01-28 21:26 . 2010-01-28 21:26 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-10-22 19:07 . 2009-11-09 12:07 23864 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-04-09_12.09.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-05-26 02:16 . 2009-08-06 17:24 44768 c:\windows\system32\wups2.dll
+ 2006-09-28 10:13 . 2009-08-06 17:24 35552 c:\windows\system32\wups.dll
+ 2001-10-25 14:00 . 2009-06-25 08:27 54272 c:\windows\system32\wdigest.dll
+ 2007-01-29 08:58 . 2010-01-23 08:11 46080 c:\windows\system32\tzchange.exe
- 2007-01-29 08:58 . 2009-07-14 11:03 46080 c:\windows\system32\tzchange.exe
+ 2008-07-09 09:14 . 2009-05-26 11:40 18296 c:\windows\system32\spmsg.dll
+ 2002-09-20 18:04 . 2009-06-25 08:27 56832 c:\windows\system32\secur32.dll
- 2002-09-20 18:04 . 2009-02-03 19:58 56832 c:\windows\system32\secur32.dll
- 2002-09-20 18:04 . 2008-04-14 03:21 79872 c:\windows\system32\raschap.dll
+ 2002-09-20 18:04 . 2009-10-12 13:40 79872 c:\windows\system32\raschap.dll
+ 2006-09-28 09:51 . 2009-11-27 17:14 17920 c:\windows\system32\msyuv.dll
+ 2001-10-25 14:00 . 2009-11-27 16:09 28672 c:\windows\system32\msvidc32.dll
- 2002-09-20 18:04 . 2008-04-14 03:21 11264 c:\windows\system32\msrle32.dll
+ 2002-09-20 18:04 . 2009-11-27 16:09 11264 c:\windows\system32\msrle32.dll
+ 2001-10-25 14:00 . 2009-09-04 21:05 58880 c:\windows\system32\msasn1.dll
+ 2001-10-24 12:24 . 2009-11-27 16:09 48128 c:\windows\system32\iyuv_32.dll
- 2001-10-25 14:00 . 2009-06-16 14:40 81920 c:\windows\system32\fontsub.dll
+ 2001-10-25 14:00 . 2009-10-15 16:32 81920 c:\windows\system32\fontsub.dll
+ 2001-10-25 14:00 . 2009-06-24 11:18 92928 c:\windows\system32\drivers\ksecdd.sys
+ 2006-09-28 10:13 . 2009-08-06 17:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2009-06-25 08:27 . 2009-06-25 08:27 54272 c:\windows\system32\dllcache\wdigest.dll
+ 2009-02-03 19:58 . 2009-06-25 08:27 56832 c:\windows\system32\dllcache\secur32.dll
- 2009-02-03 19:58 . 2009-02-03 19:58 56832 c:\windows\system32\dllcache\secur32.dll
+ 2009-10-12 13:40 . 2009-10-12 13:40 79872 c:\windows\system32\dllcache\raschap.dll
+ 2009-11-27 17:14 . 2009-11-27 17:14 17920 c:\windows\system32\dllcache\msyuv.dll
+ 2001-10-25 14:00 . 2009-11-27 16:09 28672 c:\windows\system32\dllcache\msvidc32.dll
+ 2009-11-27 16:09 . 2009-11-27 16:09 11264 c:\windows\system32\dllcache\msrle32.dll
+ 2009-09-04 21:05 . 2009-09-04 21:05 58880 c:\windows\system32\dllcache\msasn1.dll
+ 2009-06-24 11:18 . 2009-06-24 11:18 92928 c:\windows\system32\dllcache\ksecdd.sys
+ 2009-11-27 16:09 . 2009-11-27 16:09 48128 c:\windows\system32\dllcache\iyuv_32.dll
- 2009-02-20 08:12 . 2009-06-26 16:51 81920 c:\windows\system32\dllcache\ieencode.dll
+ 2009-02-20 08:12 . 2010-02-26 05:43 81920 c:\windows\system32\dllcache\ieencode.dll
+ 2009-06-16 14:40 . 2009-10-15 16:32 81920 c:\windows\system32\dllcache\fontsub.dll
- 2009-06-16 14:40 . 2009-06-16 14:40 81920 c:\windows\system32\dllcache\fontsub.dll
+ 2009-12-14 07:10 . 2009-12-14 07:10 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2009-06-10 14:15 . 2009-11-27 16:09 84992 c:\windows\system32\dllcache\avifil32.dll
- 2009-06-10 14:15 . 2009-06-10 14:15 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2002-09-20 18:03 . 2009-12-14 07:10 33280 c:\windows\system32\csrsrv.dll
- 2002-09-20 18:03 . 2009-06-10 14:15 84992 c:\windows\system32\avifil32.dll
+ 2002-09-20 18:03 . 2009-11-27 16:09 84992 c:\windows\system32\avifil32.dll
+ 2009-06-24 17:56 . 2009-06-24 17:56 73728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
+ 2008-05-27 22:49 . 2008-05-27 22:49 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2003-02-20 17:09 . 2003-02-20 17:09 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2003-02-20 17:09 . 2003-02-20 17:09 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2008-05-27 22:49 . 2008-05-27 22:49 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2004-07-14 22:32 . 2004-07-14 22:32 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2008-05-27 22:49 . 2008-05-27 22:49 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2004-07-14 23:49 . 2004-07-14 23:49 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2008-05-27 23:30 . 2008-05-27 23:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2010-04-09 12:48 . 2010-04-09 12:48 32768 c:\windows\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}\icon.exe
+ 2010-04-09 16:39 . 2010-04-09 16:39 45056 c:\windows\Installer\{DBD88705-2570-4ABA-8EC8-432ACE0481A6}\UninstallIcon.exe
+ 2010-04-09 16:39 . 2010-04-09 16:39 69632 c:\windows\Installer\{DBD88705-2570-4ABA-8EC8-432ACE0481A6}\MainExeIcon.exe
+ 2010-04-09 16:39 . 2010-04-09 16:39 69632 c:\windows\Installer\{DBD88705-2570-4ABA-8EC8-432ACE0481A6}\MainExe32Shortcut_C3C22600D39C4A25963EC1AFC2D74343.exe
+ 2010-04-09 16:39 . 2010-04-09 16:39 10134 c:\windows\Installer\{DBD88705-2570-4ABA-8EC8-432ACE0481A6}\ARPPRODUCTICON.exe
+ 2009-11-27 17:14 . 2009-11-27 17:14 17920 c:\windows\Driver Cache\i386\msyuv.dll
+ 2009-11-27 16:09 . 2009-11-27 16:09 48128 c:\windows\Driver Cache\i386\iyuv_32.dll
+ 2010-04-09 12:49 . 2010-04-09 12:49 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_f63f0495\System.Drawing.Design.dll
+ 2010-04-09 12:49 . 2010-04-09 12:49 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_3992d21f\CustomMarshalers.dll
+ 2010-04-09 13:29 . 2010-04-09 13:29 36352 c:\windows\assembly\NativeImages_v2.0.50727_32\WBOCXLib\d99e71131f88c9e4a0e721fa007dfda6\WBOCXLib.ni.dll
+ 2010-04-09 13:01 . 2010-04-09 13:01 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\b4a9e413d5cd6d6ec2d50aa05381e293\UIAutomationProvider.ni.dll
+ 2010-04-09 13:32 . 2010-04-09 13:32 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\8acb476a0d4ee17a12881e17ae74a6af\System.Windows.Presentation.ni.dll
+ 2010-04-09 13:32 . 2010-04-09 13:32 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\4b87ca3482a3c0ee733e028ecee7de65\System.Web.DynamicData.Design.ni.dll
+ 2010-04-09 13:30 . 2010-04-09 13:30 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\a0c71055364bd356971791284c3fb910\System.ComponentModel.DataAnnotations.ni.dll
+ 2010-04-09 13:30 . 2010-04-09 13:30 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f9a75bbdc2ce7db578b5977766a09b99\System.AddIn.Contract.ni.dll
+ 2010-04-09 13:29 . 2010-04-09 13:29 50688 c:\windows\assembly\NativeImages_v2.0.50727_32\StardockCentralDSkin\b3f6c84f0a5a79912f98525608bf82d1\StardockCentralDSkin.ni.dll
+ 2010-04-09 13:29 . 2010-04-09 13:29 56320 c:\windows\assembly\NativeImages_v2.0.50727_32\Stardock.Central.Se#\6d45a2edb12d8b34061944f4fbc14ba9\Stardock.Central.Security.ni.dll
+ 2010-04-09 13:29 . 2010-04-09 13:29 77312 c:\windows\assembly\NativeImages_v2.0.50727_32\Sd.Uninstall\d0ba5acd89e1abe737731931446a6c07\Sd.Uninstall.ni.dll
+ 2010-04-09 13:01 . 2010-04-09 13:01 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\3dd0f86c966c75755d62eab8ddf0634c\PresentationFontCache.ni.exe
+ 2010-04-09 13:00 . 2010-04-09 13:00 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\034d081fe294bab1ee1ecc98c1181424\PresentationCFFRasterizer.ni.dll
+ 2010-04-09 13:29 . 2010-04-09 13:29 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\f2673aec397c52796aef05bb9d2668df\Microsoft.Vsa.ni.dll
+ 2010-04-09 13:01 . 2010-04-09 13:01 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\1ded203bd27031c3a5e3441f94b528c0\Microsoft.VisualC.ni.dll
+ 2010-04-09 13:00 . 2010-04-09 13:00 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\d513fe1a81c441e7656a9b062cff4e9f\Microsoft.Build.Framework.ni.dll
+ 2010-04-09 13:30 . 2010-04-09 13:30 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\c5d504724d7f351b1d034615dbb72a2a\Microsoft.Build.Framework.ni.dll
+ 2010-04-09 13:30 . 2010-04-09 13:30 44544 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop\ae4ec6acbc5ffcc3ad6e8c33405be33d\Interop.ni.dll
+ 2010-04-09 13:30 . 2010-04-09 13:30 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\a664ccab020f93f1d533919f57131190\dfsvc.ni.exe
+ 2010-04-09 13:30 . 2010-04-09 13:30 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\ControlLibrary\2fe1bd5a9e53c92655253c031537b8cc\ControlLibrary.ni.dll
+ 2010-04-09 13:30 . 2010-04-09 13:30 53248 c:\windows\assembly\NativeImages_v2.0.50727_32\AjaVideoProperties\608e1333861002ba0957d1133e8b35ae\AjaVideoProperties.ni.dll
+ 2010-04-09 13:01 . 2010-04-09 13:01 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\e63d6d26b8a664cfdfbd4ad75e03c14d\Accessibility.ni.dll
+ 2010-04-09 12:58 . 2010-04-09 12:58 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-04-09 12:58 . 2010-04-09 12:58 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-04-09 12:59 . 2010-04-09 12:59 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-04-09 12:58 . 2010-04-09 12:58 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-04-09 12:58 . 2010-04-09 12:58 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-04-09 12:58 . 2010-04-09 12:58 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-04-09 12:59 . 2010-04-09 12:59 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-04-09 12:59 . 2010-04-09 12:59 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-04-09 12:58 . 2010-04-09 12:58 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-04-09 12:58 . 2010-04-09 12:58 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2010-04-09 12:58 . 2010-04-09 12:58 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-04-09 12:58 . 2010-04-09 12:58 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-04-09 12:58 . 2010-04-09 12:58 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-04-09 12:46 . 2008-07-08 12:59 26488 c:\windows\$hf_mig$\KB968389\update\spcustom.dll
+ 2010-04-09 12:46 . 2008-07-08 12:59 18296 c:\windows\$hf_mig$\KB968389\spmsg.dll
+ 2009-06-25 08:42 . 2009-06-25 08:42 54272 c:\windows\$hf_mig$\KB968389\SP3QFE\wdigest.dll
+ 2009-06-25 08:42 . 2009-06-25 08:42 56832 c:\windows\$hf_mig$\KB968389\SP3QFE\secur32.dll
+ 2009-06-24 10:28 . 2009-06-24 10:28 92928 c:\windows\$hf_mig$\KB968389\SP3QFE\ksecdd.sys
+ 2010-04-09 12:58 . 2010-04-09 12:58 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2001-10-24 12:25 . 2009-11-27 16:09 8704 c:\windows\system32\tsbyuv.dll
+ 2001-10-24 12:25 . 2009-11-27 16:09 8704 c:\windows\system32\dllcache\tsbyuv.dll
+ 2009-11-27 16:09 . 2009-11-27 16:09 8704 c:\windows\Driver Cache\i386\tsbyuv.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-04-09 12:58 . 2010-04-09 12:58 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-04-09 12:59 . 2010-04-09 12:59 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-04-09 12:58 . 2010-04-09 12:58 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-04-09 12:58 . 2010-04-09 12:58 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-04-09 12:59 . 2010-04-09 12:59 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-04-09 12:59 . 2010-04-09 12:59 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2006-09-28 10:13 . 2009-04-09 23:01 413032 c:\windows\system32\wmspdmod.dll
+ 2002-09-20 18:04 . 2010-02-26 05:43 627200 c:\windows\system32\urlmon.dll
+ 2001-10-25 14:00 . 2009-10-15 16:32 119808 c:\windows\system32\t2embed.dll
- 2001-10-25 14:00 . 2009-06-16 14:40 119808 c:\windows\system32\t2embed.dll
- 2002-09-20 18:04 . 2008-10-03 10:04 247326 c:\windows\system32\strmdll.dll
+ 2002-09-20 18:04 . 2009-08-26 08:02 247326 c:\windows\system32\strmdll.dll
+ 2002-09-20 18:04 . 2009-06-25 08:27 147456 c:\windows\system32\schannel.dll
+ 2002-09-20 18:04 . 2009-12-08 09:25 474112 c:\windows\system32\shlwapi.dll
- 2002-09-20 18:04 . 2008-04-14 03:21 474112 c:\windows\system32\shlwapi.dll
+ 2002-09-20 18:04 . 2009-10-12 13:40 150016 c:\windows\system32\rastls.dll
+ 2001-10-25 14:00 . 2010-04-10 13:25 804780 c:\windows\system32\perfh009.dat
+ 2001-10-25 14:00 . 2010-04-10 13:25 210478 c:\windows\system32\perfc009.dat
+ 2002-09-20 18:04 . 2009-10-13 10:34 271360 c:\windows\system32\oakley.dll
- 2002-09-20 18:04 . 2008-04-14 03:21 271360 c:\windows\system32\oakley.dll
+ 2002-09-20 18:04 . 2009-09-11 14:19 136192 c:\windows\system32\msv1_0.dll
- 2006-09-27 18:10 . 2008-04-14 03:22 343552 c:\windows\system32\mspaint.exe
+ 2006-09-27 18:10 . 2009-12-17 07:42 343552 c:\windows\system32\mspaint.exe
+ 2002-09-20 18:04 . 2009-06-25 08:27 729088 c:\windows\system32\lsasrv.dll
+ 2002-09-20 18:04 . 2009-06-25 08:27 301568 c:\windows\system32\kerberos.dll
- 2002-09-20 18:03 . 2008-04-14 03:21 251904 c:\windows\system32\iepeers.dll
+ 2002-09-20 18:03 . 2010-02-26 05:43 251904 c:\windows\system32\iepeers.dll
+ 2001-10-25 14:00 . 2009-12-31 16:50 353792 c:\windows\system32\drivers\srv.sys
+ 2002-08-29 01:59 . 2009-12-04 18:22 455424 c:\windows\system32\drivers\mrxsmb.sys
+ 2006-09-28 10:13 . 2009-04-09 23:01 413032 c:\windows\system32\dllcache\wmspdmod.dll
+ 2008-04-21 06:45 . 2010-02-26 05:43 668160 c:\windows\system32\dllcache\wininet.dll
+ 2008-06-26 08:14 . 2010-02-26 05:43 627200 c:\windows\system32\dllcache\urlmon.dll
+ 2009-06-16 14:40 . 2009-10-15 16:32 119808 c:\windows\system32\dllcache\t2embed.dll
- 2009-06-16 14:40 . 2009-06-16 14:40 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2006-08-24 12:19 . 2009-08-26 08:02 247326 c:\windows\system32\dllcache\strmdll.dll
- 2006-08-24 12:19 . 2008-10-03 10:04 247326 c:\windows\system32\dllcache\strmdll.dll
+ 2008-10-15 19:30 . 2009-12-31 16:50 353792 c:\windows\system32\dllcache\srv.sys
+ 2008-12-05 06:57 . 2009-06-25 08:27 147456 c:\windows\system32\dllcache\schannel.dll
+ 2009-12-08 09:25 . 2009-12-08 09:25 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2009-10-12 13:40 . 2009-10-12 13:40 150016 c:\windows\system32\dllcache\rastls.dll
+ 2009-10-13 10:34 . 2009-10-13 10:34 271360 c:\windows\system32\dllcache\oakley.dll
+ 2009-06-25 08:27 . 2009-09-11 14:19 136192 c:\windows\system32\dllcache\msv1_0.dll
+ 2009-12-17 07:42 . 2009-12-17 07:42 343552 c:\windows\system32\dllcache\mspaint.exe
+ 2008-11-11 18:50 . 2009-12-04 18:22 455424 c:\windows\system32\dllcache\mrxsmb.sys
+ 2009-04-17 10:21 . 2009-06-25 08:27 729088 c:\windows\system32\dllcache\lsasrv.dll
+ 2009-06-25 08:27 . 2009-06-25 08:27 301568 c:\windows\system32\dllcache\kerberos.dll
+ 2010-02-26 05:43 . 2010-02-26 05:43 251904 c:\windows\system32\dllcache\iepeers.dll
+ 2009-08-07 21:51 . 2009-08-07 21:51 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2008-05-27 22:49 . 2008-05-27 22:49 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2004-07-14 22:33 . 2004-07-14 22:33 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2008-05-27 22:48 . 2008-05-27 22:48 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2004-07-14 22:25 . 2004-07-14 22:25 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2008-05-27 23:30 . 2008-05-27 23:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2004-07-14 23:49 . 2004-07-14 23:49 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2010-04-09 12:48 . 2010-04-09 12:48 429568 c:\windows\Installer\867d3.msi
+ 2008-11-11 18:50 . 2009-12-04 18:22 455424 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2010-04-09 12:50 . 2010-04-09 12:50 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_33f48b12\System.Drawing.dll
+ 2010-04-09 12:50 . 2010-04-09 12:50 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_d956e383\System.Drawing.Design.dll
+ 2010-04-09 12:50 . 2010-04-09 12:50 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_6b253d6c\CustomMarshalers.dll
+ 2010-04-09 13:30 . 2010-04-09 13:30 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\e2098e43d115155d6ba91ba3a7e577cf\WsatConfig.ni.exe
+ 2010-04-09 13:04 . 2010-04-09 13:04 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\bf92bc207f927cbbd6dfc9dc0c3eae68\WindowsFormsIntegration.ni.dll
+ 2010-04-09 13:29 . 2010-04-09 13:29 372736 c:\windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\d3924d7d4cabe93f93c281c4e5e44ad9\VistaBridgeLibrary.ni.dll
+ 2010-04-09 13:29 . 2010-04-09 13:29 611328 c:\windows\assembly\NativeImages_v2.0.50727_32\VDialog\c6625f20a6628f887f320aa01bf4280a\VDialog.ni.dll
+ 2010-04-09 13:01 . 2010-04-09 13:01 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\6f488b7644dc50a083868e91a4014466\UIAutomationTypes.ni.dll
+ 2010-04-09 13:03 . 2010-04-09 13:03 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\c2fbf25609b704061a93500efa6f241d\UIAutomationClient.ni.dll
+ 2010-04-09 13:56 . 2010-04-09 13:56 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\eb23b78564687badff1bd1f1d0a0ec97\System.Xml.Linq.ni.dll
+ 2010-04-09 13:31 . 2010-04-09 13:31 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\e7666364bf9f3ba5f4833c9efedd8218\System.Web.Routing.ni.dll
+ 2010-04-09 13:03 . 2010-04-09 13:03 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\b5f1b8791e6c47e5bd5e7018c346c586\System.Web.RegularExpressions.ni.dll
+ 2010-04-09 13:32 . 2010-04-09 13:32 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\884eacddf339b8b342f66aedff5f8ef9\System.Web.Extensions.Design.ni.dll
+ 2010-04-09 13:32 . 2010-04-09 13:32 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\9e199645bd26f1afe58ebe185d1e7f0f\System.Web.Entity.ni.dll
+ 2010-04-09 13:32 . 2010-04-09 13:32 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\652017ebe962ab2eb271c2524f31cd61\System.Web.Entity.Design.ni.dll
+ 2010-04-09 13:32 . 2010-04-09 13:32 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\d0070c1c1a642ae30394e00bc0d82336\System.Web.DynamicData.ni.dll
+ 2010-04-09 13:31 . 2010-04-09 13:31 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\1896753d02d146be1988d32241300f51\System.Web.Abstractions.ni.dll
+ 2010-04-09 13:02 . 2010-04-09 13:02 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\408e637346ef628a3f54fb1b9b83ac9f\System.Transactions.ni.dll
+ 2010-04-09 13:03 . 2010-04-09 13:03 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\1f61bccb700d687775cf778dd77752e9\System.ServiceProcess.ni.dll
+ 2010-04-09 13:00 . 2010-04-09 13:00 676352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\a9e9b885a6601469c4058375cc74d856\System.Security.ni.dll
+ 2010-04-09 13:01 . 2010-04-09 13:01 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\9bc34a79af9c3ed2cf17a0226c769b4c\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2010-04-09 13:02 . 2010-04-09 13:02 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\af21e3011fb4e107b13ea5c40c351ec4\System.Runtime.Remoting.ni.dll
+ 2010-04-09 13:31 . 2010-04-09 13:31 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\5f74a84e9d28c2332c51f6e30da0e125\System.Net.ni.dll
+ 2010-04-09 13:32 . 2010-04-09 13:32 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\8ad38ebb07c0d5b5bbf15f8f3c11c6be\System.Messaging.ni.dll
+ 2010-04-09 13:29 . 2010-04-09 13:29 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\2c208e4c5521f31057ea7d6e93c6a567\System.Management.ni.dll
+ 2010-04-09 13:31 . 2010-04-09 13:31 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\818b20a7c6f3b2fe97bf008ca24080c1\System.Management.Instrumentation.ni.dll
+ 2010-04-09 13:28 . 2010-04-09 13:28 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\6c273eb9d1ee8b66b5ecb073de4b785d\System.IO.Log.ni.dll
+ 2010-04-09 13:28 . 2010-04-09 13:28 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\7222db518afb4eaaa138824278249bc7\System.IdentityModel.Selectors.ni.dll
+ 2010-04-09 13:02 . 2010-04-09 13:02 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8a7d0bd0057a8ed38291d5662248f7a1\System.EnterpriseServices.Wrapper.dll
+ 2010-04-09 13:02 . 2010-04-09 13:02 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8a7d0bd0057a8ed38291d5662248f7a1\System.EnterpriseServices.ni.dll
+ 2010-04-09 13:03 . 2010-04-09 13:03 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\ca6d7208c0fb72ff97429f2636ced321\System.Drawing.Design.ni.dll
+ 2010-04-09 13:31 . 2010-04-09 13:31 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c92fc19800e701c90f90ab7a2ab44c47\System.DirectoryServices.AccountManagement.ni.dll
+ 2010-04-09 13:03 . 2010-04-09 13:03 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\a601f47a98ee67df424685c9a66ea449\System.DirectoryServices.Protocols.ni.dll
+ 2010-04-09 13:31 . 2010-04-09 13:31 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\b91b44015859163646f210d284f7166a\System.Data.Services.Client.ni.dll
+ 2010-04-09 13:31 . 2010-04-09 13:31 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1b35297e07b85071daecdb06f96750a1\System.Data.Services.Design.ni.dll
+ 2010-04-09 13:31 . 2010-04-09 13:31 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\cf906bf9146d1f0013451ec63b58e064\System.Data.Entity.Design.ni.dll
+ 2010-04-09 13:30 . 2010-04-09 13:30 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\4ff4134b0d490c090e03d74e104517c4\System.Data.DataSetExtensions.ni.dll
+ 2010-04-09 13:00 . 2010-04-09 13:00 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7c743462baccf29b3567b0e3ec9ac134\System.Configuration.ni.dll
+ 2010-04-09 13:03 . 2010-04-09 13:03 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\443e3a85c491b2de4a2ac654cb957484\System.Configuration.Install.ni.dll
+ 2010-04-09 13:30 . 2010-04-09 13:30 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\cba35f47925431a54d0e6ae147a292f1\System.AddIn.ni.dll
+ 2010-04-09 13:03 . 2010-04-09 13:03 232448 c:\windows\assembly\NativeImages_v2.0.50727_32\sysglobl\3677b81a93d21c46cbac72c051f8c986\sysglobl.ni.dll
+ 2010-04-09 13:30 . 2010-04-09 13:30 928256 c:\windows\assembly\NativeImages_v2.0.50727_32\Sony.Vegas\f104ae325652095916b7df15ff59bbaf\Sony.Vegas.ni.dll
+ 2010-04-09 13:30 . 2010-04-09 13:30 222208 c:\windows\assembly\NativeImages_v2.0.50727_32\Sony.Vegas.NetRender\2975078ac309f164b027445400af73e3\Sony.Vegas.NetRender.ni.dll
+ 2010-04-09 13:30 . 2010-04-09 13:30 279040 c:\windows\assembly\NativeImages_v2.0.50727_32\Sony.MediaSoftware.#\690a6f21cce8c0f533d129369670cff1\Sony.MediaSoftware.ExternalVideoDevice.ni.dll
+ 2010-04-09 13:30 . 2010-04-09 13:30 646656 c:\windows\assembly\NativeImages_v2.0.50727_32\Sony.Capture\2b14dc0d36ac5f2ef8c90ba71f3441ab\Sony.Capture.ni.dll
+ 2010-04-09 13:30 . 2010-04-09 13:30 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6af32fe5cbec0aa54e2efa6910c73651\SMSvcHost.ni.exe
+ 2010-04-09 13:30 . 2010-04-09 13:30 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\7602d7687fb9bd21cd9ae60d2b187c99\SMDiagnostics.ni.dll
+ 2010-04-09 13:29 . 2010-04-09 13:29 128000 c:\windows\assembly\NativeImages_v2.0.50727_32\SharpBITS.Base\db18ee3afe6b34e8497f2eddb9d46a0a\SharpBITS.Base.ni.dll
+ 2010-04-09 13:30 . 2010-04-09 13:30 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\a23dc25782df04533a13e348203e4dc5\ServiceModelReg.ni.exe
+ 2010-04-09 13:29 . 2010-04-09 13:29 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\Sd\2cb7ff992aed0a12b5e4a30f01a1d91b\Sd.ni.dll
+ 2010-04-09 13:30 . 2010-04-09 13:30 459776 c:\windows\assembly\NativeImages_v2.0.50727_32\Sd.Zip\6906e9dbd84880095dd4199109c89b21\Sd.Zip.ni.dll
+ 2010-04-09 13:29 . 2010-04-09 13:29 524800 c:\windows\assembly\NativeImages_v2.0.50727_32\Sd.Web\3fa7a14b8a6e610084876a8094f6d8f4\Sd.Web.ni.dll
+ 2010-04-09 13:29 . 2010-04-09 13:29 155648 c:\windows\assembly\NativeImages_v2.0.50727_32\Sd.UI\c870e267fec4c8b9779daeeb5ad98f7f\Sd.UI.ni.dll
+ 2010-04-09 13:29 . 2010-04-09 13:29 782848 c:\windows\assembly\NativeImages_v2.0.50727_32\Sd.Irc\c1f91a47eafdd814c8a0e3c41b403440\Sd.Irc.ni.dll
+ 2010-04-09 13:29 . 2010-04-09 13:29 279040 c:\windows\assembly\NativeImages_v2.0.50727_32\Sd.InstallManager\cd40d1df1c5c84d523a72b17d1916c91\Sd.InstallManager.ni.dll
+ 2010-04-09 13:29 . 2010-04-09 13:29 483840 c:\windows\assembly\NativeImages_v2.0.50727_32\Sd.Common.XmlSerial#\92d70860d73459cecd8ffc6a5337f0e0\Sd.Common.XmlSerializers.ni.dll
+ 2010-04-09 13:29 . 2010-04-09 13:29 132096 c:\windows\assembly\NativeImages_v2.0.50727_32\sd.central.cmp.serv#\5c3d41b4fad30839e97f655f74a13149\sd.central.cmp.server.ni.dll
+ 2010-04-09 13:29 . 2010-04-09 13:29 100352 c:\windows\assembly\NativeImages_v2.0.50727_32\Sd.Central.Archive\a41243c7fe8d921baae9d822d5522285\Sd.Central.Archive.ni.dll
+ 2010-04-09 13:29 . 2010-04-09 13:29 271872 c:\windows\assembly\NativeImages_v2.0.50727_32\Sd.Central.Archive.#\7b0a42362aac66dbf9d3f5c326347346\Sd.Central.Archive.XmlSerializers.ni.dll
+ 2010-04-09 13:03 . 2010-04-09 13:03 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\96f74da5fc40b92f09069230bc0df4f0\PresentationFramework.Royale.ni.dll
+ 2010-04-09 13:03 . 2010-04-09 13:03 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3bb4d16b042b72c2c85a0f8ac9d48f28\PresentationFramework.Luna.ni.dll
+ 2010-04-09 13:03 . 2010-04-09 13:03 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\30c5c2682d3c5bdaa83bb9a36ee48afa\PresentationFramework.Aero.ni.dll
+ 2010-04-09 13:03 . 2010-04-09 13:03 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07e952efd70f5608e221a008e6231ace\PresentationFramework.Classic.ni.dll
+ 2010-04-09 13:29 . 2010-04-09 13:29 291328 c:\windows\assembly\NativeImages_v2.0.50727_32\MyDock.Util\86eefca9a2f319f42eb6e356844bc37e\MyDock.Util.ni.dll
+ 2010-04-09 13:30 . 2010-04-09 13:30 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\eade8c1c9c1e8e5ffb50e6c9b9af0f6a\MSBuild.ni.exe
+ 2010-04-09 13:30 . 2010-04-09 13:30 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\fc4d66e0a92b3767006a84f2519d2457\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2010-04-09 13:00 . 2010-04-09 13:00 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\58ca3ecc52b7246b448c109817198a0b\Microsoft.Build.Utilities.ni.dll
+ 2010-04-09 13:30 . 2010-04-09 13:30 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\4dd43724dd92026577c6f588270137a0\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2010-04-09 13:30 . 2010-04-09 13:30 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\8c651f75bb741330370986dcad8e9e5b\Microsoft.Build.Engine.ni.dll
+ 2010-04-09 13:30 . 2010-04-09 13:30 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\a6dcbae619ccd938bfe808c54d6d3ae0\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2010-04-09 13:29 . 2010-04-09 13:29 100864 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.IWshRuntime#\db85a5c318b24cac7b48e50f3e22c96d\Interop.IWshRuntimeLibrary.ni.dll
+ 2010-04-09 13:29 . 2010-04-09 13:29 724480 c:\windows\assembly\NativeImages_v2.0.50727_32\ICSharpCode.SharpZi#\210456f21d81f5f6038ac408af1e837b\ICSharpCode.SharpZipLib.ni.dll
+ 2010-04-09 13:29 . 2010-04-09 13:29 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\77688ce14f221ed94a9f442ae4736123\CustomMarshalers.ni.dll
+ 2010-04-09 13:30 . 2010-04-09 13:30 326144 c:\windows\assembly\NativeImages_v2.0.50727_32\CoreUI\c0b0b036c304d64e9990ee081ba986a9\CoreUI.ni.dll
+ 2010-04-09 13:30 . 2010-04-09 13:30 818688 c:\windows\assembly\NativeImages_v2.0.50727_32\CoreUI.XmlSerialize#\bbd049a7a088a074e6f859475d426ab8\CoreUI.XmlSerializers.ni.dll
+ 2010-04-09 13:30 . 2010-04-09 13:30 119808 c:\windows\assembly\NativeImages_v2.0.50727_32\CorePrimitives\40e164ba6af1fdd3f7818a0f17a3259c\CorePrimitives.ni.dll
+ 2010-04-09 13:30 . 2010-04-09 13:30 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\a17c65f0cffaa4f792dd38d50df9d526\ComSvcConfig.ni.exe
+ 2010-04-09 13:28 . 2010-04-09 13:28 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\85d7c111956b478766d90625b35d963f\AspNetMMCExt.ni.dll
+ 2010-04-09 12:58 . 2010-04-09 12:58 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-04-09 12:58 . 2010-04-09 12:58 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-04-09 12:58 . 2010-04-09 12:58 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-04-09 12:59 . 2010-04-09 12:59 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-04-09 12:59 . 2010-04-09 12:59 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-04-09 12:59 . 2010-04-09 12:59 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-04-09 12:59 . 2010-04-09 12:59 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-04-09 12:59 . 2010-04-09 12:59 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-04-09 12:59 . 2010-04-09 12:59 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2010-04-09 12:58 . 2010-04-09 12:58 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-04-09 12:58 . 2010-04-09 12:58 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-04-09 12:59 . 2010-04-09 12:59 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-04-09 12:59 . 2010-04-09 12:59 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-04-09 12:59 . 2010-04-09 12:59 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-04-09 12:59 . 2010-04-09 12:59 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-04-09 12:58 . 2010-04-09 12:58 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-04-09 12:58 . 2010-04-09 12:58 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-04-09 12:58 . 2010-04-09 12:58 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-04-09 12:58 . 2010-04-09 12:58 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-04-09 12:59 . 2010-04-09 12:59 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-04-09 12:59 . 2010-04-09 12:59 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-04-09 12:58 . 2010-04-09 12:58 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-04-09 12:58 . 2010-04-09 12:58 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2010-04-09 12:59 . 2010-04-09 12:59 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2010-04-09 12:59 . 2010-04-09 12:59 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-04-09 12:59 . 2010-04-09 12:59 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2002-09-20 18:03 . 2009-11-21 16:03 471552 c:\windows\AppPatch\aclayers.dll
+ 2010-04-09 12:46 . 2009-05-26 11:40 391032 c:\windows\$hf_mig$\KB968389\update\updspapi.dll
+ 2010-04-09 12:46 . 2009-05-26 11:40 759160 c:\windows\$hf_mig$\KB968389\update\update.exe
+ 2010-04-09 12:46 . 2008-07-08 12:59 233848 c:\windows\$hf_mig$\KB968389\spuninst.exe
+ 2009-06-25 08:42 . 2009-06-25 08:42 147456 c:\windows\$hf_mig$\KB968389\SP3QFE\schannel.dll
+ 2009-06-25 08:42 . 2009-06-25 08:42 136704 c:\windows\$hf_mig$\KB968389\SP3QFE\msv1_0.dll
+ 2009-06-26 09:42 . 2009-06-26 09:42 729088 c:\windows\$hf_mig$\KB968389\SP3QFE\lsasrv.dll
+ 2009-06-25 08:42 . 2009-06-25 08:42 301568 c:\windows\$hf_mig$\KB968389\SP3QFE\kerberos.dll
+ 2010-04-09 12:09 . 2009-08-13 13:56 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
+ 2009-07-20 22:03 . 2009-07-20 22:03 1348432 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9876.0_x-ww_a621d1d5\msxml4.dll
+ 2002-09-20 17:41 . 2009-08-14 15:15 1850624 c:\windows\system32\win32k.sys
+ 2002-09-20 18:04 . 2010-03-10 04:43 1510400 c:\windows\system32\shdocvw.dll
- 2002-09-20 18:04 . 2009-07-18 16:05 1510400 c:\windows\system32\shdocvw.dll
+ 2002-09-20 18:04 . 2009-07-17 16:17 1437696 c:\windows\system32\query.dll
- 2002-09-20 18:04 . 2008-04-14 03:21 1437696 c:\windows\system32\query.dll
Re: Nejde odstranit virus virus.Rootkit.Win32.agent.bdov
pokracovani logu:
+ 2006-09-28 09:51 . 2009-11-27 17:14 1294336 c:\windows\system32\quartz.dll
+ 2002-09-20 17:12 . 2009-12-09 10:11 2147328 c:\windows\system32\ntoskrnl.exe
- 2002-09-20 17:12 . 2009-02-09 11:26 2147328 c:\windows\system32\ntoskrnl.exe
- 2002-09-20 17:12 . 2009-02-09 11:26 2025984 c:\windows\system32\ntkrnlpa.exe
+ 2002-09-20 17:12 . 2009-12-09 10:11 2025984 c:\windows\system32\ntkrnlpa.exe
+ 2008-09-26 14:34 . 2009-07-31 08:05 1372672 c:\windows\system32\msxml6.dll
+ 2009-07-20 22:05 . 2009-07-20 22:05 1348432 c:\windows\system32\msxml4.dll
+ 2002-09-20 18:04 . 2009-07-31 04:35 1172480 c:\windows\system32\msxml3.dll
+ 2002-09-20 18:04 . 2010-02-26 05:43 3094016 c:\windows\system32\mshtml.dll
- 2006-09-28 02:04 . 2010-01-23 01:42 1429360 c:\windows\system32\FNTCACHE.DAT
+ 2006-09-28 02:04 . 2010-04-09 13:16 1429360 c:\windows\system32\FNTCACHE.DAT
+ 2008-10-15 19:30 . 2009-08-14 15:15 1850624 c:\windows\system32\dllcache\win32k.sys
+ 2008-06-26 08:14 . 2010-03-10 04:43 1510400 c:\windows\system32\dllcache\shdocvw.dll
- 2008-06-26 08:14 . 2009-07-18 16:05 1510400 c:\windows\system32\dllcache\shdocvw.dll
+ 2009-07-17 16:17 . 2009-07-17 16:17 1437696 c:\windows\system32\dllcache\query.dll
+ 2008-05-07 05:12 . 2009-11-27 17:14 1294336 c:\windows\system32\dllcache\quartz.dll
+ 2008-10-15 19:30 . 2009-12-09 10:11 2191360 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2008-10-15 19:30 . 2009-12-09 10:11 2025984 c:\windows\system32\dllcache\ntkrpamp.exe
- 2008-10-15 19:30 . 2009-02-09 11:26 2025984 c:\windows\system32\dllcache\ntkrpamp.exe
- 2008-10-15 19:30 . 2009-02-10 17:09 2068224 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-10-15 19:30 . 2009-12-09 10:11 2068224 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-10-15 19:30 . 2009-12-09 10:11 2147328 c:\windows\system32\dllcache\ntkrnlmp.exe
- 2008-10-15 19:30 . 2009-02-09 11:26 2147328 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-09-26 14:34 . 2009-07-31 08:05 1372672 c:\windows\system32\dllcache\msxml6.dll
+ 2008-11-11 18:50 . 2009-07-31 04:35 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2008-04-21 06:45 . 2010-02-26 05:43 3094016 c:\windows\system32\dllcache\mshtml.dll
+ 2010-03-10 04:43 . 2010-03-10 04:43 1025024 c:\windows\system32\dllcache\browseui.dll
- 2002-09-20 18:03 . 2008-04-14 03:21 1025024 c:\windows\system32\browseui.dll
+ 2002-09-20 18:03 . 2010-03-10 04:43 1025024 c:\windows\system32\browseui.dll
+ 2009-08-07 21:51 . 2009-08-07 21:51 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
- 2008-11-25 02:59 . 2008-11-25 02:59 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2009-08-07 21:51 . 2009-08-07 21:51 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2008-05-27 23:35 . 2008-05-27 23:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2008-05-27 23:35 . 2008-05-27 23:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2008-05-27 22:48 . 2008-05-27 22:48 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2008-05-27 22:48 . 2008-05-27 22:48 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2008-05-27 22:43 . 2008-05-27 22:43 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2010-04-09 16:39 . 2010-04-09 16:39 1252864 c:\windows\Installer\bae114.msi
+ 2008-10-15 19:30 . 2009-12-09 10:11 2191360 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-10-15 19:30 . 2009-12-09 10:11 2025984 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2008-10-15 19:30 . 2009-02-09 11:26 2025984 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2008-10-15 19:30 . 2009-02-10 17:09 2068224 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-15 19:30 . 2009-12-09 10:11 2068224 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-15 19:30 . 2009-12-09 10:11 2147328 c:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2008-10-15 19:30 . 2009-02-09 11:26 2147328 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2010-04-09 12:49 . 2010-04-09 12:49 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_840596d4\System.dll
+ 2010-04-09 12:50 . 2010-04-09 12:50 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_445ed40d\System.dll
+ 2010-04-09 12:50 . 2010-04-09 12:50 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_f3c85d37\System.Xml.dll
+ 2010-04-09 12:50 . 2010-04-09 12:50 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_4564088d\System.Xml.dll
+ 2010-04-09 12:50 . 2010-04-09 12:50 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_df257e26\System.Windows.Forms.dll
+ 2010-04-09 12:50 . 2010-04-09 12:50 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_bf02d00c\System.Windows.Forms.dll
+ 2010-04-09 12:50 . 2010-04-09 12:50 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_7964f3b7\System.Drawing.dll
+ 2010-04-09 12:50 . 2010-04-09 12:50 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_c9f0e773\System.Design.dll
+ 2010-04-09 12:50 . 2010-04-09 12:50 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_068551e1\System.Design.dll
+ 2010-04-09 12:50 . 2010-04-09 12:50 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_917af526\mscorlib.dll
+ 2010-04-09 12:50 . 2010-04-09 12:50 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_71de6e3b\mscorlib.dll
+ 2010-04-09 13:01 . 2010-04-09 13:01 3313664 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\204d6e5b335134f23ca37638b9227ecf\WindowsBase.ni.dll
+ 2010-04-09 13:30 . 2010-04-09 13:30 1379328 c:\windows\assembly\NativeImages_v2.0.50727_32\WidgetLibrary\7ae90498b07c09d5cf03078c78e60de2\WidgetLibrary.ni.dll
+ 2010-04-09 13:03 . 2010-04-09 13:03 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\0f2ed6a204eb13841e99b77025464afc\UIAutomationClientsideProviders.ni.dll
+ 2010-04-09 13:00 . 2010-04-09 13:00 7868416 c:\windows\assembly\NativeImages_v2.0.50727_32\System\3de5bd01124463d7862bd173af90bc83\System.ni.dll
+ 2010-04-09 13:00 . 2010-04-09 13:00 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5913d3f81e77194ec833991b1047a532\System.Xml.ni.dll
+ 2010-04-09 13:56 . 2010-04-09 13:56 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\fa48917b13629d8effa80dd4a2f2973d\System.WorkflowServices.ni.dll
+ 2010-04-09 13:32 . 2010-04-09 13:32 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6fe66ee6f3c81996bc148f1ebe7ec030\System.Workflow.Runtime.ni.dll
+ 2010-04-09 13:32 . 2010-04-09 13:32 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\9d0b61f2f1ebdc300bd970f594c422ef\System.Workflow.ComponentModel.ni.dll
+ 2010-04-09 13:32 . 2010-04-09 13:32 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\65328898148a720d394f802f192fc2a0\System.Workflow.Activities.ni.dll
+ 2010-04-09 13:03 . 2010-04-09 13:03 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\ea07ac791bb5cb9f83679e3dd1a0c0cc\System.Web.Services.ni.dll
+ 2010-04-09 13:32 . 2010-04-09 13:32 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\29e2f8b1fb691ced973acf49fcee6ec1\System.Web.Mobile.ni.dll
+ 2010-04-09 13:32 . 2010-04-09 13:32 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\981dea02bc63c0c083e335adf9018788\System.Web.Extensions.ni.dll
+ 2010-04-09 13:03 . 2010-04-09 13:03 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\99594bae1d022502925f5b9dfcdaae9a\System.Speech.ni.dll
+ 2010-04-09 13:31 . 2010-04-09 13:31 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\e182695d05ea57257568bc5f3208aca7\System.ServiceModel.Web.ni.dll
+ 2010-04-09 13:28 . 2010-04-09 13:28 2338304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\67ad55827f2542552b576170f0a7dc56\System.Runtime.Serialization.ni.dll
+ 2010-04-09 13:02 . 2010-04-09 13:02 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\e5313735a40c0800f116e27fba4754db\System.Printing.ni.dll
+ 2010-04-09 13:28 . 2010-04-09 13:28 1056768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c3b18fef5c6dc3bcdbe5df699fd21a55\System.IdentityModel.ni.dll
+ 2010-04-09 13:01 . 2010-04-09 13:01 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\abb2ac7e08bee026f857d8fa36f9fe6f\System.Drawing.ni.dll
+ 2010-04-09 13:02 . 2010-04-09 13:02 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f47ebb9db460874b1bcbfc391dc970b1\System.DirectoryServices.ni.dll
+ 2010-04-09 13:01 . 2010-04-09 13:01 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\c94a427baa7683f4221b91f90c18461b\System.Deployment.ni.dll
+ 2010-04-09 13:02 . 2010-04-09 13:02 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\694c07365e0fd6bba0bc304d4d2404a7\System.Data.ni.dll
+ 2010-04-09 13:00 . 2010-04-09 13:00 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\272152f0cc139490729e215611a4b244\System.Data.SqlXml.ni.dll
+ 2010-04-09 13:31 . 2010-04-09 13:31 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\112a48e34620a0210eb850040da8a31b\System.Data.Services.ni.dll
+ 2010-04-09 13:03 . 2010-04-09 13:03 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\ffa1018e8022964eb51025c2c6d8727a\System.Data.OracleClient.ni.dll
+ 2010-04-09 13:03 . 2010-04-09 13:03 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\32788c58ff9f8324460604cf1fe7681b\System.Data.Linq.ni.dll
+ 2010-04-09 13:31 . 2010-04-09 13:31 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\9012cac7819660f61f1c69cf8e4f2ccf\System.Data.Entity.ni.dll
+ 2010-04-09 13:03 . 2010-04-09 13:03 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\c0a42d2ad8a4078040b334f6770ea11f\System.Core.ni.dll
+ 2010-04-09 13:29 . 2010-04-09 13:29 1002496 c:\windows\assembly\NativeImages_v2.0.50727_32\Sd.Common\4ead41c67dbfb11039db3323828379b2\Sd.Common.ni.dll
+ 2010-04-09 13:02 . 2010-04-09 13:02 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\954685c29689d2a6126ceca1fd55e904\ReachFramework.ni.dll
+ 2010-04-09 13:02 . 2010-04-09 13:02 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\a3a6f52ce1d09a7bdccc8e7fc664792d\PresentationUI.ni.dll
+ 2010-04-09 13:00 . 2010-04-09 13:00 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\f906701365083c1473db31519147e263\PresentationBuildTasks.ni.dll
+ 2010-04-09 13:29 . 2010-04-09 13:29 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6eee9b772b6d12d3dbd82f118c2ab2e5\Microsoft.VisualBasic.ni.dll
+ 2010-04-09 13:30 . 2010-04-09 13:30 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f19e9b439636d0744597fff1331cad04\Microsoft.Transactions.Bridge.ni.dll
+ 2010-04-09 13:29 . 2010-04-09 13:29 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\5b1af7b5be24c7ace065fe1c81c2b650\Microsoft.JScript.ni.dll
+ 2010-04-09 13:30 . 2010-04-09 13:30 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\9eec1cc7ac37e0c7f3205e8156149c5a\Microsoft.Build.Tasks.ni.dll
+ 2010-04-09 13:30 . 2010-04-09 13:30 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\28c0730288453d57d5dcd62903c4d31b\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2010-04-09 13:30 . 2010-04-09 13:30 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\5dd4f58999eed37c12aee7ea9f9863ac\Microsoft.Build.Engine.ni.dll
+ 2010-04-09 13:29 . 2010-04-09 13:29 2379264 c:\windows\assembly\NativeImages_v2.0.50727_32\ImpulseDock\5396182e24d6f5a67d8bafc6114a8533\ImpulseDock.ni.exe
+ 2010-04-09 13:29 . 2010-04-09 13:29 3807744 c:\windows\assembly\NativeImages_v2.0.50727_32\Impulse\6bcccb1fe7fee604a31dd358ffa8c0e2\Impulse.ni.exe
+ 2010-04-09 13:30 . 2010-04-09 13:30 1538048 c:\windows\assembly\NativeImages_v2.0.50727_32\CoreGraphics\0e36e44a6e9d08c6aee3c325644534fd\CoreGraphics.ni.dll
+ 2010-04-09 13:30 . 2010-04-09 13:30 1180672 c:\windows\assembly\NativeImages_v2.0.50727_32\CoreGraphics.XmlSer#\8df65a4c22d055849990476c9203ef16\CoreGraphics.XmlSerializers.ni.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2010-04-09 12:59 . 2010-04-09 12:59 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-04-09 12:59 . 2010-04-09 12:59 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-04-09 12:58 . 2010-04-09 12:58 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-04-09 12:58 . 2010-04-09 12:58 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-04-09 12:58 . 2010-04-09 12:58 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-04-09 12:59 . 2010-04-09 12:59 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-04-09 12:59 . 2010-04-09 12:59 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-04-09 12:49 . 2010-04-09 12:49 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2010-04-09 12:49 . 2010-04-09 12:49 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-08-10 19:08 . 2009-08-10 19:08 11315712 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp
+ 2009-08-14 18:32 . 2009-08-14 18:32 11110912 c:\windows\Installer\867f2.msp
+ 2009-08-10 12:09 . 2009-08-10 12:09 17254912 c:\windows\Installer\867e9.msp
+ 2010-04-09 13:01 . 2010-04-09 13:01 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d2ea8d76f015817db1607075812b555f\System.Windows.Forms.ni.dll
+ 2010-04-09 13:02 . 2010-04-09 13:03 11796992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\5cea03cfb008f2eac1439a9905467f37\System.Web.ni.dll
+ 2010-04-09 13:29 . 2010-04-09 13:29 17317888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\06d6eab93282d2b136a377bd50b7c5a9\System.ServiceModel.ni.dll
+ 2010-04-09 13:03 . 2010-04-09 13:03 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\8b82e08c008924d51833cb0884bcbfc5\System.Design.ni.dll
+ 2010-04-09 13:02 . 2010-04-09 13:02 14327808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\58c7ac6b6054038dc9346d7ec8e32b4c\PresentationFramework.ni.dll
+ 2010-04-09 13:01 . 2010-04-09 13:01 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\94badbd64df59de7da249f71da38b1c2\PresentationCore.ni.dll
+ 2010-04-09 13:00 . 2010-04-09 13:00 11486720 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"Google Update"="c:\documents and settings\TwoRik\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-03-11 135664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-03-12 185896]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"razer"="c:\program files\Razer\razerhid.exe" [2005-05-17 147456]
"Diamondback"="c:\program files\Razer\Diamondback 3G\razerhid.exe" [2007-08-01 147456]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\TwoRik\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^ WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\ WinCinema Manager.lnk
backup=c:\windows\pss\ WinCinema Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^TwoRik^Nabídka Start^Programy^Po spuštění^OpenOffice.org 2.0.lnk]
path=c:\documents and settings\TwoRik\Nabídka Start\Programy\Po spuštění\OpenOffice.org 2.0.lnk
backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 16:43 69632 ----a-r- c:\windows\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-01-15 15:14 147456 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:22 1695232 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
2004-03-10 22:26 406016 ----a-w- c:\windows\system32\PSDrvCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-03-28 21:37 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-07-21 14:56 16261632 ----a-r- c:\windows\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 12:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 16:04 2879488 ----a-r- c:\windows\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-07-12 02:00 132496 ----a-w- c:\program files\Java\jre1.6.0_02\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MSDTC"=3 (0x3)
"lanmanserver"=2 (0x2)
"CryptSvc"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\mIRC\\nnuninst.exe"=
"c:\\Program Files\\Teamspeak2_RC2\\TeamSpeak.exe"=
"e:\\sdc202\\StrongDC.exe"=
"c:\\Program Files\\ICQLite\\ICQLite.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\MirandaIM\\miranda32.exe"=
"c:\\Program Files\\Tortun\\gui.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\keyclone\\keyclone.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\Czech\\setup.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\Czech\\setup.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\MirandaIM\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"c:\\Miranda\\Mir4nda-IM-0.7.17-Pack-v2.2\\miranda32.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\UT2004\\System\\UT2004.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [14.10.2009 22:18 36880]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5.10.2006 22:45 717296]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [7.11.2009 11:45 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21.6.2008 5:54 66600]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [27.2.2010 4:10 246520]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 8:24 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 8:24 1365288]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14.9.2009 15:42 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2.10.2009 20:39 19472]
R3 Razerlow;Diamondback 3G USB Filter Driver;c:\windows\system32\drivers\DB3G.sys [4.1.2010 18:45 13225]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [7.11.2009 11:45 65576]
--- Ostatní služby/ovladače v paměti ---
*Deregistered* - oskpmhwm
.
Obsah adresáře 'Naplánované úlohy'
2009-11-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:57]
2010-04-10 c:\windows\Tasks\Registry Reviver-TwoRik-Startup.job
- c:\program files\ReviverSoft\Registry Reviver\RegistryReviver.exe [2010-03-04 16:48]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = *.local
IE: Çŕęŕ÷ŕňü ÂŃĹ ďđč ďîěîůč Download Master
IE: Çŕęŕ÷ŕňü ďđč ďîěîůč Download Master
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\TwoRik\Data aplikací\Mozilla\Firefox\Profiles\vs8yc1bx.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.1&q=
FF - component: c:\program files\Mozilla Firefox\components\Scriptff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-SpyEmergency - c:\program files\NETGATE\Spy Emergency\SpyEmergency.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-10 15:24
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys atapi.sys spdp.sys >>UNKNOWN [0x8A8FC938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0fcf28
\Driver\ACPI -> ACPI.sys @ 0xb9e67cb8
\Driver\atapi -> sfsync02.sys @ 0xba0c98b4
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller -> SendCompleteHandler -> NDIS.sys @ 0xb9bd9bb0
PacketIndicateHandler -> NDIS.sys @ 0xb9be6a21
SendHandler -> NDIS.sys @ 0xb9bc487b
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\oskpmhwm]
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-746137067-152049171-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:0b,f0,6b,5f,c1,ad,39,2d,9d,04,5c,d9,bf,d3,a1,65,3f,c3,5e,20,50,e6,9d,
20,94,c3,22,5c,f8,85,f4,18,71,8a,a6,0f,2f,07,29,54,fc,d5,cd,fd,8e,c2,25,6c,\
"??"=hex:0a,ad,90,f0,65,3c,48,de,9a,dd,e5,c4,ed,13,f0,dd
[HKEY_USERS\S-1-5-21-746137067-152049171-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:bc,2c,1b,2c,1f,2c,82,02,5b,33,e7,85,03,7c,e8,2a,31,a9,db,6a,1a,
13,24,73,c4,6e,69,ec,dc,1f,eb,d4,f7,3d,ea,21,f0,4d,21,41,29,89,95,d7,41,b1,\
"rkeysecu"=hex:8d,80,84,4c,27,f3,a9,a5,07,d4,c2,6c,bf,c0,04,cd
[HKEY_LOCAL_MACHINE\software\swearware\backup\winsock2]
@DACL=(02 0000)
@SACL=
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1528)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Sunbelt Software\Personal Firewall\SbPFCl.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Razer\razertra.exe
c:\program files\Razer\Diamondback 3G\razertra.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\Razer\razerofa.exe
c:\program files\Razer\Diamondback 3G\razerofa.exe
.
**************************************************************************
.
Celkový čas: 2010-04-10 15:30:41 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-10 13:30
ComboFix2.txt 2010-04-09 12:23
ComboFix3.txt 2009-06-22 05:20
Před spuštěním: 4 659 298 304
Po spuštění: 4 628 369 408
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 6B8FAE93A9D83098D3FEB9DFCB2610D0
+ 2006-09-28 09:51 . 2009-11-27 17:14 1294336 c:\windows\system32\quartz.dll
+ 2002-09-20 17:12 . 2009-12-09 10:11 2147328 c:\windows\system32\ntoskrnl.exe
- 2002-09-20 17:12 . 2009-02-09 11:26 2147328 c:\windows\system32\ntoskrnl.exe
- 2002-09-20 17:12 . 2009-02-09 11:26 2025984 c:\windows\system32\ntkrnlpa.exe
+ 2002-09-20 17:12 . 2009-12-09 10:11 2025984 c:\windows\system32\ntkrnlpa.exe
+ 2008-09-26 14:34 . 2009-07-31 08:05 1372672 c:\windows\system32\msxml6.dll
+ 2009-07-20 22:05 . 2009-07-20 22:05 1348432 c:\windows\system32\msxml4.dll
+ 2002-09-20 18:04 . 2009-07-31 04:35 1172480 c:\windows\system32\msxml3.dll
+ 2002-09-20 18:04 . 2010-02-26 05:43 3094016 c:\windows\system32\mshtml.dll
- 2006-09-28 02:04 . 2010-01-23 01:42 1429360 c:\windows\system32\FNTCACHE.DAT
+ 2006-09-28 02:04 . 2010-04-09 13:16 1429360 c:\windows\system32\FNTCACHE.DAT
+ 2008-10-15 19:30 . 2009-08-14 15:15 1850624 c:\windows\system32\dllcache\win32k.sys
+ 2008-06-26 08:14 . 2010-03-10 04:43 1510400 c:\windows\system32\dllcache\shdocvw.dll
- 2008-06-26 08:14 . 2009-07-18 16:05 1510400 c:\windows\system32\dllcache\shdocvw.dll
+ 2009-07-17 16:17 . 2009-07-17 16:17 1437696 c:\windows\system32\dllcache\query.dll
+ 2008-05-07 05:12 . 2009-11-27 17:14 1294336 c:\windows\system32\dllcache\quartz.dll
+ 2008-10-15 19:30 . 2009-12-09 10:11 2191360 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2008-10-15 19:30 . 2009-12-09 10:11 2025984 c:\windows\system32\dllcache\ntkrpamp.exe
- 2008-10-15 19:30 . 2009-02-09 11:26 2025984 c:\windows\system32\dllcache\ntkrpamp.exe
- 2008-10-15 19:30 . 2009-02-10 17:09 2068224 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-10-15 19:30 . 2009-12-09 10:11 2068224 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-10-15 19:30 . 2009-12-09 10:11 2147328 c:\windows\system32\dllcache\ntkrnlmp.exe
- 2008-10-15 19:30 . 2009-02-09 11:26 2147328 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-09-26 14:34 . 2009-07-31 08:05 1372672 c:\windows\system32\dllcache\msxml6.dll
+ 2008-11-11 18:50 . 2009-07-31 04:35 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2008-04-21 06:45 . 2010-02-26 05:43 3094016 c:\windows\system32\dllcache\mshtml.dll
+ 2010-03-10 04:43 . 2010-03-10 04:43 1025024 c:\windows\system32\dllcache\browseui.dll
- 2002-09-20 18:03 . 2008-04-14 03:21 1025024 c:\windows\system32\browseui.dll
+ 2002-09-20 18:03 . 2010-03-10 04:43 1025024 c:\windows\system32\browseui.dll
+ 2009-08-07 21:51 . 2009-08-07 21:51 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
- 2008-11-25 02:59 . 2008-11-25 02:59 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2009-08-07 21:51 . 2009-08-07 21:51 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2008-05-27 23:35 . 2008-05-27 23:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2008-05-27 23:35 . 2008-05-27 23:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2008-05-27 22:48 . 2008-05-27 22:48 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2008-05-27 22:48 . 2008-05-27 22:48 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2008-05-27 22:43 . 2008-05-27 22:43 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2010-04-09 16:39 . 2010-04-09 16:39 1252864 c:\windows\Installer\bae114.msi
+ 2008-10-15 19:30 . 2009-12-09 10:11 2191360 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-10-15 19:30 . 2009-12-09 10:11 2025984 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2008-10-15 19:30 . 2009-02-09 11:26 2025984 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2008-10-15 19:30 . 2009-02-10 17:09 2068224 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-15 19:30 . 2009-12-09 10:11 2068224 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-15 19:30 . 2009-12-09 10:11 2147328 c:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2008-10-15 19:30 . 2009-02-09 11:26 2147328 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2010-04-09 12:49 . 2010-04-09 12:49 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_840596d4\System.dll
+ 2010-04-09 12:50 . 2010-04-09 12:50 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_445ed40d\System.dll
+ 2010-04-09 12:50 . 2010-04-09 12:50 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_f3c85d37\System.Xml.dll
+ 2010-04-09 12:50 . 2010-04-09 12:50 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_4564088d\System.Xml.dll
+ 2010-04-09 12:50 . 2010-04-09 12:50 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_df257e26\System.Windows.Forms.dll
+ 2010-04-09 12:50 . 2010-04-09 12:50 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_bf02d00c\System.Windows.Forms.dll
+ 2010-04-09 12:50 . 2010-04-09 12:50 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_7964f3b7\System.Drawing.dll
+ 2010-04-09 12:50 . 2010-04-09 12:50 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_c9f0e773\System.Design.dll
+ 2010-04-09 12:50 . 2010-04-09 12:50 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_068551e1\System.Design.dll
+ 2010-04-09 12:50 . 2010-04-09 12:50 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_917af526\mscorlib.dll
+ 2010-04-09 12:50 . 2010-04-09 12:50 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_71de6e3b\mscorlib.dll
+ 2010-04-09 13:01 . 2010-04-09 13:01 3313664 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\204d6e5b335134f23ca37638b9227ecf\WindowsBase.ni.dll
+ 2010-04-09 13:30 . 2010-04-09 13:30 1379328 c:\windows\assembly\NativeImages_v2.0.50727_32\WidgetLibrary\7ae90498b07c09d5cf03078c78e60de2\WidgetLibrary.ni.dll
+ 2010-04-09 13:03 . 2010-04-09 13:03 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\0f2ed6a204eb13841e99b77025464afc\UIAutomationClientsideProviders.ni.dll
+ 2010-04-09 13:00 . 2010-04-09 13:00 7868416 c:\windows\assembly\NativeImages_v2.0.50727_32\System\3de5bd01124463d7862bd173af90bc83\System.ni.dll
+ 2010-04-09 13:00 . 2010-04-09 13:00 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5913d3f81e77194ec833991b1047a532\System.Xml.ni.dll
+ 2010-04-09 13:56 . 2010-04-09 13:56 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\fa48917b13629d8effa80dd4a2f2973d\System.WorkflowServices.ni.dll
+ 2010-04-09 13:32 . 2010-04-09 13:32 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6fe66ee6f3c81996bc148f1ebe7ec030\System.Workflow.Runtime.ni.dll
+ 2010-04-09 13:32 . 2010-04-09 13:32 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\9d0b61f2f1ebdc300bd970f594c422ef\System.Workflow.ComponentModel.ni.dll
+ 2010-04-09 13:32 . 2010-04-09 13:32 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\65328898148a720d394f802f192fc2a0\System.Workflow.Activities.ni.dll
+ 2010-04-09 13:03 . 2010-04-09 13:03 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\ea07ac791bb5cb9f83679e3dd1a0c0cc\System.Web.Services.ni.dll
+ 2010-04-09 13:32 . 2010-04-09 13:32 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\29e2f8b1fb691ced973acf49fcee6ec1\System.Web.Mobile.ni.dll
+ 2010-04-09 13:32 . 2010-04-09 13:32 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\981dea02bc63c0c083e335adf9018788\System.Web.Extensions.ni.dll
+ 2010-04-09 13:03 . 2010-04-09 13:03 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\99594bae1d022502925f5b9dfcdaae9a\System.Speech.ni.dll
+ 2010-04-09 13:31 . 2010-04-09 13:31 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\e182695d05ea57257568bc5f3208aca7\System.ServiceModel.Web.ni.dll
+ 2010-04-09 13:28 . 2010-04-09 13:28 2338304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\67ad55827f2542552b576170f0a7dc56\System.Runtime.Serialization.ni.dll
+ 2010-04-09 13:02 . 2010-04-09 13:02 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\e5313735a40c0800f116e27fba4754db\System.Printing.ni.dll
+ 2010-04-09 13:28 . 2010-04-09 13:28 1056768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c3b18fef5c6dc3bcdbe5df699fd21a55\System.IdentityModel.ni.dll
+ 2010-04-09 13:01 . 2010-04-09 13:01 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\abb2ac7e08bee026f857d8fa36f9fe6f\System.Drawing.ni.dll
+ 2010-04-09 13:02 . 2010-04-09 13:02 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f47ebb9db460874b1bcbfc391dc970b1\System.DirectoryServices.ni.dll
+ 2010-04-09 13:01 . 2010-04-09 13:01 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\c94a427baa7683f4221b91f90c18461b\System.Deployment.ni.dll
+ 2010-04-09 13:02 . 2010-04-09 13:02 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\694c07365e0fd6bba0bc304d4d2404a7\System.Data.ni.dll
+ 2010-04-09 13:00 . 2010-04-09 13:00 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\272152f0cc139490729e215611a4b244\System.Data.SqlXml.ni.dll
+ 2010-04-09 13:31 . 2010-04-09 13:31 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\112a48e34620a0210eb850040da8a31b\System.Data.Services.ni.dll
+ 2010-04-09 13:03 . 2010-04-09 13:03 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\ffa1018e8022964eb51025c2c6d8727a\System.Data.OracleClient.ni.dll
+ 2010-04-09 13:03 . 2010-04-09 13:03 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\32788c58ff9f8324460604cf1fe7681b\System.Data.Linq.ni.dll
+ 2010-04-09 13:31 . 2010-04-09 13:31 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\9012cac7819660f61f1c69cf8e4f2ccf\System.Data.Entity.ni.dll
+ 2010-04-09 13:03 . 2010-04-09 13:03 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\c0a42d2ad8a4078040b334f6770ea11f\System.Core.ni.dll
+ 2010-04-09 13:29 . 2010-04-09 13:29 1002496 c:\windows\assembly\NativeImages_v2.0.50727_32\Sd.Common\4ead41c67dbfb11039db3323828379b2\Sd.Common.ni.dll
+ 2010-04-09 13:02 . 2010-04-09 13:02 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\954685c29689d2a6126ceca1fd55e904\ReachFramework.ni.dll
+ 2010-04-09 13:02 . 2010-04-09 13:02 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\a3a6f52ce1d09a7bdccc8e7fc664792d\PresentationUI.ni.dll
+ 2010-04-09 13:00 . 2010-04-09 13:00 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\f906701365083c1473db31519147e263\PresentationBuildTasks.ni.dll
+ 2010-04-09 13:29 . 2010-04-09 13:29 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6eee9b772b6d12d3dbd82f118c2ab2e5\Microsoft.VisualBasic.ni.dll
+ 2010-04-09 13:30 . 2010-04-09 13:30 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f19e9b439636d0744597fff1331cad04\Microsoft.Transactions.Bridge.ni.dll
+ 2010-04-09 13:29 . 2010-04-09 13:29 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\5b1af7b5be24c7ace065fe1c81c2b650\Microsoft.JScript.ni.dll
+ 2010-04-09 13:30 . 2010-04-09 13:30 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\9eec1cc7ac37e0c7f3205e8156149c5a\Microsoft.Build.Tasks.ni.dll
+ 2010-04-09 13:30 . 2010-04-09 13:30 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\28c0730288453d57d5dcd62903c4d31b\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2010-04-09 13:30 . 2010-04-09 13:30 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\5dd4f58999eed37c12aee7ea9f9863ac\Microsoft.Build.Engine.ni.dll
+ 2010-04-09 13:29 . 2010-04-09 13:29 2379264 c:\windows\assembly\NativeImages_v2.0.50727_32\ImpulseDock\5396182e24d6f5a67d8bafc6114a8533\ImpulseDock.ni.exe
+ 2010-04-09 13:29 . 2010-04-09 13:29 3807744 c:\windows\assembly\NativeImages_v2.0.50727_32\Impulse\6bcccb1fe7fee604a31dd358ffa8c0e2\Impulse.ni.exe
+ 2010-04-09 13:30 . 2010-04-09 13:30 1538048 c:\windows\assembly\NativeImages_v2.0.50727_32\CoreGraphics\0e36e44a6e9d08c6aee3c325644534fd\CoreGraphics.ni.dll
+ 2010-04-09 13:30 . 2010-04-09 13:30 1180672 c:\windows\assembly\NativeImages_v2.0.50727_32\CoreGraphics.XmlSer#\8df65a4c22d055849990476c9203ef16\CoreGraphics.XmlSerializers.ni.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2010-04-09 12:59 . 2010-04-09 12:59 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-04-09 12:59 . 2010-04-09 12:59 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-04-09 12:58 . 2010-04-09 12:58 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-04-09 12:58 . 2010-04-09 12:58 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-04-09 12:58 . 2010-04-09 12:58 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-04-09 12:59 . 2010-04-09 12:59 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2009-08-15 08:15 . 2009-08-15 08:15 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-04-09 12:59 . 2010-04-09 12:59 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-04-09 12:49 . 2010-04-09 12:49 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2010-04-09 12:49 . 2010-04-09 12:49 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-08-10 19:08 . 2009-08-10 19:08 11315712 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp
+ 2009-08-14 18:32 . 2009-08-14 18:32 11110912 c:\windows\Installer\867f2.msp
+ 2009-08-10 12:09 . 2009-08-10 12:09 17254912 c:\windows\Installer\867e9.msp
+ 2010-04-09 13:01 . 2010-04-09 13:01 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d2ea8d76f015817db1607075812b555f\System.Windows.Forms.ni.dll
+ 2010-04-09 13:02 . 2010-04-09 13:03 11796992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\5cea03cfb008f2eac1439a9905467f37\System.Web.ni.dll
+ 2010-04-09 13:29 . 2010-04-09 13:29 17317888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\06d6eab93282d2b136a377bd50b7c5a9\System.ServiceModel.ni.dll
+ 2010-04-09 13:03 . 2010-04-09 13:03 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\8b82e08c008924d51833cb0884bcbfc5\System.Design.ni.dll
+ 2010-04-09 13:02 . 2010-04-09 13:02 14327808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\58c7ac6b6054038dc9346d7ec8e32b4c\PresentationFramework.ni.dll
+ 2010-04-09 13:01 . 2010-04-09 13:01 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\94badbd64df59de7da249f71da38b1c2\PresentationCore.ni.dll
+ 2010-04-09 13:00 . 2010-04-09 13:00 11486720 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"Google Update"="c:\documents and settings\TwoRik\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-03-11 135664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-03-12 185896]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"razer"="c:\program files\Razer\razerhid.exe" [2005-05-17 147456]
"Diamondback"="c:\program files\Razer\Diamondback 3G\razerhid.exe" [2007-08-01 147456]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\TwoRik\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^ WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\ WinCinema Manager.lnk
backup=c:\windows\pss\ WinCinema Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^TwoRik^Nabídka Start^Programy^Po spuštění^OpenOffice.org 2.0.lnk]
path=c:\documents and settings\TwoRik\Nabídka Start\Programy\Po spuštění\OpenOffice.org 2.0.lnk
backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 16:43 69632 ----a-r- c:\windows\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-01-15 15:14 147456 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:22 1695232 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
2004-03-10 22:26 406016 ----a-w- c:\windows\system32\PSDrvCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-03-28 21:37 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-07-21 14:56 16261632 ----a-r- c:\windows\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 12:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 16:04 2879488 ----a-r- c:\windows\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-07-12 02:00 132496 ----a-w- c:\program files\Java\jre1.6.0_02\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MSDTC"=3 (0x3)
"lanmanserver"=2 (0x2)
"CryptSvc"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\mIRC\\nnuninst.exe"=
"c:\\Program Files\\Teamspeak2_RC2\\TeamSpeak.exe"=
"e:\\sdc202\\StrongDC.exe"=
"c:\\Program Files\\ICQLite\\ICQLite.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\MirandaIM\\miranda32.exe"=
"c:\\Program Files\\Tortun\\gui.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\keyclone\\keyclone.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\Czech\\setup.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\Czech\\setup.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\MirandaIM\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"c:\\Miranda\\Mir4nda-IM-0.7.17-Pack-v2.2\\miranda32.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\UT2004\\System\\UT2004.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [14.10.2009 22:18 36880]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5.10.2006 22:45 717296]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [7.11.2009 11:45 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21.6.2008 5:54 66600]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [27.2.2010 4:10 246520]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 8:24 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 8:24 1365288]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14.9.2009 15:42 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2.10.2009 20:39 19472]
R3 Razerlow;Diamondback 3G USB Filter Driver;c:\windows\system32\drivers\DB3G.sys [4.1.2010 18:45 13225]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [7.11.2009 11:45 65576]
--- Ostatní služby/ovladače v paměti ---
*Deregistered* - oskpmhwm
.
Obsah adresáře 'Naplánované úlohy'
2009-11-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:57]
2010-04-10 c:\windows\Tasks\Registry Reviver-TwoRik-Startup.job
- c:\program files\ReviverSoft\Registry Reviver\RegistryReviver.exe [2010-03-04 16:48]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = *.local
IE: Çŕęŕ÷ŕňü ÂŃĹ ďđč ďîěîůč Download Master
IE: Çŕęŕ÷ŕňü ďđč ďîěîůč Download Master
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\TwoRik\Data aplikací\Mozilla\Firefox\Profiles\vs8yc1bx.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.1&q=
FF - component: c:\program files\Mozilla Firefox\components\Scriptff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-SpyEmergency - c:\program files\NETGATE\Spy Emergency\SpyEmergency.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-10 15:24
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys atapi.sys spdp.sys >>UNKNOWN [0x8A8FC938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0fcf28
\Driver\ACPI -> ACPI.sys @ 0xb9e67cb8
\Driver\atapi -> sfsync02.sys @ 0xba0c98b4
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller -> SendCompleteHandler -> NDIS.sys @ 0xb9bd9bb0
PacketIndicateHandler -> NDIS.sys @ 0xb9be6a21
SendHandler -> NDIS.sys @ 0xb9bc487b
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\oskpmhwm]
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-746137067-152049171-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:0b,f0,6b,5f,c1,ad,39,2d,9d,04,5c,d9,bf,d3,a1,65,3f,c3,5e,20,50,e6,9d,
20,94,c3,22,5c,f8,85,f4,18,71,8a,a6,0f,2f,07,29,54,fc,d5,cd,fd,8e,c2,25,6c,\
"??"=hex:0a,ad,90,f0,65,3c,48,de,9a,dd,e5,c4,ed,13,f0,dd
[HKEY_USERS\S-1-5-21-746137067-152049171-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:bc,2c,1b,2c,1f,2c,82,02,5b,33,e7,85,03,7c,e8,2a,31,a9,db,6a,1a,
13,24,73,c4,6e,69,ec,dc,1f,eb,d4,f7,3d,ea,21,f0,4d,21,41,29,89,95,d7,41,b1,\
"rkeysecu"=hex:8d,80,84,4c,27,f3,a9,a5,07,d4,c2,6c,bf,c0,04,cd
[HKEY_LOCAL_MACHINE\software\swearware\backup\winsock2]
@DACL=(02 0000)
@SACL=
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1528)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Sunbelt Software\Personal Firewall\SbPFCl.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Razer\razertra.exe
c:\program files\Razer\Diamondback 3G\razertra.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\Razer\razerofa.exe
c:\program files\Razer\Diamondback 3G\razerofa.exe
.
**************************************************************************
.
Celkový čas: 2010-04-10 15:30:41 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-10 13:30
ComboFix2.txt 2010-04-09 12:23
ComboFix3.txt 2009-06-22 05:20
Před spuštěním: 4 659 298 304
Po spuštění: 4 628 369 408
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 6B8FAE93A9D83098D3FEB9DFCB2610D0
Re: Nejde odstranit virus virus.Rootkit.Win32.agent.bdov
A log z MBAM (radsi sem zatim nic nemazal) :
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Verze databáze: 3974
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
10.4.2010 15:41:33
mbam-log-2010-04-10 (15-41-33).txt
Typ skenu: Rychlý sken
Skenované objekty: 102322
Uplynulý čas: 5 minuta(y), 16 sekunda(y)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 4
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
C:\WINDOWS\system32\drivers\oskpmhwm.sys (Rootkit.Agent) -> No action taken.
C:\Documents and Settings\TwoRik\Data aplikací\wiaserva.log (Malware.Trace) -> No action taken.
C:\Documents and Settings\TwoRik\Data aplikací\avdrn.dat (Malware.Trace) -> No action taken.
C:\Documents and Settings\TwoRik\Plocha\explorer.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Verze databáze: 3974
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
10.4.2010 15:41:33
mbam-log-2010-04-10 (15-41-33).txt
Typ skenu: Rychlý sken
Skenované objekty: 102322
Uplynulý čas: 5 minuta(y), 16 sekunda(y)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 4
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
C:\WINDOWS\system32\drivers\oskpmhwm.sys (Rootkit.Agent) -> No action taken.
C:\Documents and Settings\TwoRik\Data aplikací\wiaserva.log (Malware.Trace) -> No action taken.
C:\Documents and Settings\TwoRik\Data aplikací\avdrn.dat (Malware.Trace) -> No action taken.
C:\Documents and Settings\TwoRik\Plocha\explorer.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.
Re: Nejde odstranit virus virus.Rootkit.Win32.agent.bdov
Dobrý večer, záskok za kolegu
v mbamu vše smažte
Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka
-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:
-po aplikaci na Vás vypadne další log,vložte ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci
v mbamu vše smažte Pokud nemáte, přesuňte Combofix na plochu-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka
Kód: Vybrat vše
Driver::
oskpmhwm
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
File::
C:\WINDOWS\system32\drivers\oskpmhwm.sys
DDS::
uStart Page = hxxp://start.icq.com/
IE: Çŕęŕ÷ŕňü ÂŃĹ ďđč ďîěîůč Download Master
IE: Çŕęŕ÷ŕňü ďđč ďîěîůč Download Master
Firefox::
FF - ProfilePath - c:\documents and settings\TwoRik\Data aplikací\Mozilla\Firefox\Profiles\vs8yc1bx.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... 2.0.0.1&q=
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:
-po aplikaci na Vás vypadne další log,vložte ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Přispějete na provoz fóra?