Prosím o kontrolu logu

Zpráva

#16 Příspěvek od **Caroprd111** » 09 dub 2010 21:43

Zkuste Revo Uninstaller http://www.stahuj.centrum.cz/utility_a_ ... installer/

malamala · #17 Příspěvek od **malamala** » 09 dub 2010 21:55

Ani toto nepomohlo, píše ať to odinstaluji ručně

. A ručně se to zastaví v 1/2 .

#18 Příspěvek od **Caroprd111** » 09 dub 2010 21:56

Zkuste znovu nainstalovat (emulátor) a poté zkusit odinstalovat.

malamala · #19 Příspěvek od **malamala** » 09 dub 2010 22:14

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x82C86AC8]<<
kernel: MBR read successfully
user & kernel MBR OK

#20 Příspěvek od **Caroprd111** » 10 dub 2010 08:57

Dejte log z Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878

malamala · #21 Příspěvek od **malamala** » 10 dub 2010 09:23

Malý log a na velkém se pracuje.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-04-10 10:11:42
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Milan\LOCALS~1\Temp\pxtdypod.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 mouclass.sys (Mouse Class Driver/Microsoft Corporation)

Device -> \Driver\atapi \Device\Harddisk0\DR0 82D50AC8

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

#22 Příspěvek od **Caroprd111** » 10 dub 2010 09:25

malamala · #23 Příspěvek od **malamala** » 10 dub 2010 11:27

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-10 12:27:10
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Milan\LOCALS~1\Temp\pxtdypod.sys

---- System - GMER 1.0.15 ----

SSDT 8265F580 ZwAssignProcessToJobObject
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF777A87E]
SSDT 82660100 ZwDebugActiveProcess
SSDT 8265FB30 ZwDuplicateObject
SSDT 8265ECC0 ZwOpenProcess
SSDT 8265EFC0 ZwOpenThread
SSDT 8265F9C0 ZwProtectVirtualMemory
SSDT 8265F860 ZwSetContextThread
SSDT 8265F6E0 ZwSetInformationThread
SSDT 8265C700 ZwSetSecurityObject
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF777ABFE]
SSDT 8265F420 ZwSuspendProcess
SSDT 8265F2C0 ZwSuspendThread
SSDT 8265EE50 ZwTerminateProcess
SSDT 8265F150 ZwTerminateThread
SSDT 8265FF50 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.rsrc C:\WINDOWS\system32\DRIVERS\kbdclass.sys entry point in ".rsrc" section [0xF7A76E14]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[876] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0141000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[876] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0142000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[876] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0140000C
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1312] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00]
.text C:\WINDOWS\System32\svchost.exe[1372] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0098000A
.text C:\WINDOWS\System32\svchost.exe[1372] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0099000A
.text C:\WINDOWS\System32\svchost.exe[1372] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0097000C
.text C:\WINDOWS\System32\svchost.exe[1372] ole32.dll!CoCreateInstance 774F057E 5 Bytes JMP 02A6000A
.text C:\WINDOWS\Explorer.EXE[1956] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BE000A
.text C:\WINDOWS\Explorer.EXE[1956] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C4000A
.text C:\WINDOWS\Explorer.EXE[1956] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00BD000C

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[408] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [025973CC] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[408] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [02597376] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[408] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [02597376] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[408] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [025973CC] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[408] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [025973CC] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[408] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [02597376] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[408] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [02597376] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[408] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [025973CC] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[408] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [025973CC] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[408] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [02597376] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[408] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [025973CC] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[408] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [02597376] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[408] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [025973CC] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[408] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [02597376] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[408] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [02597376] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[408] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [025973CC] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[408] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [025973CC] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[408] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [02597376] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[408] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [025973CC] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[408] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [02597376] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [02597376] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [025973CC] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[408] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [025973CC] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[408] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [02597376] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[408] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [025973CC] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[408] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [02597376] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[408] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [025973CC] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[408] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!LoadLibraryA] [02597376] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 mouclass.sys (Mouse Class Driver/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)

Device -> \Driver\atapi \Device\Harddisk0\DR0 82D50AC8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xCE 0x4E 0x8D 0xC7 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xCE 0x4E 0x8D 0xC7 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@NoPopUpsOnBoot 1

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Milan\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\b6kdebhf.default\Cache\B1931F4Fd01 0 bytes
File C:\WINDOWS\system32\DRIVERS\kbdclass.sys suspicious modification
File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

#24 Příspěvek od **Caroprd111** » 10 dub 2010 11:31

Pokud nemáte, přesuňte Combofix na plochu

Otevřete si Poznámkový blok a zkopírujte do něj text z bílého okénka.

Kód: Vybrat vše

Restore::
C:\WINDOWS\system32\DRIVERS\kbdclass.sys
C:\WINDOWS\system32\drivers\atapi.sys

Uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
Po uložení uchopte vámi vytvořený skript levým myšítkem a přesuňte ho nad ikonu Combofixu, kde ho upustíte:
Po aplikaci na Vás vypadne další log,vložte ho sem

Může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

malamala · #25 Příspěvek od **malamala** » 10 dub 2010 12:03

ComboFix 10-04-08.06 - Milan 10.04.2010 12:46:51.5.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.758.249 [GMT 2:00]
Spuštěný z: c:\dowl\Antivir-HIJACK\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Milan\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Vytvořen nový Bod Obnovení

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Milan\LOCALS~1\Temp\sfamcc00001.dll
c:\docume~1\Milan\LOCALS~1\Temp\sfareca00001.dll
c:\documents and settings\Milan\Local Settings\Temp\sfamcc00001.dll
c:\documents and settings\Milan\Local Settings\Temp\sfareca00001.dll

Nakažená kopie c:\windows\system32\drivers\atapi.sys byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ERDNT\cache\atapi.sys

Nakažená kopie c:\windows\system32\DRIVERS\kbdclass.sys byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ERDNT\cache\kbdclass.sys

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-10 do 2010-04-10 )))))))))))))))))))))))))))))))
.

2010-04-10 06:18 . 2010-04-10 06:18 -------- d-----w- c:\program files\Google Chrome Backup
2010-04-09 20:46 . 2010-04-09 20:56 -------- d-----w- c:\program files\VS Revo Group
2010-04-09 19:06 . 2010-04-09 19:06 -------- d-----w- C:\_OTL
2010-04-09 18:18 . 2010-04-09 18:19 -------- d-----w- c:\program files\trend micro
2010-04-09 18:18 . 2010-04-09 18:19 -------- d-----w- C:\rsit
2010-04-09 18:10 . 2010-04-09 18:10 -------- d-----w- c:\program files\ESET
2010-04-09 17:09 . 2010-04-09 17:09 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-04-09 17:03 . 2010-04-09 17:03 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-04-07 18:37 . 2010-04-07 19:25 -------- d-----w- c:\program files\Seznam.cz
2010-03-27 13:25 . 2010-03-27 13:25 -------- d-sh--w- c:\documents and settings\Milan\PrivacIE
2010-03-27 13:25 . 2010-03-27 13:25 -------- d-sh--w- c:\documents and settings\Milan\IETldCache
2010-03-27 13:18 . 2010-03-27 13:19 -------- dc-h--w- c:\windows\ie8
2010-03-26 12:40 . 2010-03-26 12:40 -------- d-----w- c:\program files\Xenocode
2010-03-17 12:44 . 2001-10-24 11:25 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-03-17 12:44 . 2008-04-14 07:51 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-03-17 12:44 . 2008-04-13 23:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-03-17 12:44 . 2008-04-13 23:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-10 10:46 . 2008-04-14 05:59 24576 ----a-w- c:\windows\system32\drivers\kbdclass.sys
2010-04-10 10:33 . 2009-08-01 11:54 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-04-10 09:57 . 2009-12-20 12:54 -------- d-----w- c:\program files\Trell2010
2010-04-10 09:57 . 2009-08-01 12:07 -------- d-----w- c:\program files\Atreides700
2010-04-10 09:41 . 2009-11-10 18:26 5 ----a-w- c:\program files\trl.trl
2010-04-10 06:17 . 2001-10-25 12:00 69114 ----a-w- c:\windows\system32\perfc005.dat
2010-04-10 06:17 . 2001-10-25 12:00 390176 ----a-w- c:\windows\system32\perfh005.dat
2010-04-07 17:17 . 2009-08-01 12:35 -------- d-----w- c:\program files\Advanced SystemCare 3
2010-04-04 18:59 . 2009-08-01 11:57 -------- d-----w- c:\program files\Trell
2010-03-22 23:04 . 2010-01-20 23:44 -------- d-----w- c:\program files\Amara - Flash Slide Show Builder
2010-03-09 13:32 . 2009-08-01 12:32 -------- d-----w- c:\program files\HE32
2010-03-03 22:25 . 2010-03-03 22:25 -------- d-----w- c:\program files\Common Files\Alhademic Group
2010-03-03 21:11 . 2010-03-03 19:21 -------- d-----w- c:\program files\Lavasoft
2010-03-03 19:23 . 2010-03-03 19:23 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-03-03 19:23 . 2010-03-03 19:45 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-02-26 16:47 . 2010-02-26 16:47 253952 ------w- c:\windows\Setup1.exe
2010-02-26 16:47 . 2010-02-26 16:47 73728 ----a-w- c:\windows\ST6UNST.EXE
2010-02-26 12:43 . 2010-02-26 12:43 -------- d-----w- c:\program files\Webteh
2010-02-20 14:44 . 2010-02-20 08:09 -------- d-----w- c:\program files\Trell2010-zaloha20_2_2010
2010-02-12 10:30 . 2009-09-09 17:26 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-04 15:53 . 2010-03-03 19:23 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-25 16:41 . 2010-01-25 16:41 0 ----a-w- C:\pxplay.exe
2010-01-25 16:41 . 2010-01-25 16:41 0 ----a-w- C:\pxdown.exe
2010-01-22 09:53 . 2009-09-28 16:41 266 ---h--r- c:\windows\system32\ttri.dat
.

((((((((((((((((((((((((((((( SnapShot@2010-04-09_19.41.55 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-10 10:57 . 2010-04-10 10:57 16384 c:\windows\Temp\Perflib_Perfdata_11c.dat
+ 2001-10-25 12:00 . 2010-04-10 06:17 58930 c:\windows\system32\perfc009.dat
+ 2005-09-23 05:28 . 2005-09-23 05:28 32768 c:\windows\system32\netfxperf.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 83456 c:\windows\system32\dfshim.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 28160 c:\windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 71680 c:\windows\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
+ 2005-09-23 05:28 . 2005-09-23 05:28 86016 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 47616 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
+ 2005-09-23 05:29 . 2005-09-23 05:29 85504 c:\windows\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
+ 2005-09-23 05:29 . 2005-09-23 05:29 59072 c:\windows\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
+ 2005-09-23 05:28 . 2005-09-23 05:28 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
+ 2005-09-23 05:28 . 2005-09-23 05:28 53248 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
+ 2005-09-23 05:28 . 2005-09-23 05:28 78336 c:\windows\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 14848 c:\windows\Microsoft.NET\Framework\v2.0.50727\normalization.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 96440 c:\windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe
+ 2005-09-23 05:29 . 2005-09-23 05:29 22528 c:\windows\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 10240 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 66240 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
+ 2005-09-23 05:28 . 2005-09-23 05:28 67072 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 81408 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 73216 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 69632 c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
+ 2005-09-23 05:28 . 2005-09-23 05:28 87552 c:\windows\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 12800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 73728 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
+ 2005-09-23 04:36 . 2005-09-23 04:36 85504 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.3082.dll
+ 2005-09-23 04:29 . 2005-09-23 04:29 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.3076.dll
+ 2005-09-23 04:47 . 2005-09-23 04:47 84480 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.2070.dll
+ 2005-09-23 04:30 . 2005-09-23 04:30 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.2052.dll
+ 2005-09-23 04:47 . 2005-09-23 04:47 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1055.dll
+ 2005-09-23 04:47 . 2005-09-23 04:47 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1053.dll
+ 2005-09-23 04:47 . 2005-09-23 04:47 82432 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1049.dll
+ 2005-09-23 04:47 . 2005-09-23 04:47 82432 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1046.dll
+ 2005-09-23 04:46 . 2005-09-23 04:46 83456 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1045.dll
+ 2005-09-23 04:46 . 2005-09-23 04:46 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1044.dll
+ 2005-09-23 04:46 . 2005-09-23 04:46 83456 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1043.dll
+ 2005-09-23 04:44 . 2005-09-23 04:44 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1042.dll
+ 2005-09-23 04:42 . 2005-09-23 04:42 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1041.dll
+ 2005-09-23 04:40 . 2005-09-23 04:40 84480 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1040.dll
+ 2005-09-23 04:40 . 2005-09-23 04:40 83968 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1038.dll
+ 2005-09-23 04:40 . 2005-09-23 04:40 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1037.dll
+ 2005-09-23 04:38 . 2005-09-23 04:38 86016 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1036.dll
+ 2005-09-23 04:38 . 2005-09-23 04:38 81408 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1035.dll
+ 2005-09-23 01:46 . 2005-09-23 01:46 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1033.dll
+ 2005-09-23 04:36 . 2005-09-23 04:36 87552 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1032.dll
+ 2005-09-23 04:34 . 2005-09-23 04:34 85504 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1031.dll
+ 2005-09-23 04:34 . 2005-09-23 04:34 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1030.dll
+ 2005-09-23 04:34 . 2005-09-23 04:34 82944 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1029.dll
+ 2005-09-23 04:32 . 2005-09-23 04:32 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1028.dll
+ 2005-09-23 04:29 . 2005-09-23 04:29 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1025.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 40960 c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe
+ 2005-09-23 05:28 . 2005-09-23 05:28 72192 c:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 55296 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
+ 2005-09-23 05:28 . 2005-09-23 05:28 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 52736 c:\windows\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 31936 c:\windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
+ 2005-09-23 05:28 . 2005-09-23 05:28 68608 c:\windows\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 17920 c:\windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 13312 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 76984 c:\windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
+ 2005-09-23 05:28 . 2005-09-23 05:28 88576 c:\windows\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 29888 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2005-09-23 05:28 . 2005-09-23 05:28 29896 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
+ 2005-09-23 05:28 . 2005-09-23 05:28 26824 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
+ 2005-09-23 05:28 . 2005-09-23 05:28 13824 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
+ 2005-09-23 05:28 . 2005-09-23 05:28 70656 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 23552 c:\windows\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 10752 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
+ 2005-09-23 05:28 . 2005-09-23 05:28 55488 c:\windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
+ 2005-09-23 05:28 . 2005-09-23 05:28 87552 c:\windows\Microsoft.NET\Framework\v2.0.50727\alink.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 10752 c:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 18944 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 72704 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2010-04-10 06:52 . 2010-04-10 06:52 81920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\5a72e5a15cddeb4dac1588afaf1fe201\Microsoft.Build.Framework.ni.dll
+ 2010-04-10 06:51 . 2010-04-10 06:51 15360 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\79fd875c353d564c8099cff151221da8\dfsvc.ni.exe
+ 2010-04-10 06:51 . 2010-04-10 06:51 26624 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\ec73ff41b6ce0b42938963ea3595591c\Accessibility.ni.dll
+ 2010-04-10 06:14 . 2010-04-10 06:14 86016 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-04-10 06:14 . 2010-04-10 06:14 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2009-10-29 08:04 . 2009-10-29 08:04 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-04-10 06:14 . 2010-04-10 06:14 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2009-10-29 08:05 . 2009-10-29 08:05 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2009-10-29 08:04 . 2009-10-29 08:04 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-04-10 06:14 . 2010-04-10 06:14 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2009-10-29 08:05 . 2009-10-29 08:05 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-04-10 06:14 . 2010-04-10 06:14 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-04-10 06:14 . 2010-04-10 06:14 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2009-10-29 08:05 . 2009-10-29 08:05 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-04-10 06:14 . 2010-04-10 06:14 73728 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2009-10-29 08:05 . 2009-10-29 08:05 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-04-10 06:14 . 2010-04-10 06:14 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-04-10 06:14 . 2010-04-10 06:14 36864 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2009-10-29 08:04 . 2009-10-29 08:04 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2010-04-10 06:14 . 2010-04-10 06:14 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2009-10-29 08:04 . 2009-10-29 08:04 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-04-10 06:14 . 2010-04-10 06:14 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-04-10 06:14 . 2010-04-10 06:14 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2009-10-29 08:05 . 2009-10-29 08:05 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-04-10 06:14 . 2010-04-10 06:14 68608 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2005-09-23 05:29 . 2005-09-23 05:29 6144 c:\windows\system32\mui\0409\mscorees.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 7680 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 9216 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 7168 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
+ 2005-09-23 05:29 . 2005-09-23 05:29 5632 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 5632 c:\windows\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 8192 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 9728 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
+ 2005-09-23 05:28 . 2005-09-23 05:28 9216 c:\windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 4608 c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
+ 2005-09-23 05:28 . 2005-09-23 05:28 8192 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 4608 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 7680 c:\windows\Microsoft.NET\Framework\SharedReg12.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 7680 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 7680 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 7680 c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2005-09-23 05:29 . 2005-09-23 05:29 5120 c:\windows\Microsoft.NET\Framework\sbs_wminet_utils.dll
+ 2005-09-23 05:29 . 2005-09-23 05:29 5120 c:\windows\Microsoft.NET\Framework\sbs_VsaVb7rt.dll
+ 2005-09-23 05:29 . 2005-09-23 05:29 5120 c:\windows\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll
+ 2005-09-23 05:29 . 2005-09-23 05:29 5120 c:\windows\Microsoft.NET\Framework\sbs_system.data.dll
+ 2005-09-23 05:29 . 2005-09-23 05:29 5120 c:\windows\Microsoft.NET\Framework\sbs_system.configuration.install.dll
+ 2005-09-23 05:29 . 2005-09-23 05:29 5120 c:\windows\Microsoft.NET\Framework\sbs_mscorsec.dll
+ 2005-09-23 05:29 . 2005-09-23 05:29 5120 c:\windows\Microsoft.NET\Framework\sbs_mscorrc.dll
+ 2005-09-23 05:29 . 2005-09-23 05:29 5120 c:\windows\Microsoft.NET\Framework\sbs_mscordbi.dll
+ 2005-09-23 05:29 . 2005-09-23 05:29 5632 c:\windows\Microsoft.NET\Framework\sbs_microsoft.vsa.vb.codedomprocessor.dll
+ 2005-09-23 05:29 . 2005-09-23 05:29 5120 c:\windows\Microsoft.NET\Framework\sbs_microsoft.jscript.dll
+ 2005-09-23 05:29 . 2005-09-23 05:29 5120 c:\windows\Microsoft.NET\Framework\sbs_iehost.dll
+ 2005-09-23 05:29 . 2005-09-23 05:29 5120 c:\windows\Microsoft.NET\Framework\sbs_diasymreader.dll
- 2009-10-29 08:04 . 2009-10-29 08:04 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-04-10 06:14 . 2010-04-10 06:14 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-04-10 06:14 . 2010-04-10 06:14 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2009-10-29 08:05 . 2009-10-29 08:05 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-04-10 06:14 . 2010-04-10 06:14 5632 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2009-10-29 08:04 . 2009-10-29 08:04 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-04-10 06:14 . 2010-04-10 06:14 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-04-10 06:14 . 2010-04-10 06:14 114176 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-04-10 06:14 . 2010-04-10 06:14 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2009-10-29 08:05 . 2009-10-29 08:05 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2005-09-23 05:29 . 2005-09-23 05:29 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll
+ 2005-09-23 05:29 . 2005-09-23 05:29 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll
+ 2005-09-23 05:29 . 2005-09-23 05:29 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcm80.dll
+ 2001-10-25 12:00 . 2010-04-10 06:17 392630 c:\windows\system32\perfh009.dat
+ 2005-09-23 05:28 . 2005-09-23 05:28 150016 c:\windows\system32\mscorier.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 270848 c:\windows\system32\mscoree.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 298496 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 823296 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 835584 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 260096 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 114688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 131072 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 299008 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 368640 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 114176 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 700416 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 188416 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 397312 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 884736 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 716800 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 482304 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 389120 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 377344 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 107520 c:\windows\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 136192 c:\windows\Microsoft.NET\Framework\v2.0.50727\peverify.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 226816 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
+ 2005-09-23 05:29 . 2005-09-23 05:29 330752 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 102400 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 326144 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 288768 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 800768 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2005-09-23 05:29 . 2005-09-23 05:29 667648 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
+ 2005-09-23 05:29 . 2005-09-23 05:29 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
+ 2005-09-23 05:29 . 2005-09-23 05:29 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 745472 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 647168 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 413696 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
+ 2005-09-23 05:57 . 2005-09-23 05:57 245408 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\unicows.dll
+ 2005-09-23 05:01 . 2005-09-23 05:01 609472 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
+ 2005-09-23 05:28 . 2005-09-23 05:28 224952 c:\windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
+ 2005-09-23 05:28 . 2005-09-23 05:28 788992 c:\windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
+ 2005-09-23 05:29 . 2005-09-23 05:29 547840 c:\windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
+ 2005-09-23 05:28 . 2005-09-23 05:28 503808 c:\windows\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
+ 2005-09-23 05:28 . 2005-09-23 05:28 138240 c:\windows\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 208896 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
+ 2005-09-23 05:29 . 2005-09-23 05:29 183808 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 136192 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
+ 2010-04-10 08:45 . 2010-04-10 08:45 684032 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\8aee03dee8c43844a95813cae0bd69f0\System.Transactions.ni.dll
+ 2010-04-10 08:45 . 2010-04-10 08:45 729088 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\5cbb049289a7e140bc1c664fe7f26a7c\System.Security.ni.dll
+ 2010-04-10 08:44 . 2010-04-10 08:44 294912 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\17d685711a3ad44aa6ca4703ee1b9592\System.EnterpriseServices.Wrapper.dll
+ 2010-04-10 08:44 . 2010-04-10 08:44 659456 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\17d685711a3ad44aa6ca4703ee1b9592\System.EnterpriseServices.ni.dll
+ 2010-04-10 06:16 . 2010-04-10 06:16 229376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\922995cba729114388f05e807633d687\System.Drawing.Design.ni.dll
+ 2010-04-10 07:01 . 2010-04-10 07:01 512000 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\7ef2ccf8a77c504ea736ba18f4c1658f\System.DirectoryServices.Protocols.ni.dll
+ 2010-04-10 07:00 . 2010-04-10 07:00 962560 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5cd927a85dd7c745ba9b65ed087524ee\System.Configuration.ni.dll
+ 2010-04-10 06:58 . 2010-04-10 06:59 163840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\d17440db74787b4ba468df4d18e66436\Microsoft.Build.Utilities.ni.dll
+ 2010-04-10 06:52 . 2010-04-10 06:52 880640 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\c95134a2ba711d46b3aa5b7e4c086dab\Microsoft.Build.Engine.ni.dll
+ 2010-04-10 06:51 . 2010-04-10 06:51 237568 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\14bcc34c1b09d44eb7baf435e90b8e24\CustomMarshalers.ni.dll
+ 2010-04-10 06:51 . 2010-04-10 06:51 860160 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\b4d7b29ceb106846a6d75752011fbcb8\AspNetMMCExt.ni.dll
+ 2010-04-10 06:14 . 2010-04-10 06:14 823296 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2009-10-29 08:04 . 2009-10-29 08:04 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-04-10 06:14 . 2010-04-10 06:14 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-04-10 06:14 . 2010-04-10 06:14 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2009-10-29 08:04 . 2009-10-29 08:04 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-04-10 06:14 . 2010-04-10 06:14 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2009-10-29 08:05 . 2009-10-29 08:05 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2009-10-29 08:05 . 2009-10-29 08:05 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-04-10 06:14 . 2010-04-10 06:14 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-04-10 06:14 . 2010-04-10 06:14 299008 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2009-10-29 08:05 . 2009-10-29 08:05 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-04-10 06:14 . 2010-04-10 06:14 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-04-10 06:14 . 2010-04-10 06:14 368640 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-04-10 06:14 . 2010-04-10 06:14 700416 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-04-10 06:14 . 2010-04-10 06:14 397312 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2009-10-29 08:04 . 2009-10-29 08:04 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-04-10 06:14 . 2010-04-10 06:14 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-04-10 06:14 . 2010-04-10 06:14 884736 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-04-10 06:14 . 2010-04-10 06:14 716800 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-04-10 06:14 . 2010-04-10 06:14 389120 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2009-10-29 08:05 . 2009-10-29 08:05 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-04-10 06:14 . 2010-04-10 06:14 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-04-10 06:14 . 2010-04-10 06:14 667648 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2009-10-29 08:04 . 2009-10-29 08:04 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-04-10 06:14 . 2010-04-10 06:14 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-04-10 06:14 . 2010-04-10 06:14 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2009-10-29 08:05 . 2009-10-29 08:05 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-04-10 06:14 . 2010-04-10 06:14 745472 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-04-10 06:14 . 2010-04-10 06:14 647168 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2010-04-10 06:14 . 2010-04-10 06:14 413696 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-04-10 06:14 . 2010-04-10 06:14 503808 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-04-10 06:14 . 2010-04-10 06:14 260096 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-04-10 06:14 . 2010-04-10 06:14 114176 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2010-04-10 06:14 . 2010-04-10 06:14 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2009-10-29 08:05 . 2009-10-29 08:05 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2010-04-10 06:14 . 2010-04-10 06:14 482304 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 1306624 c:\windows\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
+ 2005-09-23 05:29 . 2005-09-23 05:29 1140920 c:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
+ 2005-09-23 05:28 . 2005-09-23 05:28 2035712 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 5316608 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 3018752 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 5050368 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 2878976 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 5615616 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 4308992 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2005-09-23 05:28 . 2005-09-23 05:28 1144832 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
+ 2010-04-10 06:15 . 2010-04-10 06:15 2109440 c:\windows\Installer\6b612.msi
+ 2010-04-10 06:16 . 2010-04-10 06:16 8093696 c:\windows\assembly\NativeImages_v2.0.50727_32\System\7bc3a18ae18f594584a277f4efe70e41\System.ni.dll
+ 2010-04-10 06:17 . 2010-04-10 06:17 5640192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\a41ae3a0a114524fb631d5ba968836eb\System.Xml.ni.dll
+ 2010-04-10 06:16 . 2010-04-10 06:16 1626112 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6b125bded3ea8143a583c7cdc20cbace\System.Drawing.ni.dll
+ 2010-04-10 07:01 . 2010-04-10 07:01 1220608 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\38228bf808b7e744a022cc199580a353\System.DirectoryServices.ni.dll
+ 2010-04-10 07:00 . 2010-04-10 07:00 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\9220c4ff7f46504b95e32799208a9a48\System.Deployment.ni.dll
+ 2010-04-10 06:17 . 2010-04-10 06:17 6688768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\9aeedb301a6fc748836a04a4627f7267\System.Data.ni.dll
+ 2010-04-10 06:59 . 2010-04-10 06:59 1724416 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\02da833f4d08ad4cbfcdb96fa04db968\Microsoft.VisualBasic.ni.dll
+ 2010-04-10 06:58 . 2010-04-10 06:58 1691648 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\394b4109a86fd44c9864994d82dda9b6\Microsoft.Build.Tasks.ni.dll
+ 2010-04-10 06:14 . 2010-04-10 06:14 3018752 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2010-04-10 06:14 . 2010-04-10 06:14 2035712 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-04-10 06:14 . 2010-04-10 06:14 5316608 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-04-10 06:14 . 2010-04-10 06:14 5050368 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-04-10 06:14 . 2010-04-10 06:14 5025792 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-04-10 06:14 . 2010-04-10 06:14 2878976 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-04-10 06:14 . 2010-04-10 06:14 4308992 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2005-09-23 05:48 . 2005-09-23 05:48 24863744 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\netfx.msi
+ 2010-04-10 06:16 . 2010-04-10 06:16 13107200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0620d88939031446a39580764561ce31\System.Windows.Forms.ni.dll
+ 2010-04-10 06:17 . 2010-04-10 06:17 10723328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\5364689c58d0af4fa3f8ccbf7ed95c06\System.Design.ni.dll
+ 2010-04-10 06:15 . 2010-04-10 06:15 11411456 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\4fd394054e1a0449880b20d47c89c65a\mscorlib.ni.dll
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Milan\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-08-01 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-04-24 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-04-24 610304]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2002-12-02 32768]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2003-01-09 57418]
"CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [2002-10-23 163840]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2003-01-09 53248]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Milan^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.1.lnk]
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
2009-04-27 13:12 2329936 ----a-w- c:\program files\Advanced SystemCare 3\AWC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2003-02-14 08:59 88107 ----a-w- c:\windows\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-08-01 12:14 133104 ----atw- c:\documents and settings\Milan\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 09:50 155648 ----a-r- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WLAN Monitor]
2004-05-12 10:42 2359296 ----a-w- c:\program files\GPRS WLAN dongle\Wlan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\CNAB4RPK.EXE"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Dowl\\Adobe Acrobat\\P._Foxit_PDF_Editor_by_yd.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3.3.2010 21:23 64288]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.5.2009 15:47 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14.5.2009 15:49 94360]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14.5.2009 15:47 731840]
R3 WBMS;Winbond Memory Stick Storage (MS) Device Driver;c:\windows\system32\drivers\wbms.sys [1.8.2009 13:42 30208]
R3 WBSD;Winbond Secure Digital Storage (SD/MMC) Device Driver;c:\windows\system32\drivers\wbsd.sys [1.8.2009 13:42 25600]
S1 mailKmd;mailKmd; [x]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]
S3 602SQL 8 FastCGI Client;602SQL 8 FastCGI Client;c:\program files\webgencz\602FSVC8.EXE --> c:\program files\webgencz\602FSVC8.EXE [?]
S3 PPJoyBus;Parallel Port Joystick Bus device driver;c:\windows\system32\drivers\PPJoyBus.sys [8.8.2002 17:27 11330]
S3 Scfilter;Scfilter;c:\windows\system32\drivers\scfilter.sys [6.11.2009 11:22 26485]
S3 SOLOMONFastUSB(R);SOLOMON FastUSB(R) Service for SOLOMON Scwi211b USB Wireless Lan;c:\windows\system32\drivers\scwi211bx.sys [6.11.2009 11:22 122496]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.flashget.com/index_en.htm
FF - ProfilePath - c:\documents and settings\Milan\Data aplikací\Mozilla\Firefox\Profiles\b6kdebhf.default\
FF - prefs.js: browser.search.selectedEngine - Seznam
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - plugin: c:\program files\Mozilla Firefox\plugins\npfiller.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

---- NASTAVENÍ FIREFOXU ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-10 12:57
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x82D12AC8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf776ef28
\Driver\ACPI -> ACPI.sys @ 0xf76c1cb8
\Driver\atapi -> atapi.sys @ 0xf7635852
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0598
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0598
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
NDIS: Intel(R) PRO/Wireless 2200BG Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xf7541bb0
PacketIndicateHandler -> NDIS.sys @ 0xf7530a0d
SendHandler -> NDIS.sys @ 0xf7544b40
user & kernel MBR OK

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(2700)
c:\windows\system32\SynTPFcs.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\documents and settings\Milan\Local Settings\Data aplikací\Google\Update\1.2.183.23\GoogleCrashHandler.exe
c:\windows\system32\CNAB4RPK.EXE
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2010-04-10 13:02:58 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-10 11:02
ComboFix2.txt 2010-04-09 20:14
ComboFix3.txt 2010-04-09 19:46

Před spuštěním: Volných bajtů: 17 089 187 840
Po spuštění: Volných bajtů: 17 152 471 040

- - End Of File - - FA9BC727BE7EFE79F6DDBAC99D536D20

#26 Příspěvek od **Caroprd111** » 10 dub 2010 12:16

Následující úkony proveďte přesně v pořadí jak jsou.

Obrázek

Soubory z přílohy stáhněte a rozbalte na disk c: (jejich cesta bude např. c:\atapi.sys)

Soubory.zip: (65.05 KiB) Staženo 44 x

Stáhněte Avenger http://www.viry.cz/forum/viewtopic.php?f=15&t=19832 a použijte s tímto skriptem:

Kód: Vybrat vše

Begin copying here:

Files to move:
c:\atapi.sys | c:\windows\system32\drivers\atapi.sys
c:\kbdclass.sys | c:\windows\system32\DRIVERS\kbdclass.sys

Log vložte sem.

Obrázek

Tohle otestujte na http://www.virustotal.com/cs/
C:\pxdown.exe

(Soubor nehledejte, jenom vložíte tučně označenou cestu, v případě hlášky "Soubor již byl testován" dejte otestovat znovu. Výsledek analýzy sem v podobě odkazu vložte.)

malamala · #27 Příspěvek od **malamala** » 10 dub 2010 12:23

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File move operation "c:\atapi.sys|c:\windows\system32\drivers\atapi.sys" completed successfully.
File move operation "c:\kbdclass.sys|c:\windows\system32\DRIVERS\kbdclass.sys" completed successfully.

Completed script processing.

*******************

Finished! Terminate.

pxdown.exe - 0 bytes size received / Se ha recibido un archivo vacio

#28 Příspěvek od **Caroprd111** » 10 dub 2010 12:25

OK, ještě ten virustotal.

malamala · #29 Příspěvek od **malamala** » 10 dub 2010 12:27

pxdown.exe - 0 bytes size received / Se ha recibido un archivo vacio

#30 Příspěvek od **Caroprd111** » 10 dub 2010 12:28

Stáhněte MBR na plochu http://www2.gmer.net/mbr/mbr.exe

Obrázek

Start > Spustit (Win + R)

Vyskočí okénko, zkopírujte do něj:

Kód: Vybrat vše

"%userprofile%\plocha\mbr" -t

Klikněte na OK

Vytvoří se log s názvem mbr.log, vložte ho sem.

VIRY.CZ

Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu