VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Win32:Rootkit-gen, log z RSIT

https://forum.viry.cz:443/viewtopic.php?t=98485

Stránka 1 z 3

Win32:Rootkit-gen, log z RSIT

Napsal: 04 bře 2010 16:58
od Jookywana
Ahoj, měl jsem v PC trojský kůň Win32:Rootkit-gen, Avast odstranil, ale po restartu potíže s nabídkou start, zamrznutí systému atd, nyní bez zjevné příčiny vše šlape, proto prosím o kontrolu logu, abych si byl jistý že je havět pryč.


Logfile of random's system information tool 1.06 (written by random/random)
Run by Jookywana at 2010-03-04 16:48:34
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 27 GB (51%) free of 52 GB
Total RAM: 1014 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:48:46, on 4.3.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\TO2SSM\McciTrayApp.exe
C:\Program Files\TO2WCM\McciTrayApp.exe
C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Lexmark 2600 Series\lxdnMsdMon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\system32\lxdncoms.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jookywana\Dokumenty\Stažené soubory\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Jookywana.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com?o=15183&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O1 - Hosts: 109.123.220.16 L2authd.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: 109.123.220.16 memorium.cz
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Panel nástrojů - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Lexmark Panel nástrojů - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TO2SSM_McciTrayApp] C:\Program Files\TO2SSM\McciTrayApp.exe
O4 - HKLM\..\Run: [TO2WCM_McciTrayApp] C:\Program Files\TO2WCM\McciTrayApp.exe
O4 - HKLM\..\Run: [lxdnmon.exe] "C:\Program Files\Lexmark 2600 Series\lxdnmon.exe"
O4 - HKLM\..\Run: [lxdnamon] "C:\Program Files\Lexmark 2600 Series\lxdnamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Banshee Screamer Alarm.lnk = C:\Program Files\Banshee Screamer Alarm\alarm.exe
O4 - Startup: winesm32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Služba Google Update (gupdate1ca109ac60ebf86) (gupdate1ca109ac60ebf86) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: lxdnCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe
O23 - Service: lxdn_device - - C:\WINDOWS\system32\lxdncoms.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 8078 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll [2003-05-11 50376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}]
Lexmark Panel nástrojů - C:\Program Files\Lexmark Toolbar\toolband.dll [2009-05-06 372736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-06-01 962808]
{1017A80C-6F09-4548-A84D-EDD6AC9525F0} - Lexmark Panel nástrojů - C:\Program Files\Lexmark Toolbar\toolband.dll [2009-05-06 372736]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\CHDAudPropShortcut.exe [2006-08-18 61952]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2005-12-28 667718]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2005-12-28 602182]
"EOUApp"=C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe [2005-12-28 569413]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-08-17 81000]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2005-11-08 128920]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-02-15 135168]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-02-15 159744]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-02-15 131072]
"TO2SSM_McciTrayApp"=C:\Program Files\TO2SSM\McciTrayApp.exe [2008-08-15 1473536]
"TO2WCM_McciTrayApp"=C:\Program Files\TO2WCM\McciTrayApp.exe [2008-01-30 1473536]
"lxdnmon.exe"=C:\Program Files\Lexmark 2600 Series\lxdnmon.exe [2009-01-29 660136]
"lxdnamon"=C:\Program Files\Lexmark 2600 Series\lxdnamon.exe [2009-01-29 16040]
"FaxCenterServer"=C:\Program Files\Lexmark Fax Solutions\fm3032.exe [2009-01-29 320168]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-09-13 139264]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-17 1667584]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

C:\Documents and Settings\Jookywana\Nabídka Start\Programy\Po spuštění
Banshee Screamer Alarm.lnk - C:\Program Files\Banshee Screamer Alarm\alarm.exe
winesm32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-02-15 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe"="C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe:*:Enabled:Kerio Personal Firewall 4 - GUI"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe"="C:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe:*:Enabled:S.T.A.L.K.E.R. - Clear Sky (CLI)"
"C:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe"="C:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe:*:Enabled:S.T.A.L.K.E.R. - Clear Sky (SRV)"
"C:\Documents and Settings\Jookywana\Data aplikací\uTorrent\utorrent.exe"="C:\Documents and Settings\Jookywana\Data aplikací\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\WINDOWS\system32\lxdncoms.exe"="C:\WINDOWS\system32\lxdncoms.exe:*:Enabled:Lexmark Communications System"
"C:\Program Files\Lexmark 2600 Series\lxdnamon.exe"="C:\Program Files\Lexmark 2600 Series\lxdnamon.exe:*:Enabled:Lexmark Device Monitor"
"C:\Program Files\Lexmark 2600 Series\frun.exe"="C:\Program Files\Lexmark 2600 Series\frun.exe:*:Enabled:Lexmark Productivity Studio"
"C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe"="C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:*:Enabled:ABBYY FineReader"
"C:\Program Files\Lexmark Fax Solutions\FaxCtr.exe"="C:\Program Files\Lexmark Fax Solutions\FaxCtr.exe:*:Enabled:Fax software"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdnpswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdnpswx.exe:*:Enabled:Printer Status Window Interface"
"C:\Program Files\Lexmark 2600 Series\lxdnmon.exe"="C:\Program Files\Lexmark 2600 Series\lxdnmon.exe:*:Enabled:Printer Device Monitor"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdntime.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdntime.exe:*:Enabled:Lexmark Connect Time Executable"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdnjswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdnjswx.exe:*:Enabled:Job Status Window Interface"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-03-04 16:48:34 ----D---- C:\rsit
2010-03-04 12:12:10 ----D---- C:\logs
2010-03-01 12:55:28 ----D---- C:\Documents and Settings\Jookywana\Data aplikací\FaxCtr
2010-02-28 17:40:24 ----D---- C:\Documents and Settings\Jookywana\Data aplikací\Ventrilo
2010-02-28 15:23:41 ----A---- C:\WINDOWS\system32\LXF3PMON.DLL
2010-02-28 15:23:41 ----A---- C:\WINDOWS\system32\LXF3FXPU.DLL
2010-02-28 15:23:40 ----A---- C:\WINDOWS\system32\LXF3PMRC.DLL
2010-02-28 15:23:40 ----A---- C:\WINDOWS\system32\lxf3oem.dll
2010-02-28 15:23:40 ----A---- C:\WINDOWS\system32\IMHOST32.DLL
2010-02-28 15:23:40 ----A---- C:\WINDOWS\system32\IMGMAN32.DLL
2010-02-28 15:23:35 ----D---- C:\Documents and Settings\All Users\Data aplikací\FaxCtr
2010-02-28 15:23:24 ----D---- C:\Program Files\Lexmark Fax Solutions
2010-02-28 15:22:52 ----D---- C:\Program Files\Abbyy FineReader 6.0 Sprint
2010-02-28 15:21:31 ----A---- C:\WINDOWS\system32\gdiplus.dll
2010-02-28 15:21:30 ----D---- C:\Program Files\Lexmark Toolbar
2010-02-28 15:21:23 ----A---- C:\WINDOWS\system32\lxdnwupd.exe
2010-02-28 15:21:23 ----A---- C:\WINDOWS\system32\lxdnwupd.dll
2010-02-28 15:21:21 ----A---- C:\WINDOWS\system32\lxdnrwrd.ini
2010-02-28 15:21:19 ----A---- C:\WINDOWS\system32\LXDNinst.dll
2010-02-28 15:21:19 ----A---- C:\WINDOWS\system32\LXDNhcp.dll
2010-02-28 15:21:02 ----D---- C:\Program Files\Lexmark 2600 Series
2010-02-28 15:18:35 ----RA---- C:\WINDOWS\system32\lxdncoin.dll
2010-02-28 15:17:33 ----A---- C:\WINDOWS\system32\wiafbdrv.dll
2010-02-11 21:05:15 ----D---- C:\Program Files\Lineage II
2010-02-11 21:03:53 ----D---- C:\Documents and Settings\Jookywana\Data aplikací\InstallShield
2010-02-11 20:42:52 ----D---- C:\Documents and Settings\All Users\Data aplikací\WinZip
2010-02-11 20:42:43 ----D---- C:\Program Files\WinZip
2010-02-10 00:26:22 ----D---- C:\Program Files\Combined Community Codec Pack
2010-02-07 22:46:43 ----A---- C:\WINDOWS\system32\xmltok.dll
2010-02-07 22:46:43 ----A---- C:\WINDOWS\system32\xmlparse.dll
2010-02-07 22:46:43 ----A---- C:\WINDOWS\system32\xmlinst.exe
2010-02-07 22:46:43 ----A---- C:\WINDOWS\system32\VB5DB.DLL
2010-02-07 22:46:43 ----A---- C:\WINDOWS\system32\msxml3a.dll
2010-02-07 22:43:41 ----D---- C:\Program Files\UBISOFT

======List of files/folders modified in the last 1 months======

2010-03-04 16:48:46 ----D---- C:\Program Files\Trend Micro
2010-03-04 16:44:31 ----D---- C:\Program Files\Mozilla Firefox
2010-03-04 16:44:21 ----D---- C:\WINDOWS\Temp
2010-03-04 16:44:19 ----D---- C:\Documents and Settings\Jookywana\Data aplikací\Skype
2010-03-04 16:24:46 ----D---- C:\WINDOWS
2010-03-04 16:24:44 ----D---- C:\Documents and Settings\Jookywana\Data aplikací\skypePM
2010-03-04 16:24:30 ----D---- C:\WINDOWS\system32\drivers
2010-03-04 16:24:30 ----D---- C:\Program Files\Common Files\Motive
2010-03-04 15:52:03 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-04 15:51:35 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-04 12:34:51 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-03-04 11:59:41 ----D---- C:\WINDOWS\system32
2010-03-04 11:59:28 ----SHD---- C:\WINDOWS\Installer
2010-03-04 11:59:27 ----RD---- C:\Program Files
2010-03-04 11:59:27 ----D---- C:\Program Files\Common Files
2010-03-04 11:55:19 ----D---- C:\Program Files\Google
2010-03-04 11:55:18 ----SD---- C:\WINDOWS\Tasks
2010-03-04 11:55:03 ----D---- C:\WINDOWS\Prefetch
2010-03-04 11:51:53 ----HD---- C:\WINDOWS\inf
2010-03-04 11:51:49 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-28 15:17:35 ----D---- C:\WINDOWS\twain_32
2010-02-27 19:37:08 ----A---- C:\WINDOWS\NeroDigital.ini
2010-02-11 21:05:13 ----HD---- C:\Program Files\InstallShield Installation Information
2010-02-07 16:43:04 ----RD---- C:\Program Files\Skype
2010-02-07 16:41:00 ----D---- C:\Program Files\Common Files\InstallShield

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-08-17 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-08-17 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-08-17 51376]
R1 fwdrv;Firewall Driver; C:\WINDOWS\system32\drivers\fwdrv.sys [2004-09-22 262144]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-17 39936]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.9.0; C:\WINDOWS\System32\DRIVERS\AegisP.sys [2009-03-21 21275]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-08-17 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-08-17 94160]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-11-05 278984]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-11-05 25416]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2006-08-18 12544]
R2 s24trans;WLAN Transport; C:\WINDOWS\System32\DRIVERS\s24trans.sys [2005-12-28 13568]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-08-17 23152]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2009-05-15 223128]
R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAud.sys [2006-08-18 569856]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2004-10-27 138240]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSX_DPV.sys [2006-08-18 935424]
R3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\System32\DRIVERS\HSXHWAZL.sys [2006-08-18 194048]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-15 5854752]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824]
R3 sdbus;sdbus; C:\WINDOWS\System32\DRIVERS\sdbus.sys [2004-08-03 67584]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2006-08-18 162432]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\System32\DRIVERS\w39n51.sys [2005-12-05 1428096]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSX_CNXT.sys [2006-08-18 671232]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [2005-11-10 243328]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 UIUSys;Conexant Setup API; C:\WINDOWS\System32\DRIVERS\UIUSYS.SYS []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-08-17 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-08-17 138680]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2005-12-28 114753]
R2 KPF4;Kerio Personal Firewall 4; C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe [2004-09-24 1912832]
R2 lxdn_device;lxdn_device; C:\WINDOWS\system32\lxdncoms.exe [2008-02-28 594600]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2007-10-15 303104]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2005-12-28 217164]
R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2005-12-28 540745]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-08-17 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-08-17 352920]
S2 gupdate1ca109ac60ebf86;Služba Google Update (gupdate1ca109ac60ebf86); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-29 133104]
S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe [2008-02-28 98984]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-09-12 724992]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]

-----------------EOF-----------------

Re: Win32:Rootkit-gen, log z RSIT

Napsal: 04 bře 2010 17:01
od Caroprd111
Zdravím :)

Na logu se pracuje, prosím o strpení.

Re: Win32:Rootkit-gen, log z RSIT

Napsal: 04 bře 2010 17:06
od Caroprd111
Obrázek Stáhněte HostsXpert http://www.funkytoad.com/download/HostsXpert.zip
  • Rozbalte do vlastní složky
  • Klikněte na tlačítko Restore MS Hosts File, hlášku potvrďte "OK"
  • Pokud by program vyhodil chybovou hlášku: ERROR: Cannot create file C:\WINDOWS\system32\DRIVERS\ETC\hosts, tak klikněte tlačítko Make Writeable? a pak teprve klikněte na tlačítko Restore MS Hosts File
  • Po proběhnutí klikněte na tlačítko Make ReadOnly?
  • Ukončete program a restartujte Počítač

Obrázek Doporučuji odinstalovat (pokud nepoužíváte) toolbary (lišty) v Přidat nebo odebrat programy.


Obrázek Podle návodu http://www.viry.cz/forum/viewtopic.php?f=15&t=72743 aplikujte tento skript.

Kód: Vybrat vše

:files
C:\Documents and Settings\Jookywana\Nabídka Start\Programy\Po spuštění\winesm32.exe

:commands
[EmptyTemp]
[Reboot]

Re: Win32:Rootkit-gen, log z RSIT

Napsal: 04 bře 2010 17:53
od Jookywana
Nešlo by prosím zvolit jiný postup, pc se seká, když vložím skript dle návodu PC zamrzne a nereaguje.

Re: Win32:Rootkit-gen, log z RSIT

Napsal: 04 bře 2010 18:02
od Caroprd111
Obrázek Stáhněte a uložte, nejlépe na plochu http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Obrázek Vypněte všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary

Obrázek Spusťte aplikaci pod účtem s oprávněním Administrátora (Správce), ihned po startu se zobrází stránka s licenčnímy podmínkami, pokračujte stisknutím tlačítka "Ano"

Obrázek Dále postupujte dle pokynů, během scanu nespouštějte jiné aplikace a neklikejte do zobrazujícího se okna :!:

Obrázek Scan by měl trvat okolo 5 - 10 minut, po dokončení Combofix zobrazí log C:\ComboFix.txt , který sem vložte.

Obrázek Během skenování může být počítač restartován.

Re: Win32:Rootkit-gen, log z RSIT

Napsal: 04 bře 2010 18:28
od Jookywana
Přikládám log z Combo Fix
ComboFix 10-03-03.09 - Jookywana 04.03.2010 18:16:59.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1014.519 [GMT 1:00]
Spuštěný z: c:\documents and settings\Jookywana\Dokumenty\Stažené soubory\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 100304-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Kerio Personal Firewall *disabled* {8DD86BF7-28B3-4CE9-88AE-E6EC790CAECA}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-02-04 do 2010-03-04 )))))))))))))))))))))))))))))))
.

2010-03-04 17:12 . 2010-03-04 17:12 389632 ----a-w- c:\windows\system32\CF2832.exe
2010-03-04 16:25 . 2010-03-04 16:25 -------- d-----w- C:\_OTM
2010-03-04 15:48 . 2010-03-04 15:48 -------- d-----w- C:\rsit
2010-03-04 14:50 . 2004-08-03 21:59 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-03-04 14:50 . 2004-08-03 21:59 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-03-04 14:49 . 2004-08-03 22:00 8192 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-03-04 14:49 . 2004-08-03 22:00 8192 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-03-04 14:48 . 2004-08-03 22:00 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-03-04 11:12 . 2010-03-04 11:12 -------- d-----w- C:\logs
2010-02-28 14:24 . 2010-03-04 14:38 -------- d-----w- c:\documents and settings\All Users\Lx_cats
2010-02-28 14:23 . 2007-11-01 14:29 45056 ----a-w- c:\windows\system32\LXF3PMON.DLL
2010-02-28 14:23 . 2007-11-01 14:28 32768 ----a-w- c:\windows\system32\LXF3FXPU.DLL
2010-02-28 14:23 . 2007-12-10 19:33 12288 ----a-w- c:\windows\system32\LXF3PMRC.DLL
2010-02-28 14:23 . 2007-08-27 17:44 53248 ----a-w- c:\windows\system32\lxf3oem.dll
2010-02-28 14:23 . 2007-05-02 02:05 98345 ----a-w- c:\windows\system32\IMHOST32.DLL
2010-02-28 14:23 . 2007-05-02 02:05 339968 ----a-w- c:\windows\system32\IMGMAN32.DLL
2010-02-28 14:23 . 2010-02-28 14:24 -------- d-----w- c:\program files\Lexmark Fax Solutions
2010-02-28 14:22 . 2010-02-28 14:23 -------- d-----w- c:\program files\Abbyy FineReader 6.0 Sprint
2010-02-28 14:21 . 2007-06-28 13:52 1645320 ----a-w- c:\windows\system32\gdiplus.dll
2010-02-28 14:21 . 2010-02-28 14:34 -------- d-----w- c:\program files\Lexmark Toolbar
2010-02-28 14:21 . 2008-02-27 23:07 17064 ----a-w- c:\windows\system32\lxdnwupd.exe
2010-02-28 14:21 . 2007-11-21 14:39 102400 ----a-w- c:\windows\system32\lxdnwupd.dll
2010-02-28 14:21 . 2007-11-28 23:09 438272 ----a-w- c:\windows\system32\LXDNhcp.dll
2010-02-28 14:21 . 2007-11-28 23:09 348160 ----a-w- c:\windows\system32\LXDNinst.dll
2010-02-28 14:21 . 2010-02-28 14:34 -------- d-----w- c:\program files\Lexmark 2600 Series
2010-02-28 14:18 . 2008-02-15 04:52 348160 ----a-r- c:\windows\system32\lxdncoin.dll
2010-02-28 14:17 . 2004-08-03 21:58 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-02-28 14:17 . 2004-08-03 21:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-02-28 14:17 . 2001-10-24 11:25 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2010-02-28 14:17 . 2001-10-24 11:25 87040 ----a-w- c:\windows\system32\wiafbdrv.dll
2010-02-11 20:24 . 2009-04-06 09:08 4682 ----a-w- c:\windows\system32\npptNT2.sys
2010-02-11 20:05 . 2010-03-03 21:57 -------- d-----w- c:\program files\Lineage II
2010-02-09 23:26 . 2010-02-09 23:26 -------- d-----w- c:\program files\Combined Community Codec Pack
2010-02-07 21:46 . 2003-10-27 13:06 89360 ----a-w- c:\windows\system32\VB5DB.DLL
2010-02-07 21:46 . 2003-10-27 13:06 69632 ----a-w- c:\windows\system32\xmltok.dll
2010-02-07 21:46 . 2003-10-27 13:06 36864 ----a-w- c:\windows\system32\xmlparse.dll
2010-02-07 21:46 . 2003-10-27 13:06 26096 ----a-w- c:\windows\system32\xmlinst.exe
2010-02-07 21:46 . 2003-10-27 13:06 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-02-07 21:43 . 2010-02-10 15:37 -------- d-----w- c:\program files\UBISOFT

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-04 15:48 . 2009-03-21 21:06 -------- d-----w- c:\program files\Trend Micro
2010-03-04 15:24 . 2009-12-10 08:13 -------- d-----w- c:\program files\Common Files\Motive
2010-03-04 10:55 . 2009-07-29 22:18 -------- d-----w- c:\program files\Google
2010-02-11 20:05 . 2009-03-21 20:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-07 21:47 . 2002-03-25 20:02 12528 ----a-w- c:\windows\system32\drivers\secdrv.sys
2010-02-07 15:43 . 2009-10-19 16:27 -------- d-----r- c:\program files\Skype
2010-02-07 15:41 . 2009-03-21 20:08 -------- d-----w- c:\program files\Common Files\InstallShield
2010-02-02 16:50 . 2009-07-24 22:19 -------- d-----w- c:\program files\ICQ6.5
2009-01-27 01:34 . 2009-01-27 01:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-01-27 01:34 . 2009-01-27 01:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-10-15_22.18.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 01:19 . 2007-11-07 01:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 05:07 . 2008-07-29 05:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 05:07 . 2008-07-29 05:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2006-12-01 23:46 . 2006-12-01 23:46 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
+ 2006-12-01 23:08 . 2006-12-01 23:08 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2006-12-01 23:08 . 2006-12-01 23:08 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2006-12-01 23:08 . 2006-12-01 23:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2006-12-01 23:08 . 2006-12-01 23:08 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2006-12-01 23:08 . 2006-12-01 23:08 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2006-12-01 23:08 . 2006-12-01 23:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-01 23:08 . 2006-12-01 23:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2006-12-01 23:08 . 2006-12-01 23:08 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-01 23:08 . 2006-12-01 23:08 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2006-12-01 23:26 . 2006-12-01 23:26 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2006-12-01 23:25 . 2006-12-01 23:25 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2006-12-01 21:56 . 2006-12-01 21:56 96256 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2007-10-02 22:51 . 2007-10-02 22:51 69632 c:\windows\twain_32\Lexmark\2600 Series\lxdncnv4.dll
+ 2007-11-05 14:32 . 2007-11-05 14:32 77906 c:\windows\twain_32\Lexmark\2600 Series\lxdncfg.dll
+ 2007-11-20 23:44 . 2007-11-20 23:44 81920 c:\windows\twain_32\Lexmark\2600 Series\lxdncaps.dll
+ 2010-02-18 16:27 . 2010-02-18 16:27 16384 c:\windows\Temp\Perflib_Perfdata_b8.dat
+ 2009-09-08 09:28 . 2005-12-05 17:07 61136 c:\windows\system32\xinput9_1_0.dll
- 2009-09-08 09:28 . 2005-12-05 16:07 61136 c:\windows\system32\xinput9_1_0.dll
- 2009-09-08 09:28 . 2007-04-04 16:53 81768 c:\windows\system32\xinput1_3.dll
+ 2009-09-08 09:28 . 2007-04-04 17:53 81768 c:\windows\system32\xinput1_3.dll
- 2009-09-08 09:28 . 2006-07-28 07:30 62744 c:\windows\system32\xinput1_2.dll
+ 2009-09-08 09:28 . 2006-07-28 08:30 62744 c:\windows\system32\xinput1_2.dll
+ 2009-09-08 09:28 . 2006-03-31 11:39 62672 c:\windows\system32\xinput1_1.dll
- 2009-09-08 09:28 . 2006-03-31 10:39 62672 c:\windows\system32\xinput1_1.dll
+ 2009-09-08 09:28 . 2007-03-05 11:42 15128 c:\windows\system32\x3daudio1_1.dll
- 2009-09-08 09:28 . 2007-03-05 10:42 15128 c:\windows\system32\x3daudio1_1.dll
+ 2009-09-08 09:28 . 2006-02-03 07:41 14032 c:\windows\system32\x3daudio1_0.dll
- 2009-09-08 09:28 . 2006-02-03 06:41 14032 c:\windows\system32\x3daudio1_0.dll
+ 2006-09-28 17:56 . 2006-09-28 17:56 55808 c:\windows\system32\WudfSvc.dll
+ 2006-09-28 19:13 . 2006-09-28 19:13 95344 c:\windows\system32\WUDFCoinstaller.dll
+ 2006-11-02 10:51 . 2006-11-02 10:51 39936 c:\windows\system32\wpdshextres.dll
+ 2006-10-18 19:00 . 2006-10-18 19:00 17408 c:\windows\system32\wpdshextautoplay.exe
+ 2006-10-18 20:47 . 2006-10-18 20:47 63488 c:\windows\system32\wpdmtpus.dll
+ 2006-10-18 20:47 . 2006-10-18 20:47 35840 c:\windows\system32\wpdconns.dll
+ 2001-10-25 14:00 . 2006-10-18 20:47 37376 c:\windows\system32\wmdmps.dll
+ 2001-10-25 14:00 . 2006-10-18 20:47 33792 c:\windows\system32\wmdmlog.dll
+ 2009-12-23 10:27 . 2005-11-30 04:00 59392 c:\windows\system32\spool\prtprocs\w32x86\CNMPP50.DLL
+ 2009-12-23 10:27 . 2005-11-30 04:00 20992 c:\windows\system32\spool\prtprocs\w32x86\CNMPD50.DLL
+ 2010-02-28 14:18 . 2007-11-21 15:02 57344 c:\windows\system32\spool\drivers\w32x86\lexmark_2600_seriesaa0d\lxdnwbgc.dll
+ 2008-02-27 23:07 . 2008-02-27 23:07 82600 c:\windows\system32\spool\drivers\w32x86\lexmark_2600_seriesaa0d\lxdnview.exe
+ 2008-02-27 23:07 . 2008-02-27 23:07 82600 c:\windows\system32\spool\drivers\w32x86\lexmark_2600_seriesaa0d\lxdnupld.exe
+ 2007-11-27 10:50 . 2007-11-27 10:50 90112 c:\windows\system32\spool\drivers\w32x86\lexmark_2600_seriesaa0d\lxdnupdr.dll
+ 2008-02-07 20:16 . 2008-02-07 20:16 65536 c:\windows\system32\spool\drivers\w32x86\lexmark_2600_seriesaa0d\lxdnupd.dll
+ 2008-02-27 23:07 . 2008-02-27 23:07 82600 c:\windows\system32\spool\drivers\w32x86\lexmark_2600_seriesaa0d\lxdntime.exe
+ 2007-07-25 15:36 . 2007-07-25 15:36 98304 c:\windows\system32\spool\drivers\w32x86\lexmark_2600_seriesaa0d\lxdntime.dll
+ 2008-02-27 23:07 . 2008-02-27 23:07 98984 c:\windows\system32\spool\drivers\w32x86\lexmark_2600_seriesaa0d\lxdnserv.exe
+ 2007-11-27 10:50 . 2007-11-27 10:50 36864 c:\windows\system32\spool\drivers\w32x86\lexmark_2600_seriesaa0d\lxdncur.dll
+ 2008-02-07 20:19 . 2008-02-07 20:19 90112 c:\windows\system32\spool\drivers\w32x86\lexmark_2600_seriesaa0d\lxdncub.dll
+ 2008-02-07 20:16 . 2008-02-07 20:16 77824 c:\windows\system32\spool\drivers\w32x86\lexmark_2600_seriesaa0d\lxdncu.dll
+ 2010-02-28 14:18 . 2007-11-05 14:32 77906 c:\windows\system32\spool\drivers\w32x86\lexmark_2600_seriesaa0d\lxdncfg.dll
+ 2007-03-26 15:39 . 2007-03-26 15:39 73728 c:\windows\system32\spool\drivers\w32x86\lexmark_2600_seriesaa0d\lxdncats.dll
+ 2007-07-06 22:41 . 2007-07-06 22:41 45056 c:\windows\system32\spool\drivers\w32x86\lexmark_2600_seriesaa0d\lxdnbubl.dll
+ 2010-02-28 14:21 . 2008-02-27 23:07 17064 c:\windows\system32\spool\drivers\w32x86\3\lxdnwupd.exe
+ 2010-02-28 14:18 . 2007-11-21 15:02 57344 c:\windows\system32\spool\drivers\w32x86\3\lxdnwbgc.dll
+ 2008-02-27 23:07 . 2008-02-27 23:07 82600 c:\windows\system32\spool\drivers\w32x86\3\lxdnview.exe
+ 2010-02-28 14:21 . 2007-11-21 14:47 13312 c:\windows\system32\spool\drivers\w32x86\3\LXDNuptr.dll
+ 2008-02-27 23:07 . 2008-02-27 23:07 82600 c:\windows\system32\spool\drivers\w32x86\3\lxdnupld.exe
+ 2007-11-27 10:50 . 2007-11-27 10:50 90112 c:\windows\system32\spool\drivers\w32x86\3\lxdnupdr.dll
+ 2008-02-07 20:16 . 2008-02-07 20:16 65536 c:\windows\system32\spool\drivers\w32x86\3\lxdnupd.dll
+ 2008-02-27 23:07 . 2008-02-27 23:07 82600 c:\windows\system32\spool\drivers\w32x86\3\lxdntime.exe
+ 2007-07-25 15:36 . 2007-07-25 15:36 98304 c:\windows\system32\spool\drivers\w32x86\3\lxdntime.dll
+ 2008-02-27 23:07 . 2008-02-27 23:07 98984 c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe
+ 2007-11-27 10:50 . 2007-11-27 10:50 36864 c:\windows\system32\spool\drivers\w32x86\3\lxdncur.dll
+ 2008-02-07 20:19 . 2008-02-07 20:19 90112 c:\windows\system32\spool\drivers\w32x86\3\lxdncub.dll
+ 2008-02-07 20:16 . 2008-02-07 20:16 77824 c:\windows\system32\spool\drivers\w32x86\3\lxdncu.dll
+ 2010-02-28 14:18 . 2007-11-05 14:32 77906 c:\windows\system32\spool\drivers\w32x86\3\lxdncfg.dll
+ 2007-03-26 15:39 . 2007-03-26 15:39 73728 c:\windows\system32\spool\drivers\w32x86\3\lxdncats.dll
+ 2007-07-06 22:41 . 2007-07-06 22:41 45056 c:\windows\system32\spool\drivers\w32x86\3\lxdnbubl.dll
+ 2009-12-18 08:04 . 2005-10-12 23:12 14048 c:\windows\system32\spmsg.dll
+ 2009-11-21 18:02 . 1999-09-08 12:45 24928 c:\windows\system32\Sigres.exe
+ 2009-11-05 15:42 . 2006-08-18 08:42 61440 c:\windows\system32\ReinstallBackups\0015\DriverFiles\igfxsrvc.dll
+ 2009-11-05 15:42 . 2008-02-15 11:46 24576 c:\windows\system32\ReinstallBackups\0015\DriverFiles\igfxexps.dll
+ 2009-11-05 15:42 . 2006-08-18 08:41 45697 c:\windows\system32\ReinstallBackups\0015\DriverFiles\ialmrnt5.dll
+ 2009-11-05 15:42 . 2006-08-18 08:41 49152 c:\windows\system32\ReinstallBackups\0015\DriverFiles\ialmrem.dll
+ 2009-11-05 15:42 . 2006-08-18 08:41 61440 c:\windows\system32\ReinstallBackups\0015\DriverFiles\iAlmCoIn.dll
+ 2009-11-05 15:42 . 2006-08-18 08:41 77824 c:\windows\system32\ReinstallBackups\0015\DriverFiles\hkcmd.exe
+ 2009-11-05 15:42 . 2006-08-18 08:41 73728 c:\windows\system32\ReinstallBackups\0015\DriverFiles\hccutils.dll
+ 2009-11-05 15:41 . 2006-08-18 08:42 94208 c:\windows\system32\ReinstallBackups\0014\DriverFiles\igfxtray.exe
+ 2009-11-05 15:41 . 2006-08-18 08:42 61440 c:\windows\system32\ReinstallBackups\0014\DriverFiles\igfxsrvc.dll
+ 2009-11-05 15:41 . 2006-08-18 08:41 94208 c:\windows\system32\ReinstallBackups\0014\DriverFiles\igfxext.exe
+ 2009-11-05 15:41 . 2006-08-18 08:41 40960 c:\windows\system32\ReinstallBackups\0014\DriverFiles\igfxexps.dll
+ 2009-11-05 15:41 . 2006-08-18 08:41 86016 c:\windows\system32\ReinstallBackups\0014\DriverFiles\igfxdo.dll
+ 2009-11-05 15:41 . 2006-08-18 08:41 45697 c:\windows\system32\ReinstallBackups\0014\DriverFiles\ialmrnt5.dll
+ 2009-11-05 15:41 . 2006-08-18 08:41 49152 c:\windows\system32\ReinstallBackups\0014\DriverFiles\ialmrem.dll
+ 2009-11-05 15:41 . 2006-08-18 08:41 61440 c:\windows\system32\ReinstallBackups\0014\DriverFiles\iAlmCoIn.dll
+ 2009-11-05 15:41 . 2006-08-18 08:41 77824 c:\windows\system32\ReinstallBackups\0014\DriverFiles\hkcmd.exe
+ 2009-11-05 15:41 . 2006-08-18 08:41 73728 c:\windows\system32\ReinstallBackups\0014\DriverFiles\hccutils.dll
+ 2001-10-25 14:00 . 2009-10-27 14:31 58930 c:\windows\system32\perfc009.dat
- 2001-10-25 14:00 . 2009-09-08 03:20 58930 c:\windows\system32\perfc009.dat
- 2001-10-25 14:00 . 2009-09-08 03:20 69114 c:\windows\system32\perfc005.dat
+ 2001-10-25 14:00 . 2009-10-27 14:31 69114 c:\windows\system32\perfc005.dat
+ 2009-03-22 22:24 . 2006-10-18 20:47 27136 c:\windows\system32\mspmsnsv.dll
+ 2009-10-24 14:41 . 2009-10-24 14:41 88589 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2007-11-28 17:51 . 2007-11-28 17:51 40960 c:\windows\system32\lxdnvs.dll
+ 2007-11-28 23:10 . 2007-11-28 23:10 53248 c:\windows\system32\lxdnprox.dll
+ 2007-11-27 10:50 . 2007-11-27 10:50 36864 c:\windows\system32\lxdncur.dll
+ 2008-02-07 20:19 . 2008-02-07 20:19 90112 c:\windows\system32\lxdncub.dll
+ 2008-02-07 20:16 . 2008-02-07 20:16 77824 c:\windows\system32\lxdncu.dll
+ 2007-10-02 22:51 . 2007-10-02 22:51 69632 c:\windows\system32\lxdncnv4.dll
+ 2007-11-05 14:32 . 2007-11-05 14:32 77906 c:\windows\system32\lxdncfg.dll
+ 2007-11-20 23:44 . 2007-11-20 23:44 81920 c:\windows\system32\lxdncaps.dll
+ 2002-09-20 18:04 . 2006-10-18 20:47 11264 c:\windows\system32\LAPRXY.dll
+ 2009-11-05 15:41 . 2008-03-07 11:56 73728 c:\windows\system32\Lang\HDMI\CSY\HDMICSY.dll
+ 2009-11-05 15:41 . 2008-02-15 12:12 57344 c:\windows\system32\igxprd32.dll
+ 2008-05-13 18:13 . 2008-02-15 11:46 48128 c:\windows\system32\igfxsrvc.dll
+ 2008-05-13 18:13 . 2008-02-15 11:46 24576 c:\windows\system32\igfxexps.dll
+ 2009-11-21 18:02 . 1999-09-08 12:45 44544 c:\windows\system32\GIF89.DLL
+ 2006-01-17 19:50 . 2006-01-17 19:50 61952 c:\windows\system32\execryptorvb.dll
+ 2009-11-05 15:41 . 2008-02-15 12:12 57344 c:\windows\system32\DRVSTORE\igxp32_28D4AE6A4B66DD890D24C65EE34E5B62AB7E0BB9\igxprd32.dll
+ 2009-11-05 15:41 . 2008-02-15 11:46 48128 c:\windows\system32\DRVSTORE\igxp32_28D4AE6A4B66DD890D24C65EE34E5B62AB7E0BB9\igfxsrvc.dll
+ 2009-11-05 15:41 . 2008-02-15 11:46 24576 c:\windows\system32\DRVSTORE\igxp32_28D4AE6A4B66DD890D24C65EE34E5B62AB7E0BB9\igfxexps.dll
+ 2006-10-18 19:00 . 2006-10-18 19:00 38528 c:\windows\system32\drivers\wpdusb.sys
+ 2009-12-23 10:27 . 2004-08-03 22:01 25856 c:\windows\system32\drivers\usbprint.sys
+ 2009-11-05 18:03 . 2009-11-05 18:03 25416 c:\windows\system32\drivers\lirsgt.sys
+ 2001-08-17 21:52 . 2001-08-17 20:52 18688 c:\windows\system32\drivers\cdaudio.sys
- 2001-08-17 21:52 . 2001-10-25 14:00 18688 c:\windows\system32\drivers\cdaudio.sys
+ 2009-03-22 22:24 . 2004-08-17 14:49 98304 c:\windows\system32\dllcache\wmpband.dll
+ 2009-03-21 18:22 . 2004-08-17 14:49 41472 c:\windows\system32\dllcache\wmipsess.dll
+ 2009-03-21 18:22 . 2004-08-17 14:49 62976 c:\windows\system32\dllcache\wmipjobj.dll
+ 2009-03-21 18:22 . 2004-08-17 14:49 62464 c:\windows\system32\dllcache\wmipiprt.dll
+ 2009-03-21 18:22 . 2004-08-17 14:49 60928 c:\windows\system32\dllcache\wmicookr.dll
+ 2001-10-25 14:00 . 2004-08-17 14:49 42496 c:\windows\system32\dllcache\wbemperf.dll
+ 2009-03-22 22:24 . 2004-08-03 21:29 25471 c:\windows\system32\dllcache\watv10nt.sys
+ 2009-03-22 22:24 . 2004-08-03 21:29 22271 c:\windows\system32\dllcache\watv06nt.sys
+ 2009-03-22 22:24 . 2004-08-03 21:29 11935 c:\windows\system32\dllcache\wadv11nt.sys
+ 2009-03-22 22:24 . 2004-08-03 21:29 11871 c:\windows\system32\dllcache\wadv09nt.sys
+ 2009-03-22 22:24 . 2004-08-03 21:29 11295 c:\windows\system32\dllcache\wadv08nt.sys
+ 2009-03-22 22:24 . 2004-08-03 21:29 11807 c:\windows\system32\dllcache\wadv07nt.sys
+ 2009-03-22 22:24 . 2004-08-03 22:04 13568 c:\windows\system32\dllcache\wacompen.sys
+ 2009-03-21 18:24 . 2004-08-17 14:49 30208 c:\windows\system32\dllcache\wabmig.exe
+ 2009-03-21 18:24 . 2004-08-17 14:49 84992 c:\windows\system32\dllcache\wabimp.dll
+ 2009-03-21 18:24 . 2004-08-17 14:49 32768 c:\windows\system32\dllcache\wabfind.dll
+ 2009-03-21 18:24 . 2004-08-17 14:49 46080 c:\windows\system32\dllcache\wab.exe
+ 2001-10-25 14:00 . 2004-08-17 14:44 52480 c:\windows\system32\dllcache\volsnap.sys
+ 2009-03-22 22:24 . 2004-08-03 22:07 42240 c:\windows\system32\dllcache\viaagp.sys
+ 2009-03-22 22:24 . 2004-08-17 14:49 11325 c:\windows\system32\dllcache\vchnt5.dll
+ 2001-08-17 22:02 . 2001-10-25 14:00 58112 c:\windows\system32\dllcache\vdmindvd.sys
+ 2009-03-22 22:24 . 2004-08-03 22:10 78464 c:\windows\system32\dllcache\usbvideo.sys
+ 2009-03-21 20:43 . 2004-08-03 22:08 26496 c:\windows\system32\dllcache\usbstor.sys
+ 2009-12-23 10:27 . 2004-08-03 22:01 25856 c:\windows\system32\dllcache\usbprint.sys
+ 2002-08-29 01:32 . 2004-08-03 22:08 16000 c:\windows\system32\dllcache\usbintel.sys
+ 2001-08-17 22:03 . 2001-10-25 14:00 23936 c:\windows\system32\dllcache\usbcamd2.sys
+ 2001-08-17 22:03 . 2001-10-25 14:00 23808 c:\windows\system32\dllcache\usbcamd.sys
+ 2009-03-22 22:24 . 2004-08-03 22:04 12672 c:\windows\system32\dllcache\usb8023x.sys
+ 2001-10-25 14:00 . 2004-08-03 22:04 12672 c:\windows\system32\dllcache\usb8023.sys
+ 2002-08-29 01:06 . 2004-08-03 22:00 66176 c:\windows\system32\dllcache\udfs.sys
+ 2009-03-22 22:24 . 2004-08-03 22:07 44672 c:\windows\system32\dllcache\uagp35.sys
+ 2001-10-25 14:00 . 2004-08-17 14:49 50688 c:\windows\system32\dllcache\twain_32.dll
+ 2002-08-29 01:35 . 2004-08-03 22:03 12416 c:\windows\system32\dllcache\tunmp.sys
+ 2001-08-17 22:06 . 2001-10-25 14:00 21376 c:\windows\system32\dllcache\tsbvcap.sys
+ 2001-08-17 22:01 . 2001-10-25 14:00 51712 c:\windows\system32\dllcache\tosdvd.sys
+ 2009-03-21 18:22 . 2004-08-17 14:49 21896 c:\windows\system32\dllcache\tdtcp.sys
+ 2009-03-21 18:22 . 2004-08-17 14:49 12040 c:\windows\system32\dllcache\tdpipe.sys
+ 2002-08-29 01:28 . 2004-08-03 22:00 14976 c:\windows\system32\dllcache\tape.sys
+ 2002-09-20 18:04 . 2004-08-17 14:49 33792 c:\windows\system32\dllcache\tabletoc.dll
+ 2009-03-22 15:57 . 2004-08-03 22:08 48640 c:\windows\system32\dllcache\stream.sys
+ 2001-10-25 14:00 . 2004-08-17 14:49 33280 c:\windows\system32\dllcache\sstub.dll
+ 2009-03-21 18:25 . 2004-08-17 14:49 58434 c:\windows\system32\dllcache\srchctls.dll
+ 2009-03-21 18:24 . 2004-08-17 14:45 73344 c:\windows\system32\dllcache\sr.sys
+ 2002-08-29 01:11 . 2004-08-17 14:48 62976 c:\windows\system32\dllcache\spgrmr.dll
+ 2002-08-29 01:33 . 2004-08-03 22:09 25472 c:\windows\system32\dllcache\sonydcam.sys
+ 2001-10-25 14:00 . 2004-08-17 14:49 34816 c:\windows\system32\dllcache\sniffpol.dll
+ 2009-03-22 22:24 . 2004-08-03 21:41 13240 c:\windows\system32\dllcache\slwdmsup.sys
+ 2009-03-22 22:24 . 2004-08-17 14:49 32866 c:\windows\system32\dllcache\slrundll.exe
+ 2009-03-22 22:24 . 2004-08-03 21:41 95424 c:\windows\system32\dllcache\slnthal.sys
+ 2009-03-22 22:24 . 2004-08-03 22:07 41088 c:\windows\system32\dllcache\sisagp.sys
+ 2002-08-29 01:27 . 2004-08-03 21:59 11392 c:\windows\system32\dllcache\sfloppy.sys
+ 2009-03-22 22:24 . 2004-08-03 21:59 10240 c:\windows\system32\dllcache\sffp_sd.sys
+ 2009-03-22 22:24 . 2004-08-03 21:59 11136 c:\windows\system32\dllcache\sffdisk.sys
+ 2009-03-21 18:24 . 2004-08-17 14:49 73728 c:\windows\system32\dllcache\setup50.exe
+ 2002-09-20 17:21 . 2004-08-17 14:44 64640 c:\windows\system32\dllcache\serial.sys
+ 2001-10-25 14:00 . 2004-08-03 21:59 15488 c:\windows\system32\dllcache\serenum.sys
+ 2002-08-29 01:27 . 2004-08-03 21:59 96256 c:\windows\system32\dllcache\scsiport.sys
+ 2009-03-21 18:22 . 2004-08-17 14:49 36864 c:\windows\system32\dllcache\scrcons.exe
+ 2009-03-21 18:24 . 2004-08-17 14:49 61440 c:\windows\system32\dllcache\rrcm.dll
+ 2009-03-22 22:24 . 2004-08-03 22:04 30080 c:\windows\system32\dllcache\rndismpx.sys
+ 2001-10-25 14:00 . 2004-08-03 22:04 30080 c:\windows\system32\dllcache\rndismp.sys
+ 2001-08-17 21:24 . 2001-10-25 14:00 12032 c:\windows\system32\dllcache\riodrv.sys
+ 2001-08-17 21:24 . 2001-10-25 14:00 12032 c:\windows\system32\dllcache\rio8drv.sys
+ 2009-03-22 22:24 . 2004-08-03 22:10 59648 c:\windows\system32\dllcache\rfcomm.sys
+ 2009-03-22 22:24 . 2004-08-03 21:41 13776 c:\windows\system32\dllcache\recagent.sys
+ 2002-09-20 17:17 . 2004-08-17 14:43 39168 c:\windows\system32\dllcache\processr.sys
+ 2009-03-21 18:22 . 2004-08-17 14:49 92672 c:\windows\system32\dllcache\policman.dll
+ 2009-03-21 20:09 . 2004-08-03 21:59 25088 c:\windows\system32\dllcache\pciidex.sys
+ 2009-03-21 20:09 . 2004-08-17 14:43 68736 c:\windows\system32\dllcache\pci.sys
+ 2002-09-20 17:15 . 2004-08-17 14:43 80000 c:\windows\system32\dllcache\parport.sys
+ 2002-09-20 17:15 . 2004-08-17 14:43 46336 c:\windows\system32\dllcache\p3.sys
+ 2009-03-21 18:24 . 2004-08-17 14:49 51712 c:\windows\system32\dllcache\oobebaln.exe
+ 2002-08-29 01:33 . 2004-08-03 22:10 61056 c:\windows\system32\dllcache\ohci1394.sys
+ 2009-03-21 18:24 . 2004-08-17 14:49 35328 c:\windows\system32\dllcache\oemiglib.dll
+ 2009-03-21 18:24 . 2004-08-17 14:49 60416 c:\windows\system32\dllcache\oemig50.exe
+ 2002-09-20 18:01 . 2004-08-17 14:49 17408 c:\windows\system32\dllcache\ocmsn.dll
+ 2002-09-20 18:04 . 2004-08-17 14:49 15872 c:\windows\system32\dllcache\ocgen.dll
+ 2001-10-25 14:00 . 2004-08-03 22:03 88448 c:\windows\system32\dllcache\nwlnkipx.sys
+ 2001-10-25 14:00 . 2004-08-17 14:49 62976 c:\windows\system32\dllcache\ntoc.dll
+ 2009-03-21 18:24 . 2004-08-17 14:49 10240 c:\windows\system32\dllcache\npwmsdrm.dll
+ 2002-09-20 18:05 . 2004-08-17 14:49 15360 c:\windows\system32\dllcache\nppagent.exe
+ 2002-08-29 01:34 . 2004-08-03 21:59 40320 c:\windows\system32\dllcache\nmnt.sys
+ 2009-03-21 18:24 . 2004-08-17 14:49 81920 c:\windows\system32\dllcache\nmchat.dll
+ 2009-03-21 18:24 . 2004-08-17 14:49 77824 c:\windows\system32\dllcache\nmcom.dll
+ 2009-03-21 18:24 . 2004-08-17 14:49 28672 c:\windows\system32\dllcache\nmasnt.dll
+ 2001-08-17 21:24 . 2001-10-25 14:00 12032 c:\windows\system32\dllcache\nikedrv.sys
+ 2002-09-20 18:04 . 2004-08-17 14:49 77312 c:\windows\system32\dllcache\netoc.dll
+ 2002-09-20 18:04 . 2004-08-17 14:49 57344 c:\windows\system32\dllcache\ndisnpp.dll
+ 2009-03-22 22:24 . 2004-08-03 22:04 12672 c:\windows\system32\dllcache\mutohpen.sys
+ 2009-03-21 20:14 . 2004-08-17 14:49 24576 c:\windows\system32\dllcache\msxactps.dll
+ 2009-03-21 18:24 . 2004-08-17 14:49 57344 c:\windows\system32\dllcache\mst123.dll
+ 2009-03-21 18:24 . 2004-08-17 14:49 18944 c:\windows\system32\dllcache\msobweb.dll
+ 2009-03-21 18:24 . 2004-08-17 14:49 31232 c:\windows\system32\dllcache\msobshel.dll
+ 2009-03-21 18:24 . 2004-08-17 14:49 16384 c:\windows\system32\dllcache\msobdl.dll
+ 2001-10-25 14:00 . 2004-08-17 14:49 39936 c:\windows\system32\dllcache\mslwvtts.dll
+ 2002-09-20 18:04 . 2004-08-17 14:49 15360 c:\windows\system32\dllcache\msgrocm.dll
+ 2009-03-21 20:14 . 2004-08-17 14:49 36864 c:\windows\system32\dllcache\msdfmap.dll
+ 2009-03-21 20:14 . 2004-08-17 14:49 20480 c:\windows\system32\dllcache\msdatt.dll
+ 2009-03-21 20:14 . 2004-08-17 14:48 16384 c:\windows\system32\dllcache\msdaremr.dll
+ 2009-03-21 20:14 . 2004-08-17 14:48 16384 c:\windows\system32\dllcache\msdaprsr.dll
+ 2009-03-21 20:14 . 2004-08-17 14:49 77824 c:\windows\system32\dllcache\msdaosp.dll
+ 2009-03-21 20:14 . 2004-08-17 14:48 16384 c:\windows\system32\dllcache\msdaorar.dll
+ 2009-03-21 20:14 . 2004-08-17 14:49 57344 c:\windows\system32\dllcache\msadrh15.dll
+ 2009-03-21 20:14 . 2004-08-17 14:49 57344 c:\windows\system32\dllcache\msador15.dll
+ 2009-03-21 20:14 . 2004-08-17 14:48 24576 c:\windows\system32\dllcache\msaddsr.dll
+ 2009-03-21 20:14 . 2004-08-17 14:49 53248 c:\windows\system32\dllcache\msadcs.dll
+ 2009-03-21 20:14 . 2004-08-17 14:48 16384 c:\windows\system32\dllcache\msadcor.dll
+ 2009-03-21 20:14 . 2004-08-17 14:48 16384 c:\windows\system32\dllcache\msadcfr.dll
+ 2009-03-21 20:14 . 2004-08-17 14:49 61440 c:\windows\system32\dllcache\msadcf.dll
+ 2002-08-29 01:45 . 2004-08-03 21:58 72960 c:\windows\system32\dllcache\mqac.sys
+ 2001-10-25 14:00 . 2004-08-03 21:58 42240 c:\windows\system32\dllcache\mountmgr.sys
+ 2009-03-21 18:22 . 2004-08-17 14:49 16896 c:\windows\system32\dllcache\mofcomp.exe
+ 2009-03-21 19:08 . 2004-08-17 14:43 69008 c:\windows\system32\dllcache\mmsystem.dll
+ 2001-08-17 21:58 . 2004-08-03 22:07 63744 c:\windows\system32\dllcache\mf.sys
+ 2002-09-20 18:04 . 2004-08-17 14:49 16896 c:\windows\system32\dllcache\medctroc.dll
+ 2002-09-20 18:04 . 2004-08-17 14:49 19968 c:\windows\system32\dllcache\log.dll
+ 2001-10-25 14:00 . 2004-08-03 21:59 92032 c:\windows\system32\dllcache\ksecdd.sys
+ 2009-03-21 18:22 . 2004-08-17 14:49 24576 c:\windows\system32\dllcache\krnlprov.dll
+ 2009-03-21 19:08 . 2004-08-03 22:00 11264 c:\windows\system32\dllcache\irenum.sys
+ 2009-03-22 22:24 . 2004-08-03 22:08 40832 c:\windows\system32\dllcache\irbus.sys
+ 2001-10-25 14:00 . 2004-08-03 22:04 20992 c:\windows\system32\dllcache\ipinip.sys
+ 2009-03-22 22:24 . 2004-08-03 22:00 29056 c:\windows\system32\dllcache\ip6fw.sys
+ 2009-03-21 18:24 . 2004-08-17 14:49 20480 c:\windows\system32\dllcache\inetwiz.exe
- 2009-03-29 10:29 . 2009-02-19 09:58 18432 c:\windows\system32\dllcache\iedw.exe
+ 2009-03-22 22:24 . 2009-02-19 09:58 18432 c:\windows\system32\dllcache\iedw.exe
+ 2009-03-21 18:24 . 2004-08-17 14:49 49152 c:\windows\system32\dllcache\icwutil.dll
+ 2009-03-21 18:24 . 2004-08-17 14:49 24576 c:\windows\system32\dllcache\icwrmind.exe
+ 2009-03-21 18:24 . 2004-08-17 14:49 32768 c:\windows\system32\dllcache\icwdl.dll
+ 2009-03-21 18:24 . 2004-08-17 14:49 86016 c:\windows\system32\dllcache\icwconn2.exe
+ 2009-03-21 18:24 . 2004-08-17 14:49 61440 c:\windows\system32\dllcache\icwconn.dll
+ 2009-03-22 22:24 . 2004-08-17 14:49 15423 c:\windows\system32\dllcache\ch7xxnt5.dll
+ 2009-03-21 18:24 . 2004-08-17 14:49 18944 c:\windows\system32\dllcache\hscupd.exe
+ 2009-03-21 18:24 . 2004-08-17 14:49 38912 c:\windows\system32\dllcache\hmmapi.dll
+ 2009-03-22 22:24 . 2004-08-03 22:08 15104 c:\windows\system32\dllcache\hidir.sys
+ 2009-03-22 22:24 . 2004-08-17 14:44 25600 c:\windows\system32\dllcache\hidbth.sys
+ 2002-09-20 18:05 . 2004-08-17 14:49 10752 c:\windows\system32\dllcache\hh.exe
+ 2009-03-21 18:24 . 2004-08-17 14:49 57344 c:\windows\system32\dllcache\h323cc.dll
+ 2009-03-22 22:24 . 2004-08-03 22:07 46464 c:\windows\system32\dllcache\gagp30kx.sys
+ 2001-10-24 11:55 . 2001-10-25 14:00 12160 c:\windows\system32\dllcache\fsvga.sys
+ 2002-09-20 18:03 . 2004-08-17 14:49 32828 c:\windows\system32\dllcache\fp40ext.dll
+ 2002-08-29 01:27 . 2004-08-03 21:59 20480 c:\windows\system32\dllcache\flpydisk.sys
+ 2001-10-25 14:00 . 2004-08-03 21:59 27392 c:\windows\system32\dllcache\fdc.sys
+ 2001-10-25 14:00 . 2004-08-17 14:49 45568 c:\windows\system32\dllcache\evtgprov.dll
+ 2002-09-20 18:03 . 2004-08-17 14:49 22016 c:\windows\system32\dllcache\evntrprv.dll
+ 2009-03-21 19:07 . 2004-08-03 22:07 52864 c:\windows\system32\dllcache\dmusic.sys
+ 2002-08-29 01:27 . 2004-08-03 21:59 36352 c:\windows\system32\dllcache\disk.sys
+ 2009-03-21 18:24 . 2004-08-17 14:49 40960 c:\windows\system32\dllcache\dcap32.dll
+ 2009-03-22 22:24 . 2004-08-17 14:49 28672 c:\windows\system32\dllcache\custsat.dll
+ 2002-09-20 17:21 . 2004-08-17 14:44 40320 c:\windows\system32\dllcache\crusoe.sys
+ 2001-08-17 21:24 . 2001-10-25 14:00 11776 c:\windows\system32\dllcache\cpqdap01.sys
+ 2009-03-21 18:24 . 2004-08-17 14:49 45056 c:\windows\system32\dllcache\confmrsl.dll
+ 2001-08-17 21:52 . 2001-08-17 20:52 18688 c:\windows\system32\dllcache\cdaudio.sys
+ 2001-10-25 14:00 . 2001-10-25 14:00 13952 c:\windows\system32\dllcache\cbidf2k.sys
+ 2009-03-22 22:24 . 2004-08-03 22:10 18944 c:\windows\system32\dllcache\bthusb.sys
+ 2009-03-22 22:24 . 2004-08-03 22:10 35456 c:\windows\system32\dllcache\bthprint.sys
+ 2009-03-22 22:24 . 2004-08-03 22:10 38016 c:\windows\system32\dllcache\bthmodem.sys
+ 2009-03-22 22:24 . 2004-08-03 22:10 17024 c:\windows\system32\dllcache\bthenum.sys
+ 2002-08-29 01:34 . 2004-08-03 21:59 71552 c:\windows\system32\dllcache\bridge.sys
+ 2009-03-21 19:09 . 2001-08-17 21:57 14080 c:\windows\system32\dllcache\battc.sys
+ 2009-03-22 22:24 . 2004-08-17 14:49 17279 c:\windows\system32\dllcache\atv10nt5.dll
+ 2009-03-22 22:24 . 2004-08-17 14:49 14143 c:\windows\system32\dllcache\atv06nt5.dll
+ 2009-03-22 22:24 . 2004-08-17 14:49 25471 c:\windows\system32\dllcache\atv04nt5.dll
+ 2009-03-22 22:24 . 2004-08-17 14:49 11359 c:\windows\system32\dllcache\atv02nt5.dll
+ 2009-03-22 22:24 . 2004-08-17 14:49 21183 c:\windows\system32\dllcache\atv01nt5.dll
+ 2002-08-29 01:33 . 2004-08-03 21:58 55936 c:\windows\system32\dllcache\atmlane.sys
+ 2001-10-25 14:00 . 2004-08-03 21:58 59904 c:\windows\system32\dllcache\atmarpc.sys
+ 2009-03-22 22:24 . 2004-08-03 21:29 63488 c:\windows\system32\dllcache\atinxsxx.sys
+ 2009-03-22 22:24 . 2004-08-03 21:29 31744 c:\windows\system32\dllcache\atinxbxx.sys
+ 2009-03-22 22:24 . 2004-08-03 21:29 73216 c:\windows\system32\dllcache\atintuxx.sys
+ 2009-03-22 22:24 . 2004-08-03 21:29 13824 c:\windows\system32\dllcache\atinttxx.sys
+ 2009-03-22 22:24 . 2004-08-03 21:29 28672 c:\windows\system32\dllcache\atinsnxx.sys
+ 2009-03-22 22:24 . 2004-08-03 21:29 52224 c:\windows\system32\dllcache\atinraxx.sys
+ 2009-03-22 22:24 . 2004-08-03 21:29 13824 c:\windows\system32\dllcache\atinmdxx.sys
+ 2009-03-22 22:24 . 2004-08-03 21:29 57856 c:\windows\system32\dllcache\atinbtxx.sys
+ 2009-03-22 22:24 . 2004-08-03 21:29 34735 c:\windows\system32\dllcache\ati1xsxx.sys
+ 2009-03-22 22:24 . 2004-08-03 21:29 29455 c:\windows\system32\dllcache\ati1xbxx.sys
+ 2009-03-22 22:24 . 2004-08-03 21:29 36463 c:\windows\system32\dllcache\ati1tuxx.sys
+ 2009-03-22 22:24 . 2004-08-03 21:29 21343 c:\windows\system32\dllcache\ati1ttxx.sys
+ 2009-03-22 22:24 . 2004-08-03 21:29 26367 c:\windows\system32\dllcache\ati1snxx.sys
+ 2009-03-22 22:24 . 2004-08-03 21:29 63663 c:\windows\system32\dllcache\ati1rvxx.sys
+ 2009-03-22 22:24 . 2004-08-03 21:29 30671 c:\windows\system32\dllcache\ati1raxx.sys
+ 2009-03-22 22:24 . 2004-08-03 21:29 11615 c:\windows\system32\dllcache\ati1mdxx.sys
+ 2009-03-22 22:24 . 2004-08-03 21:29 56623 c:\windows\system32\dllcache\ati1btxx.sys
+ 2001-10-25 14:00 . 2004-08-03 22:05 14336 c:\windows\system32\dllcache\asyncmac.sys
+ 2002-09-20 17:15 . 2004-08-17 14:43 41216 c:\windows\system32\dllcache\amdk7.sys
+ 2002-09-20 17:15 . 2004-08-17 14:43 40832 c:\windows\system32\dllcache\amdk6.sys
+ 2009-03-22 22:24 . 2004-08-03 22:07 43008 c:\windows\system32\dllcache\amdagp.sys
+ 2009-03-22 22:24 . 2004-08-03 22:07 42752 c:\windows\system32\dllcache\alim1541.sys
+ 2001-10-25 14:00 . 2004-08-17 14:49 24064 c:\windows\system32\dllcache\agtintl.dll
+ 2009-03-22 22:24 . 2004-08-03 22:07 44928 c:\windows\system32\dllcache\agpcpq.sys
+ 2009-03-22 22:24 . 2004-08-03 22:07 42368 c:\windows\system32\dllcache\agp440.sys
+ 2001-10-25 14:00 . 2004-08-17 14:49 44032 c:\windows\system32\dllcache\agentsr.dll
+ 2001-10-25 14:00 . 2004-08-17 14:49 24064 c:\windows\system32\dllcache\agentpsh.dll
+ 2001-10-25 14:00 . 2004-08-17 14:49 49152 c:\windows\system32\dllcache\agentmpx.dll
+ 2001-10-25 14:00 . 2004-08-17 14:49 58880 c:\windows\system32\dllcache\agentdpv.dll
+ 2001-10-25 14:00 . 2004-08-17 14:49 24064 c:\windows\system32\dllcache\agentanm.dll
+ 2001-10-25 14:00 . 2001-10-25 14:00 11776 c:\windows\system32\dllcache\acpiec.sys
+ 2002-08-29 01:33 . 2004-08-03 22:10 53248 c:\windows\system32\dllcache\1394bus.sys
- 2009-03-21 18:29 . 2009-03-23 03:01 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-21 18:29 . 2010-03-04 14:38 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-03-21 18:29 . 2009-03-23 03:01 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-03-21 18:29 . 2010-03-04 14:38 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-03-21 18:29 . 2009-03-23 03:01 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-03-04 14:38 . 2010-03-04 14:38 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-12-23 10:26 . 2005-03-08 17:17 90112 c:\windows\system32\CNMCP50.exe
- 2009-09-08 09:28 . 2005-03-18 14:23 12800 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Diagnostics.dll
+ 2009-09-08 09:28 . 2005-03-18 15:23 12800 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Diagnostics.dll
- 2009-09-08 09:28 . 2005-03-18 14:23 53248 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2009-09-08 09:28 . 2005-03-18 15:23 53248 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2010-02-26 22:34 . 2010-02-26 22:34 22528 c:\windows\Installer\bf26af9.msi
+ 2010-02-11 19:43 . 2010-02-11 19:43 29184 c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}\IconCD95F6617.exe
+ 2009-12-22 15:22 . 2009-12-22 15:22 25214 c:\windows\Installer\{C084BC61-E537-11DE-8616-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2009-12-01 17:33 . 2009-12-01 17:33 25214 c:\windows\Installer\{9074AFC0-CFDA-11DE-B484-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2010-01-23 18:18 . 2010-01-23 18:18 32768 c:\windows\Installer\{716E0306-8318-4364-8B8F-0CC4E9376BAC}\icon.exe
+ 2010-01-30 01:21 . 2010-01-30 01:21 25214 c:\windows\Installer\{2EAF7E61-068E-11DF-953C-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2009-11-05 18:03 . 2009-11-05 18:03 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2009-09-08 09:28 . 2009-09-08 09:28 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2009-09-08 09:28 . 2009-09-08 09:28 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2009-11-05 18:03 . 2009-11-05 18:03 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2009-12-18 08:03 . 2006-10-04 14:05 39424 c:\windows\AppPatch\acadproc.dll
+ 2009-12-18 08:02 . 2006-09-28 18:01 58368 c:\windows\$NtUninstallWudf01000$\spuninst\WudfCustom.dll
+ 2009-12-18 08:03 . 2004-08-17 14:49 23552 c:\windows\$NtUninstallWMFDist11$\wmdmps.dll
+ 2009-12-18 08:03 . 2004-08-17 14:49 27136 c:\windows\$NtUninstallWMFDist11$\wmdmlog.dll
+ 2009-12-18 08:03 . 2006-11-02 10:46 13312 c:\windows\$NtUninstallWMFDist11$\spuninst\wpdinstallutil.dll
+ 2009-12-18 08:03 . 2004-08-17 14:49 52224 c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
+ 2009-03-22 22:24 . 2006-10-18 20:47 4096 c:\windows\system32\wmvdmoe2.dll
+ 2002-09-20 18:05 . 2006-10-18 20:47 4096 c:\windows\system32\wmvdmod.dll
+ 2006-10-18 20:47 . 2006-10-18 20:47 4096 c:\windows\system32\WMVADVE.DLL
+ 2006-10-18 20:47 . 2006-10-18 20:47 4096 c:\windows\system32\WMVADVD.dll
+ 2009-03-22 22:24 . 2006-10-18 20:47 4096 c:\windows\system32\wmsdmoe2.dll
+ 2002-09-20 18:05 . 2006-10-18 20:47 4096 c:\windows\system32\wmsdmod.dll
+ 2006-10-18 20:58 . 2006-10-18 20:58 8704 c:\windows\system32\wdfmgr.exe
+ 2006-10-18 20:47 . 2006-10-18 20:47 4096 c:\windows\system32\wdfapi.dll
+ 2006-10-18 20:58 . 2006-10-18 20:58 8704 c:\windows\system32\uwdf.exe
+ 2002-09-20 18:04 . 2006-10-18 20:47 4096 c:\windows\system32\MPG4DMOD.dll
+ 2009-03-22 22:24 . 2006-10-18 20:47 4096 c:\windows\system32\MP4SDMOD.dll
+ 2009-03-22 22:24 . 2006-10-18 20:47 4096 c:\windows\system32\MP43DMOD.dll
+ 2009-03-22 22:24 . 2004-08-17 14:49 5632 c:\windows\system32\dllcache\wmm2res2.dll
+ 2009-03-22 22:24 . 2004-08-17 14:49 7680 c:\windows\system32\dllcache\wmm2ext.dll
+ 2009-03-22 22:24 . 2004-08-17 14:49 4096 c:\windows\system32\dllcache\wmm2eres.dll
+ 2009-03-21 19:07 . 2004-08-03 22:07 6400 c:\windows\system32\dllcache\splitter.sys
+ 2009-03-22 22:24 . 2004-08-03 22:07 6016 c:\windows\system32\dllcache\smbali.sys
+ 2009-03-22 22:24 . 2004-08-17 14:49 3901 c:\windows\system32\dllcache\siint5.dll
+ 2001-10-25 14:00 . 2001-10-25 14:00 3456 c:\windows\system32\dllcache\oprghdlr.sys
+ 2009-03-22 15:57 . 2004-08-03 21:58 5504 c:\windows\system32\dllcache\mstee.sys
+ 2009-03-22 15:57 . 2004-08-03 21:58 4992 c:\windows\system32\dllcache\mspqm.sys
+ 2009-03-22 15:57 . 2004-08-03 21:58 5376 c:\windows\system32\dllcache\mspclock.sys
+ 2009-03-22 15:57 . 2004-08-03 21:58 7552 c:\windows\system32\dllcache\mskssrv.sys
+ 2009-03-21 20:14 . 2004-08-17 14:49 4096 c:\windows\system32\dllcache\msdaurl.dll
+ 2009-03-21 20:14 . 2004-08-17 14:49 4096 c:\windows\system32\dllcache\msdasc.dll
+ 2009-03-21 20:14 . 2004-08-17 14:49 4096 c:\windows\system32\dllcache\msdaer.dll
+ 2009-03-21 20:14 . 2004-08-17 14:49 4096 c:\windows\system32\dllcache\msdaenum.dll
+ 2009-03-21 20:14 . 2004-08-17 14:49 4096 c:\windows\system32\dllcache\msdadc.dll
+ 2009-03-21 18:24 . 2004-08-17 14:49 4639 c:\windows\system32\dllcache\mplayer2.exe
+ 2009-03-21 19:10 . 2001-08-17 21:46 6400 c:\windows\system32\dllcache\enum1394.sys
+ 2009-03-21 19:06 . 2004-08-03 22:07 2944 c:\windows\system32\dllcache\drmkaud.sys
+ 2009-03-21 18:22 . 2004-08-17 14:49 9728 c:\windows\system32\dllcache\comrepl.exe
+ 2009-03-21 19:09 . 2001-08-17 21:58 9344 c:\windows\system32\dllcache\compbatt.sys
+ 2009-03-22 22:24 . 2004-08-17 14:49 3775 c:\windows\system32\dllcache\adv11nt5.dll
+ 2009-03-22 22:24 . 2004-08-17 14:49 3711 c:\windows\system32\dllcache\adv09nt5.dll
+ 2009-03-22 22:24 . 2004-08-17 14:49 3135 c:\windows\system32\dllcache\adv08nt5.dll
+ 2009-03-22 22:24 . 2004-08-17 14:49 3647 c:\windows\system32\dllcache\adv07nt5.dll
+ 2009-03-22 22:24 . 2004-08-17 14:49 3615 c:\windows\system32\dllcache\adv05nt5.dll
+ 2009-03-22 22:24 . 2004-08-17 14:49 3967 c:\windows\system32\dllcache\adv02nt5.dll
+ 2009-03-22 22:24 . 2004-08-17 14:49 4255 c:\windows\system32\dllcache\adv01nt5.dll
+ 2009-12-23 10:27 . 2005-11-30 04:00 8704 c:\windows\system32\CNMVS50.DLL
+ 2009-12-18 08:03 . 2004-08-17 14:49 6656 c:\windows\$NtUninstallWMFDist11$\laprxy.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 02:54 . 2008-07-29 02:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2007-12-03 15:26 . 2007-12-03 15:26 524288 c:\windows\twain_32\Lexmark\2600 Series\lxdnTWUI.dll
+ 2007-12-03 15:15 . 2007-12-03 15:15 311296 c:\windows\twain_32\Lexmark\2600 Series\lxdnTwPro.dll
+ 2007-10-13 02:24 . 2007-10-13 02:24 364544 c:\windows\twain_32\Lexmark\2600 Series\lxdnIPTK.dll
+ 2007-11-21 00:02 . 2007-11-21 00:02 782336 c:\windows\twain_32\Lexmark\2600 Series\lxdndrs.dll
- 2009-09-08 09:28 . 2007-07-19 22:57 267112 c:\windows\system32\xactengine2_9.dll
+ 2009-09-08 09:28 . 2007-07-19 23:57 267112 c:\windows\system32\xactengine2_9.dll
+ 2009-09-08 09:28 . 2007-06-20 19:46 266088 c:\windows\system32\xactengine2_8.dll
- 2009-09-08 09:28 . 2007-06-20 18:46 266088 c:\windows\system32\xactengine2_8.dll
- 2009-09-08 09:28 . 2007-04-04 16:55 261480 c:\windows\system32\xactengine2_7.dll
+ 2009-09-08 09:28 . 2007-04-04 17:55 261480 c:\windows\system32\xactengine2_7.dll
- 2009-09-08 09:28 . 2007-01-24 13:27 255848 c:\windows\system32\xactengine2_6.dll
+ 2009-09-08 09:28 . 2007-01-24 14:27 255848 c:\windows\system32\xactengine2_6.dll
+ 2009-09-08 09:28 . 2006-12-08 11:02 251672 c:\windows\system32\xactengine2_5.dll
- 2009-09-08 09:28 . 2006-12-08 10:02 251672 c:\windows\system32\xactengine2_5.dll
- 2009-09-08 09:28 . 2006-09-28 14:05 237848 c:\windows\system32\xactengine2_4.dll
+ 2009-09-08 09:28 . 2006-09-28 15:05 237848 c:\windows\system32\xactengine2_4.dll
+ 2009-09-08 09:28 . 2006-07-28 08:30 236824 c:\windows\system32\xactengine2_3.dll
- 2009-09-08 09:28 . 2006-07-28 07:30 236824 c:\windows\system32\xactengine2_3.dll
+ 2009-09-08 09:28 . 2006-05-31 06:24 230168 c:\windows\system32\xactengine2_2.dll
- 2009-09-08 09:28 . 2006-05-31 05:24 230168 c:\windows\system32\xactengine2_2.dll
- 2009-09-08 09:28 . 2006-03-31 10:39 229584 c:\windows\system32\xactengine2_1.dll
+ 2009-09-08 09:28 . 2006-03-31 11:39 229584 c:\windows\system32\xactengine2_1.dll
- 2009-09-08 09:28 . 2006-02-03 06:42 230096 c:\windows\system32\xactengine2_0.dll
+ 2009-09-08 09:28 . 2006-02-03 07:42 230096 c:\windows\system32\xactengine2_0.dll

Re: Win32:Rootkit-gen, log z RSIT

Napsal: 04 bře 2010 18:36
od Jookywana
+ 2006-09-28 17:56 . 2006-09-28 17:56 316416 c:\windows\system32\WUDFx.dll
+ 2006-09-28 17:56 . 2006-09-28 17:56 165376 c:\windows\system32\WudfPlatform.dll
+ 2006-09-28 17:56 . 2006-09-28 17:56 146432 c:\windows\system32\WudfHost.exe
+ 2006-10-18 20:47 . 2006-10-18 20:47 356352 c:\windows\system32\wpdsp.dll
+ 2006-10-18 20:47 . 2006-10-18 20:47 133632 c:\windows\system32\WPDShServiceObj.dll
+ 2006-10-18 20:47 . 2006-10-18 20:47 154624 c:\windows\system32\wpdmtp.dll
+ 2006-10-18 20:47 . 2006-10-18 20:47 629760 c:\windows\system32\wpd_ci.dll
+ 2009-11-21 18:02 . 2000-01-27 14:27 557056 c:\windows\system32\WONshell.dll
+ 2009-11-21 18:02 . 2000-01-27 14:27 196608 c:\windows\system32\WONauth.dll
+ 2006-10-18 20:47 . 2006-10-18 20:47 656896 c:\windows\system32\WMVXENCD.dll
+ 2006-10-18 20:47 . 2006-10-18 20:47 767488 c:\windows\system32\WMVSENCD.dll
+ 2009-03-22 22:24 . 2006-10-18 20:47 603648 c:\windows\system32\WMSPDMOD.dll
+ 2002-09-20 18:05 . 2006-10-18 20:47 937984 c:\windows\system32\WMNetMgr.dll
+ 2009-03-22 22:24 . 2006-10-18 20:47 157184 c:\windows\system32\wmidx.dll
+ 2006-10-18 20:47 . 2006-10-18 20:47 535040 c:\windows\system32\wmdrmsdk.dll
+ 2006-10-18 20:47 . 2006-10-18 20:47 348672 c:\windows\system32\wmdrmnet.dll
+ 2006-10-18 20:47 . 2006-10-18 20:47 429056 c:\windows\system32\wmdrmdev.dll
+ 2002-09-20 18:05 . 2006-10-18 20:47 222208 c:\windows\system32\wmasf.dll
+ 2002-09-20 18:05 . 2006-10-18 20:47 757248 c:\windows\system32\WMADMOD.dll
+ 2008-02-27 11:05 . 2008-02-27 11:05 115200 c:\windows\system32\spool\prtprocs\w32x86\lxdndrpp.dll
+ 2010-02-28 14:23 . 2004-08-17 14:48 619520 c:\windows\system32\spool\drivers\w32x86\unires.dll
+ 2010-02-28 14:23 . 2004-08-17 14:49 197632 c:\windows\system32\spool\drivers\w32x86\unidrvui.dll
+ 2010-02-28 14:23 . 2004-08-17 14:49 264704 c:\windows\system32\spool\drivers\w32x86\unidrv.dll
+ 2007-10-26 12:35 . 2007-10-26 12:35 122880 c:\windows\system32\spool\drivers\w32x86\lexmark_2600_seriesaa0d\lxdnxmlu.dll
+ 2010-02-28 14:18 . 2008-02-27 23:07 139944 c:\windows\system32\spool\drivers\w32x86\lexmark_2600_seriesaa0d\lxdnwbgw.exe
+ 2010-02-28 14:18 . 2007-10-04 09:30 339419 c:\windows\system32\spool\drivers\w32x86\lexmark_2600_seriesaa0d\lxdnwavs.exe
+ 2008-02-07 20:14 . 2008-02-07 20:14 524288 c:\windows\system32\spool\drivers\w32x86\lexmark_2600_seriesaa0d\lxdnutil.dll
+ 2010-02-28 14:18 . 2007-11-21 15:02 114688 c:\windows\system32\spool\drivers\w32x86\lexmark_2600_seriesaa0d\lxdnuplr.dll
+ 2008-02-07 20:20 . 2008-02-07 20:20 126976 c:\windows\system32\spool\drivers\w32x86\lexmark_2600_seriesaa0d\lxdnupdb.dll
+ 2007-07-25 15:36 . 2007-07-25 15:36 364544 c:\windows\system32\spool\drivers\w32x86\lexmark_2600_seriesaa0d\lxdnuldr.dll
+ 2007-10-04 09:31 . 2007-10-04 09:31 253952 c:\windows\system32\spool\drivers\w32x86\lexmark_2600_seriesaa0d\lxdnsk0.dll
+ 2007-07-25 15:36 . 2007-07-25 15:36 327680 c:\windows\system32\spool\drivers\w32x86\lexmark_2600_seriesaa0d\lxdnretv.dll
+ 2007-05-24 17:36 . 2007-05-24 17:36 802816 c:\windows\system32\spool\drivers\w32x86\lexmark_2600_seriesaa0d\lxdnptpc.dll
+ 2008-02-27 23:07 . 2008-02-27 23:07 750248 c:\windows\system32\spool\drivers\w32x86\lexmark_2600_seriesaa0d\lxdnpswx.exe
+ 2007-11-27 10:50 . 2007-11-27 10:50 143360 c:\windows\system32\spool\drivers\w32x86\lexmark_2600_seriesaa0d\lxdnpswr.dll
+ 2008-02-07 20:16 . 2008-02-07 20:16 708608 c:\windows\system32\spool\drivers\w32x86\lexmark_2600_seriesaa0d\lxdnpsw.dll
+ 2007-11-27 10:50 . 2007-11-27 10:50 159744 c:\windows\system32\spool\drivers\w32x86\lexmark_2600_seriesaa0d\lxdnprpr.dll
+ 2008-02-07 20:16 . 2008-02-07 20:16 946176 c:\windows\system32\spool\drivers\w32x86\lexmark_2600_seriesaa0d\lxdnprp.dll
+ 2007-11-29 17:17 . 2007-11-29 17:17 544768 c:\windows\system32\spool\drivers\w32x86\lexmark_2600_seriesaa0d\lxdnppx.dll
+ 2007-11-27 10:50 . 2007-11-27 10:50 245760 c:\windows\system32\spool\drivers\w32x86\lexmark_2600_seriesaa0d\lxdnlpar.dll
+ 2006-12-07 11:28 . 2006-12-07 11:28 126976 c:\windows\system32\spool\drivers\w32x86\lexmark_2600_seriesaa0d\lxdnlnks.dll
+ 2008-02-27 23:07 . 2008-02-27 23:07 701096 c:\windows\system32\spool\drivers\w32x86\lexmark_2600_seriesaa0d\lxdnjswx.exe
+ 2007-11-27 10:49 . 2007-11-27 10:49 147456 c:\windows\system32\spool\drivers\w32x86\lexmark_2600_seriesaa0d\lxdnjswr.dll
+ 2008-02-07 20:19 . 2008-02-07 20:19 688128 c:\windows\system32\spool\drivers\w32x86\lexmark_2600_seriesaa0d\lxdnjswb.dll
+ 2008-02-07 20:16 . 2008-02-07 20:16 196608 c:\windows\system32\spool\drivers\w32x86\lexmark_2600_seriesaa0d\lxdnjsw.dll
+ 2007-11-27 10:50 . 2007-11-27 10:50 106496 c:\windows\system32\spool\drivers\w32x86\lexmark_2600_seriesaa0d\lxdninsr.dll
+ 2008-02-07 20:19 . 2008-02-07 20:19 200704 c:\windows\system32\spool\drivers\w32x86\lexmark_2600_seriesaa0d\lxdninsb.dll
+ 2008-02-07 20:16 . 2008-02-07 20:16 176128 c:\windows\system32\spool\drivers\w32x86\lexmark_2600_seriesaa0d\lxdnins.dll
+ 2010-02-28 14:18 . 2007-01-08 22:33 253952 c:\windows\system32\spool\drivers\w32x86\lexmark_2600_seriesaa0d\lxdnibuf.dll
+ 2010-02-28 14:18 . 2007-11-28 23:09 438272 c:\windows\system32\spool\drivers\w32x86\lexmark_2600_seriesaa0d\lxdnhcp.dll
+ 2007-10-04 09:31 . 2007-10-04 09:31 983121 c:\windows\system32\spool\drivers\w32x86\lexmark_2600_seriesaa0d\lxdngf.dll
+ 2007-08-14 11:01 . 2007-08-14 11:01 434176 c:\windows\system32\spool\drivers\w32x86\lexmark_2600_seriesaa0d\lxdnedf.dll
+ 2008-02-27 11:06 . 2008-02-27 11:06 148480 c:\windows\system32\spool\drivers\w32x86\lexmark_2600_seriesaa0d\lxdndrui.dll
+ 2008-02-27 11:05 . 2008-02-27 11:05 195072 c:\windows\system32\spool\drivers\w32x86\lexmark_2600_seriesaa0d\lxdndr.dll
+ 2007-05-29 15:39 . 2007-05-29 15:39 589824 c:\windows\system32\spool\drivers\w32x86\lexmark_2600_seriesaa0d\lxdndatr.dll
+ 2007-11-29 17:17 . 2007-11-29 17:17 335872 c:\windows\system32\spool\drivers\w32x86\lexmark_2600_seriesaa0d\lxdncomx.dll
+ 2010-02-28 14:18 . 2008-02-27 23:07 115848 c:\windows\system32\spool\drivers\w32x86\lexmark_2600_seriesaa0d\lxdncfgx.exe
+ 2010-02-28 14:23 . 2004-08-17 14:48 619520 c:\windows\system32\spool\drivers\w32x86\3\UNIRES.DLL
+ 2010-02-28 14:23 . 2004-08-17 14:49 197632 c:\windows\system32\spool\drivers\w32x86\3\UNIDRVUI.DLL
+ 2010-02-28 14:23 . 2004-08-17 14:49 264704 c:\windows\system32\spool\drivers\w32x86\3\UNIDRV.DLL
+ 2010-02-28 14:21 . 2007-10-31 01:45 626688 c:\windows\system32\spool\drivers\w32x86\3\msvcr80.dll
+ 2010-02-28 14:21 . 2007-10-31 01:45 548864 c:\windows\system32\spool\drivers\w32x86\3\msvcp80.dll
+ 2010-02-28 14:21 . 2007-10-31 01:45 479232 c:\windows\system32\spool\drivers\w32x86\3\msvcm80.dll
+ 2007-10-26 12:35 . 2007-10-26 12:35 122880 c:\windows\system32\spool\drivers\w32x86\3\lxdnxmlu.dll
+ 2010-02-28 14:21 . 2007-11-21 14:39 102400 c:\windows\system32\spool\drivers\w32x86\3\lxdnwupd.dll
+ 2010-02-28 14:18 . 2008-02-27 23:07 139944 c:\windows\system32\spool\drivers\w32x86\3\lxdnwbgw.exe
+ 2010-02-28 14:18 . 2007-10-04 09:30 339419 c:\windows\system32\spool\drivers\w32x86\3\lxdnwavs.exe
+ 2008-02-07 20:14 . 2008-02-07 20:14 524288 c:\windows\system32\spool\drivers\w32x86\3\lxdnutil.dll
+ 2010-02-28 14:18 . 2007-11-21 15:02 114688 c:\windows\system32\spool\drivers\w32x86\3\lxdnuplr.dll
+ 2008-02-07 20:20 . 2008-02-07 20:20 126976 c:\windows\system32\spool\drivers\w32x86\3\lxdnupdb.dll
+ 2007-07-25 15:36 . 2007-07-25 15:36 364544 c:\windows\system32\spool\drivers\w32x86\3\lxdnuldr.dll
+ 2007-10-04 09:31 . 2007-10-04 09:31 253952 c:\windows\system32\spool\drivers\w32x86\3\lxdnsk0.dll
+ 2007-07-25 15:36 . 2007-07-25 15:36 327680 c:\windows\system32\spool\drivers\w32x86\3\lxdnretv.dll
+ 2007-05-24 17:36 . 2007-05-24 17:36 802816 c:\windows\system32\spool\drivers\w32x86\3\lxdnptpc.dll
+ 2008-02-27 23:07 . 2008-02-27 23:07 750248 c:\windows\system32\spool\drivers\w32x86\3\lxdnpswx.exe
+ 2007-11-27 10:50 . 2007-11-27 10:50 143360 c:\windows\system32\spool\drivers\w32x86\3\lxdnpswr.dll
+ 2008-02-07 20:16 . 2008-02-07 20:16 708608 c:\windows\system32\spool\drivers\w32x86\3\lxdnpsw.dll
+ 2007-11-27 10:50 . 2007-11-27 10:50 159744 c:\windows\system32\spool\drivers\w32x86\3\lxdnprpr.dll
+ 2008-02-07 20:16 . 2008-02-07 20:16 946176 c:\windows\system32\spool\drivers\w32x86\3\lxdnprp.dll
+ 2007-11-29 17:17 . 2007-11-29 17:17 544768 c:\windows\system32\spool\drivers\w32x86\3\lxdnppx.dll
+ 2007-11-27 10:50 . 2007-11-27 10:50 245760 c:\windows\system32\spool\drivers\w32x86\3\lxdnlpar.dll
+ 2006-12-07 11:28 . 2006-12-07 11:28 126976 c:\windows\system32\spool\drivers\w32x86\3\lxdnlnks.dll
+ 2008-02-27 23:07 . 2008-02-27 23:07 701096 c:\windows\system32\spool\drivers\w32x86\3\lxdnjswx.exe
+ 2007-11-27 10:49 . 2007-11-27 10:49 147456 c:\windows\system32\spool\drivers\w32x86\3\lxdnjswr.dll
+ 2008-02-07 20:19 . 2008-02-07 20:19 688128 c:\windows\system32\spool\drivers\w32x86\3\lxdnjswb.dll
+ 2008-02-07 20:16 . 2008-02-07 20:16 196608 c:\windows\system32\spool\drivers\w32x86\3\lxdnjsw.dll
+ 2007-11-27 10:50 . 2007-11-27 10:50 106496 c:\windows\system32\spool\drivers\w32x86\3\lxdninsr.dll
+ 2008-02-07 20:19 . 2008-02-07 20:19 200704 c:\windows\system32\spool\drivers\w32x86\3\lxdninsb.dll
+ 2008-02-07 20:16 . 2008-02-07 20:16 176128 c:\windows\system32\spool\drivers\w32x86\3\lxdnins.dll
+ 2010-02-28 14:18 . 2007-01-08 22:33 253952 c:\windows\system32\spool\drivers\w32x86\3\lxdnibuf.dll
+ 2010-02-28 14:18 . 2007-11-28 23:09 438272 c:\windows\system32\spool\drivers\w32x86\3\lxdnhcp.dll
+ 2007-10-04 09:31 . 2007-10-04 09:31 983121 c:\windows\system32\spool\drivers\w32x86\3\lxdngf.dll
+ 2007-08-14 11:01 . 2007-08-14 11:01 434176 c:\windows\system32\spool\drivers\w32x86\3\lxdnedf.dll
+ 2008-02-27 11:06 . 2008-02-27 11:06 148480 c:\windows\system32\spool\drivers\w32x86\3\lxdndrui.dll
+ 2008-02-27 11:05 . 2008-02-27 11:05 195072 c:\windows\system32\spool\drivers\w32x86\3\lxdndr.dll
+ 2007-05-29 15:39 . 2007-05-29 15:39 589824 c:\windows\system32\spool\drivers\w32x86\3\lxdndatr.dll
+ 2007-11-29 17:17 . 2007-11-29 17:17 335872 c:\windows\system32\spool\drivers\w32x86\3\lxdncomx.dll
+ 2010-02-28 14:18 . 2008-02-27 23:07 115848 c:\windows\system32\spool\drivers\w32x86\3\lxdncfgx.exe
+ 2009-11-21 18:02 . 1999-09-08 12:45 233472 c:\windows\system32\SNWValid.dll
+ 2009-11-19 22:24 . 1998-05-11 19:01 240944 c:\windows\system32\RICHED.DLL
+ 2009-11-05 15:42 . 2008-02-15 12:01 294912 c:\windows\system32\ReinstallBackups\0015\DriverFiles\igldev32.dll
+ 2009-11-05 15:42 . 2008-02-15 11:45 163840 c:\windows\system32\ReinstallBackups\0015\DriverFiles\igfxzoom.exe
+ 2009-11-05 15:42 . 2008-02-15 11:46 135168 c:\windows\system32\ReinstallBackups\0015\DriverFiles\igfxtray.exe
+ 2009-11-05 15:42 . 2006-08-18 08:42 163840 c:\windows\system32\ReinstallBackups\0015\DriverFiles\igfxsrvc.exe
+ 2009-11-05 15:42 . 2006-08-18 08:41 143360 c:\windows\system32\ReinstallBackups\0015\DriverFiles\igfxpph.dll
+ 2009-11-05 15:42 . 2006-08-18 08:41 118784 c:\windows\system32\ReinstallBackups\0015\DriverFiles\igfxpers.exe
+ 2009-11-05 15:42 . 2008-02-15 11:46 163840 c:\windows\system32\ReinstallBackups\0015\DriverFiles\igfxext.exe
+ 2009-11-05 15:42 . 2008-02-15 11:46 135168 c:\windows\system32\ReinstallBackups\0015\DriverFiles\igfxdo.dll
+ 2009-11-05 15:42 . 2006-08-18 08:41 139264 c:\windows\system32\ReinstallBackups\0015\DriverFiles\igfxdev.dll
+ 2009-11-05 15:42 . 2008-02-15 11:48 524288 c:\windows\system32\ReinstallBackups\0015\DriverFiles\igfxcfg.exe
+ 2009-11-05 15:42 . 2006-08-18 08:41 121470 c:\windows\system32\ReinstallBackups\0015\DriverFiles\ialmdnt5.dll
+ 2009-11-05 15:42 . 2006-08-18 08:41 232733 c:\windows\system32\ReinstallBackups\0015\DriverFiles\ialmdev5.dll
+ 2009-11-05 15:42 . 2006-08-18 08:41 956029 c:\windows\system32\ReinstallBackups\0015\DriverFiles\ialmdd5.dll
+ 2009-11-05 15:41 . 2006-08-18 08:42 524288 c:\windows\system32\ReinstallBackups\0014\DriverFiles\igldev32.dll
+ 2009-11-05 15:41 . 2006-08-18 08:42 114688 c:\windows\system32\ReinstallBackups\0014\DriverFiles\igfxzoom.exe
+ 2009-11-05 15:41 . 2006-08-18 08:42 163840 c:\windows\system32\ReinstallBackups\0014\DriverFiles\igfxsrvc.exe
+ 2009-11-05 15:41 . 2006-08-18 08:41 143360 c:\windows\system32\ReinstallBackups\0014\DriverFiles\igfxpph.dll
+ 2009-11-05 15:41 . 2006-08-18 08:41 118784 c:\windows\system32\ReinstallBackups\0014\DriverFiles\igfxpers.exe
+ 2009-11-05 15:41 . 2006-08-18 08:41 139264 c:\windows\system32\ReinstallBackups\0014\DriverFiles\igfxdev.dll
+ 2009-11-05 15:41 . 2006-08-18 08:41 450560 c:\windows\system32\ReinstallBackups\0014\DriverFiles\igfxcfg.exe
+ 2009-11-05 15:41 . 2006-08-18 08:41 121470 c:\windows\system32\ReinstallBackups\0014\DriverFiles\ialmdnt5.dll
+ 2009-11-05 15:41 . 2006-08-18 08:41 232733 c:\windows\system32\ReinstallBackups\0014\DriverFiles\ialmdev5.dll
+ 2009-11-05 15:41 . 2006-08-18 08:41 956029 c:\windows\system32\ReinstallBackups\0014\DriverFiles\ialmdd5.dll
+ 2006-10-18 20:47 . 2006-10-18 20:47 199168 c:\windows\system32\PortableDeviceWMDRM.dll
+ 2006-10-18 20:47 . 2006-10-18 20:47 132096 c:\windows\system32\PortableDeviceWiaCompat.dll
+ 2006-10-18 20:47 . 2006-10-18 20:47 166912 c:\windows\system32\PortableDeviceTypes.dll
+ 2006-10-18 20:47 . 2006-10-18 20:47 101888 c:\windows\system32\PortableDeviceClassExtension.dll
+ 2006-10-18 20:47 . 2006-10-18 20:47 284160 c:\windows\system32\PortableDeviceApi.dll
- 2001-10-25 14:00 . 2009-09-08 03:20 392630 c:\windows\system32\perfh009.dat
+ 2001-10-25 14:00 . 2009-10-27 14:31 392630 c:\windows\system32\perfh009.dat
- 2001-10-25 14:00 . 2009-09-08 03:20 390176 c:\windows\system32\perfh005.dat
+ 2001-10-25 14:00 . 2009-10-27 14:31 390176 c:\windows\system32\perfh005.dat
+ 2009-12-21 16:16 . 2005-04-14 18:06 196608 c:\windows\system32\NCTWMVFile.dll
+ 2009-12-21 16:16 . 2005-04-18 14:14 139264 c:\windows\system32\NCTVideoFile.dll
+ 2009-12-21 16:16 . 2005-03-03 16:18 106496 c:\windows\system32\NCTVideoCoreU.dll
+ 2009-12-21 16:16 . 2005-04-18 18:01 991232 c:\windows\system32\NCTVideoCoreM.dll
+ 2009-12-21 16:16 . 2005-04-21 16:15 282624 c:\windows\system32\NCTQuickTimeFile.dll
+ 2009-12-21 16:16 . 2005-04-14 18:05 294912 c:\windows\system32\NCTAVIFile.dll
+ 2001-10-25 14:00 . 2006-10-18 20:47 321536 c:\windows\system32\mswmdm.dll
+ 2009-12-21 16:16 . 2002-01-05 13:40 332288 c:\windows\system32\msvcp70.dll
+ 2002-09-20 18:04 . 2006-10-18 20:47 414208 c:\windows\system32\msscp.dll
+ 2002-09-20 18:04 . 2006-10-18 20:47 175616 c:\windows\system32\mspmsp.dll
+ 2002-09-20 18:04 . 2006-10-18 20:47 179712 c:\windows\system32\msnetobj.dll
+ 2006-10-18 20:47 . 2006-10-18 20:47 259072 c:\windows\system32\MPG4DECD.dll
+ 2006-10-18 20:47 . 2006-10-18 20:47 317440 c:\windows\system32\MP4SDECD.dll
+ 2006-10-18 20:47 . 2006-10-18 20:47 259072 c:\windows\system32\MP43DECD.dll
+ 2006-10-18 20:47 . 2006-10-18 20:47 212992 c:\windows\system32\MFPLAT.dll
+ 2009-12-21 16:16 . 2003-05-21 23:50 261632 c:\windows\system32\mcdvd_32.dll
+ 2009-07-18 03:12 . 2009-07-18 03:12 257440 c:\windows\system32\Macromed\Flash\FlashUtil10c.exe
+ 2008-02-07 20:14 . 2008-02-07 20:14 524288 c:\windows\system32\lxdnutil.dll
+ 2007-11-28 23:12 . 2007-11-28 23:12 843776 c:\windows\system32\lxdnusb1.dll
+ 2007-11-28 23:19 . 2007-11-28 23:19 647168 c:\windows\system32\lxdnpmui.dll
+ 2007-11-28 23:13 . 2007-11-28 23:13 569344 c:\windows\system32\lxdnlmpm.dll
+ 2007-11-27 10:49 . 2007-11-27 10:49 147456 c:\windows\system32\lxdnjswr.dll
+ 2007-11-27 10:50 . 2007-11-27 10:50 106496 c:\windows\system32\lxdninsr.dll
+ 2008-02-07 20:19 . 2008-02-07 20:19 200704 c:\windows\system32\lxdninsb.dll
+ 2008-02-07 20:16 . 2008-02-07 20:16 176128 c:\windows\system32\lxdnins.dll
+ 2007-11-28 23:09 . 2007-11-28 23:09 364544 c:\windows\system32\lxdninpa.dll
+ 2008-02-27 23:07 . 2008-02-27 23:07 320168 c:\windows\system32\lxdnih.exe
+ 2007-11-28 23:13 . 2007-11-28 23:13 339968 c:\windows\system32\lxdniesc.dll
+ 2007-11-28 23:12 . 2007-11-28 23:12 663552 c:\windows\system32\lxdnhbn3.dll
+ 2007-11-27 10:38 . 2007-11-27 10:38 208896 c:\windows\system32\lxdngrd.dll
+ 2007-10-04 09:31 . 2007-10-04 09:31 983121 c:\windows\system32\lxdngf.dll
+ 2007-11-21 00:02 . 2007-11-21 00:02 782336 c:\windows\system32\lxdndrs.dll
+ 2008-02-27 23:07 . 2008-02-27 23:07 594600 c:\windows\system32\lxdncoms.exe
+ 2007-11-28 23:13 . 2007-11-28 23:13 376832 c:\windows\system32\lxdncomm.dll
+ 2007-11-28 23:11 . 2007-11-28 23:11 851968 c:\windows\system32\lxdncomc.dll
+ 2008-02-27 23:07 . 2008-02-27 23:07 365224 c:\windows\system32\lxdncfg.exe
+ 2002-09-20 18:05 . 2006-10-18 19:03 100864 c:\windows\system32\logagent.exe
+ 2009-12-21 16:16 . 2003-08-07 13:01 126464 c:\windows\system32\lame_enc.dll
+ 2009-11-05 15:41 . 2008-03-07 11:56 920088 c:\windows\system32\igxpun.exe
+ 2009-11-05 15:41 . 2008-02-15 12:12 151040 c:\windows\system32\igxpgd32.dll
+ 2008-05-13 18:13 . 2008-02-15 12:01 294912 c:\windows\system32\igldev32.dll
+ 2008-05-13 18:13 . 2008-02-15 11:45 163840 c:\windows\system32\igfxzoom.exe
+ 2008-05-13 18:13 . 2008-02-15 11:46 135168 c:\windows\system32\igfxtray.exe
+ 2008-05-13 18:13 . 2008-02-15 11:46 249856 c:\windows\system32\igfxsrvc.exe
+ 2009-11-05 17:26 . 2008-02-15 11:49 176128 c:\windows\system32\igfxres.dll
+ 2008-05-13 18:13 . 2008-02-15 11:46 204800 c:\windows\system32\igfxpph.dll
+ 2008-05-13 18:13 . 2008-02-15 11:46 131072 c:\windows\system32\igfxpers.exe
+ 2008-05-13 18:13 . 2008-02-15 11:46 163840 c:\windows\system32\igfxext.exe
+ 2008-05-13 18:13 . 2008-02-15 11:46 135168 c:\windows\system32\igfxdo.dll
+ 2008-05-13 18:13 . 2008-02-15 11:45 208896 c:\windows\system32\igfxdev.dll
+ 2009-11-05 15:41 . 2008-02-15 12:21 147456 c:\windows\system32\igfxCoIn_v4926.dll
+ 2008-05-13 18:13 . 2008-02-15 11:48 524288 c:\windows\system32\igfxcfg.exe
+ 2008-05-13 18:13 . 2008-02-15 11:46 159744 c:\windows\system32\hkcmd.exe
+ 2008-05-13 18:13 . 2008-02-15 11:45 102400 c:\windows\system32\hccutils.dll
+ 2009-11-05 15:41 . 2008-02-15 12:12 151040 c:\windows\system32\DRVSTORE\igxp32_28D4AE6A4B66DD890D24C65EE34E5B62AB7E0BB9\igxpgd32.dll
+ 2009-11-05 15:41 . 2008-02-15 12:21 147456 c:\windows\system32\DRVSTORE\igxp32_28D4AE6A4B66DD890D24C65EE34E5B62AB7E0BB9\igxpco32.dll
+ 2009-11-05 15:41 . 2008-02-15 12:11 104636 c:\windows\system32\DRVSTORE\igxp32_28D4AE6A4B66DD890D24C65EE34E5B62AB7E0BB9\igmedcompkrn.dll
+ 2009-11-05 15:41 . 2008-02-15 12:01 294912 c:\windows\system32\DRVSTORE\igxp32_28D4AE6A4B66DD890D24C65EE34E5B62AB7E0BB9\igldev32.dll
+ 2009-11-05 15:41 . 2008-02-15 11:45 163840 c:\windows\system32\DRVSTORE\igxp32_28D4AE6A4B66DD890D24C65EE34E5B62AB7E0BB9\igfxzoom.exe
+ 2009-11-05 15:41 . 2008-02-15 11:46 135168 c:\windows\system32\DRVSTORE\igxp32_28D4AE6A4B66DD890D24C65EE34E5B62AB7E0BB9\igfxtray.exe
+ 2009-11-05 15:41 . 2008-02-15 11:46 249856 c:\windows\system32\DRVSTORE\igxp32_28D4AE6A4B66DD890D24C65EE34E5B62AB7E0BB9\igfxsrvc.exe
+ 2009-11-05 15:41 . 2008-02-15 11:46 204800 c:\windows\system32\DRVSTORE\igxp32_28D4AE6A4B66DD890D24C65EE34E5B62AB7E0BB9\igfxpph.dll
+ 2009-11-05 15:41 . 2008-02-15 11:46 131072 c:\windows\system32\DRVSTORE\igxp32_28D4AE6A4B66DD890D24C65EE34E5B62AB7E0BB9\igfxpers.exe
+ 2009-11-05 15:41 . 2008-02-15 11:46 163840 c:\windows\system32\DRVSTORE\igxp32_28D4AE6A4B66DD890D24C65EE34E5B62AB7E0BB9\igfxext.exe
+ 2009-11-05 15:41 . 2008-02-15 11:46 135168 c:\windows\system32\DRVSTORE\igxp32_28D4AE6A4B66DD890D24C65EE34E5B62AB7E0BB9\igfxdo.dll
+ 2009-11-05 15:41 . 2008-02-15 11:45 208896 c:\windows\system32\DRVSTORE\igxp32_28D4AE6A4B66DD890D24C65EE34E5B62AB7E0BB9\igfxdev.dll
+ 2009-11-05 15:41 . 2008-02-15 11:48 524288 c:\windows\system32\DRVSTORE\igxp32_28D4AE6A4B66DD890D24C65EE34E5B62AB7E0BB9\igfxcfg.exe
+ 2009-11-05 15:41 . 2008-02-15 11:46 159744 c:\windows\system32\DRVSTORE\igxp32_28D4AE6A4B66DD890D24C65EE34E5B62AB7E0BB9\hkcmd.exe
+ 2009-11-05 15:41 . 2008-02-15 11:45 102400 c:\windows\system32\DRVSTORE\igxp32_28D4AE6A4B66DD890D24C65EE34E5B62AB7E0BB9\hccutils.dll
+ 2002-09-20 18:03 . 2006-10-18 20:47 991744 c:\windows\system32\drmv2clt.dll
+ 2006-10-18 19:00 . 2006-10-18 19:00 249856 c:\windows\system32\drmupgds.exe
+ 2006-10-18 20:47 . 2006-10-18 20:47 671232 c:\windows\system32\drivers\UMDF\wpdmtpdr.dll
+ 2009-11-05 18:03 . 2009-11-05 18:03 278984 c:\windows\system32\drivers\atksgt.sys
+ 2009-03-22 22:24 . 2004-08-17 14:49 221184 c:\windows\system32\dllcache\wmpns.dll
+ 2008-06-10 16:18 . 2006-10-18 20:47 937984 c:\windows\system32\dllcache\WMNetMgr.dll
+ 2009-03-22 22:24 . 2004-08-17 14:49 325632 c:\windows\system32\dllcache\wmm2fxb.dll
+ 2009-03-22 22:24 . 2004-08-17 14:49 502272 c:\windows\system32\dllcache\wmm2fxa.dll
+ 2009-03-22 22:24 . 2004-08-17 14:49 402432 c:\windows\system32\dllcache\wmm2filt.dll
+ 2009-03-22 22:24 . 2004-08-17 14:49 167936 c:\windows\system32\dllcache\wmm2ae.dll
+ 2009-03-21 18:22 . 2004-08-17 14:49 132096 c:\windows\system32\dllcache\wmipdskq.dll
+ 2009-03-21 18:22 . 2004-08-17 14:49 140800 c:\windows\system32\dllcache\wmidcprv.dll
+ 2009-03-21 18:22 . 2004-08-17 14:49 361472 c:\windows\system32\dllcache\wmic.exe
+ 2009-03-21 18:22 . 2004-08-17 14:49 196608 c:\windows\system32\dllcache\wmiadap.exe
+ 2009-03-21 19:08 . 2004-08-17 14:49 146944 c:\windows\system32\dllcache\winspool.drv
+ 2009-03-21 18:22 . 2004-08-17 14:49 197120 c:\windows\system32\dllcache\wbemupgd.dll
+ 2009-03-21 18:22 . 2004-08-17 14:49 117760 c:\windows\system32\dllcache\wbemtest.exe
+ 2009-03-21 18:22 . 2004-08-17 14:49 198144 c:\windows\system32\dllcache\wbemcntl.dll
+ 2009-03-21 18:22 . 2004-08-17 14:49 131584 c:\windows\system32\dllcache\viewprov.dll
+ 2009-03-21 18:24 . 2004-08-17 14:49 848384 c:\windows\system32\dllcache\vgx.dll
+ 2009-03-21 18:24 . 2004-08-17 14:49 150528 c:\windows\system32\dllcache\uploadm.exe
+ 2002-09-20 18:04 . 2004-08-17 14:49 122880 c:\windows\system32\dllcache\tsoc.dll
+ 2001-10-25 14:00 . 2004-08-17 14:49 279040 c:\windows\system32\dllcache\tshoot.dll
+ 2009-03-21 18:24 . 2004-08-17 14:49 153088 c:\windows\system32\dllcache\triedit.dll
- 2008-06-20 09:52 . 2008-06-20 09:52 225920 c:\windows\system32\dllcache\tcpip6.sys
+ 2002-08-29 01:37 . 2008-06-20 09:52 225920 c:\windows\system32\dllcache\tcpip6.sys
+ 2002-09-20 18:04 . 2004-08-17 14:49 156160 c:\windows\system32\dllcache\sysmod_a.dll
+ 2002-09-20 18:04 . 2004-08-17 14:49 169472 c:\windows\system32\dllcache\sysmod.dll
+ 2009-03-21 18:24 . 2004-08-17 14:49 726078 c:\windows\system32\dllcache\srchui.dll
+ 2009-03-21 20:14 . 2004-08-17 14:49 217088 c:\windows\system32\dllcache\sqlxmlx.dll
+ 2009-03-22 22:24 . 2004-08-17 14:49 110592 c:\windows\system32\dllcache\sqlse20.dll
+ 2009-03-22 22:24 . 2004-08-17 14:49 462848 c:\windows\system32\dllcache\sqlqp20.dll
+ 2009-03-22 22:24 . 2004-08-17 14:49 151552 c:\windows\system32\dllcache\sqldb20.dll
+ 2002-09-20 18:04 . 2004-08-17 14:49 272384 c:\windows\system32\dllcache\sptip.dll
+ 2002-09-20 18:04 . 2004-08-17 14:49 130048 c:\windows\system32\dllcache\softkbd.dll
+ 2009-03-22 22:24 . 2004-08-03 21:41 404990 c:\windows\system32\dllcache\slntamr.sys
+ 2009-03-22 22:24 . 2004-08-03 21:41 129535 c:\windows\system32\dllcache\slnt7554.sys
+ 2002-09-20 18:04 . 2004-08-17 14:49 101888 c:\windows\system32\dllcache\setupqry.dll
+ 2002-09-20 18:04 . 2004-08-17 14:49 188928 c:\windows\system32\dllcache\script_a.dll
+ 2002-09-20 18:04 . 2004-08-17 14:49 203776 c:\windows\system32\dllcache\script.dll
+ 2009-03-22 22:24 . 2004-08-03 21:29 166912 c:\windows\system32\dllcache\s3gnbm.sys
+ 2009-03-21 18:22 . 2004-08-17 14:49 139400 c:\windows\system32\dllcache\rdpwd.sys
+ 2009-03-21 18:22 . 2004-08-17 14:49 237056 c:\windows\system32\dllcache\provthrd.dll
+ 2009-03-21 18:22 . 2004-08-17 14:49 282112 c:\windows\system32\dllcache\pinball.exe
+ 2009-03-21 18:24 . 2004-08-17 14:49 102400 c:\windows\system32\dllcache\pchshell.dll
+ 2002-09-20 17:15 . 2004-08-17 14:43 119808 c:\windows\system32\dllcache\pcmcia.sys
+ 2009-03-21 18:24 . 2004-08-17 14:49 104448 c:\windows\system32\dllcache\oeimport.dll
+ 2002-08-29 01:21 . 2004-08-03 22:02 163584 c:\windows\system32\dllcache\nwrdr.sys
+ 2009-03-22 22:24 . 2004-08-03 21:41 180360 c:\windows\system32\dllcache\ntmtlfax.sys
+ 2002-08-29 02:13 . 2004-08-03 22:15 574592 c:\windows\system32\dllcache\ntfs.sys
+ 2009-03-21 18:22 . 2004-08-17 14:49 212992 c:\windows\system32\dllcache\ntevt.dll
+ 2009-03-21 18:24 . 2004-08-17 14:49 226816 c:\windows\system32\dllcache\npdrmv2.dll
+ 2009-03-21 18:24 . 2004-08-17 14:49 167936 c:\windows\system32\dllcache\nmoldwb.dll
+ 2009-03-21 18:24 . 2004-08-17 14:49 151552 c:\windows\system32\dllcache\nmft.dll
+ 2009-03-21 18:24 . 2004-08-17 14:49 229376 c:\windows\system32\dllcache\nmas.dll
+ 2002-08-29 02:09 . 2004-08-03 22:14 182912 c:\windows\system32\dllcache\ndis.sys
+ 2009-03-21 18:24 . 2004-08-17 14:49 221184 c:\windows\system32\dllcache\nac.dll
+ 2002-08-29 02:12 . 2004-08-03 22:15 107904 c:\windows\system32\dllcache\mup.sys
+ 2009-03-22 22:24 . 2004-08-03 21:29 452736 c:\windows\system32\dllcache\mtxparhm.sys
+ 2009-03-22 22:24 . 2004-08-03 21:41 126686 c:\windows\system32\dllcache\mtlmnt5.sys
+ 2009-03-21 18:24 . 2004-08-17 14:49 274432 c:\windows\system32\dllcache\mst120.dll
+ 2009-03-21 18:24 . 2004-08-17 14:49 562176 c:\windows\system32\dllcache\msobmain.dll
+ 2009-03-21 18:24 . 2004-08-17 14:49 122368 c:\windows\system32\dllcache\msobcomm.dll
+ 2002-09-20 18:04 . 2004-08-17 14:49 169984 c:\windows\system32\dllcache\msmqocm.dll
+ 2009-03-21 20:14 . 2004-08-17 14:49 102400 c:\windows\system32\dllcache\msjro.dll
+ 2009-03-21 20:14 . 2004-08-17 14:49 118784 c:\windows\system32\dllcache\msdarem.dll
+ 2009-03-21 20:14 . 2004-08-17 14:49 204800 c:\windows\system32\dllcache\msdaps.dll
+ 2009-03-21 20:14 . 2004-08-17 14:49 200704 c:\windows\system32\dllcache\msdaprst.dll
+ 2009-03-21 20:14 . 2004-08-17 14:49 233472 c:\windows\system32\dllcache\msdaora.dll
+ 2009-03-21 18:24 . 2004-08-17 14:49 159232 c:\windows\system32\dllcache\msconfig.exe
+ 2002-09-20 18:04 . 2004-08-17 14:49 220160 c:\windows\system32\dllcache\mscandui.dll
+ 2009-03-21 20:14 . 2004-08-17 14:49 200704 c:\windows\system32\dllcache\msadox.dll
+ 2009-03-21 20:14 . 2004-08-17 14:49 180224 c:\windows\system32\dllcache\msadomd.dll
+ 2009-03-21 20:14 . 2004-08-17 14:49 155648 c:\windows\system32\dllcache\msadds.dll
+ 2009-03-21 20:14 . 2004-08-17 14:49 143360 c:\windows\system32\dllcache\msadco.dll
+ 2009-03-22 22:24 . 2004-08-17 14:49 368640 c:\windows\system32\dllcache\mpvis.dll
+ 2009-03-21 18:22 . 2004-08-17 14:49 124416 c:\windows\system32\dllcache\mofd.dll
+ 2002-09-20 18:05 . 2004-08-17 14:49 235520 c:\windows\system32\dllcache\migwiz_a.exe
+ 2009-03-22 22:24 . 2004-08-17 14:49 786432 c:\windows\system32\dllcache\migrate.exe
+ 2002-09-20 18:05 . 2004-08-17 14:49 103424 c:\windows\system32\dllcache\migload.exe
+ 2002-09-20 18:04 . 2004-08-17 14:49 192512 c:\windows\system32\dllcache\migism_a.dll
+ 2002-09-20 18:04 . 2004-08-17 14:49 201216 c:\windows\system32\dllcache\migism.dll
+ 2008-06-09 23:31 . 2006-10-18 19:03 100864 c:\windows\system32\dllcache\logagent.exe
+ 2002-09-20 18:03 . 2004-08-17 14:49 506880 c:\windows\system32\dllcache\iis.dll
+ 2009-03-21 18:24 . 2004-08-17 14:49 172032 c:\windows\system32\dllcache\icwhelp.dll
+ 2009-03-21 18:24 . 2004-08-17 14:49 215552 c:\windows\system32\dllcache\icwconn1.exe
+ 2009-03-22 22:24 . 2004-08-03 21:41 685056 c:\windows\system32\dllcache\hsfcxts2.sys
+ 2009-03-22 22:24 . 2004-08-03 21:41 220032 c:\windows\system32\dllcache\hsfbs2s2.sys
+ 2009-03-21 18:24 . 2004-08-17 14:49 768512 c:\windows\system32\dllcache\helpctr.exe
+ 2002-09-20 18:03 . 2004-08-17 14:49 108544 c:\windows\system32\dllcache\guitrn_a.dll
+ 2002-09-20 18:03 . 2004-08-17 14:49 124416 c:\windows\system32\dllcache\guitrn.dll
+ 2001-10-25 14:00 . 2001-10-25 14:00 125184 c:\windows\system32\dllcache\ftdisk.sys
+ 2009-03-21 18:27 . 2004-08-17 14:49 618605 c:\windows\system32\dllcache\fp4autl.dll
+ 2009-03-22 22:24 . 2004-08-03 22:01 124800 c:\windows\system32\dllcache\fltmgr.sys
+ 2001-10-25 14:00 . 2004-08-17 14:45 153856 c:\windows\system32\dllcache\dmio.sys
+ 2001-10-25 14:00 . 2004-08-17 14:45 800000 c:\windows\system32\dllcache\dmboot.sys
+ 2009-03-21 18:22 . 2004-08-17 14:49 543232 c:\windows\system32\dllcache\dialer.exe
+ 2009-03-21 18:22 . 2004-08-17 14:49 195584 c:\windows\system32\dllcache\comadmin.dll
+ 2001-10-24 11:53 . 2001-10-25 14:00 262528 c:\windows\system32\dllcache\cinemst2.sys
+ 2009-03-21 18:24 . 2004-08-17 14:49 385024 c:\windows\system32\dllcache\callcont.dll
+ 2009-03-22 22:24 . 2008-06-14 18:00 272128 c:\windows\system32\dllcache\bthport.sys
- 2009-03-29 10:07 . 2008-06-14 18:00 272128 c:\windows\system32\dllcache\bthport.sys
+ 2009-03-22 22:24 . 2004-08-03 21:58 100992 c:\windows\system32\dllcache\bthpan.sys
+ 2009-03-22 22:24 . 2004-08-03 21:29 104960 c:\windows\system32\dllcache\atinrvxx.sys
+ 2009-03-22 22:24 . 2004-08-17 14:43 326912 c:\windows\system32\dllcache\ati2mtaa.sys
+ 2001-10-25 14:00 . 2004-08-17 14:49 214016 c:\windows\system32\dllcache\agentctl.dll
+ 2009-03-21 19:06 . 2004-08-03 21:39 142464 c:\windows\system32\dllcache\aec.sys
+ 2002-09-20 18:03 . 2004-08-17 14:49 116224 c:\windows\system32\dllcache\acxtrnal.dll
+ 2002-09-20 18:03 . 2004-08-17 14:49 244736 c:\windows\system32\dllcache\acspecfc.dll
+ 2002-09-20 17:12 . 2004-08-17 14:43 188288 c:\windows\system32\dllcache\acpi.sys
+ 2002-09-20 18:03 . 2004-08-17 14:49 137728 c:\windows\system32\dllcache\aclua.dll
+ 2002-09-20 18:03 . 2004-08-17 14:49 450048 c:\windows\system32\dllcache\aclayers.dll
+ 2009-11-05 15:41 . 2006-11-10 07:25 319456 c:\windows\system32\difxapi.dll
+ 2009-09-08 09:28 . 2007-07-19 17:14 444776 c:\windows\system32\d3dx10_35.dll
- 2009-09-08 09:28 . 2007-07-19 16:14 444776 c:\windows\system32\d3dx10_35.dll
- 2009-09-08 09:28 . 2007-03-15 14:57 443752 c:\windows\system32\d3dx10_33.dll
+ 2009-09-08 09:28 . 2007-03-15 15:57 443752 c:\windows\system32\d3dx10_33.dll
+ 2009-12-23 10:27 . 2005-11-30 04:00 140288 c:\windows\system32\CNMLM50.DLL
+ 2002-09-20 18:03 . 2006-10-18 20:47 229376 c:\windows\system32\cewmdm.dll
+ 2001-10-25 14:00 . 2006-10-18 20:47 542720 c:\windows\system32\blackbox.dll
+ 2006-10-18 20:47 . 2006-10-18 20:47 276992 c:\windows\system32\audiodev.dll
- 2009-09-08 09:28 . 2006-03-31 09:27 578560 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2911.0\Microsoft.DirectX.Direct3DX.dll
+ 2009-09-08 09:28 . 2006-03-31 10:27 578560 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2911.0\Microsoft.DirectX.Direct3DX.dll
+ 2009-09-08 09:28 . 2006-02-03 06:40 578560 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2910.0\Microsoft.DirectX.Direct3DX.dll
- 2009-09-08 09:28 . 2006-02-03 05:40 578560 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2910.0\Microsoft.DirectX.Direct3DX.dll
+ 2009-09-08 09:28 . 2005-12-05 16:20 577536 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2909.0\Microsoft.DirectX.Direct3DX.dll
- 2009-09-08 09:28 . 2005-12-05 15:20 577536 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2909.0\Microsoft.DirectX.Direct3DX.dll
- 2009-09-08 09:28 . 2005-09-28 12:11 577536 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2908.0\Microsoft.DirectX.Direct3DX.dll
+ 2009-09-08 09:28 . 2005-09-28 13:11 577536 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2908.0\Microsoft.DirectX.Direct3DX.dll
- 2009-09-08 09:28 . 2005-07-22 15:21 577024 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2907.0\Microsoft.DirectX.Direct3DX.dll
+ 2009-09-08 09:28 . 2005-07-22 16:21 577024 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2907.0\Microsoft.DirectX.Direct3DX.dll
+ 2009-09-08 09:28 . 2005-05-26 14:15 576000 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2906.0\Microsoft.DirectX.Direct3DX.dll
- 2009-09-08 09:28 . 2005-05-26 13:15 576000 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2906.0\Microsoft.DirectX.Direct3DX.dll
+ 2009-09-08 09:28 . 2005-03-18 16:23 567296 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2905.0\Microsoft.DirectX.Direct3DX.dll
- 2009-09-08 09:28 . 2005-03-18 15:23 567296 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2905.0\Microsoft.DirectX.Direct3DX.dll
+ 2009-09-08 09:28 . 2005-02-05 18:32 563712 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2904.0\Microsoft.DirectX.Direct3DX.dll
- 2009-09-08 09:28 . 2005-02-05 17:32 563712 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2904.0\Microsoft.DirectX.Direct3DX.dll
+ 2009-09-08 09:28 . 2005-03-18 15:23 223232 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.dll
- 2009-09-08 09:28 . 2005-03-18 14:23 223232 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.dll
+ 2009-09-08 09:28 . 2005-03-18 15:23 178176 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectSound.dll
- 2009-09-08 09:28 . 2005-03-18 14:23 178176 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectSound.dll
+ 2009-09-08 09:28 . 2005-03-18 15:23 364544 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectPlay.dll
- 2009-09-08 09:28 . 2005-03-18 14:23 364544 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectPlay.dll
- 2009-09-08 09:28 . 2005-03-18 14:23 159232 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectInput.dll
+ 2009-09-08 09:28 . 2005-03-18 15:23 159232 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectInput.dll
+ 2009-09-08 09:28 . 2005-03-18 15:23 145920 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectDraw.dll
- 2009-09-08 09:28 . 2005-03-18 14:23 145920 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectDraw.dll
- 2009-09-08 09:28 . 2005-03-18 14:23 473600 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3D.dll
+ 2009-09-08 09:28 . 2005-03-18 15:23 473600 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3D.dll
+ 2009-12-21 20:02 . 1998-01-23 11:22 304128 c:\windows\IsUninst.exe
+ 2009-11-21 18:00 . 1998-10-21 17:43 328704 c:\windows\IsUn0407.exe
+ 2010-01-23 18:18 . 2010-01-23 18:18 390656 c:\windows\Installer\b0288b2.msi
+ 2009-11-05 18:03 . 2009-11-05 18:03 331264 c:\windows\Installer\a758f.msi
+ 2009-11-23 22:51 . 2009-11-23 22:51 228352 c:\windows\Installer\3b3f97a.msi
+ 2009-10-19 16:27 . 2009-10-19 16:27 371272 c:\windows\Installer\{D103C4BA-F905-437A-8049-DB24763BBE36}\SkypeIcon.exe
+ 2010-02-11 19:43 . 2010-02-11 19:43 632320 c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}\IconCD95F66110.exe
+ 2010-02-28 14:23 . 2010-02-28 14:23 126976 c:\windows\Installer\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}\ARPPRODUCTICON.exe
+ 2010-02-28 14:23 . 2010-02-28 14:23 126976 c:\windows\Installer\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}\_SHCT_Sprint.exe.exe
+ 2009-11-05 18:02 . 2009-11-05 18:02 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2009-09-08 09:28 . 2009-09-08 09:28 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2009-09-08 09:28 . 2009-09-08 09:28 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2009-11-05 18:03 . 2009-11-05 18:03 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2009-09-08 09:28 . 2009-09-08 09:28 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2009-11-05 18:03 . 2009-11-05 18:03 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2009-09-08 09:28 . 2009-09-08 09:28 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2009-11-05 18:03 . 2009-11-05 18:03 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2009-11-05 18:03 . 2009-11-05 18:03 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2009-09-08 09:28 . 2009-09-08 09:28 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2009-09-08 09:28 . 2009-09-08 09:28 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-11-05 18:03 . 2009-11-05 18:03 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-09-08 09:28 . 2009-09-08 09:28 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-11-05 18:02 . 2009-11-05 18:02 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-11-05 18:02 . 2009-11-05 18:02 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-09-08 09:28 . 2009-09-08 09:28 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-11-05 18:02 . 2009-11-05 18:02 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-09-08 09:28 . 2009-09-08 09:28 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-09-08 09:28 . 2009-09-08 09:28 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-11-05 18:02 . 2009-11-05 18:02 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-09-08 09:28 . 2009-09-08 09:28 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-11-05 18:02 . 2009-11-05 18:02 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-09-08 09:28 . 2009-09-08 09:28 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-11-05 18:02 . 2009-11-05 18:02 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-11-05 18:02 . 2009-11-05 18:02 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-09-08 09:28 . 2009-09-08 09:28 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-11-05 18:03 . 2009-11-05 18:03 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2009-09-08 09:28 . 2009-09-08 09:28 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2009-12-18 08:02 . 2006-09-16 00:05 379184 c:\windows\$NtUninstallWudf01000$\spuninst\updspapi.dll
+ 2009-12-18 08:02 . 2006-09-16 00:05 221488 c:\windows\$NtUninstallWudf01000$\spuninst\spuninst.exe
+ 2009-12-18 08:03 . 2004-08-17 14:49 809984 c:\windows\$NtUninstallWMFDist11$\wmvdmod.dll
+ 2009-12-18 08:03 . 2004-08-17 14:49 896512 c:\windows\$NtUninstallWMFDist11$\wmspdmoe.dll
+ 2009-12-18 08:03 . 2004-08-17 14:49 484864 c:\windows\$NtUninstallWMFDist11$\wmspdmod.dll
+ 2009-12-18 08:03 . 2004-08-17 14:49 759296 c:\windows\$NtUninstallWMFDist11$\wmsdmod.dll
+ 2009-12-18 08:03 . 2004-08-17 14:49 151552 c:\windows\$NtUninstallWMFDist11$\wmidx.dll
+ 2009-12-18 08:03 . 2004-08-17 14:49 230400 c:\windows\$NtUninstallWMFDist11$\wmasf.dll
+ 2009-12-18 08:03 . 2004-08-17 14:49 670720 c:\windows\$NtUninstallWMFDist11$\wmadmoe.dll
+ 2009-12-18 08:03 . 2004-08-17 14:49 408064 c:\windows\$NtUninstallWMFDist11$\wmadmod.dll
+ 2009-12-18 08:03 . 2006-05-16 17:11 371424 c:\windows\$NtUninstallWMFDist11$\spuninst\updspapi.dll
+ 2009-12-18 08:03 . 2006-05-16 17:11 213216 c:\windows\$NtUninstallWMFDist11$\spuninst\spuninst.exe
+ 2009-12-18 08:03 . 2004-08-17 14:49 237568 c:\windows\$NtUninstallWMFDist11$\qasf.dll
+ 2009-12-18 08:03 . 2004-08-17 14:49 245760 c:\windows\$NtUninstallWMFDist11$\mswmdm.dll
+ 2009-12-18 08:03 . 2004-08-17 14:49 356352 c:\windows\$NtUninstallWMFDist11$\msscp.dll
+ 2009-12-18 08:03 . 2004-08-17 14:49 201728 c:\windows\$NtUninstallWMFDist11$\mspmsp.dll
+ 2009-12-18 08:03 . 2004-08-17 14:49 259072 c:\windows\$NtUninstallWMFDist11$\msnetobj.dll
+ 2009-12-18 08:03 . 2004-08-17 14:49 240640 c:\windows\$NtUninstallWMFDist11$\mpg4dmod.dll
+ 2009-12-18 08:03 . 2004-08-17 14:49 384512 c:\windows\$NtUninstallWMFDist11$\mp4sdmod.dll
+ 2009-12-18 08:03 . 2004-08-17 14:49 310272 c:\windows\$NtUninstallWMFDist11$\mp43dmod.dll
+ 2009-12-18 08:03 . 2008-06-09 23:31 103936 c:\windows\$NtUninstallWMFDist11$\logagent.exe
+ 2009-12-18 08:03 . 2004-08-17 14:49 695296 c:\windows\$NtUninstallWMFDist11$\drmv2clt.dll
+ 2009-12-18 08:03 . 2004-08-17 14:49 159232 c:\windows\$NtUninstallWMFDist11$\cewmdm.dll
+ 2009-12-18 08:03 . 2004-08-17 14:49 286208 c:\windows\$NtUninstallWMFDist11$\blackbox.dll
+ 2009-12-18 08:04 . 2005-10-12 23:12 371424 c:\windows\$NtUninstallKB926239$\spuninst\updspapi.dll
+ 2009-12-18 08:04 . 2005-10-12 23:12 213216 c:\windows\$NtUninstallKB926239$\spuninst\spuninst.exe
+ 2008-07-29 07:05 . 2008-07-29 07:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
+ 2006-12-01 23:25 . 2006-12-01 23:25 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2006-12-01 23:25 . 2006-12-01 23:25 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2006-10-18 20:47 . 2006-10-18 20:47 2603008 c:\windows\system32\WpdShext.dll
+ 2006-10-18 20:47 . 2006-10-18 20:47 1382912 c:\windows\system32\WMVSDECD.dll
+ 2006-10-18 20:47 . 2006-10-18 20:47 1574912 c:\windows\system32\WMVENCOD.dll
+ 2006-10-18 20:47 . 2006-10-18 20:47 1543680 c:\windows\system32\WMVDECOD.dll
+ 2002-09-20 18:05 . 2006-10-18 20:47 2450944 c:\windows\system32\wmvcore.dll
+ 2009-03-22 22:24 . 2006-10-18 20:47 1329152 c:\windows\system32\WMSPDMOE.dll
+ 2002-09-20 18:05 . 2006-10-18 20:47 1117696 c:\windows\system32\WMADMOE.dll
+ 2008-02-07 20:20 . 2008-02-07 20:20 1392640 c:\windows\system32\spool\drivers\w32x86\lexmark_2600_seriesaa0d\lxdnpswb.dll
+ 2008-02-07 20:20 . 2008-02-07 20:20 4038656 c:\windows\system32\spool\drivers\w32x86\lexmark_2600_seriesaa0d\lxdnprpb.dll
+ 2008-02-07 20:20 . 2008-02-07 20:20 3665920 c:\windows\system32\spool\drivers\w32x86\lexmark_2600_seriesaa0d\lxdnlpab.dll
+ 2008-02-07 20:16 . 2008-02-07 20:16 1388544 c:\windows\system32\spool\drivers\w32x86\lexmark_2600_seriesaa0d\lxdnlpa.dll
+ 2007-11-14 06:55 . 2007-11-14 06:55 1339392 c:\windows\system32\spool\drivers\w32x86\lexmark_2600_seriesaa0d\lxdnhpec.dll
+ 2010-02-28 14:21 . 2007-10-31 01:45 1079808 c:\windows\system32\spool\drivers\w32x86\3\mfc80u.dll
+ 2008-02-07 20:20 . 2008-02-07 20:20 1392640 c:\windows\system32\spool\drivers\w32x86\3\lxdnpswb.dll
+ 2008-02-07 20:20 . 2008-02-07 20:20 4038656 c:\windows\system32\spool\drivers\w32x86\3\lxdnprpb.dll
+ 2008-02-07 20:20 . 2008-02-07 20:20 3665920 c:\windows\system32\spool\drivers\w32x86\3\lxdnlpab.dll
+ 2008-02-07 20:16 . 2008-02-07 20:16 1388544 c:\windows\system32\spool\drivers\w32x86\3\lxdnlpa.dll
+ 2007-11-14 06:55 . 2007-11-14 06:55 1339392 c:\windows\system32\spool\drivers\w32x86\3\lxdnhpec.dll
+ 2009-11-21 18:02 . 1999-09-08 12:45 1204224 c:\windows\system32\SierraNW.dll
+ 2009-11-05 15:42 . 2008-02-15 12:00 2334720 c:\windows\system32\ReinstallBackups\0015\DriverFiles\iglicd32.dll
+ 2009-11-05 15:42 . 2006-08-18 08:41 1503232 c:\windows\system32\ReinstallBackups\0015\DriverFiles\igfxress.dll
+ 2009-11-05 15:42 . 2006-08-18 08:41 1399615 c:\windows\system32\ReinstallBackups\0015\DriverFiles\ialmnt5.sys
+ 2009-11-05 15:41 . 2006-08-18 08:42 2310144 c:\windows\system32\ReinstallBackups\0014\DriverFiles\iglicd32.dll
+ 2009-11-05 15:41 . 2006-08-18 08:41 1503232 c:\windows\system32\ReinstallBackups\0014\DriverFiles\igfxress.dll
+ 2009-11-05 15:41 . 2006-08-18 08:41 1399615 c:\windows\system32\ReinstallBackups\0014\DriverFiles\ialmnt5.sys
+ 2009-12-21 16:16 . 2005-04-14 18:07 2260992 c:\windows\system32\NCTVideoCompress.dll
+ 2009-12-21 16:16 . 2005-04-21 17:23 1245184 c:\windows\system32\NCTRMFile.dll
+ 2009-12-21 16:16 . 2005-04-15 13:25 1986560 c:\windows\system32\NCTAudioFile2.dll
+ 2009-12-21 16:16 . 2005-04-18 10:21 2564096 c:\windows\system32\NCTAudioCompress3.dll
+ 2009-12-21 16:16 . 2005-04-13 10:32 1810432 c:\windows\system32\NCTAudioCompress2.dll
+ 2007-11-28 23:16 . 2007-11-28 23:16 1101824 c:\windows\system32\lxdnserv.dll
+ 2009-11-05 15:41 . 2008-02-15 12:12 2643968 c:\windows\system32\igxpdx32.dll
+ 2009-11-05 15:41 . 2008-02-15 12:12 1670144 c:\windows\system32\igxpdv32.dll
+ 2008-05-13 18:13 . 2008-02-15 12:00 2334720 c:\windows\system32\iglicd32.dll
+ 2008-05-13 18:13 . 2008-02-15 11:45 3293184 c:\windows\system32\igfxress.dll
+ 2009-11-05 15:41 . 2008-02-15 12:12 5854752 c:\windows\system32\DRVSTORE\igxp32_28D4AE6A4B66DD890D24C65EE34E5B62AB7E0BB9\igxpmp32.sys
+ 2009-11-05 15:41 . 2008-02-15 12:12 2643968 c:\windows\system32\DRVSTORE\igxp32_28D4AE6A4B66DD890D24C65EE34E5B62AB7E0BB9\igxpdx32.dll
+ 2009-11-05 15:41 . 2008-02-15 12:12 1670144 c:\windows\system32\DRVSTORE\igxp32_28D4AE6A4B66DD890D24C65EE34E5B62AB7E0BB9\igxpdv32.dll
+ 2009-11-05 15:41 . 2008-02-15 12:00 2334720 c:\windows\system32\DRVSTORE\igxp32_28D4AE6A4B66DD890D24C65EE34E5B62AB7E0BB9\iglicd32.dll
+ 2009-11-05 15:41 . 2008-02-15 12:11 1399880 c:\windows\system32\DRVSTORE\igxp32_28D4AE6A4B66DD890D24C65EE34E5B62AB7E0BB9\igklg450.dll
+ 2009-11-05 15:41 . 2008-02-15 12:11 1843784 c:\windows\system32\DRVSTORE\igxp32_28D4AE6A4B66DD890D24C65EE34E5B62AB7E0BB9\igklg400.dll
+ 2009-11-05 15:41 . 2008-02-15 11:45 3293184 c:\windows\system32\DRVSTORE\igxp32_28D4AE6A4B66DD890D24C65EE34E5B62AB7E0BB9\igfxress.dll
+ 2009-11-05 15:41 . 2008-02-15 11:54 2412544 c:\windows\system32\DRVSTORE\igxp32_28D4AE6A4B66DD890D24C65EE34E5B62AB7E0BB9\ig4icd32.dll
+ 2009-11-05 15:41 . 2008-02-15 11:54 1589248 c:\windows\system32\DRVSTORE\igxp32_28D4AE6A4B66DD890D24C65EE34E5B62AB7E0BB9\ig4dev32.dll
+ 2009-11-05 15:41 . 2008-02-15 12:12 5854752 c:\windows\system32\drivers\igxpmp32.sys
+ 2002-09-20 18:05 . 2006-10-18 20:47 2450944 c:\windows\system32\dllcache\wmvcore.dll
+ 2009-03-22 22:24 . 2004-08-17 14:49 4263936 c:\windows\system32\dllcache\wmm2res.dll
+ 2009-03-22 22:24 . 2004-08-17 14:49 2134528 c:\windows\system32\dllcache\smtpsnap.dll
+ 2009-03-22 22:24 . 2004-08-03 21:29 1897408 c:\windows\system32\dllcache\nv4_mini.sys
+ 2009-03-22 22:24 . 2004-08-03 21:41 1309184 c:\windows\system32\dllcache\mtlstrm.sys
+ 2009-03-21 18:25 . 2004-08-17 14:49 3166208 c:\windows\system32\dllcache\msgr3en.dll
+ 2009-03-21 18:24 . 2004-08-17 14:49 3555328 c:\windows\system32\dllcache\moviemk.exe
+ 2009-03-22 22:24 . 2004-08-03 21:41 1041536 c:\windows\system32\dllcache\hsfdpsp2.sys
- 2009-09-08 09:28 . 2007-07-19 16:14 3727720 c:\windows\system32\d3dx9_35.dll
+ 2009-09-08 09:28 . 2007-07-19 17:14 3727720 c:\windows\system32\d3dx9_35.dll
- 2009-09-08 09:28 . 2007-03-12 14:42 3495784 c:\windows\system32\d3dx9_33.dll
+ 2009-09-08 09:28 . 2007-03-12 15:42 3495784 c:\windows\system32\d3dx9_33.dll
+ 2009-09-08 09:28 . 2006-11-29 12:06 3426072 c:\windows\system32\d3dx9_32.dll
- 2009-09-08 09:28 . 2006-11-29 11:06 3426072 c:\windows\system32\d3dx9_32.dll
+ 2009-09-08 09:28 . 2006-09-28 15:05 2414360 c:\windows\system32\d3dx9_31.dll
- 2009-09-08 09:28 . 2006-09-28 14:05 2414360 c:\windows\system32\d3dx9_31.dll
- 2009-04-13 17:00 . 2006-03-31 10:40 2388176 c:\windows\system32\d3dx9_30.dll
+ 2009-04-13 17:00 . 2006-03-31 11:40 2388176 c:\windows\system32\d3dx9_30.dll
- 2009-09-08 09:28 . 2006-02-03 06:43 2332368 c:\windows\system32\d3dx9_29.dll
+ 2009-09-08 09:28 . 2006-02-03 07:43 2332368 c:\windows\system32\d3dx9_29.dll
+ 2009-04-13 17:00 . 2005-12-05 17:09 2323664 c:\windows\system32\d3dx9_28.dll
- 2009-04-13 17:00 . 2005-12-05 16:09 2323664 c:\windows\system32\d3dx9_28.dll
- 2009-09-08 09:28 . 2005-07-22 17:59 2319568 c:\windows\system32\d3dx9_27.dll
+ 2009-09-08 09:28 . 2005-07-22 18:59 2319568 c:\windows\system32\d3dx9_27.dll
- 2009-09-08 09:28 . 2005-05-26 13:34 2297552 c:\windows\system32\d3dx9_26.dll
+ 2009-09-08 09:28 . 2005-05-26 14:34 2297552 c:\windows\system32\d3dx9_26.dll
- 2009-09-08 09:28 . 2005-03-18 15:19 2337488 c:\windows\system32\d3dx9_25.dll
+ 2009-09-08 09:28 . 2005-03-18 16:19 2337488 c:\windows\system32\d3dx9_25.dll
+ 2009-09-08 09:28 . 2005-02-05 18:45 2222800 c:\windows\system32\d3dx9_24.dll
- 2009-09-08 09:28 . 2005-02-05 17:45 2222800 c:\windows\system32\d3dx9_24.dll
+ 2009-09-08 09:28 . 2007-07-19 17:14 1358192 c:\windows\system32\D3DCompiler_35.dll
- 2009-09-08 09:28 . 2007-07-19 16:14 1358192 c:\windows\system32\D3DCompiler_35.dll
+ 2009-09-08 09:28 . 2007-03-12 15:42 1123696 c:\windows\system32\D3DCompiler_33.dll
- 2009-09-08 09:28 . 2007-03-12 14:42 1123696 c:\windows\system32\D3DCompiler_33.dll
- 2009-09-08 09:28 . 2004-12-01 13:53 2846720 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2903.0\Microsoft.DirectX.Direct3DX.dll
+ 2009-09-08 09:28 . 2004-12-01 14:53 2846720 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2903.0\Microsoft.DirectX.Direct3DX.dll
- 2009-09-08 09:28 . 2004-09-29 10:38 2676224 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3DX.dll
+ 2009-09-08 09:28 . 2004-09-29 11:38 2676224 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3DX.dll
+ 2009-03-29 12:37 . 2010-03-04 14:38 2472448 c:\windows\Installer\c5e761.msi
- 2009-03-29 12:37 . 2009-10-13 10:22 2472448 c:\windows\Installer\c5e761.msi
+ 2010-02-28 14:23 . 2010-02-28 14:23 1711616 c:\windows\Installer\6bfed.msi
+ 2010-02-11 19:43 . 2010-02-11 19:43 1544192 c:\windows\Installer\6075258.msi
+ 2009-10-19 16:27 . 2009-10-19 16:27 1565696 c:\windows\Installer\4ef3ba7.msi
+ 2006-12-02 06:09 . 2006-12-02 06:09 2818048 c:\windows\Installer\16b56a.msi
+ 2009-11-05 18:02 . 2009-11-05 18:02 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-09-08 09:28 . 2009-09-08 09:28 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-11-05 18:02 . 2009-11-05 18:02 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-09-08 09:28 . 2009-09-08 09:28 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-12-18 08:03 . 2004-08-17 14:49 1001472 c:\windows\$NtUninstallWMFDist11$\wmvdmoe2.dll
+ 2009-12-18 08:03 . 2008-11-07 16:32 2109440 c:\windows\$NtUninstallWMFDist11$\wmvcore.dll
+ 2009-12-18 08:03 . 2004-08-17 14:49 1119744 c:\windows\$NtUninstallWMFDist11$\wmsdmoe2.dll
+ 2009-12-18 08:03 . 2008-06-10 16:18 1053696 c:\windows\$NtUninstallWMFDist11$\wmnetmgr.dll
.

Re: Win32:Rootkit-gen, log z RSIT

Napsal: 04 bře 2010 18:37
od Jookywana
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-09-13 139264]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-08-18 61952]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2005-12-28 569413]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-11-08 128920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"TO2SSM_McciTrayApp"="c:\program files\TO2SSM\McciTrayApp.exe" [2008-08-15 1473536]
"TO2WCM_McciTrayApp"="c:\program files\TO2WCM\McciTrayApp.exe" [2008-01-30 1473536]
"lxdnmon.exe"="c:\program files\Lexmark 2600 Series\lxdnmon.exe" [2009-01-29 660136]
"lxdnamon"="c:\program files\Lexmark 2600 Series\lxdnamon.exe" [2009-01-29 16040]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2009-01-29 320168]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-11-18 495432]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\lxdncoms.exe"=
"c:\\Program Files\\Lexmark 2600 Series\\lxdnamon.exe"=
"c:\\Program Files\\Lexmark 2600 Series\\frun.exe"=
"c:\\Program Files\\Abbyy FineReader 6.0 Sprint\\Scan\\ScanMan6.exe"=
"c:\\Program Files\\Lexmark Fax Solutions\\FaxCtr.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnpswx.exe"=
"c:\\Program Files\\Lexmark 2600 Series\\lxdnmon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdntime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnjswx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [22.3.2009 10:49 114768]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [22.9.2004 17:14 262144]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [22.9.2009 15:17 20560]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22.3.2009 16:35 717296]
S2 gupdate1ca109ac60ebf86;Služba Google Update (gupdate1ca109ac60ebf86);c:\program files\Google\Update\GoogleUpdate.exe [29.7.2009 23:20 133104]
S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [28.2.2008 0:07 98984]
.
Obsah adresáře 'Naplánované úlohy'

2010-03-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-29 22:20]

2010-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-29 22:20]

2010-03-04 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-26 20:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://eu.ask.com?o=15183&l=dis
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Jookywana\Data aplikací\Mozilla\Firefox\Profiles\wr1e4x6u.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL -
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-brand.xml - c:\program files\Utherverse Digital Inc\Red Light Center 3D Client\Branding\\uninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-04 18:20
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2010-03-04 18:22:27
ComboFix-quarantined-files.txt 2010-03-04 17:22

Před spuštěním: Volných bajtů: 27 953 143 808
Po spuštění: Volných bajtů: 28 402 561 024

- - End Of File - - D50FAD5394FED0D198378465FF03F217

Re: Win32:Rootkit-gen, log z RSIT

Napsal: 04 bře 2010 18:49
od Caroprd111
Jak to vypadá s PC :???:

Re: Win32:Rootkit-gen, log z RSIT

Napsal: 04 bře 2010 19:01
od Jookywana
S PC zatím vše normální, jinak se omlouvám, protože mi log z combo fix nešel nahrát s příponou txt musel jsem ho takhle rozkouskovat.

Re: Win32:Rootkit-gen, log z RSIT

Napsal: 04 bře 2010 19:12
od Caroprd111
Obrázek Odinstalujte ComboFix přes:
Start >> Spustit, zkopírujte do okénka:

ComboFix /Uninstall

stiskněte Enter


Obrázek Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe
  • Spusťte, pro potvrzení volby mačkejte klávesu A, Enter
  • Po použití program vymažte. Pozor,antiviry ho mohou falešně označit za vir.


Obrázek Stáhněte OTC http://oldtimer.geekstogo.com/OTC.exe
  • Spusťte.
  • Klikněte na "CleanUp!". Potvrďte hlášky stiskem "Yes" (Bude následovat restart)


Obrázek Stáhněte Ccleaner http://viry.cz/forum/viewtopic.php?t=7478
  • Nainstalujte a v průběhu instalace odškrtněte, že chcete instalovat yahoo toolbar.

    Obrázek Záložka Čistič
  • Dejte analyzovat, po dokončení dejte Spustit Ccleaner.

    Obrázek Záložka Registry
  • Klikněte na Hledej problémy, po dokončení klikněte na Opravit problémy, zálohu dělat nemusíte, potom dejte Opravit všechny problémy.
    Obrázek OK Obrázek Zavřít


Obrázek Dejte nový log z RSIT.

Re: Win32:Rootkit-gen, log z RSIT

Napsal: 04 bře 2010 19:44
od Jookywana
Udělal jsem vše dl návodu, než jsem stáhl Ccleaner došlo k restartu PC a ten znovu zamrzal. Nejspíš se problém týká hlavně spouštění PC kdy trvá třeba 10 min, než se vůbec ohlásí klasická znělka systému. Ccleaner jem nakonec stáhl a udělal vše viz návod. Přikládám log z RSIT

Logfile of random's system information tool 1.06 (written by random/random)
Run by Jookywana at 2010-03-04 19:43:23
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 30 GB (58%) free of 52 GB
Total RAM: 1014 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:43:29, on 4.3.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\TO2SSM\McciTrayApp.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\TO2WCM\McciTrayApp.exe
C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
C:\Program Files\Lexmark 2600 Series\lxdnMsdMon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\lxdncoms.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jookywana\Dokumenty\Stažené soubory\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Jookywana.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com?o=15183&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Panel nástrojů - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Lexmark Panel nástrojů - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TO2SSM_McciTrayApp] C:\Program Files\TO2SSM\McciTrayApp.exe
O4 - HKLM\..\Run: [TO2WCM_McciTrayApp] C:\Program Files\TO2WCM\McciTrayApp.exe
O4 - HKLM\..\Run: [lxdnmon.exe] "C:\Program Files\Lexmark 2600 Series\lxdnmon.exe"
O4 - HKLM\..\Run: [lxdnamon] "C:\Program Files\Lexmark 2600 Series\lxdnamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Banshee Screamer Alarm.lnk = C:\Program Files\Banshee Screamer Alarm\alarm.exe
O4 - Startup: winesm32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Služba Google Update (gupdate1ca109ac60ebf86) (gupdate1ca109ac60ebf86) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: lxdnCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe
O23 - Service: lxdn_device - - C:\WINDOWS\system32\lxdncoms.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 7780 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll [2003-05-11 50376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}]
Lexmark Panel nástrojů - C:\Program Files\Lexmark Toolbar\toolband.dll [2009-05-06 372736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-06-01 962808]
{1017A80C-6F09-4548-A84D-EDD6AC9525F0} - Lexmark Panel nástrojů - C:\Program Files\Lexmark Toolbar\toolband.dll [2009-05-06 372736]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\CHDAudPropShortcut.exe [2006-08-18 61952]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2005-12-28 667718]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2005-12-28 602182]
"EOUApp"=C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe [2005-12-28 569413]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-08-17 81000]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2005-11-08 128920]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-02-15 135168]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-02-15 159744]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-02-15 131072]
"TO2SSM_McciTrayApp"=C:\Program Files\TO2SSM\McciTrayApp.exe [2008-08-15 1473536]
"TO2WCM_McciTrayApp"=C:\Program Files\TO2WCM\McciTrayApp.exe [2008-01-30 1473536]
"lxdnmon.exe"=C:\Program Files\Lexmark 2600 Series\lxdnmon.exe [2009-01-29 660136]
"lxdnamon"=C:\Program Files\Lexmark 2600 Series\lxdnamon.exe [2009-01-29 16040]
"FaxCenterServer"=C:\Program Files\Lexmark Fax Solutions\fm3032.exe [2009-01-29 320168]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-09-13 139264]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

C:\Documents and Settings\Jookywana\Nabídka Start\Programy\Po spuštění
Banshee Screamer Alarm.lnk - C:\Program Files\Banshee Screamer Alarm\alarm.exe
winesm32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-02-15 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe"="C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe:*:Enabled:Kerio Personal Firewall 4 - GUI"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\WINDOWS\system32\lxdncoms.exe"="C:\WINDOWS\system32\lxdncoms.exe:*:Enabled:Lexmark Communications System"
"C:\Program Files\Lexmark 2600 Series\lxdnamon.exe"="C:\Program Files\Lexmark 2600 Series\lxdnamon.exe:*:Enabled:Lexmark Device Monitor"
"C:\Program Files\Lexmark 2600 Series\frun.exe"="C:\Program Files\Lexmark 2600 Series\frun.exe:*:Enabled:Lexmark Productivity Studio"
"C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe"="C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:*:Enabled:ABBYY FineReader"
"C:\Program Files\Lexmark Fax Solutions\FaxCtr.exe"="C:\Program Files\Lexmark Fax Solutions\FaxCtr.exe:*:Enabled:Fax software"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdnpswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdnpswx.exe:*:Enabled:Printer Status Window Interface"
"C:\Program Files\Lexmark 2600 Series\lxdnmon.exe"="C:\Program Files\Lexmark 2600 Series\lxdnmon.exe:*:Enabled:Printer Device Monitor"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdntime.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdntime.exe:*:Enabled:Lexmark Connect Time Executable"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdnjswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdnjswx.exe:*:Enabled:Job Status Window Interface"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-03-04 19:43:23 ----D---- C:\rsit
2010-03-04 19:35:06 ----SHD---- C:\RECYCLER
2010-03-04 19:33:04 ----D---- C:\Program Files\CCleaner
2010-03-04 12:12:10 ----D---- C:\logs
2010-03-01 12:55:28 ----D---- C:\Documents and Settings\Jookywana\Data aplikací\FaxCtr
2010-02-28 17:40:24 ----D---- C:\Documents and Settings\Jookywana\Data aplikací\Ventrilo
2010-02-28 15:23:41 ----A---- C:\WINDOWS\system32\LXF3PMON.DLL
2010-02-28 15:23:41 ----A---- C:\WINDOWS\system32\LXF3FXPU.DLL
2010-02-28 15:23:40 ----A---- C:\WINDOWS\system32\LXF3PMRC.DLL
2010-02-28 15:23:40 ----A---- C:\WINDOWS\system32\lxf3oem.dll
2010-02-28 15:23:40 ----A---- C:\WINDOWS\system32\IMHOST32.DLL
2010-02-28 15:23:40 ----A---- C:\WINDOWS\system32\IMGMAN32.DLL
2010-02-28 15:23:35 ----D---- C:\Documents and Settings\All Users\Data aplikací\FaxCtr
2010-02-28 15:23:24 ----D---- C:\Program Files\Lexmark Fax Solutions
2010-02-28 15:22:52 ----D---- C:\Program Files\Abbyy FineReader 6.0 Sprint
2010-02-28 15:21:31 ----A---- C:\WINDOWS\system32\gdiplus.dll
2010-02-28 15:21:30 ----D---- C:\Program Files\Lexmark Toolbar
2010-02-28 15:21:23 ----A---- C:\WINDOWS\system32\lxdnwupd.exe
2010-02-28 15:21:23 ----A---- C:\WINDOWS\system32\lxdnwupd.dll
2010-02-28 15:21:21 ----A---- C:\WINDOWS\system32\lxdnrwrd.ini
2010-02-28 15:21:19 ----A---- C:\WINDOWS\system32\LXDNinst.dll
2010-02-28 15:21:19 ----A---- C:\WINDOWS\system32\LXDNhcp.dll
2010-02-28 15:21:02 ----D---- C:\Program Files\Lexmark 2600 Series
2010-02-28 15:18:35 ----RA---- C:\WINDOWS\system32\lxdncoin.dll
2010-02-28 15:17:33 ----A---- C:\WINDOWS\system32\wiafbdrv.dll
2010-02-11 21:05:15 ----D---- C:\Program Files\Lineage II
2010-02-11 21:03:53 ----D---- C:\Documents and Settings\Jookywana\Data aplikací\InstallShield
2010-02-11 20:42:52 ----D---- C:\Documents and Settings\All Users\Data aplikací\WinZip
2010-02-11 20:42:43 ----D---- C:\Program Files\WinZip
2010-02-10 00:26:22 ----D---- C:\Program Files\Combined Community Codec Pack
2010-02-07 22:46:43 ----A---- C:\WINDOWS\system32\xmltok.dll
2010-02-07 22:46:43 ----A---- C:\WINDOWS\system32\xmlparse.dll
2010-02-07 22:46:43 ----A---- C:\WINDOWS\system32\xmlinst.exe
2010-02-07 22:46:43 ----A---- C:\WINDOWS\system32\VB5DB.DLL
2010-02-07 22:46:43 ----A---- C:\WINDOWS\system32\msxml3a.dll
2010-02-07 22:43:41 ----D---- C:\Program Files\UBISOFT

======List of files/folders modified in the last 1 months======

2010-03-04 19:43:29 ----D---- C:\Program Files\Trend Micro
2010-03-04 19:37:17 ----D---- C:\Program Files\Mozilla Firefox
2010-03-04 19:35:06 ----D---- C:\WINDOWS\Debug
2010-03-04 19:35:06 ----D---- C:\WINDOWS
2010-03-04 19:34:35 ----D---- C:\WINDOWS\Prefetch
2010-03-04 19:33:04 ----RD---- C:\Program Files
2010-03-04 19:30:32 ----D---- C:\Documents and Settings\Jookywana\Data aplikací\Skype
2010-03-04 19:26:14 ----D---- C:\WINDOWS\Temp
2010-03-04 19:21:52 ----SHD---- C:\System Volume Information
2010-03-04 19:21:52 ----D---- C:\WINDOWS\system32\Restore
2010-03-04 19:19:31 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-03-04 19:17:25 ----D---- C:\WINDOWS\system32
2010-03-04 19:16:16 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-04 18:20:49 ----A---- C:\WINDOWS\system.ini
2010-03-04 18:19:24 ----D---- C:\WINDOWS\system32\drivers
2010-03-04 18:19:24 ----D---- C:\WINDOWS\AppPatch
2010-03-04 18:19:17 ----D---- C:\Program Files\Common Files
2010-03-04 17:14:21 ----D---- C:\Documents and Settings\Jookywana\Data aplikací\skypePM
2010-03-04 16:24:30 ----D---- C:\Program Files\Common Files\Motive
2010-03-04 15:51:35 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-04 12:34:51 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-03-04 11:59:28 ----SHD---- C:\WINDOWS\Installer
2010-03-04 11:55:19 ----D---- C:\Program Files\Google
2010-03-04 11:55:18 ----SD---- C:\WINDOWS\Tasks
2010-03-04 11:51:53 ----HD---- C:\WINDOWS\inf
2010-02-28 15:17:35 ----D---- C:\WINDOWS\twain_32
2010-02-27 19:37:08 ----A---- C:\WINDOWS\NeroDigital.ini
2010-02-11 21:05:13 ----HD---- C:\Program Files\InstallShield Installation Information
2010-02-07 16:43:04 ----RD---- C:\Program Files\Skype
2010-02-07 16:41:00 ----D---- C:\Program Files\Common Files\InstallShield

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-08-17 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-08-17 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-08-17 51376]
R1 fwdrv;Firewall Driver; C:\WINDOWS\system32\drivers\fwdrv.sys [2004-09-22 262144]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-17 39936]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.9.0; C:\WINDOWS\System32\DRIVERS\AegisP.sys [2009-03-21 21275]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-08-17 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-08-17 94160]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-11-05 278984]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-11-05 25416]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2006-08-18 12544]
R2 s24trans;WLAN Transport; C:\WINDOWS\System32\DRIVERS\s24trans.sys [2005-12-28 13568]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-08-17 23152]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2009-05-15 223128]
R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAud.sys [2006-08-18 569856]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2004-10-27 138240]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSX_DPV.sys [2006-08-18 935424]
R3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\System32\DRIVERS\HSXHWAZL.sys [2006-08-18 194048]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-15 5854752]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824]
R3 sdbus;sdbus; C:\WINDOWS\System32\DRIVERS\sdbus.sys [2004-08-03 67584]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2006-08-18 162432]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\System32\DRIVERS\w39n51.sys [2005-12-05 1428096]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSX_CNXT.sys [2006-08-18 671232]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [2005-11-10 243328]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 UIUSys;Conexant Setup API; C:\WINDOWS\System32\DRIVERS\UIUSYS.SYS []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-08-17 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-08-17 138680]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2005-12-28 114753]
R2 KPF4;Kerio Personal Firewall 4; C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe [2004-09-24 1912832]
R2 lxdn_device;lxdn_device; C:\WINDOWS\system32\lxdncoms.exe [2008-02-28 594600]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2007-10-15 303104]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2005-12-28 217164]
R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2005-12-28 540745]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-08-17 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-08-17 352920]
S2 gupdate1ca109ac60ebf86;Služba Google Update (gupdate1ca109ac60ebf86); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-29 133104]
S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe [2008-02-28 98984]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-09-12 724992]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]

-----------------EOF-----------------

Re: Win32:Rootkit-gen, log z RSIT

Napsal: 04 bře 2010 19:54
od Caroprd111
Obrázek Podle návodu http://www.viry.cz/forum/viewtopic.php?f=15&t=72743 aplikujte tento skript.

Kód: Vybrat vše

:files
C:\Documents and Settings\Jookywana\Nabídka Start\Programy\Po spuštění\winesm32.exe

:commands
[EmptyTemp]
[Reboot]

Re: Win32:Rootkit-gen, log z RSIT

Napsal: 04 bře 2010 20:05
od Jookywana
Udělal jsem vše dle návodu, OTM zamrznul, stále jakoby pracuje, ale nic se neděje v zeleném okně nic není

Re: Win32:Rootkit-gen, log z RSIT

Napsal: 04 bře 2010 20:11
od Caroprd111
Pokud nebude ještě cca. 10 minut reagovat, restartujte PC a dejte nový log z RSIT.
Všechny časy jsou v UTC+01:00
Stránka 1 z 3

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz